Merge branch '2.4-develop' into add-aria-links

Author: Gabriel da Gama

app/code/Magento/AdminAnalytics/etc/csp_whitelist.xml

@@ -11,6 +11,12 @@
             <policy id="script-src">
                 <values>
                     <value id="adobedtm" type="host">assets.adobedtm.com</value>
+                    <value id="adobe" type="host">*.adobe.com</value>
+                </values>
+            </policy>
+            <policy id="style-src">
+                <values>
+                    <value id="adobe" type="host">*.adobe.com</value>
                 </values>
             </policy>
             <policy id="img-src">
@@ -19,6 +25,7 @@
                     <value id="omtrdc" type="host">amcglobal.sc.omtrdc.net</value>
                     <value id="dpmdemdex" type="host">dpm.demdex.net</value>
                     <value id="everesttech" type="host">cm.everesttech.net</value>
+                    <value id="adobe" type="host">*.adobe.com</value>
                 </values>
             </policy>
             <policy id="connect-src">
@@ -27,9 +34,15 @@
                     <value id="omtrdc" type="host">amcglobal.sc.omtrdc.net</value>
                 </values>
             </policy>
+            <policy id="media-src">
+                <values>
+                    <value id="adobe" type="host">*.adobe.com</value>
+                </values>
+            </policy>
             <policy id="frame-src">
                 <values>
                     <value id="amcdemdex" type="host">fast.amc.demdex.net</value>
+                    <value id="adobe" type="host">*.adobe.com</value>
                 </values>
             </policy>
         </policies>

app/code/Magento/AdminNotification/view/adminhtml/web/js/grid/columns/message.js

@@ -36,6 +36,16 @@ define([
             return record[this.messageIndex];
         },
 
+        /**
+         * Proxy to getLabel function with UnsanitizedHtml suffix
+         *
+         * @param {Object} record
+         * @returns {String}
+         */
+        getLabelUnsanitizedHtml: function (record) {
+            return this.getLabel(record);
+        },
+
         /** @inheritdoc */
         getFieldClass: function ($row) {
             var status = this.statusMap[$row.status] || 'warning',

app/code/Magento/AdminNotification/view/adminhtml/web/template/grid/cells/message.html

@@ -5,4 +5,4 @@
  */
 -->
 <div css="$col.getFieldClass($row())"
-     html="$col.getLabel($row())"/>
+     html="$col.getLabelUnsanitizedHtml($row())"></div>

app/code/Magento/AdvancedPricingImportExport/Controller/Adminhtml/Export/GetFilter.php

@@ -34,8 +34,8 @@ public function execute()
                 /** @var $export \Magento\ImportExport\Model\Export */
                 $export = $this->_objectManager->create(\Magento\ImportExport\Model\Export::class);
                 $export->setData($data);
-                $attrFilterBlock->prepareCollection(
-                    $export->filterAttributeCollection($export->getEntityAttributeCollection())
+                $export->filterAttributeCollection(
+                    $attrFilterBlock->prepareCollection($export->getEntityAttributeCollection())
                 );
                 return $resultLayout;
             } catch (\Exception $e) {

app/code/Magento/Analytics/Test/Mftf/Test/AdminAdvancedReportingButtonTest.xml

@@ -9,14 +9,12 @@
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
     <test name="AdminAdvancedReportingButtonTest">
         <annotations>
-            <stories value="AdvancedReporting"/>
-            <title value="AdvancedReportingButtonTest"/>
-            <description value="Test log in to AdvancedReporting and tests AdvancedReportingButtonTest"/>
-            <testCaseId value="MC-14800"/>
-            <skip>
-                <issueId value="MC-14800" />
-            </skip>
+            <features value="Analytics"/>
+            <stories value="Advanced Reporting"/>
+            <title value="Assert the Advanced Reporting page is opened by dashboard link"/>
+            <description value="Check the ability to navigate to the Advanced Reporting page through the Advanced Reporting button on the dashboard"/>
             <severity value="CRITICAL"/>
+            <testCaseId value="MC-28376"/>
             <group value="analytics"/>
             <group value="mtf_migrated"/>
         </annotations>

app/code/Magento/AsynchronousOperations/Model/AccessValidator.php

@@ -55,6 +55,6 @@ public function isAllowed($bulkUuid)
             $this->bulkSummaryFactory->create(),
             $bulkUuid
         );
-        return $bulkSummary->getUserId() === $this->userContext->getUserId();
+        return ((int) $bulkSummary->getUserId()) === ((int) $this->userContext->getUserId());
     }
 }

