Merge remote-tracking branch 'arcticfoxes/MAGETWO-99020' into 2.1.18-develop-pr

Author: Joan He

app/code/Magento/Config/Model/Config/Backend/Serialized.php

@@ -5,16 +5,55 @@
  */
 namespace Magento\Config\Model\Config\Backend;
 
+use Magento\Framework\Unserialize\SecureUnserializer;
+use Magento\Framework\App\ObjectManager;
+
 class Serialized extends \Magento\Framework\App\Config\Value
 {
+    /**
+     * @var SecureUnserializer
+     */
+    private $unserializer;
+
+    /**
+     * Serialized constructor
+     *
+     * @param \Magento\Framework\Model\Context $context
+     * @param \Magento\Framework\Registry $registry
+     * @param \Magento\Framework\App\Config\ScopeConfigInterface $config
+     * @param \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList
+     * @param \Magento\Framework\Model\ResourceModel\AbstractResource|null $resource
+     * @param \Magento\Framework\Data\Collection\AbstractDb|null $resourceCollection
+     * @param array $data
+     * @param SecureUnserializer|null $unserializer
+     */
+    public function __construct(
+        \Magento\Framework\Model\Context $context,
+        \Magento\Framework\Registry $registry,
+        \Magento\Framework\App\Config\ScopeConfigInterface $config,
+        \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList,
+        \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
+        \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
+        array $data = [],
+        SecureUnserializer $unserializer = null
+    ) {
+        parent::__construct($context, $registry, $config, $cacheTypeList, $resource, $resourceCollection, $data);
+        $this->unserializer = $unserializer ?: ObjectManager::getInstance()->get(SecureUnserializer::class);
+    }
+
     /**
      * @return void
      */
     protected function _afterLoad()
     {
-        if (!is_array($this->getValue())) {
-            $value = $this->getValue();
-            $this->setValue(empty($value) ? false : unserialize($value));
+        $value = $this->getValue();
+        if (!is_array($value)) {
+            try {
+                $this->setValue(empty($value) ? false : $this->unserializer->unserialize($value));
+            } catch (\Exception $e) {
+                $this->_logger->critical($e);
+                $this->setValue(false);
+            }
         }
     }
 
@@ -23,9 +62,11 @@ protected function _afterLoad()
      */
     public function beforeSave()
     {
-        if (is_array($this->getValue())) {
-            $this->setValue(serialize($this->getValue()));
+        $value = $this->getValue();
+        if (is_array($value)) {
+            $this->setValue(serialize($value));
         }
-        return parent::beforeSave();
+        parent::beforeSave();
+        return $this;
     }
 }

dev/tests/static/testsuite/Magento/Test/Js/_files/eslint/.eslintrc-magento

@@ -62,7 +62,8 @@
             2,
             {
                 "args": "after-used",
-                "vars": "all"
+                "vars": "all",
+                "varsIgnorePattern": "config"
             }
         ],
         "no-use-before-define": 2,