Merge remote-tracking branch 'upstream/develop' into MAGETWO-58354-block-cache-exploit

Author: jilu1

app/code/Magento/Catalog/Model/Category.php

@@ -65,7 +65,7 @@ class Category extends \Magento\Catalog\Model\AbstractModel implements
      */
     const TREE_ROOT_ID = 1;
 
-    const CACHE_TAG = 'catalog_category';
+    const CACHE_TAG = 'cat_c';
 
     /**#@+
      * Constants

app/code/Magento/Catalog/Model/Product.php

@@ -58,12 +58,12 @@ class Product extends \Magento\Catalog\Model\AbstractModel implements
     /**
      * Product cache tag
      */
-    const CACHE_TAG = 'catalog_product';
+    const CACHE_TAG = 'cat_p';
 
     /**
      * Category product relation cache tag
      */
-    const CACHE_PRODUCT_CATEGORY_TAG = 'catalog_category_product';
+    const CACHE_PRODUCT_CATEGORY_TAG = 'cat_c_p';
 
     /**
      * Product Store Id

app/code/Magento/Catalog/Model/Product/Option/Type/File.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\Catalog\Model\Product\Option\Type;
 
+use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Filesystem;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Catalog\Model\Product\Exception as ProductException;
@@ -69,17 +70,23 @@ class File extends \Magento\Catalog\Model\Product\Option\Type\DefaultType
      */
     protected $validatorFile;
 
+    /**
+     * @var Filesystem
+     */
+    private $filesystem;
+
     /**
      * @param \Magento\Checkout\Model\Session $checkoutSession
      * @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
      * @param \Magento\Quote\Model\Quote\Item\OptionFactory $itemOptionFactory
-     * @param \Magento\Catalog\Model\Product\Option\UrlBuilder $urlBuilder
-     * @param \Magento\Framework\Escaper $escaper
      * @param \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDatabase
      * @param File\ValidatorInfo $validatorInfo
      * @param File\ValidatorFile $validatorFile
+     * @param \Magento\Catalog\Model\Product\Option\UrlBuilder $urlBuilder
+     * @param \Magento\Framework\Escaper $escaper
      * @param array $data
-     * @throws \Magento\Framework\Exception\FileSystemException
+     * @param Filesystem $filesystem
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
         \Magento\Checkout\Model\Session $checkoutSession,
@@ -90,12 +97,15 @@ public function __construct(
         \Magento\Catalog\Model\Product\Option\Type\File\ValidatorFile $validatorFile,
         \Magento\Catalog\Model\Product\Option\UrlBuilder $urlBuilder,
         \Magento\Framework\Escaper $escaper,
-        array $data = []
+        array $data = [],
+        Filesystem $filesystem = null
     ) {
         $this->_itemOptionFactory = $itemOptionFactory;
         $this->_urlBuilder = $urlBuilder;
         $this->_escaper = $escaper;
         $this->_coreFileStorageDatabase = $coreFileStorageDatabase;
+        $this->filesystem = $filesystem ?: \Magento\Framework\App\ObjectManager::getInstance()->get(Filesystem::class);
+        $this->_rootDirectory = $this->filesystem->getDirectoryRead(DirectoryList::MEDIA);
         $this->validatorInfo = $validatorInfo;
         $this->validatorFile = $validatorFile;
         parent::__construct($checkoutSession, $scopeConfig, $data);

app/code/Magento/Catalog/Test/Unit/Block/Product/ListProductTest.php

@@ -114,8 +114,8 @@ protected function tearDown()
 
     public function testGetIdentities()
     {
-        $productTag = 'catalog_product_1';
-        $categoryTag = 'catalog_category_product_1';
+        $productTag = 'cat_p_1';
+        $categoryTag = 'cat_c_p_1';
 
