Merge branch '2.4-develop' of https://github.com/magento/magento2ce into B2B-1780

Author: Roman Hanin

app/code/Magento/Backup/Model/Fs/Collection.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Backup\Model\Fs;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
@@ -92,12 +94,17 @@ public function __construct(
      * Create .htaccess file and deny backups directory access from web
      *
      * @return void
+     * @throws \Magento\Framework\Exception\FileSystemException
      */
     protected function _hideBackupsForApache()
     {
         $filename = '.htaccess';
-        if (!$this->_varDirectory->isFile($filename)) {
-            $this->_varDirectory->writeFile($filename, 'deny from all');
+        $driver = $this->_varDirectory->getDriver();
+        $absolutePath = $driver->getAbsolutePath($this->_varDirectory->getAbsolutePath(), $filename);
+        if (!$driver->isFile($absolutePath)) {
+            $resource = $driver->fileOpen($absolutePath, 'w+');
+            $driver->fileWrite($resource, 'deny from all');
+            $driver->fileClose($resource);
         }
     }
 

app/code/Magento/Backup/Test/Unit/Model/Fs/CollectionTest.php

@@ -34,10 +34,15 @@ public function testConstructor()
         )->disableOriginalConstructor()
             ->getMock();
         $backupData->expects($this->any())->method('getExtensions')->willReturn([]);
-
+        $driver = $this->getMockBuilder(
+            Filesystem\DriverInterface::class
+        )->disableOriginalConstructor()
+            ->getMock();
         $directoryWrite->expects($this->any())->method('create')->with('backups');
-        $directoryWrite->expects($this->any())->method('getAbsolutePath')->with('backups');
+        $directoryWrite->expects($this->any())->method('getAbsolutePath')->willReturn('');
+        $directoryWrite->expects($this->at(3))->method('getAbsolutePath')->with('backups');
         $directoryWrite->expects($this->any())->method('isDirectory')->willReturn(true);
+        $directoryWrite->expects($this->any())->method('getDriver')->willReturn($driver);
         $targetDirectory = $this->getMockBuilder(TargetDirectory::class)
             ->disableOriginalConstructor()
             ->getMock();

app/code/Magento/Catalog/Controller/Adminhtml/Product/Gallery/Upload.php

@@ -108,8 +108,10 @@ public function execute()
 
             $result['url'] = $this->productMediaConfig->getTmpMediaUrl($result['file']);
             $result['file'] = $result['file'] . '.tmp';
-        } catch (\Exception $e) {
+        } catch (LocalizedException $e) {
             $result = ['error' => $e->getMessage(), 'errorcode' => $e->getCode()];
+        } catch (\Throwable $e) {
+            $result = ['error' => 'Something went wrong while saving the file(s).', 'errorcode' => 0];
         }
 
         /** @var \Magento\Framework\Controller\Result\Raw $response */

app/code/Magento/Catalog/Model/Product.php

@@ -883,8 +883,8 @@ public function beforeSave()
 
         $this->getTypeInstance()->beforeSave($this);
 
-        $hasOptions = $this->getData('has_options') === "1";
-        $hasRequiredOptions = $this->getData('required_options') === "1";
+        $hasOptions = $this->getData('has_options') === "1" && $this->isProductHasOptions();
+        $hasRequiredOptions = $this->getData('required_options') === "1" && $this->isProductHasOptions();
 
         /**
          * $this->_canAffectOptions - set by type instance only
@@ -934,6 +934,21 @@ public function beforeSave()
         parent::beforeSave();
     }
 
+    /**
+     * Check based on options data
+     *
+     * @return bool
+     */
+    private function isProductHasOptions() : bool
+    {
+        if ($this->getData('options') === null) {
+            $result = true;
+        } else {
+            $result = is_array($this->getData('options')) && count($this->getData('options')) > 0;
+        }
+        return $result;
+    }
+
     /**
      * Check/set if options can be affected when saving product
      *

app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorFile.php

@@ -3,15 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Catalog\Model\Product\Option\Type\File;
 
 use Magento\Catalog\Model\Product;
-use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Catalog\Model\Product\Exception as ProductException;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Math\Random;
-use Magento\Framework\App\ObjectManager;
 use Magento\MediaStorage\Model\File\Uploader;
 
 /**
@@ -254,8 +255,12 @@ protected function initFilesystem()
 
         // Directory listing and hotlink secure
         $path = $this->path . '/.htaccess';
-        if (!$this->mediaDirectory->isFile($path)) {
-            $this->mediaDirectory->writeFile($path, "Order deny,allow\nDeny from all");
+        $driver = $this->mediaDirectory->getDriver();
+        $absolutePath = $driver->getAbsolutePath($this->mediaDirectory->getAbsolutePath(), $path);
+        if (!$driver->isFile($absolutePath)) {
+            $resource = $driver->fileOpen($absolutePath, 'w+');
+            $driver->fileWrite($resource, "Order deny,allow\nDeny from all");
+            $driver->fileClose($resource);
         }
     }
 

app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php

@@ -6,13 +6,22 @@
 
 namespace Magento\Catalog\Model\Product\Option\Type\File;
 
