Merge remote-tracking branch 'origin/MC-19827' into HEAD

Author: Hwashiang Yu

app/code/Magento/Backend/Block/Widget.php

@@ -15,6 +15,8 @@
 class Widget extends \Magento\Backend\Block\Template
 {
     /**
+     * Get ID
+     *
      * @return string
      */
     public function getId()
@@ -37,6 +39,8 @@ public function getSuffixId($suffix)
     }
 
     /**
+     * Get HTML ID
+     *
      * @return string
      */
     public function getHtmlId()
@@ -59,6 +63,8 @@ public function getCurrentUrl($params = [])
     }
 
     /**
+     * Prepare Breadcrumbs
+     *
      * @param string $label
      * @param string|null $title
      * @param string|null $link
@@ -84,7 +90,13 @@ public function getButtonHtml($label, $onclick, $class = '', $buttonId = null, $
         return $this->getLayout()->createBlock(
             \Magento\Backend\Block\Widget\Button::class
         )->setData(
-            ['label' => $label, 'onclick' => $onclick, 'class' => $class, 'type' => 'button', 'id' => $buttonId]
+            [
+                'label' => $this->escapeHtml($label),
+                'onclick' => $onclick,
+                'class' => $class,
+                'type' => 'button',
+                'id' => $buttonId
+            ]
         )->setDataAttribute(
             $dataAttr
         )->toHtml();

app/code/Magento/Bundle/Block/Catalog/Product/View/Type/Bundle.php

@@ -227,7 +227,7 @@ public function getOptionHtml(Option $option)
     {
         $optionBlock = $this->getChildBlock($option->getType());
         if (!$optionBlock) {
-            return __('There is no defined renderer for "%1" option type.', $option->getType());
+            return $this->escapeHtml(__('There is no defined renderer for "%1" option type.', $option->getType()));
         }
         return $optionBlock->setOption($option)->toHtml();
     }
@@ -418,15 +418,18 @@ private function processOptions(string $optionId, array $options, DataObject $pr
     {
         $preConfiguredQtys = $preConfiguredValues->getData("bundle_option_qty/${optionId}") ?? [];
         $selections = $options[$optionId]['selections'];
-        array_walk($selections, function (&$selection, $selectionId) use ($preConfiguredQtys) {
-            if (is_array($preConfiguredQtys) && isset($preConfiguredQtys[$selectionId])) {
-                $selection['qty'] = $preConfiguredQtys[$selectionId];
-            } else {
-                if ((int)$preConfiguredQtys > 0) {
-                    $selection['qty'] = $preConfiguredQtys;
+        array_walk(
+            $selections,
+            function (&$selection, $selectionId) use ($preConfiguredQtys) {
+                if (is_array($preConfiguredQtys) && isset($preConfiguredQtys[$selectionId])) {
+                    $selection['qty'] = $preConfiguredQtys[$selectionId];
+                } else {
+                    if ((int)$preConfiguredQtys > 0) {
+                        $selection['qty'] = $preConfiguredQtys;
+                    }
                 }
             }
-        });
+        );
         $options[$optionId]['selections'] = $selections;
 
         return $options;

app/code/Magento/Bundle/Test/Unit/Block/Catalog/Product/View/Type/BundleTest.php

@@ -6,6 +6,8 @@
 namespace Magento\Bundle\Test\Unit\Block\Catalog\Product\View\Type;
 
 use Magento\Bundle\Block\Catalog\Product\View\Type\Bundle as BundleBlock;
+use Magento\Catalog\Block\Product\Context;
+use \Magento\Framework\Escaper;
 
 /**
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
@@ -42,10 +44,18 @@ class BundleTest extends \PHPUnit\Framework\TestCase
      */
     private $bundleBlock;
 