         $this->productMock->expects($this->once())
             ->method('getIdentities')

app/code/Magento/Catalog/Test/Unit/Block/Product/ViewTest.php

@@ -32,7 +32,7 @@ protected function setUp()
         $helper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
         $this->productTypeConfig = $this->getMock(\Magento\Catalog\Model\ProductTypes\ConfigInterface::class);
         $this->registryMock = $this->getMock(\Magento\Framework\Registry::class, [], [], '', false);
-        $this->view = $helper->getObject(
+        $this->view = $helper->getObject(
             \Magento\Catalog\Block\Product\View::class,
             ['productTypeConfig' => $this->productTypeConfig, 'registry' => $this->registryMock]
         );
@@ -65,7 +65,7 @@ public function testShouldRenderQuantity()
 
     public function testGetIdentities()
     {
-        $productTags = ['catalog_product_1'];
+        $productTags = ['cat_p_1'];
         $product = $this->getMock(\Magento\Catalog\Model\Product::class, [], [], '', false);
         $category = $this->getMock(\Magento\Catalog\Model\Category::class, [], [], '', false);
 
@@ -84,6 +84,6 @@ public function testGetIdentities()
                 ]
             )
         );
-        $this->assertEquals(['catalog_product_1', 'catalog_category_1'], $this->view->getIdentities());
+        $this->assertEquals(['cat_p_1', 'cat_c_1'], $this->view->getIdentities());
     }
 }

app/code/Magento/Catalog/Test/Unit/Model/Product/Option/Type/FileTest.php

@@ -5,6 +5,12 @@
  */
 namespace Magento\Catalog\Test\Unit\Model\Product\Option\Type;
 
+use Magento\Catalog\Model\Product\Configuration\Item\Option\OptionInterface;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Directory\ReadInterface;
+use Magento\Framework\Filesystem\DriverPool;
+
 class FileTest extends \PHPUnit_Framework_TestCase
 {
     /**
@@ -13,7 +19,7 @@ class FileTest extends \PHPUnit_Framework_TestCase
     protected $objectManager;
 
     /**
-     * @var \Magento\Framework\Filesystem\Directory\ReadInterface|\PHPUnit_Framework_MockObject_MockObject
+     * @var ReadInterface|\PHPUnit_Framework_MockObject_MockObject
      */
     protected $rootDirectory;
 
@@ -22,14 +28,26 @@ class FileTest extends \PHPUnit_Framework_TestCase
      */
     protected $coreFileStorageDatabase;
 
+    /**
+     * @var Filesystem|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $filesystemMock;
+
     protected function setUp()
     {
         $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
 
-        $this->rootDirectory = $this->getMockBuilder(\Magento\Framework\Filesystem\Directory\ReadInterface::class)
+        $this->filesystemMock = $this->getMockBuilder(Filesystem::class)
             ->disableOriginalConstructor()
-            ->setMethods(['isFile', 'isReadable', 'getAbsolutePath'])
-            ->getMockForAbstractClass();
+            ->getMock();
+
+        $this->rootDirectory = $this->getMockBuilder(ReadInterface::class)
+            ->getMock();
+
+        $this->filesystemMock->expects($this->once())
+            ->method('getDirectoryRead')
+            ->with(DirectoryList::MEDIA, DriverPool::FILE)
+            ->willReturn($this->rootDirectory);
 
         $this->coreFileStorageDatabase = $this->getMock(
             \Magento\MediaStorage\Helper\File\Storage\Database::class,
@@ -48,26 +66,27 @@ protected function getFileObject()
         return $this->objectManager->getObject(
             \Magento\Catalog\Model\Product\Option\Type\File::class,
             [
-                'saleableItem' => $this->rootDirectory,
-                'priceCurrency' => $this->coreFileStorageDatabase
+                'filesystem' => $this->filesystemMock,
+                'coreFileStorageDatabase' => $this->coreFileStorageDatabase
             ]
         );
     }
 
     public function testCopyQuoteToOrder()
     {
-        $optionMock = $this->getMockBuilder(
-            \Magento\Catalog\Model\Product\Configuration\Item\Option\OptionInterface::class
-        )->disableOriginalConstructor()->setMethods(['getValue'])->getMockForAbstractClass();
+        $optionMock = $this->getMockBuilder(OptionInterface::class)
+            ->disableOriginalConstructor()
+            ->setMethods(['getValue'])
+            ->getMockForAbstractClass();
 