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\File\Size;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Io\File as IoFile;
+use Magento\MediaStorage\Helper\File\Storage\Database;
+use Magento\MediaStorage\Model\File\Validator\NotProtectedExtension;
+
 /**
  * Validator for existing files.
  */
 class ValidatorInfo extends Validator
 {
     /**
-     * @var \Magento\MediaStorage\Helper\File\Storage\Database
+     * @var Database
      */
     protected $coreFileStorageDatabase;
 
@@ -36,24 +45,39 @@ class ValidatorInfo extends Validator
      */
     protected $fileRelativePath;
 
+    /**
+     * @var IoFile
+     */
+    private $ioFile;
+    /**
+     * @var NotProtectedExtension
+     */
+    private $fileValidator;
+
     /**
      * Construct method
      *
-     * @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
-     * @param \Magento\Framework\Filesystem $filesystem
-     * @param \Magento\Framework\File\Size $fileSize
-     * @param \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDatabase
+     * @param ScopeConfigInterface $scopeConfig
+     * @param Filesystem $filesystem
+     * @param Size $fileSize
+     * @param Database $coreFileStorageDatabase
      * @param ValidateFactory $validateFactory
+     * @param NotProtectedExtension $fileValidator
+     * @param IoFile $ioFile
      */
     public function __construct(
-        \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig,
-        \Magento\Framework\Filesystem $filesystem,
-        \Magento\Framework\File\Size $fileSize,
-        \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDatabase,
-        \Magento\Catalog\Model\Product\Option\Type\File\ValidateFactory $validateFactory
+        ScopeConfigInterface $scopeConfig,
+        Filesystem $filesystem,
+        Size $fileSize,
+        Database $coreFileStorageDatabase,
+        ValidateFactory $validateFactory,
+        NotProtectedExtension $fileValidator,
+        IoFile $ioFile
     ) {
         $this->coreFileStorageDatabase = $coreFileStorageDatabase;
         $this->validateFactory = $validateFactory;
+        $this->fileValidator = $fileValidator;
+        $this->ioFile = $ioFile;
         parent::__construct($scopeConfig, $filesystem, $fileSize);
     }
 
@@ -94,27 +118,42 @@ public function validate($optionValue, $option)
         $validatorChain = $this->validateFactory->create();
         try {
             $validatorChain = $this->buildImageValidator($validatorChain, $option, $this->fileFullPath);
-        } catch (\Magento\Framework\Exception\InputException $notImage) {
+        } catch (InputException $notImage) {
             return false;
         }
 
-        $result = false;
-        if ($validatorChain->isValid($this->fileFullPath, $optionValue['title'])) {
-            $result = $this->rootDirectory->isReadable($this->fileRelativePath)
+        if ($this->validatePath($optionValue) && $validatorChain->isValid($this->fileFullPath, $optionValue['title'])) {
+            return $this->rootDirectory->isReadable($this->fileRelativePath)
                 && isset($optionValue['secret_key'])
                 && $this->buildSecretKey($this->fileRelativePath) == $optionValue['secret_key'];
-        } elseif ($validatorChain->getErrors()) {
+        } else {
             $errors = $this->getValidatorErrors($validatorChain->getErrors(), $optionValue, $option);
-
             if (count($errors) > 0) {
-                throw new \Magento\Framework\Exception\LocalizedException(__(implode("\n", $errors)));
+                throw new LocalizedException(__(implode("\n", $errors)));
             }
-        } else {
-            throw new \Magento\Framework\Exception\LocalizedException(
+            throw new LocalizedException(
                 __("The product's required option(s) weren't entered. Make sure the options are entered and try again.")
             );
         }
-        return $result;
+    }
+
+    /**
+     * Validate quote_path and order_path.
+     *
+     * @param array $optionValuePath
+     * @return bool
+     */
+    private function validatePath(array $optionValuePath): bool
+    {
+        foreach ([$optionValuePath['quote_path'], $optionValuePath['order_path']] as $path) {
+            $pathInfo = $this->ioFile->getPathInfo($path);
+            if (isset($pathInfo['extension'])) {
+                if (!$this->fileValidator->isValid($pathInfo['extension'])) {
+                    return false;
+                }
+            }
+        }
+        return true;
     }
 
     /**

app/code/Magento/Catalog/Test/Mftf/Section/AdminAddProductsToOptionPanelSection.xml

@@ -5,7 +5,6 @@
   * See COPYING.txt for license details.
   */
 -->
-
 <sections xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Page/etc/SectionObject.xsd">
     <section name="AdminAddProductsToOptionPanel">
@@ -16,4 +15,4 @@
         <element name="firstCheckbox" type="input" selector="//tr[1]//input[@data-action='select-row']"/>
         <element name="nthCheckbox" type="input" selector="//tr[{{var}}]//input[@data-action='select-row']" parameterized="true"/>
     </section>
-</sections>
+</sections>

app/code/Magento/Catalog/Test/Unit/Model/ProductTest.php

@@ -1113,6 +1113,21 @@ public function testSaveWithProvidedRequiredOptions()
         $this->assertTrue($this->model->getRequiredOptions());
     }
 
