Merge pull request #20 from magento/2.3-develop

Latest 2.3 develop

CHANGELOG.md

@@ -1977,7 +1977,7 @@ Tests:
     * [#686](https://github.com/magento/magento2/issues/686) -- Product save validation errors in the admin don't hide the overlay
     * [#702](https://github.com/magento/magento2/issues/702) -- Base table or view not found
     * [#652](https://github.com/magento/magento2/issues/652) -- Multishipping checkout not to change the Billing address js issue
-    * [#648](https://github.com/magento/magento2/issues/648) -- An equal (=) sign in the hash of the product page to to break the tabs functionality
+    * [#648](https://github.com/magento/magento2/issues/648) -- An equal (=) sign in the hash of the product page to break the tabs functionality
 * Service Contracts:
     * Refactored usage of new API of the Customer module
     * Implemented Service Contracts for the Sales module

app/code/Magento/Backend/App/AbstractAction.php

@@ -205,10 +205,6 @@ private function _moveBlockToContainer(\Magento\Framework\View\Element\AbstractB
      */
     public function dispatch(\Magento\Framework\App\RequestInterface $request)
     {
-        if (!$this->_processUrlKeys()) {
-            return parent::dispatch($request);
-        }
-
         if ($request->isDispatched() && $request->getActionName() !== 'denied' && !$this->_isAllowed()) {
             $this->_response->setStatusHeader(403, '1.1', 'Forbidden');
             if (!$this->_auth->isLoggedIn()) {
@@ -252,6 +248,9 @@ protected function _isUrlChecked()
      * Check url keys. If non valid - redirect
      *
      * @return bool
+     *
+     * @see \Magento\Backend\App\Request\BackendValidator for default
+     * request validation.
      */
     public function _processUrlKeys()
     {

app/code/Magento/Backend/App/Request/BackendValidator.php

@@ -0,0 +1,180 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Backend\App\Request;
+
+use Magento\Backend\App\AbstractAction;
+use Magento\Framework\App\ActionInterface;
+use Magento\Framework\App\CsrfAwareActionInterface;
+use Magento\Framework\App\Request\InvalidRequestException;
+use Magento\Framework\App\Request\ValidatorInterface;
+use Magento\Framework\App\RequestInterface;
+use Magento\Backend\Model\Auth;
+use Magento\Framework\App\Request\Http as HttpRequest;
+use Magento\Framework\Controller\Result\RawFactory;
+use Magento\Framework\Controller\Result\Raw as RawResult;
+use Magento\Framework\Controller\Result\RedirectFactory;
+use Magento\Framework\Data\Form\FormKey\Validator as FormKeyValidator;
+use Magento\Backend\Model\UrlInterface as BackendUrl;
+use Magento\Framework\Phrase;
+
+/**
+ * Do backend validations.
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
+class BackendValidator implements ValidatorInterface
+{
+    /**
+     * @var Auth
+     */
+    private $auth;
+
+    /**
+     * @var FormKeyValidator
+     */
+    private $formKeyValidator;
+
+    /**
+     * @var BackendUrl
+     */
+    private $backendUrl;
+
+    /**
+     * @var RedirectFactory
+     */
+    private $redirectFactory;
+
+    /**
+     * @var RawFactory
+     */
+    private $rawResultFactory;
+
+    /**
+     * @param Auth $auth
+     * @param FormKeyValidator $formKeyValidator
+     * @param BackendUrl $backendUrl
+     * @param RedirectFactory $redirectFactory
+     * @param RawFactory $rawResultFactory
+     */
+    public function __construct(
+        Auth $auth,
+        FormKeyValidator $formKeyValidator,
+        BackendUrl $backendUrl,
+        RedirectFactory $redirectFactory,
+        RawFactory $rawResultFactory
+    ) {
+        $this->auth = $auth;
+        $this->formKeyValidator = $formKeyValidator;
+        $this->backendUrl = $backendUrl;
+        $this->redirectFactory = $redirectFactory;
+        $this->rawResultFactory = $rawResultFactory;
+    }
+
+    /**
+     * @param RequestInterface $request
+     * @param ActionInterface $action
+     *
+     * @return bool
+     */
+    private function validateRequest(
+        RequestInterface $request,
+        ActionInterface $action
+    ): bool {
+        /** @var bool|null $valid */
+        $valid = null;
+
+        if ($action instanceof CsrfAwareActionInterface) {
+            $valid = $action->validateForCsrf($request);
+        }
+
+        if ($valid === null) {
+            $validFormKey = true;
+            $validSecretKey = true;
+            if ($request instanceof HttpRequest && $request->isPost()) {
+                $validFormKey = $this->formKeyValidator->validate($request);
+            } elseif ($this->auth->isLoggedIn()
+                && $this->backendUrl->useSecretKey()
+            ) {
+                $secretKeyValue = (string)$request->getParam(
+                    BackendUrl::SECRET_KEY_PARAM_NAME,
+                    null
+                );
+                $secretKey = $this->backendUrl->getSecretKey();
+                $validSecretKey = ($secretKeyValue === $secretKey);
+            }
+            $valid = $validFormKey && $validSecretKey;
+        }
+
+        return $valid;
+    }
+
+    /**
+     * @param RequestInterface $request
+     * @param ActionInterface $action
+     *
+     * @return InvalidRequestException
+     */
+    private function createException(
+        RequestInterface $request,
+        ActionInterface $action
+    ): InvalidRequestException {
+        /** @var InvalidRequestException|null $exception */
+        $exception = null;
+
+        if ($action instanceof CsrfAwareActionInterface) {
+            $exception = $action->createCsrfValidationException($request);
+        }
+
+        if ($exception === null) {
+            if ($request instanceof HttpRequest && $request->isAjax()) {
+                //Sending empty response for AJAX request since we don't know
+                //the expected response format and it's pointless to redirect.
+                /** @var RawResult $response */
+                $response = $this->rawResultFactory->create();
+                $response->setHttpResponseCode(401);
+                $response->setContents('');
+                $exception = new InvalidRequestException($response);
+            } else {
+                //For regular requests.
+                $response = $this->redirectFactory->create()
+                    ->setUrl($this->backendUrl->getStartupPageUrl());
+                $exception = new InvalidRequestException(
+                    $response,
+                    [
+                        new Phrase(
+                            'Invalid security or form key. Please refresh the page.'
+                        )
+                    ]
+                );
+            }
+        }
+
+        return $exception;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validate(
+        RequestInterface $request,
+        ActionInterface $action
+    ): void {
+        if ($action instanceof AbstractAction) {
+            //Abstract Action has build-in validation.
+            if (!$action->_processUrlKeys()) {
+                throw new InvalidRequestException($action->getResponse());
+            }
+        } else {
+            //Fallback validation.
+            if (!$this->validateRequest($request, $action)) {
+                throw $this->createException($request, $action);
+            }
+        }
+    }
+}