+    /**
+     * @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $escaper;
+
+    /** @var \Magento\Catalog\Block\Product\Context|\PHPUnit_Framework_MockObject_MockObject */
+    protected $context;
+
     protected function setUp()
     {
         $objectHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-
+        $this->context = $this->createPartialMock(Context::class, ['getEscaper', 'getRegistry', 'getEventManager']);
         $this->bundleProductPriceFactory = $this->getMockBuilder(\Magento\Bundle\Model\Product\PriceFactory::class)
             ->disableOriginalConstructor()
             ->setMethods(['create'])
@@ -79,15 +89,23 @@ protected function setUp()
         $this->catalogProduct = $this->getMockBuilder(\Magento\Catalog\Helper\Product::class)
             ->disableOriginalConstructor()
             ->getMock();
+
+        $this->escaper = $objectHelper->getObject(Escaper::class);
+
+        $this->context->expects($this->once())->method('getRegistry')->willReturn($registry);
+        $this->context->expects($this->once())->method('getEscaper')->willReturn($this->escaper);
+        $this->context->expects($this->once())->method('getEventManager')->willReturn($this->eventManager);
+
         /** @var $bundleBlock BundleBlock */
         $this->bundleBlock = $objectHelper->getObject(
             \Magento\Bundle\Block\Catalog\Product\View\Type\Bundle::class,
             [
+                'context'=> $this->context,
                 'registry' => $registry,
                 'eventManager' => $this->eventManager,
                 'jsonEncoder' => $this->jsonEncoder,
                 'productPrice' => $this->bundleProductPriceFactory,
-                'catalogProduct' => $this->catalogProduct
+                'catalogProduct' => $this->catalogProduct,
             ]
         );
 
@@ -108,16 +126,16 @@ public function testGetOptionHtmlNoRenderer()
             ->disableOriginalConstructor()
             ->getMock();
         $option->expects($this->any())->method('getType')->willReturn('checkbox');
+        $expected='There is no defined renderer for "checkbox" option type.';
 
         $layout = $this->getMockBuilder(\Magento\Framework\View\Layout::class)
             ->setMethods(['getChildName', 'getBlock'])
             ->disableOriginalConstructor()
             ->getMock();
         $layout->expects($this->any())->method('getChildName')->willReturn(false);
         $this->bundleBlock->setLayout($layout);
-
         $this->assertEquals(
-            'There is no defined renderer for "checkbox" option type.',
+            $expected,
             $this->bundleBlock->getOptionHtml($option)
         );
     }

app/code/Magento/Catalog/Block/Product/View/Options/Type/Date.php

@@ -145,7 +145,7 @@ public function getTimeHtml()
             $dayPartHtml = $this->_getHtmlSelect(
                 'day_part'
             )->setOptions(
-                ['am' => __('AM'), 'pm' => __('PM')]
+                ['am' => $this->escapeHtml(__('AM')), 'pm' => $this->escapeHtml(__('PM'))]
             )->getHtml();
         }
         $hoursHtml = $this->_getSelectFromToHtml('hour', $hourStart, $hourEnd);
@@ -158,8 +158,8 @@ public function getTimeHtml()
      * Return drop-down html with range of values
      *
      * @param string $name Id/name of html select element
-     * @param int $from  Start position
-     * @param int $to    End position
+     * @param int $from Start position
+     * @param int $to End position
      * @param int|null $value Value selected
      * @return string Formatted Html
      */

app/code/Magento/Checkout/Block/Cart.php

@@ -6,6 +6,8 @@
 namespace Magento\Checkout\Block;
 
 use Magento\Customer\Model\Context;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Phrase;
 
 /**
  * Shopping cart block
@@ -68,7 +70,7 @@ protected function _construct()
     }
 
     /**
-     * prepare cart items URLs
+     * Prepare cart items URLs
      *
      * @return void
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
@@ -110,6 +112,8 @@ public function prepareItemUrls()
     }
 
     /**
+     * Check quote for error
+     *
      * @codeCoverageIgnore
      * @return bool
      */
@@ -119,6 +123,8 @@ public function hasError()
     }
 
     /**
+     * Get Items Summary Qty
+     *
      * @codeCoverageIgnore
      * @return int
      */
@@ -128,6 +134,8 @@ public function getItemsSummaryQty()
     }
 