+    /**
+     * Test for save method with provided options settled via magic method
+     */
+    public function testSaveWithProvidedRequiredOptionsValue()
+    {
+        $this->model->setHasOptions("1");
+        $this->model->setRequiredOptions("1");
+        $this->model->setData("options", null);
+        $this->configureSaveTest();
+        $this->model->beforeSave();
+        $this->model->afterSave();
+        $this->assertTrue($this->model->getHasOptions());
+        $this->assertTrue($this->model->getRequiredOptions());
+    }
+
     public function testGetIsSalableSimple()
     {
         $typeInstanceMock =

app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator.php

@@ -185,7 +185,7 @@ public function validate(Observer $observer)
          * Check item for options
          */
         if ($options) {
-            $qty = $product->getTypeInstance()->prepareQuoteItemQty($qty, $product);
+            $qty = $product->getTypeInstance()->prepareQuoteItemQty($quoteItem->getQty(), $product);
             $quoteItem->setData('qty', $qty);
             if ($stockStatus) {
                 $this->checkOptionsQtyIncrements($quoteItem, $options);

app/code/Magento/CatalogInventory/Model/Quote/Item/QuantityValidator/Initializer/Option.php

@@ -120,7 +120,7 @@ public function initialize(
             /**
              * if option's qty was updates we also need to update quote item qty
              */
-            $quoteItem->setData('qty', (int) $qty);
+            $quoteItem->setData('qty', (int) $result->getItemQty());
         }
         if ($result->getMessage() !== null) {
             $option->setMessage($result->getMessage());

app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/OptionTest.php

@@ -125,7 +125,7 @@ protected function setUp(): void
         );
         $this->resultMock = $this->getMockBuilder(DataObject::class)
             ->addMethods(
-                ['getItemIsQtyDecimal', 'getHasQtyOptionUpdate', 'getOrigQty', 'getMessage', 'getItemBackorders']
+                ['getItemIsQtyDecimal', 'getHasQtyOptionUpdate', 'getOrigQty', 'getMessage', 'getItemBackorders', 'getItemQty']
             )
             ->disableOriginalConstructor()
             ->getMock();
@@ -217,6 +217,7 @@ public function testInitializeWhenResultIsDecimalGetBackordersMessageHasOptionQt
         $this->optionMock->expects($this->once())->method('setBackorders')->with('backorders');
 
         $this->stockItemMock->expects($this->once())->method('unsIsChildItem');
+        $this->resultMock->expects($this->once())->method('getItemQty')->willReturn($qty);
         $this->validator->initialize($this->optionMock, $this->quoteItemMock, $qty);
     }
 

app/code/Magento/CatalogInventory/Test/Unit/Model/Quote/Item/QuantityValidator/Initializer/QuantityValidatorTest.php

@@ -564,7 +564,7 @@ private function createInitialStub($qty)
         $this->quoteItemMock->expects($this->any())
             ->method('getQuote')
             ->willReturn($this->quoteMock);
-        $this->quoteItemMock->expects($this->once())
+        $this->quoteItemMock->expects($this->any())
             ->method('getQty')
             ->willReturn($qty);
         $this->quoteItemMock->expects($this->any())

app/code/Magento/Cms/Controller/Adminhtml/Page/PostDataProcessor.php

@@ -10,6 +10,7 @@
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Config\Dom\ValidationException;
 use Magento\Framework\Config\Dom\ValidationSchemaException;
+use Magento\Cms\Model\Page\CustomLayout\CustomLayoutValidator;
 
 /**
  * Controller helper for user input.
@@ -36,23 +37,32 @@ class PostDataProcessor
      */
     private $validationState;
 
+    /**
+     * @var CustomLayoutValidator
+     */
+    private $customLayoutValidator;
+
     /**
      * @param \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter
      * @param \Magento\Framework\Message\ManagerInterface $messageManager
      * @param \Magento\Framework\View\Model\Layout\Update\ValidatorFactory $validatorFactory
-     * @param DomValidationState $validationState
+     * @param DomValidationState|null $validationState
+     * @param CustomLayoutValidator|null $customLayoutValidator
      */
     public function __construct(
         \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter,
         \Magento\Framework\Message\ManagerInterface $messageManager,
         \Magento\Framework\View\Model\Layout\Update\ValidatorFactory $validatorFactory,
-        DomValidationState $validationState = null
+        DomValidationState $validationState = null,
+        CustomLayoutValidator $customLayoutValidator = null
     ) {
         $this->dateFilter = $dateFilter;
         $this->messageManager = $messageManager;
         $this->validatorFactory = $validatorFactory;
         $this->validationState = $validationState
             ?: ObjectManager::getInstance()->get(DomValidationState::class);
+        $this->customLayoutValidator = $customLayoutValidator
+            ?: ObjectManager::getInstance()->get(CustomLayoutValidator::class);
     }
 
     /**
@@ -146,6 +156,9 @@ private function validateData($data, $layoutXmlValidator)
             ) {
                 return false;
             }
+            if (!$this->customLayoutValidator->validate($data)) {
+                return false;
+            }
         } catch (ValidationException $e) {
             return false;
         } catch (ValidationSchemaException $e) {