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/form/field.html

@@ -6,4 +6,4 @@
 -->
 <div css="$data.additionalClasses"
      if="error"
-     text="error"/>
+     text="error"></div>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/grid/cells/actions.html

@@ -11,5 +11,5 @@
             attr="{
                 title: $action().label
             }"
-    />
+    ></button>
 </div>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/grid/listing.html

@@ -31,12 +31,12 @@
                 <a class="action__message-log"
                    href="#"
                    click="dismissAll"
-                   text="dismissAllText"/>
+                   text="dismissAllText"></a>
                 <a class="action__message-log"
                     attr="{
                         href: link
                     }"
-                    text="linkText"/>
+                    text="linkText"></a>
             </div>
         </div>
     </div>

app/code/Magento/Authorization/Model/CompositeUserContext.php

@@ -60,7 +60,7 @@ protected function add(UserContextInterface $userContext)
      */
     public function getUserId()
     {
-        return $this->getUserContext() ? $this->getUserContext()->getUserId() : null;
+        return $this->getUserContext() ? ((int) $this->getUserContext()->getUserId()) : null;
     }
 
     /**

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -225,8 +225,10 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt
 
         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 2);
-            $requestUri = $this->_url->getUrl(array_pop($requestParts));
+            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
+            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
+            $routeIndex = empty($baseUrlPath) ? 0 : 1;
+            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }

app/code/Magento/Backend/Block/Dashboard/Bar.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\Backend\Block\Dashboard;
 
+use Magento\Directory\Model\Currency;
 use Magento\Store\Model\Store;
 
 /**
@@ -20,10 +21,15 @@ class Bar extends \Magento\Backend\Block\Dashboard\AbstractDashboard
     protected $_totals = [];
 
     /**
-     * @var \Magento\Directory\Model\Currency|null
+     * @var Currency|null
      */
     protected $_currentCurrencyCode = null;
 
+    /**
+     * @var Currency
+     */
+    private $_currency;
+
     /**
      * Get totals
      *
@@ -67,7 +73,7 @@ public function format($price)
     /**
      * Setting currency model
      *
-     * @param \Magento\Directory\Model\Currency $currency
+     * @param Currency $currency
      * @return void
      */
     public function setCurrency($currency)
@@ -78,7 +84,7 @@ public function setCurrency($currency)
     /**
      * Retrieve currency model if not set then return currency model for current store
      *
-     * @return \Magento\Directory\Model\Currency
+     * @return Currency
      * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
      */
     public function getCurrency()

app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php

@@ -1,13 +1,17 @@
 <?php
 /**
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\Backend\Controller\Adminhtml\Auth;
 
+use Magento\Backend\App\Area\FrontNameResolver;
+use Magento\Backend\App\BackendAppList;
+use Magento\Backend\Model\UrlFactory;
 use Magento\Framework\App\Action\HttpGetActionInterface as HttpGet;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPost;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\App\Request\Http;
 
 /**
  * @api
@@ -20,18 +24,50 @@ class Login extends \Magento\Backend\Controller\Adminhtml\Auth implements HttpGe
      */
     protected $resultPageFactory;
 
+    /**
+     * @var FrontNameResolver
+     */
+    private $frontNameResolver;
+
+    /**
+     * @var BackendAppList
+     */
+    private $backendAppList;
+
+    /**
+     * @var UrlFactory
+     */
+    private $backendUrlFactory;
+
+    /**
+     * @var Http
+     */
+    private $http;
+
     /**
      * Constructor
      *
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
+     * @param FrontNameResolver|null $frontNameResolver
+     * @param BackendAppList|null $backendAppList
+     * @param UrlFactory|null $backendUrlFactory
+     * @param Http|null $http
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\View\Result\PageFactory $resultPageFactory
+        \Magento\Framework\View\Result\PageFactory $resultPageFactory,
+        FrontNameResolver $frontNameResolver = null,
+        BackendAppList $backendAppList = null,
+        UrlFactory $backendUrlFactory = null,
+        Http $http = null
     ) {
         $this->resultPageFactory = $resultPageFactory;
         parent::__construct($context);
+        $this->frontNameResolver = $frontNameResolver ?? ObjectManager::getInstance()->get(FrontNameResolver::class);
+        $this->backendAppList = $backendAppList ?? ObjectManager::getInstance()->get(BackendAppList::class);
+        $this->backendUrlFactory = $backendUrlFactory ?? ObjectManager::getInstance()->get(UrlFactory::class);
+        $this->http = $http ?? ObjectManager::getInstance()->get(Http::class);
     }
 
