Merge branch 'MC-41783' into cia-2.4.3-bugfixes-4272021

Author: admanesachin

app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php

@@ -6,13 +6,22 @@
 
 namespace Magento\Catalog\Model\Product\Option\Type\File;
 
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\File\Size;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Io\File as IoFile;
+use Magento\MediaStorage\Helper\File\Storage\Database;
+use Magento\MediaStorage\Model\File\Validator\NotProtectedExtension;
+
 /**
  * Validator for existing files.
  */
 class ValidatorInfo extends Validator
 {
     /**
-     * @var \Magento\MediaStorage\Helper\File\Storage\Database
+     * @var Database
      */
     protected $coreFileStorageDatabase;
 
@@ -36,24 +45,39 @@ class ValidatorInfo extends Validator
      */
     protected $fileRelativePath;
 
+    /**
+     * @var IoFile
+     */
+    private $ioFile;
+    /**
+     * @var NotProtectedExtension
+     */
+    private $fileValidator;
+
     /**
      * Construct method
      *
-     * @param \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig
-     * @param \Magento\Framework\Filesystem $filesystem
-     * @param \Magento\Framework\File\Size $fileSize
-     * @param \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDatabase
+     * @param ScopeConfigInterface $scopeConfig
+     * @param Filesystem $filesystem
+     * @param Size $fileSize
+     * @param Database $coreFileStorageDatabase
      * @param ValidateFactory $validateFactory
+     * @param NotProtectedExtension $fileValidator
+     * @param IoFile $ioFile
      */
     public function __construct(
-        \Magento\Framework\App\Config\ScopeConfigInterface $scopeConfig,
-        \Magento\Framework\Filesystem $filesystem,
-        \Magento\Framework\File\Size $fileSize,
-        \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDatabase,
-        \Magento\Catalog\Model\Product\Option\Type\File\ValidateFactory $validateFactory
+        ScopeConfigInterface $scopeConfig,
+        Filesystem $filesystem,
+        Size $fileSize,
+        Database $coreFileStorageDatabase,
+        ValidateFactory $validateFactory,
+        NotProtectedExtension $fileValidator,
+        IoFile $ioFile
     ) {
         $this->coreFileStorageDatabase = $coreFileStorageDatabase;
         $this->validateFactory = $validateFactory;
+        $this->fileValidator = $fileValidator;
+        $this->ioFile = $ioFile;
         parent::__construct($scopeConfig, $filesystem, $fileSize);
     }
 
@@ -94,27 +118,42 @@ public function validate($optionValue, $option)
         $validatorChain = $this->validateFactory->create();
         try {
             $validatorChain = $this->buildImageValidator($validatorChain, $option, $this->fileFullPath);
-        } catch (\Magento\Framework\Exception\InputException $notImage) {
+        } catch (InputException $notImage) {
             return false;
         }
 
-        $result = false;
-        if ($validatorChain->isValid($this->fileFullPath, $optionValue['title'])) {
-            $result = $this->rootDirectory->isReadable($this->fileRelativePath)
+        if ($this->validatePath($optionValue) && $validatorChain->isValid($this->fileFullPath, $optionValue['title'])) {
+            return $this->rootDirectory->isReadable($this->fileRelativePath)
                 && isset($optionValue['secret_key'])
                 && $this->buildSecretKey($this->fileRelativePath) == $optionValue['secret_key'];
-        } elseif ($validatorChain->getErrors()) {
+        } else {
             $errors = $this->getValidatorErrors($validatorChain->getErrors(), $optionValue, $option);
-
             if (count($errors) > 0) {
-                throw new \Magento\Framework\Exception\LocalizedException(__(implode("\n", $errors)));
+                throw new LocalizedException(__(implode("\n", $errors)));
             }
-        } else {
-            throw new \Magento\Framework\Exception\LocalizedException(
+            throw new LocalizedException(
                 __("The product's required option(s) weren't entered. Make sure the options are entered and try again.")
             );
         }
-        return $result;
+    }
+
+    /**
+     * Validate quote_path and order_path.
+     *
+     * @param array $optionValuePath
+     * @return bool
+     */
+    private function validatePath(array $optionValuePath): bool
+    {
+        foreach ([$optionValuePath['quote_path'], $optionValuePath['order_path']] as $path) {
+            $pathInfo = $this->ioFile->getPathInfo($path);
+            if (isset($pathInfo['extension'])) {
+                if (!$this->fileValidator->isValid($pathInfo['extension'])) {
+                    return false;
+                }
+            }
+        }
+        return true;
     }
 