app/code/Magento/Backend/etc/adminhtml/di.xml

@@ -14,6 +14,8 @@
     <preference for="Magento\Framework\App\DefaultPathInterface" type="Magento\Backend\App\DefaultPath" />
     <preference for="Magento\Backend\App\ConfigInterface" type="Magento\Backend\App\Config" />
     <preference for="Magento\Framework\App\Response\Http\FileFactory" type="Magento\Backend\App\Response\Http\FileFactory" />
+    <preference for="Magento\Framework\App\Request\ValidatorInterface"
+                type="Magento\Backend\App\Request\BackendValidator" />
     <type name="Magento\Framework\Stdlib\DateTime\Timezone">
         <arguments>
             <argument name="scopeType" xsi:type="const">Magento\Framework\App\Config\ScopeConfigInterface::SCOPE_TYPE_DEFAULT</argument>

app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml

@@ -17,7 +17,7 @@
             <?= /* @escapeNotVerified */ $edition ?>
             class="logo">
             <img class="logo-img" src="<?= /* @escapeNotVerified */ $block->getViewFileUrl($logoSrc) ?>"
-            alt="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>"/>
+            alt="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>" title="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>"/>
         </a>
     <?php break; ?>
     <?php case 'user': ?>

app/code/Magento/Backend/view/adminhtml/templates/widget/form/element/gallery.phtml

