Merge pull request #1182 from magento-frontend/PR_08062017

MomotenkoNatalia · web-flow · commit d1b86aed378f · 2017-06-12T19:22:38.000+03:00
Fixed issues: - MAGETWO-61189: Stored xss using svg images in Favicon - MAGETWO-54702: Failed ClearAllCompareProductsTest test due to Alert window. - MAGETWO-66885: Special Characters like % in widget inside of WYSIWYG gives an error #9452 - MAGETWO-59514: Hard coded "tax_region_id" in the \Magento\Tax\Setup\InstallData - MAGETWO-64952: Admin login does not handle autocomplete feature correctly
diff --git a/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml b/app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml
@@ -43,7 +43,7 @@
                        data-validate="{required:true}"
                        value=""
                        placeholder="<?php /* @escapeNotVerified */ echo __('password') ?>"
-                       autocomplete="off"
+                       autocomplete="new-password"
                     />
             </div>
         </div>
diff --git a/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml b/app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml
@@ -73,7 +73,7 @@
         <fieldset class="admin__fieldset password-box-container">
             <div class="admin__field field _required">
                 <label for="password" class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('User Password')?></span></label>
-                <div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="off"></div>
+                <div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="new-password"></div>
             </div>
 
             <div class="admin__field field maintenance-checkbox-container">
@@ -119,7 +119,7 @@
                         <span><?php /* @escapeNotVerified */ echo __('FTP Password') ?></span>
                     </label>
                     <div class="admin__field-control">
-                        <input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="off">
+                        <input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="new-password">
                     </div>
                 </div>
                 <div class="admin__field field">
diff --git a/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Catalog/view/adminhtml/ui_component/design_config_form.xml
@@ -27,7 +27,7 @@
                     <formElements>
                         <fileUploader>
                             <settings>
-                                <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                                <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                                 <maxFileSize>2097152</maxFileSize>
                                 <uploaderConfig>
                                     <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
@@ -87,7 +87,7 @@
                     <formElements>
                         <fileUploader>
                             <settings>
-                                <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                                <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                                 <maxFileSize>2097152</maxFileSize>
                                 <uploaderConfig>
                                     <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
@@ -147,7 +147,7 @@
                     <formElements>
                         <fileUploader>
                             <settings>
-                                <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                                <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                                 <maxFileSize>2097152</maxFileSize>
                                 <uploaderConfig>
                                     <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php b/app/code/Magento/Config/Model/Config/Backend/Image/Favicon.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php b/app/code/Magento/Config/Model/Config/Backend/Image/Logo.php
@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
      */
     protected function _getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php b/app/code/Magento/Config/Test/Unit/Model/Config/Backend/Image/LogoTest.php
@@ -73,7 +73,7 @@ public function testBeforeSave()
             ->will($this->returnValue('/tmp/val'));
         $this->uploaderMock->expects($this->once())
             ->method('setAllowedExtensions')
-            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
+            ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
         $this->model->beforeSave();
     }
 }
diff --git a/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Email/view/adminhtml/ui_component/design_config_form.xml
@@ -22,7 +22,7 @@
                 <formElements>
                     <fileUploader>
                         <settings>
-                            <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                            <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                             <maxFileSize>2097152</maxFileSize>
                             <uploaderConfig>
                                 <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
diff --git a/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Swatches/view/adminhtml/ui_component/design_config_form.xml
@@ -22,7 +22,7 @@
                     <formElements>
                         <fileUploader>
                             <settings>
-                                <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                                <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                                 <maxFileSize>2097152</maxFileSize>
                                 <uploaderConfig>
                                     <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
diff --git a/app/code/Magento/Tax/Setup/RecurringData.php b/app/code/Magento/Tax/Setup/RecurringData.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Tax\Setup;
+
+use Magento\Directory\Model\RegionFactory;
+use Magento\Framework\Api\Search\SearchCriteriaFactory;
+use Magento\Framework\Setup\InstallDataInterface;
+use Magento\Framework\Setup\ModuleContextInterface;
+use Magento\Framework\Setup\ModuleDataSetupInterface;
+use Magento\Tax\Api\TaxRateRepositoryInterface;
+
+/**
+ * Update installed tax region codes
+ */
+class RecurringData implements InstallDataInterface
+{
+    /**
+     * Tax rate repository
+     *
+     * @var TaxRateRepositoryInterface
