Merge pull request #2779 from magento-plankton/2.2.5-merged

[Plankton]: Merge 2.2.5 Release into 2.2-develop Branch

Author: Alexander Akimov

CHANGELOG.md

@@ -11,7 +11,7 @@
         "lib-libxml": "*"
     },
     "type": "magento2-module",
-    "version": "100.2.2",
+    "version": "100.2.3",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/AdminNotification/composer.json

@@ -13,7 +13,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.2",
+    "version": "100.2.3",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/AdvancedPricingImportExport/composer.json

@@ -10,7 +10,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.1",
+    "version": "100.2.2",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Analytics/composer.json

@@ -7,7 +7,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.0",
+    "version": "100.2.1",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Authorization/composer.json

@@ -16,7 +16,7 @@
         "magento/module-config": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.0",
+    "version": "100.2.1",
     "license": [
         "proprietary"
     ],

app/code/Magento/Authorizenet/composer.json

@@ -24,7 +24,7 @@
         "magento/module-theme": "100.2.*"
     },
     "type": "magento2-module",
-    "version": "100.2.4",
+    "version": "100.2.5",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Backend/composer.json

@@ -9,7 +9,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.3",
+    "version": "100.2.4",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Backup/composer.json

@@ -25,7 +25,7 @@
         "magento/module-theme": "100.2.*"
     },
     "type": "magento2-module",
-    "version": "100.2.4",
+    "version": "100.2.5",
     "license": [
         "proprietary"
     ],

app/code/Magento/Braintree/composer.json

@@ -26,7 +26,7 @@
         "magento/module-sales-rule": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.3",
+    "version": "100.2.4",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Bundle/composer.json

@@ -12,7 +12,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.1",
+    "version": "100.2.2",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/BundleImportExport/composer.json

@@ -7,7 +7,7 @@
         "magento/framework": "101.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.0",
+    "version": "100.2.1",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/CacheInvalidate/composer.json

@@ -13,7 +13,7 @@
         "zendframework/zend-session": "^2.7.3"
     },
     "type": "magento2-module",
-    "version": "100.2.1",
+    "version": "100.2.2",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Captcha/composer.json

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Catalog\Model;
 
 /**
@@ -64,6 +66,18 @@ class ImageUploader
      */
     protected $allowedExtensions;
 
+    /**
+     * List of allowed image mime types
+     *
+     * @var array
+     */
+    private $allowedMimeTypes = [
+        'image/jpg',
+        'image/jpeg',
+        'image/gif',
+        'image/png'
+    ];
+
     /**
      * ImageUploader constructor
      *
@@ -218,6 +232,7 @@ public function moveFileFromTmp($imageName)
      * @return string[]
      *
      * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws \Exception
      */
     public function saveFileToTmpDir($fileId)
     {
@@ -227,7 +242,9 @@ public function saveFileToTmpDir($fileId)
         $uploader = $this->uploaderFactory->create(['fileId' => $fileId]);
         $uploader->setAllowedExtensions($this->getAllowedExtensions());
         $uploader->setAllowRenameFiles(true);
-
+        if (!$uploader->checkMimeType($this->allowedMimeTypes)) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('File validation failed.'));
+        }
         $result = $uploader->save($this->mediaDirectory->getAbsolutePath($baseTmpPath));
         unset($result['path']);
 

app/code/Magento/Catalog/Model/ImageUploader.php

@@ -11,7 +11,7 @@
 use Magento\Framework\Search\Request\Dimension;
 use Magento\Framework\DB\Adapter\AdapterInterface;
 use Magento\Catalog\Model\Indexer\Category\Product\AbstractAction;
-use Magento\Framework\Search\Request\IndexScopeResolverInterface as TableResolver;
+use Magento\Framework\Indexer\ScopeResolver\IndexScopeResolver as TableResolver;
 
 /**
  * Class encapsulate logic of work with tables per store in Category Product indexer

app/code/Magento/Catalog/Model/Indexer/Category/Product/TableMaintainer.php

@@ -32,6 +32,9 @@ protected function processDeletedImages($product, array &$images)
         foreach ($images as &$image) {
             if (!empty($image['removed'])) {
                 if (!empty($image['value_id']) && !isset($picturesInOtherStores[$image['file']])) {
+                    if (preg_match('/\.\.(\\\|\/)/', $image['file'])) {
+                        continue;
+                    }
                     $recordsToDelete[] = $image['value_id'];
                     $catalogPath = $this->mediaConfig->getBaseMediaPath();
                     $isFile = $this->mediaDirectory->isFile($catalogPath . $image['file']);