         $quotePath = '/quote/path/path/uploaded.file';
         $orderPath = '/order/path/path/uploaded.file';
 
         $optionMock->expects($this->any())
             ->method('getValue')
-            ->will($this->returnValue(['quote_path' => $quotePath, 'order_path' => $orderPath]));
+            ->will($this->returnValue(serialize(['quote_path' => $quotePath, 'order_path' => $orderPath])));
 
-        $this->rootDirectory->expects($this->any())
+        $this->rootDirectory->expects($this->once())
             ->method('isFile')
             ->with($this->equalTo($quotePath))
             ->will($this->returnValue(true));

app/code/Magento/Catalog/Test/Unit/Model/ProductTest.php

@@ -708,13 +708,13 @@ public function getIdentitiesProvider()
 
         return [
             'no changes' => [
-                ['catalog_product_1'],
+                ['cat_p_1'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1]],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1]],
             ],
             'new product' => $this->getNewProductProviderData(),
             'status and category change' => [
-                [0 => 'catalog_product_1', 1 => 'catalog_category_product_1', 2 => 'catalog_category_product_2'],
+                [0 => 'cat_p_1', 1 => 'cat_c_p_1', 2 => 'cat_c_p_2'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 2],
                 [
                     'id' => 1,
@@ -726,18 +726,18 @@ public function getIdentitiesProvider()
                 ],
             ],
             'status change only' => [
-                [0 => 'catalog_product_1', 1 => 'catalog_category_product_7'],
+                [0 => 'cat_p_1', 1 => 'cat_c_p_7'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [7], 'status' => 1],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [7], 'status' => 2],
             ],
             'status changed, category unassigned' => $this->getStatusAndCategoryChangesData(),
             'no status changes' => [
-                [0 => 'catalog_product_1'],
+                [0 => 'cat_p_1'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
             ],
             'no stock status changes' => [
-                [0 => 'catalog_product_1'],
+                [0 => 'cat_p_1'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
                 [
                     'id' => 1,
@@ -749,7 +749,7 @@ public function getIdentitiesProvider()
                 ],
             ],
             'no stock status data 1' => [
-                [0 => 'catalog_product_1'],
+                [0 => 'cat_p_1'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
                 [
                     'id' => 1,
@@ -760,7 +760,7 @@ public function getIdentitiesProvider()
                 ],
             ],
             'no stock status data 2' => [
-                [0 => 'catalog_product_1'],
+                [0 => 'cat_p_1'],
                 ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
                 [
                     'id' => 1,
@@ -780,7 +780,7 @@ public function getIdentitiesProvider()
     private function getStatusAndCategoryChangesData()
     {
         return [
-            [0 => 'catalog_product_1', 1 => 'catalog_category_product_5'],
+            [0 => 'cat_p_1', 1 => 'cat_c_p_5'],
             ['id' => 1, 'name' => 'value', 'category_ids' => [5], 'status' => 2],
             [
                 'id' => 1,
@@ -799,7 +799,7 @@ private function getStatusAndCategoryChangesData()
     private function getNewProductProviderData()
     {
         return [
-            ['catalog_product_1', 'catalog_category_product_1'],
+            ['cat_p_1', 'cat_c_p_1'],
             null,
             [
                 'id' => 1,
@@ -818,7 +818,7 @@ private function getNewProductProviderData()
     private function getStatusStockProviderData($extensionAttributesMock)
     {
         return [
-            [0 => 'catalog_product_1', 1 => 'catalog_category_product_1'],
+            [0 => 'cat_p_1', 1 => 'cat_c_p_1'],
             ['id' => 1, 'name' => 'value', 'category_ids' => [1], 'status' => 1],
             [
                 'id' => 1,

app/code/Magento/Catalog/etc/di.xml

@@ -834,4 +834,7 @@
             <argument name="collectionProcessor" xsi:type="object">Magento\Eav\Model\Api\SearchCriteria\CollectionProcessor</argument>
         </arguments>
     </type>
+    <type name="Magento\Quote\Model\Quote\Item\ToOrderItem">
+        <plugin name="copy_quote_files_to_order" type="Magento\Catalog\Model\Plugin\QuoteItemProductOption"/>
+    </type>
 </config>

