MAGETWO-81484: [FG-VD-17-116] Magento Community Edition Denial of Service Vulnerability Notification

Author: StasKozar

app/code/Magento/Checkout/Block/Cart/Shipping.php

@@ -74,7 +74,8 @@ public function getJsLayout()
         foreach ($this->layoutProcessors as $processor) {
             $this->jsLayout = $processor->process($this->jsLayout);
         }
-        return $this->serializer->serialize($this->jsLayout);
+
+        return json_encode($this->jsLayout, JSON_HEX_TAG);
     }
 
     /**
@@ -94,6 +95,6 @@ public function getBaseUrl()
      */
     public function getSerializedCheckoutConfig()
     {
-        return $this->serializer->serialize($this->getCheckoutConfig());
+        return json_encode($this->getCheckoutConfig(), JSON_HEX_TAG);
     }
 }

app/code/Magento/Checkout/Block/Cart/Totals.php

@@ -69,7 +69,8 @@ public function getJsLayout()
         foreach ($this->layoutProcessors as $processor) {
             $this->jsLayout = $processor->process($this->jsLayout);
         }
-        return parent::getJsLayout();
+
+        return json_encode($this->jsLayout, JSON_HEX_TAG);
     }
 
     /**

app/code/Magento/Checkout/Block/Onepage.php

@@ -77,7 +77,8 @@ public function getJsLayout()
         foreach ($this->layoutProcessors as $processor) {
             $this->jsLayout = $processor->process($this->jsLayout);
         }
-        return $this->serializer->serialize($this->jsLayout);
+
+        return json_encode($this->jsLayout, JSON_HEX_TAG);
     }
 
     /**
@@ -119,6 +120,6 @@ public function getBaseUrl()
      */
     public function getSerializedCheckoutConfig()
     {
-        return $this->serializer->serialize($this->getCheckoutConfig());
+        return json_encode($this->getCheckoutConfig(), JSON_HEX_TAG);
     }
 }

app/code/Magento/Checkout/Test/Unit/Block/Cart/ShippingTest.php

@@ -99,9 +99,6 @@ public function testGetJsLayout()
             ->with($this->layout)
             ->willReturn($layoutProcessed);
 
-        $this->serializer->expects($this->once())->method('serialize')->will(
-            $this->returnValue($jsonLayoutProcessed)
-        );
         $this->assertEquals(
             $jsonLayoutProcessed,
             $this->model->getJsLayout()
@@ -121,9 +118,6 @@ public function testGetSerializedCheckoutConfig()
     {
         $checkoutConfig = ['checkout', 'config'];
         $this->configProvider->expects($this->once())->method('getConfig')->willReturn($checkoutConfig);
-        $this->serializer->expects($this->once())->method('serialize')->will(
-            $this->returnValue(json_encode($checkoutConfig))
-        );
 
         $this->assertEquals(json_encode($checkoutConfig), $this->model->getSerializedCheckoutConfig());
     }

app/code/Magento/Checkout/Test/Unit/Block/OnepageTest.php

@@ -93,9 +93,6 @@ public function testGetJsLayout()
         $processedLayout = ['layout' => ['processed' => true]];
         $jsonLayout = '{"layout":{"processed":true}}';
         $this->layoutProcessorMock->expects($this->once())->method('process')->with([])->willReturn($processedLayout);
-        $this->serializer->expects($this->once())->method('serialize')->will(
-            $this->returnValue(json_encode($processedLayout))
-        );
 
         $this->assertEquals($jsonLayout, $this->model->getJsLayout());
     }
@@ -104,9 +101,6 @@ public function testGetSerializedCheckoutConfig()
     {
         $checkoutConfig = ['checkout', 'config'];
         $this->configProviderMock->expects($this->once())->method('getConfig')->willReturn($checkoutConfig);
-        $this->serializer->expects($this->once())->method('serialize')->will(
-            $this->returnValue(json_encode($checkoutConfig))
-        );
 
         $this->assertEquals(json_encode($checkoutConfig), $this->model->getSerializedCheckoutConfig());
     }

app/code/Magento/Ui/TemplateEngine/Xhtml/Result.php

@@ -80,7 +80,9 @@ public function getDocumentElement()
      */
     public function appendLayoutConfiguration()
     {
-        $layoutConfiguration = $this->wrapContent(json_encode($this->structure->generate($this->component)));
+        $layoutConfiguration = $this->wrapContent(
+            json_encode($this->structure->generate($this->component), JSON_HEX_TAG)
+        );
         $this->template->append($layoutConfiguration);
     }
 

dev/tests/integration/testsuite/Magento/Customer/Block/Adminhtml/Edit/Tab/NewsletterTest.php

@@ -65,10 +65,10 @@ public function testRenderingNewsletterBlock()
         $this->dispatch('backend/customer/index/edit');
         $body = $this->getResponse()->getBody();
 
-        $this->assertContains('<span>Newsletter Information<\/span>', $body);
-        $this->assertContains('<input id=\"_newslettersubscription\"', $body);
+        $this->assertContains('\u003Cspan\u003ENewsletter Information\u003C\/span\u003E', $body);
+        $this->assertContains('\u003Cinput id=\"_newslettersubscription\"', $body);
         $this->assertNotContains('checked="checked"', $body);
-        $this->assertContains('<span>Subscribed to Newsletter<\/span>', $body);
-        $this->assertContains('>No Newsletter Found<', $body);
+        $this->assertContains('\u003Cspan\u003ESubscribed to Newsletter\u003C\/span\u003E', $body);
+        $this->assertContains('\u003ENo Newsletter Found\u003C', $body);
     }
 }