app/code/Magento/Catalog/Model/Product/Gallery/UpdateHandler.php

@@ -114,6 +114,12 @@ protected function setUp()
     public function testSaveFileToTmpDir()
     {
         $fileId = 'file.jpg';
+        $allowedMimeTypes = [
+            'image/jpg',
+            'image/jpeg',
+            'image/gif',
+            'image/png'
+        ];
         /** @var \Magento\MediaStorage\Model\File\Uploader|\PHPUnit_Framework_MockObject_MockObject $uploader */
         $uploader = $this->createMock(\Magento\MediaStorage\Model\File\Uploader::class);
         $this->uploaderFactoryMock->expects($this->once())->method('create')->willReturn($uploader);
@@ -123,6 +129,7 @@ public function testSaveFileToTmpDir()
             ->willReturn($this->basePath);
         $uploader->expects($this->once())->method('save')->with($this->basePath)
             ->willReturn(['tmp_name' => $this->baseTmpPath, 'file' => $fileId, 'path' => $this->basePath]);
+        $uploader->expects($this->atLeastOnce())->method('checkMimeType')->with($allowedMimeTypes)->willReturn(true);
         $storeMock = $this->createPartialMock(
             \Magento\Store\Model\Store::class,
             ['getBaseUrl']

app/code/Magento/Catalog/Test/Unit/Model/ImageUploaderTest.php

@@ -34,7 +34,7 @@
         "magento/module-catalog-sample-data": "Sample Data version:100.2.*"
     },
     "type": "magento2-module",
-    "version": "102.0.4",
+    "version": "102.0.5",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Catalog/composer.json

@@ -6,12 +6,13 @@
 var config = {
     map: {
         '*': {
-            categoryForm:       'Magento_Catalog/catalog/category/form',
-            newCategoryDialog:  'Magento_Catalog/js/new-category-dialog',
-            categoryTree:       'Magento_Catalog/js/category-tree',
-            productGallery:     'Magento_Catalog/js/product-gallery',
-            baseImage:          'Magento_Catalog/catalog/base-image-uploader',
-            productAttributes:  'Magento_Catalog/catalog/product-attributes'
+            categoryForm:         'Magento_Catalog/catalog/category/form',
+            newCategoryDialog:    'Magento_Catalog/js/new-category-dialog',
+            categoryTree:         'Magento_Catalog/js/category-tree',
+            productGallery:       'Magento_Catalog/js/product-gallery',
+            baseImage:            'Magento_Catalog/catalog/base-image-uploader',
+            productAttributes:    'Magento_Catalog/catalog/product-attributes',
+            categoryCheckboxTree: 'Magento_Catalog/js/category-checkbox-tree'
         }
     },
     deps: [

app/code/Magento/Catalog/view/adminhtml/requirejs-config.js

@@ -10,26 +10,28 @@
  */
 ?>
 
-<?php $_divId = 'tree-div_' . time() ?>
-<div id="<?= /* @escapeNotVerified */ $_divId ?>" class="tree"></div>
+<?php $divId = $block->escapeHtml('tree-div_' . time()) ?>
+<div id="<?= /* @noEscape */ $divId ?>" class="tree"></div>
 <script id="ie-deferred-loader" defer="defer" src="//:"></script>
 
-<script>
-    require(["Magento_Catalog/js/category-checkbox-tree"], function (element) {
-        element({
-            "dataUrl":       "<?= /* @escapeNotVerified */ $block->getLoadTreeUrl() ?>" ,
-            "divId":         "<?= /* @escapeNotVerified */$_divId ?>",
-            "rootVisible":   <?php if ($block->getRoot()->getIsVisible()): ?>true<?php else : ?>false<?php endif; ?>,
-            "useAjax":       <?= /* @escapeNotVerified */ $block->getUseAjax() ?>,
-            "currentNodeId": <?= (int)$block->getCategoryId() ?>,
-            "jsFormObject":  <?= /* @escapeNotVerified */ $block->getJsFormObject() ?>,
-            "name":          "<?= /* @escapeNotVerified */ htmlentities($block->getRoot()->getName()) ?>",
-            "checked":       "<?= /* @escapeNotVerified */ $block->getRoot()->getChecked() ?>",
-            "allowDrop":     <?php if ($block->getRoot()->getIsVisible()): ?>true<?php else : ?>false<?php endif; ?>,
-            "rootId":        <?= (int)$block->getRoot()->getId() ?>,
-            "expanded":      <?= (int)$block->getIsWasExpanded() ?>,
-            "categoryId":    <?= (int)$block->getCategoryId() ?>,
-            "treeJson":      <?= /* @escapeNotVerified */ $block->getTreeJson() ?>
-        });
-    })
+<script type="text/x-magento-init">
+    {
+        "*": {
+            "categoryCheckboxTree": {
+                "dataUrl":       "<?= $block->escapeUrl($block->getLoadTreeUrl()) ?>",
+                "divId":         "<?= /* @noEscape */ $divId ?>",
+                "rootVisible":   <?= /* @noEscape */ $block->getRoot()->getIsVisible() ? 'true' : 'false' ?>,
+                "useAjax":       <?= $block->escapeHtml($block->getUseAjax()) ?>,
+                "currentNodeId": <?= (int)$block->getCategoryId() ?>,
+                "jsFormObject":  "<?= /* @noEscape */ $block->getJsFormObject() ?>",
+                "name":          "<?= $block->escapeHtml($block->getRoot()->getName()) ?>",
+                "checked":       "<?= $block->escapeHtml($block->getRoot()->getChecked()) ?>",
+                "allowdDrop":    <?= /* @noEscape */ $block->getRoot()->getIsVisible() ? 'true' : 'false' ?>,
+                "rootId":        <?= (int)$block->getRoot()->getId() ?>,
+                "expanded":      <?= (int)$block->getIsWasExpanded() ?>,
+                "categoryId":    <?= (int)$block->getCategoryId() ?>,
+                "treeJson":      <?= /* @noEscape */ $block->getTreeJson() ?>
+            }
+        }
+    }
 </script>