+     */
+    private $taxRateRepository;
+
+    /**
+     * @var SearchCriteriaFactory
+     */
+
+    private $searchCriteriaFactory;
+
+    /**
+     * @var RegionFactory
+     */
+    private $directoryRegionFactory;
+
+    /**
+     * Init
+     *
+     * @param TaxRateRepositoryInterface $taxRateRepository
+     * @param SearchCriteriaFactory $searchCriteriaFactory
+     * @param RegionFactory $directoryRegionFactory
+     */
+    public function __construct(
+        TaxRateRepositoryInterface $taxRateRepository,
+        SearchCriteriaFactory $searchCriteriaFactory,
+        RegionFactory $directoryRegionFactory
+    ) {
+        $this->taxRateRepository = $taxRateRepository;
+        $this->searchCriteriaFactory = $searchCriteriaFactory;
+        $this->directoryRegionFactory = $directoryRegionFactory;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function install(ModuleDataSetupInterface $setup, ModuleContextInterface $context)
+    {
+        $taxRateList = $this->taxRateRepository->getList($this->searchCriteriaFactory->create());
+        /** @var \Magento\Tax\Api\Data\TaxRateInterface $taxRateData */
+        foreach ($taxRateList->getItems() as $taxRateData) {
+            $regionCode = $this->parseRegionFromTaxCode($taxRateData->getCode());
+            if ($regionCode) {
+                /** @var \Magento\Directory\Model\Region $region */
+                $region = $this->directoryRegionFactory->create();
+                $region->loadByCode($regionCode, $taxRateData->getTaxCountryId());
+                $taxRateData->setTaxRegionId($region->getRegionId());
+                $this->taxRateRepository->save($taxRateData);
+            }
+        }
+    }
+
+    /**
+     * Parse region code from tax code
+     *
+     * @param string $taxCode
+     * @return string
+     */
+    private function parseRegionFromTaxCode($taxCode)
+    {
+        $result = '';
+        $parts = explode('-', $taxCode, 3);
+
+        if (isset($parts[1])) {
+            $result = $parts[1];
+        }
+
+        return $result;
+    }
+}
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Favicon.php b/app/code/Magento/Theme/Model/Design/Backend/Favicon.php
@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
+        return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
     }
 }
diff --git a/app/code/Magento/Theme/Model/Design/Backend/Logo.php b/app/code/Magento/Theme/Model/Design/Backend/Logo.php
@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()
      */
     public function getAllowedExtensions()
     {
-        return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
+        return ['jpg', 'jpeg', 'gif', 'png'];
     }
 }
diff --git a/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml b/app/code/Magento/Theme/view/adminhtml/ui_component/design_config_form.xml
@@ -56,14 +56,14 @@
             </settings>
             <field name="head_shortcut_icon" formElement="fileUploader">
                 <settings>
-                    <notice translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng, svg. Not all browsers support all these formats!</notice>
+                    <notice translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng. Not all browsers support all these formats!</notice>
                     <label translate="true">Favicon Icon</label>
                     <componentType>fileUploader</componentType>
                 </settings>
                 <formElements>
                     <fileUploader>
                         <settings>
-                            <allowedExtensions>jpg jpeg gif png svg ico apng</allowedExtensions>
+                            <allowedExtensions>jpg jpeg gif png ico apng</allowedExtensions>
                             <maxFileSize>2097152</maxFileSize>
                             <uploaderConfig>
                                 <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
@@ -153,14 +153,14 @@
             </settings>
             <field name="header_logo_src" formElement="fileUploader">
                 <settings>
-                    <notice translate="true">Allowed file types: png, gif, jpg, jpeg, svg.</notice>
+                    <notice translate="true">Allowed file types: png, gif, jpg, jpeg.</notice>
                     <label translate="true">Logo Image</label>
                     <componentType>fileUploader</componentType>
                 </settings>
                 <formElements>
                     <fileUploader>
                         <settings>
-                            <allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
+                            <allowedExtensions>jpg jpeg gif png</allowedExtensions>
                             <maxFileSize>2097152</maxFileSize>
                             <uploaderConfig>
                                 <param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
diff --git a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.php
@@ -28,6 +28,7 @@ class ClearAllCompareProductsTest extends AbstractCompareProductsTest
 {
     /* tags */
     const MVP = 'yes';
+    const TEST_TYPE = 'extended_acceptance_test';
     /* end tags */
 
     /**
diff --git a/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml b/dev/tests/functional/tests/app/Magento/Catalog/Test/TestCase/Product/ClearAllCompareProductsTest.xml
@@ -8,7 +8,6 @@
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../../vendor/magento/mtf/etc/variations.xsd">
     <testCase name="Magento\Catalog\Test\TestCase\Product\ClearAllCompareProductsTest" summary="Clear All Compare Products" ticketId="MAGETWO-25961">
         <variation name="ClearAllCompareProductsTestVariation1">
-            <data name="tag" xsi:type="string">stable:no</data>
             <data name="config/dataset" xsi:type="string">compare_products</data>
             <data name="products" xsi:type="string">catalogProductSimple::simple_for_composite_products,catalogProductVirtual::default,downloadableProduct::default,groupedProduct::grouped_product_with_price,configurableProduct::default,bundleProduct::bundle_dynamic_product,bundleProduct::bundle_fixed_product</data>
             <constraint name="Magento\Catalog\Test\Constraint\AssertProductCompareSuccessRemoveAllProductsMessage" />
diff --git a/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js b/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js
@@ -463,8 +463,6 @@ define([
             var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
                 reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9,_-]+)'));
 