@@ -34,7 +34,7 @@
         <?php foreach ($block->getValues()->getAttributeBackend()->getImageTypes() as $type): ?>
             <td class="gallery" align="center" style="vertical-align:bottom;">
             <a href="<?= /* @escapeNotVerified */ $image->setType($type)->getSourceUrl() ?>" target="_blank" onclick="imagePreview('<?= $block->getElement()->getHtmlId() ?>_image_<?= /* @escapeNotVerified */ $type ?>_<?= /* @escapeNotVerified */ $image->getValueId() ?>');return false;">
-            <img id="<?= $block->getElement()->getHtmlId() ?>_image_<?= /* @escapeNotVerified */ $type ?>_<?= /* @escapeNotVerified */ $image->getValueId() ?>" src="<?= /* @escapeNotVerified */ $image->setType($type)->getSourceUrl() ?>?<?= /* @escapeNotVerified */ time() ?>" alt="<?= /* @escapeNotVerified */ $image->getValue() ?>" height="25" class="small-image-preview v-middle"/></a><br/>
+            <img id="<?= $block->getElement()->getHtmlId() ?>_image_<?= /* @escapeNotVerified */ $type ?>_<?= /* @escapeNotVerified */ $image->getValueId() ?>" src="<?= /* @escapeNotVerified */ $image->setType($type)->getSourceUrl() ?>?<?= /* @escapeNotVerified */ time() ?>" alt="<?= /* @escapeNotVerified */ $image->getValue() ?>" title="<?= /* @escapeNotVerified */ $image->getValue() ?>" height="25" class="small-image-preview v-middle"/></a><br/>
             <input type="file" name="<?= /* @escapeNotVerified */ $block->getElement()->getName() ?>_<?= /* @escapeNotVerified */ $type ?>[<?= /* @escapeNotVerified */ $image->getValueId() ?>]" size="1"></td>
         <?php endforeach; ?>
         <td class="gallery" align="center" style="vertical-align:bottom;"><input type="input" name="<?= /* @escapeNotVerified */ $block->getElement()->getParentName() ?>[position][<?= /* @escapeNotVerified */ $image->getValueId() ?>]" value="<?= /* @escapeNotVerified */ $image->getPosition() ?>" id="<?= $block->getElement()->getHtmlId() ?>_position_<?= /* @escapeNotVerified */ $image->getValueId() ?>" size="3"/></td>

app/code/Magento/Braintree/Setup/Patch/Data/ConvertSerializedDataToJson.php

@@ -12,7 +12,7 @@
 use Magento\Framework\Setup\Patch\PatchVersionInterface;
 
 /**
- * Convert data fro php native serialized data to JSON.
+ * Convert data from php native serialized data to JSON.
  */
 class ConvertSerializedDataToJson implements DataPatchInterface, PatchVersionInterface
 {

app/code/Magento/Braintree/view/frontend/web/template/payment/paypal.html

@@ -12,7 +12,7 @@
                data-bind="attr: {'id': getCode()}, value: getCode(), checked: isChecked, click: selectPaymentMethod, visible: isRadioButtonVisible()" />
         <label class="label" data-bind="attr: {'for': getCode()}">
             <!-- PayPal Logo -->
-            <img data-bind="attr: {src: getPaymentAcceptanceMarkSrc(), alt: $t('Acceptance Mark')}"
+            <img data-bind="attr: {src: getPaymentAcceptanceMarkSrc(), alt: $t('Acceptance Mark')}, title: $t('Acceptance Mark')}"
                  class="payment-icon"/>
             <!-- PayPal Logo -->
             <span text="getTitle()"></span>

app/code/Magento/Bundle/Test/Mftf/Data/BundleLinkData.xml

@@ -10,10 +10,10 @@
           xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/DataGenerator/etc/dataProfileSchema.xsd">
     <entity name="ApiBundleLink" type="bundle_link">
         <var key="sku" entityKey="sku" entityType="product2"/>
-        <var key="option_id" entityKey="option_id" entityType="bundle_options"/>
+        <var key="option_id" entityKey="return" entityType="bundle_option"/>
         <var key="sku" entityKey="sku" entityType="product"/>
         <data key="qty">1</data>
-        <data key="is_default">1</data>
+        <data key="is_default">0</data>
         <data key="price">1.11</data>
         <data key="price_type">1</data>
         <data key="can_change_quantity">1</data>

app/code/Magento/Bundle/Test/Mftf/Data/BundleOptionData.xml

@@ -8,13 +8,34 @@
 
 <entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/DataGenerator/etc/dataProfileSchema.xsd">
-    <entity name="DropdownBundleOption" type="bundle_option">
+    <entity name="DropDownBundleOption" type="bundle_option">
         <data key="title" unique="suffix">bundle-option-dropdown</data>
         <data key="required">true</data>
-        <data key="type">dropdown</data>
+        <data key="type">select</data>
+        <data key="position">0</data>
+        <var key="sku" entityKey="sku" entityType="product2"/>
+    </entity>
+    <entity name="RadioButtonsOption" type="bundle_option">
+        <data key="title" unique="suffix">bundle-option-radio</data>
+        <data key="required">true</data>
+        <data key="type">radio</data>
         <data key="position">1</data>
         <var key="sku" entityKey="sku" entityType="product2"/>
     </entity>
+    <entity name="CheckboxOption" type="bundle_option">
+        <data key="title" unique="suffix">bundle-option-checkbox</data>
+        <data key="required">true</data>
+        <data key="type">checkbox</data>
+        <data key="position">3</data>
+        <var key="sku" entityKey="sku" entityType="product2"/>
+    </entity>
+    <entity name="MultipleSelectOption" type="bundle_option">
+        <data key="title" unique="suffix">bundle-option-multipleselect</data>
+        <data key="required">true</data>
+        <data key="type">multi</data>
+        <data key="position">4</data>
+        <var key="sku" entityKey="sku" entityType="product2"/>
+    </entity>
     <entity name="AllBundleOptions" type="bundle_options">
         <var key="sku" entityKey="sku" entityType="product"/>
     </entity>