     /**
+     * Check if Wishlist Active
+     *
      * @codeCoverageIgnore
      * @return bool
      */
@@ -147,6 +155,8 @@ public function isWishlistActive()
     }
 
     /**
+     * Get Checkout Url
+     *
      * @codeCoverageIgnore
      * @return string
      */
@@ -156,6 +166,8 @@ public function getCheckoutUrl()
     }
 
     /**
+     * Get Continue Shopping Url
+     *
      * @return string
      */
     public function getContinueShoppingUrl()
@@ -172,6 +184,8 @@ public function getContinueShoppingUrl()
     }
 
     /**
+     * Check if quote is virtual
+     *
      * @return bool
      * @codeCoverageIgnore
      * @SuppressWarnings(PHPMD.BooleanGetMethodName)
@@ -207,7 +221,7 @@ public function getMethodHtml($name)
     {
         $block = $this->getLayout()->getBlock($name);
         if (!$block) {
-            throw new \Magento\Framework\Exception\LocalizedException(__('Invalid method: %1', $name));
+            throw new LocalizedException(new Phrase($this->escapeHtml(__('Invalid method: %1', $name))));
         }
         return $block->toHtml();
     }
@@ -227,6 +241,8 @@ public function getItems()
     }
 
     /**
+     * Get Items Count
+     *
      * @codeCoverageIgnore
      * @return int
      */

app/code/Magento/Checkout/Test/Unit/Block/CartTest.php

@@ -0,0 +1,68 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Checkout\Test\Unit\Block;
+
+use Magento\Framework\View\Element\Template\Context;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
+use Magento\Quote\Model\Quote;
+use Magento\Checkout\Model\Session;
+use Magento\Framework\View\LayoutInterface;
+use Magento\Framework\Escaper;
+
+class CartTest extends \PHPUnit\Framework\TestCase
+{
+
+    /**
+     * @var \Magento\Checkout\Block\Cart
+     */
+    private $cartBlock;
+
+    /**
+     * @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $escaper;
+
+    /** @var \Magento\Checkout\Block\Cart|\PHPUnit_Framework_MockObject_MockObject */
+    private $context;
+
+    /** @var \Magento\Framework\View\LayoutInterface|\PHPUnit_Framework_MockObject_MockObject */
+    private $layoutMock;
+
+    protected function setUp()
+    {
+        $objectManager = new ObjectManager($this);
+        $this->context = $this->createPartialMock(Context::class, ['getEscaper', 'getLayout']);
+        $quoteMock = $this->createMock(Quote::class);
+        $checkoutSession = $this->createMock(Session::class);
+        $this->layoutMock = $this->createMock(LayoutInterface::class);
+        $this->escaper = $objectManager->getObject(Escaper::class);
+        $quoteMock->expects($this->once())->method('getAllVisibleItems')->willReturn([]);
+        $checkoutSession->expects($this->any())->method('getQuote')->willReturn($quoteMock);
+        $this->context->expects($this->once())->method('getEscaper')->willReturn($this->escaper);
+        $this->context->expects($this->once())->method('getLayout')->willReturn($this->layoutMock);
+
+        /** @var $cartBlock CartBlock */
+        $this->cartBlock = $objectManager->getObject(
+            \Magento\Checkout\Block\Cart::class,
+            [
+                'context'=> $this->context,
+                'checkoutSession'=>$checkoutSession,
+
+            ]
+        );
+    }
+
+    public function testGetMethodHtmlWithException()
+    {
+        $this->layoutMock->expects($this->any())->method('getBlock')->willReturn(false);
+        $name='blockMethod';
+        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
+        $this->expectExceptionMessage(
+            (string)__('Invalid method: %1', $name)
+        );
+        $this->cartBlock->getMethodHtml($name);
+    }
+}

app/code/Magento/Directory/Block/Data.php

@@ -142,7 +142,7 @@ public function getCountryHtmlSelect($defValue = null, $name = 'country_id', $id
         )->setId(
             $id
         )->setTitle(
-            __($title)
+            $this->escapeHtml(__($title))
         )->setValue(
             $defValue
         )->setOptions(