-            content = decodeURIComponent(content);
-
             return content.gsub(reg, function (match) { //eslint-disable-line no-extra-bind
                 return Base64.mageDecode(match[1]);
             });
diff --git a/setup/view/magento/setup/marketplace-credentials.phtml b/setup/view/magento/setup/marketplace-credentials.phtml
@@ -23,6 +23,7 @@
         </div>
         <form name="auth"
               role="form"
+              autocomplete="off"
               ng-show="showCredsForm"
             >
             <fieldset class="fieldset">
@@ -63,6 +64,7 @@
                                                || (auth.username.$error.required && user.submitted) }"
                                autofocus
                                required
+                               autocomplete="off"
                             >
                         <div class="error-container">
                             This is a required field.
@@ -84,6 +86,7 @@
                                                && !auth.password.$pristine)
                                                || (auth.password.$error.required && user.submitted) }"
                                required
+                               autocomplete="new-password"
                             >
                         <div class="error-container">
                             This is a required field.
diff --git a/setup/view/magento/setup/popupauth.phtml b/setup/view/magento/setup/popupauth.phtml
@@ -32,6 +32,7 @@
                     <form
                         name="auth"
                         role="form"
+                        autocomplete="off"
                     >
                         <fieldset class="fieldset">
                             <legend ng-show="errors==false" class="legend">
@@ -62,6 +63,7 @@
                                                || (auth.username.$error.required && user.submitted) }"
                                            autofocus
                                            required
+                                           autocomplete="off"
                                     >
                                     <div class="error-container">
                                         This is a required field.
@@ -83,6 +85,7 @@
                                                && !auth.password.$pristine)
                                                || (auth.password.$error.required && user.submitted) }"
                                            required
+                                           autocomplete="new-password"
                                     >
                                     <div class="error-container">
                                         This is a required field.
diff --git a/setup/view/magento/setup/system-config.phtml b/setup/view/magento/setup/system-config.phtml
@@ -57,7 +57,7 @@
         <h2 class="page-sub-title">Magento Marketplace</h2>
         <p>Sign in to sync your Magento Marketplace purchases.</p>
         <fieldset class="form-fieldset">
-            <form  ng-submit="saveAuthJson();" name="auth" role="form">
+            <form  ng-submit="saveAuthJson();" name="auth" role="form" autocomplete="off">
                 <div class="row form-row">
                     <div class="col-m-3">
                         <label class="form-label required" for="username">Public Access Key</label>
@@ -74,6 +74,7 @@
                                    || (auth.username.$error.required && user.submitted)}"
                                    autofocus
                                    required
+                                   autocomplete="off"
                                 >
                             <div class="error-container">
                                 This is a required field.
@@ -100,7 +101,7 @@
                                    ng-class="{ 'invalid' : (auth.password.$error.required && !auth.password.$pristine)
                                    || (auth.password.$error.required && user.submitted) }"
                                    required
-                                   autocomplete="off"
+                                   autocomplete="new-password"
                                 >
                             <div class="error-container">
                                 This is a required field.

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()`
`45`	`45`	`*/`
`46`	`46`	`protected function _getAllowedExtensions()`
`47`	`47`	`{`
`48`		`- return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];`
	`48`	`+ return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];`
`49`	`49`	`}`
`50`	`50`	`}`
Original file line number	Diff line number	Diff line change
`@@ -73,7 +73,7 @@ public function testBeforeSave()`
`73`	`73`	`->will($this->returnValue('/tmp/val'));`
`74`	`74`	`$this->uploaderMock->expects($this->once())`
`75`	`75`	`->method('setAllowedExtensions')`
`76`		`- ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));`
	`76`	`+ ->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));`
`77`	`77`	`$this->model->beforeSave();`
`78`	`78`	`}`
`79`	`79`	`}`
Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()`
`43`	`43`	`*/`
`44`	`44`	`public function getAllowedExtensions()`
`45`	`45`	`{`
`46`		`- return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];`
	`46`	`+ return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];`
`47`	`47`	`}`
`48`	`48`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()`
`41`	`41`	`*/`
`42`	`42`	`public function getAllowedExtensions()`
`43`	`43`	`{`
`44`		`- return ['jpg', 'jpeg', 'gif', 'png', 'svg'];`
	`44`	`+ return ['jpg', 'jpeg', 'gif', 'png'];`
`45`	`45`	`}`
`46`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -28,6 +28,7 @@ class ClearAllCompareProductsTest extends AbstractCompareProductsTest`
`28`	`28`	`{`
`29`	`29`	`/* tags */`
`30`	`30`	`const MVP = 'yes';`
	`31`	`+ const TEST_TYPE = 'extended_acceptance_test';`
`31`	`32`	`/* end tags */`
`32`	`33`
`33`	`34`	`/**`