app/code/Magento/Catalog/view/adminhtml/templates/catalog/category/checkboxes/tree.phtml

@@ -12,15 +12,14 @@ define([
     'use strict';
 
     return function (config) {
-
         var tree,
             options = {
                 dataUrl: config.dataUrl,
                 divId: config.divId,
                 rootVisible: config.rootVisible,
                 useAjax: config.useAjax,
                 currentNodeId: config.currentNodeId,
-                jsFormObject: config.jsFormObject,
+                jsFormObject: window[config.jsFormObject],
                 name: config.name,
                 checked: config.checked,
                 allowDrop: config.allowDrop,
@@ -60,8 +59,8 @@ define([
              */
             loadTree: function (config, firstLoad) {// eslint-disable-line no-shadow
                 parameters = config.parameters,
-                data = config.data,
-                root = new Ext.tree.TreeNode(parameters);// eslint-disable-line no-undef
+                    data = config.data,
+                    root = new Ext.tree.TreeNode(parameters);// eslint-disable-line no-undef
 
                 if (typeof parameters.rootVisible != 'undefined') {
                     this.rootVisible = parameters.rootVisible * 1;

app/code/Magento/Catalog/view/adminhtml/web/js/category-checkbox-tree.js

@@ -7,7 +7,7 @@
         "magento/module-catalog": "102.0.*"
     },
     "type": "magento2-module",
-    "version": "100.2.0",
+    "version": "100.2.1",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/CatalogAnalytics/composer.json

@@ -7,12 +7,14 @@
 
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Filesystem\DriverPool;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Import entity product model
  *
  * @api
  * @since 100.0.2
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class Uploader extends \Magento\MediaStorage\Model\File\Uploader
 {
@@ -94,6 +96,11 @@ class Uploader extends \Magento\MediaStorage\Model\File\Uploader
      */
     protected $_coreFileStorage;
 
+    /**
+     * @var \Magento\Framework\App\Filesystem\DirectoryResolver
+     */
+    private $directoryResolver;
+
     /**
      * @param \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDb
      * @param \Magento\MediaStorage\Helper\File\Storage $coreFileStorage
@@ -102,6 +109,7 @@ class Uploader extends \Magento\MediaStorage\Model\File\Uploader
      * @param \Magento\Framework\Filesystem $filesystem
      * @param \Magento\Framework\Filesystem\File\ReadFactory $readFactory
      * @param null $filePath
+     * @param \Magento\Framework\App\Filesystem\DirectoryResolver|null $directoryResolver
      * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function __construct(
@@ -111,7 +119,8 @@ public function __construct(
         \Magento\MediaStorage\Model\File\Validator\NotProtectedExtension $validator,
         \Magento\Framework\Filesystem $filesystem,
         \Magento\Framework\Filesystem\File\ReadFactory $readFactory,
-        $filePath = null
+        $filePath = null,
+        \Magento\Framework\App\Filesystem\DirectoryResolver $directoryResolver = null
     ) {
         if ($filePath !== null) {
             $this->_setUploadFile($filePath);
@@ -122,6 +131,8 @@ public function __construct(
         $this->_validator = $validator;
         $this->_directory = $filesystem->getDirectoryWrite(DirectoryList::ROOT);
         $this->_readFactory = $readFactory;
+        $this->directoryResolver = $directoryResolver
+            ?: ObjectManager::getInstance()->get(\Magento\Framework\App\Filesystem\DirectoryResolver::class);
     }
 
     /**
@@ -232,6 +243,7 @@ protected function _validateFile()
 
         $fileExtension = pathinfo($filePath, PATHINFO_EXTENSION);
         if (!$this->checkAllowedExtension($fileExtension)) {
+            $this->_directory->delete($filePath);
             throw new \Exception('Disallowed file type.');
         }
         //run validate callbacks
@@ -277,7 +289,10 @@ public function getTmpDir()
      */
     public function setTmpDir($path)
     {
-        if (is_string($path) && $this->_directory->isReadable($path)) {
+        if (is_string($path)
+            && $this->_directory->isReadable($path)
+            && $this->directoryResolver->validatePath($this->_directory->getAbsolutePath($path), DirectoryList::ROOT)
+        ) {
             $this->_tmpDir = $path;
             return true;
         }