app/code/Magento/Catalog/etc/frontend/di.xml

@@ -18,9 +18,6 @@
             <argument name="fetchStrategy" xsi:type="object">Magento\Catalog\Model\ResourceModel\Category\Collection\FetchStrategy</argument>
         </arguments>
     </type>
-    <type name="Magento\Quote\Model\Quote\Item\ToOrderItem">
-        <plugin name="copy_quote_files_to_order" type="Magento\Catalog\Model\Plugin\QuoteItemProductOption"/>
-    </type>
     <type name="Magento\Catalog\Model\Indexer\AbstractFlatState">
         <arguments>
             <argument name="isAvailable" xsi:type="boolean">true</argument>

app/code/Magento/CatalogImportExport/Model/Export/Product.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\CatalogImportExport\Model\Export;
 
+use Magento\Framework\DB\Ddl\Table;
 use Magento\ImportExport\Model\Import;
 use \Magento\Store\Model\Store;
 use \Magento\CatalogImportExport\Model\Import\Product as ImportProduct;
@@ -127,6 +128,13 @@ class Product extends \Magento\ImportExport\Model\Export\Entity\AbstractEntity
      */
     protected $_attributeTypes = [];
 
+    /**
+     * Attributes defined by user
+     *
+     * @var array
+     */
+    private $userDefinedAttributes = [];
+
     /**
      * Product collection
      *
@@ -261,7 +269,11 @@ class Product extends \Magento\ImportExport\Model\Export\Entity\AbstractEntity
      */
     protected $dateAttrCodes = [
         'special_from_date',
-        'special_to_date'
+        'special_to_date',
+        'news_from_date',
+        'news_to_date',
+        'custom_design_from',
+        'custom_design_to'
     ];
 
     /**
@@ -910,20 +922,24 @@ protected function collectRawData()
                     }
                     $fieldName = isset($this->_fieldsMap[$code]) ? $this->_fieldsMap[$code] : $code;
 
-                    if (in_array($code, $this->dateAttrCodes)) {
-                        $attrValue = $this->_localeDate->formatDateTime(
-                            new \DateTime($attrValue),
-                            \IntlDateFormatter::SHORT,
-                            \IntlDateFormatter::NONE,
-                            null,
-                            date_default_timezone_get()
-                        );
-                    } else if ($this->_attributeTypes[$code] === 'datetime') {
-                        $attrValue = $this->_localeDate->formatDateTime(
-                            new \DateTime($attrValue),
-                            \IntlDateFormatter::SHORT,
-                            \IntlDateFormatter::SHORT
-                        );
+                    if ($this->_attributeTypes[$code] == 'datetime') {
+                        if (in_array($code, $this->dateAttrCodes)
+                            || in_array($code, $this->userDefinedAttributes)
+                        ) {
+                            $attrValue = $this->_localeDate->formatDateTime(
+                                new \DateTime($attrValue),
+                                \IntlDateFormatter::SHORT,
+                                \IntlDateFormatter::NONE,
+                                null,
+                                date_default_timezone_get()
+                            );
+                        } else {
+                            $attrValue = $this->_localeDate->formatDateTime(
+                                new \DateTime($attrValue),
+                                \IntlDateFormatter::SHORT,
+                                \IntlDateFormatter::SHORT
+                            );
+                        }
                     }
 
                     if ($storeId != Store::DEFAULT_STORE_ID
@@ -1380,6 +1396,9 @@ protected function initAttributes()
             $this->_attributeValues[$attribute->getAttributeCode()] = $this->getAttributeOptions($attribute);
             $this->_attributeTypes[$attribute->getAttributeCode()] =
                 \Magento\ImportExport\Model\Import::getAttributeType($attribute);
+            if ($attribute->getIsUserDefined()) {
+                $this->userDefinedAttributes[] = $attribute->getAttributeCode();
+            }
         }
         return $this;
     }