     /**
@@ -49,7 +85,8 @@ public function execute()
         }
 
         $requestUrl = $this->getRequest()->getUri();
-        if (!$requestUrl->isValid()) {
+
+        if (!$requestUrl->isValid() || !$this->isValidBackendUri()) {
             return $this->getRedirect($this->getUrl('*'));
         }
 
@@ -69,4 +106,26 @@ private function getRedirect($path)
         $resultRedirect->setPath($path);
         return $resultRedirect;
     }
+
+    /**
+     * Verify if correct backend uri requested.
+     *
+     * @return bool
+     */
+    private function isValidBackendUri(): bool
+    {
+        $requestUri = $this->getRequest()->getRequestUri();
+        $backendApp = $this->backendAppList->getCurrentApp();
+        $baseUrl = parse_url($this->backendUrlFactory->create()->getBaseUrl(), PHP_URL_PATH);
+        if (!$backendApp) {
+            $backendFrontName = $this->frontNameResolver->getFrontName();
+        } else {
+            //In case of application authenticating through the admin login, the script name should be removed
+            //from the path, because application has own script.
+            $baseUrl = $this->http->getUrlNoScript($baseUrl);
+            $backendFrontName = $backendApp->getCookiePath();
+        }
+
+        return strpos($requestUri, $baseUrl . $backendFrontName) === 0;
+    }
 }

app/code/Magento/Backend/Controller/Adminhtml/Dashboard/RefreshStatistics.php

@@ -6,25 +6,33 @@
 
 namespace Magento\Backend\Controller\Adminhtml\Dashboard;
 
+use Magento\Backend\App\Action\Context;
 use Magento\Framework\App\Action\HttpPostActionInterface;
+use Magento\Framework\Stdlib\DateTime\Filter\Date;
 use Magento\Reports\Controller\Adminhtml\Report\Statistics;
+use Psr\Log\LoggerInterface;
 
 /**
  * Refresh Dashboard statistics action.
  */
 class RefreshStatistics extends Statistics implements HttpPostActionInterface
 {
     /**
-     * @param \Magento\Backend\App\Action\Context $context
-     * @param \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter
+     * @var LoggerInterface
+     */
+    private $logger;
+
+    /**
+     * @param Context $context
+     * @param Date $dateFilter
      * @param array $reportTypes
-     * @param \Psr\Log\LoggerInterface $logger
+     * @param LoggerInterface $logger
      */
     public function __construct(
-        \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter,
+        Context $context,
+        Date $dateFilter,
         array $reportTypes,
-        \Psr\Log\LoggerInterface $logger
+        LoggerInterface $logger
     ) {
         parent::__construct($context, $dateFilter, $reportTypes);
         $this->logger = $logger;

app/code/Magento/Backend/Model/Menu/Config.php

@@ -63,6 +63,11 @@ class Config
      */
     protected $_appState;
 
+    /**
+     * @var Builder
+     */
+    private $_menuBuilder;
+
     /**
      * @param \Magento\Backend\Model\Menu\Builder $menuBuilder
      * @param \Magento\Backend\Model\Menu\AbstractDirector $menuDirector

app/code/Magento/Backend/Test/Mftf/Data/AdminWebConfigData.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="AdminEnableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">1</data>
+    </entity>
+    <entity name="AdminDisableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">0</data>
+    </entity>
+</entities>

app/code/Magento/Backend/Test/Mftf/Data/SystemUploadConfigurationConfigData.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="SystemUploadConfigurationMaxWidth">
+        <data key="path">system/upload_configuration/max_width</data>
+        <data key="value">1920</data>
+    </entity>
+    <entity name="SystemUploadConfigurationMaxHeight">
+        <data key="path">system/upload_configuration/max_height</data>
+        <data key="value">1200</data>
+    </entity>
+</entities>