app/code/Magento/Bundle/Test/Mftf/Data/CustomAttributeData.xml

@@ -19,4 +19,8 @@
         <data key="attribute_code">price_view</data>
         <data key="value">1</data>
     </entity>
+    <entity name="CustomAttributePriceViewRange" type="custom_attribute">
+        <data key="attribute_code">price_view</data>
+        <data key="value">0</data>
+    </entity>
 </entities>

app/code/Magento/Bundle/Test/Mftf/Data/ProductData.xml

@@ -45,4 +45,19 @@
         <requiredEntity type="custom_attribute">CustomAttributeDynamicPrice</requiredEntity>
         <requiredEntity type="custom_attribute">CustomAttributePriceView</requiredEntity>
     </entity>
+    <entity name="ApiBundleProductPriceViewRange" type="product2">
+        <data key="name" unique="suffix">Api Bundle Product</data>
+        <data key="sku" unique="suffix">api-bundle-product</data>
+        <data key="type_id">bundle</data>
+        <data key="attribute_set_id">4</data>
+        <data key="visibility">4</data>
+        <data key="status">1</data>
+        <data key="urlKey" unique="suffix">api-bundle-product</data>
+        <requiredEntity type="custom_attribute">CustomAttributeCategoryIds</requiredEntity>
+        <requiredEntity type="product_extension_attribute">EavStockItem</requiredEntity>
+        <requiredEntity type="custom_attribute">ApiProductDescription</requiredEntity>
+        <requiredEntity type="custom_attribute">ApiProductShortDescription</requiredEntity>
+        <requiredEntity type="custom_attribute">CustomAttributeDynamicPrice</requiredEntity>
+        <requiredEntity type="custom_attribute">CustomAttributePriceViewRange</requiredEntity>
+    </entity>
 </entities>

app/code/Magento/Bundle/Test/Mftf/Metadata/bundle_link-meta.xml

@@ -8,7 +8,7 @@
 
 <operations xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/DataGenerator/etc/dataOperation.xsd">
-    <operation name="CreateBundleLink" dataType="bundle_link" type="create" auth="adminOauth" url="/V1/bundle-products/{sku}/links/{option_id}" method="POST">
+    <operation name="CreateBundleLink" dataType="bundle_link" type="create" auth="adminOauth" url="/V1/bundle-products/{sku}/links/{return}" method="POST">
         <contentType>application/json</contentType>
         <object dataType="bundle_link" key="linkedProduct">
             <field key="sku">string</field>

app/code/Magento/Bundle/Test/Mftf/Section/StorefrontCategoryProductSection.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<sections xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/Page/etc/SectionObject.xsd">
+    <section name="StorefrontCategoryProductSection">
+        <element name="priceToByProductId" type="text" selector="div[data-product-id='{{id}}'] .price-to" parameterized="true"/>
+        <element name="priceFromByProductId" type="text" selector="div[data-product-id='{{id}}'] .price-from" parameterized="true"/>
+    </section>
+</sections>

app/code/Magento/Bundle/Test/Mftf/Section/StorefrontProductInfoMainSection.xml

@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<sections xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+        xsi:noNamespaceSchemaLocation="../../../../../../../dev/tests/acceptance/vendor/magento/magento2-functional-testing-framework/src/Magento/FunctionalTestingFramework/Page/etc/SectionObject.xsd">
+    <section name="StorefrontProductInfoMainSection">
+        <element name="priceFrom" type="text" selector=".product-info-price .price-from"/>
+        <element name="priceTo" type="text" selector=".product-info-price .price-to"/>
+        <element name="minPrice" type="text" selector="span[data-price-type='minPrice']"/>
+        <element name="maxPrice" type="text" selector="span[data-price-type='minPrice']"/>
+    </section>
+</sections>