     /**

dev/tests/integration/testsuite/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfoTest.php

@@ -6,58 +6,72 @@
 
 namespace Magento\Catalog\Model\Product\Option\Type\File;
 
+use Magento\Catalog\Model\Product\Media\Config;
+use Magento\Catalog\Model\Product\Option;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\File\Size;
+use Magento\Framework\Filesystem;
+use Magento\Framework\ObjectManagerInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use PHPUnit\Framework\TestCase;
+use PHPUnit\Framework\MockObject\MockObject;
+use Zend_Validate;
+use Zend_Validate_File_ExcludeExtension;
+use Zend_Validate_File_Extension;
+use Zend_Validate_File_FilesSize;
+use Zend_Validate_File_ImageSize;
+
 /**
- * @magentoDataFixture Magento/Catalog/_files/validate_image_info.php
+
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
-class ValidatorInfoTest extends \PHPUnit\Framework\TestCase
+class ValidatorInfoTest extends TestCase
 {
     /**
      * @var ValidatorInfo
      */
     protected $model;
 
     /**
-     * @var \Magento\Framework\ObjectManagerInterface
+     * @var ObjectManagerInterface
      */
     protected $objectManager;
 
     /** @var int */
     protected $maxFileSizeInMb;
 
     /**
-     * @var \Magento\Catalog\Model\Product\Option\Type\File\ValidateFactory|\PHPUnit\Framework\MockObject\MockObject
+     * @var ValidateFactory|MockObject
      */
     protected $validateFactoryMock;
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     protected function setUp(): void
     {
-        $this->objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
-        /** @var \Magento\Framework\File\Size $fileSize */
-        $fileSize = $this->objectManager->create(\Magento\Framework\File\Size::class);
+        $this->objectManager = Bootstrap::getObjectManager();
+        /** @var Size $fileSize */
+        $fileSize = $this->objectManager->create(Size::class);
         $this->maxFileSizeInMb = $fileSize->getMaxFileSizeInMb();
 
-        $this->validateFactoryMock = $this->createPartialMock(
-            \Magento\Catalog\Model\Product\Option\Type\File\ValidateFactory::class,
-            ['create']
-        );
+        $this->validateFactoryMock = $this->createPartialMock(ValidateFactory::class, ['create']);
         $this->model = $this->objectManager->create(
-            \Magento\Catalog\Model\Product\Option\Type\File\ValidatorInfo::class,
+            ValidatorInfo::class,
             [
                 'validateFactory' => $this->validateFactoryMock,
             ]
         );
     }
 
     /**
+     * @magentoDataFixture Magento/Catalog/_files/validate_image_info.php
      * @return void
      */
-    public function testExceptionWithErrors()
+    public function testExceptionWithErrors(): void
     {
-        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
+        $this->expectException(LocalizedException::class);
         $this->expectExceptionMessage(
             "The file 'test.jpg' for 'MediaOption' has an invalid extension.\n"
             . "The file 'test.jpg' for 'MediaOption' has an invalid extension.\n"
@@ -68,70 +82,77 @@ public function testExceptionWithErrors()
             )
         );
 
-        $validateMock = $this->createPartialMock(\Zend_Validate::class, ['isValid', 'getErrors']);
+        $validateMock = $this->createPartialMock(Zend_Validate::class, ['isValid', 'getErrors']);
         $validateMock->expects($this->once())->method('isValid')->willReturn(false);
-        $validateMock->expects($this->exactly(2))->method('getErrors')->willReturn([
-            \Zend_Validate_File_ExcludeExtension::FALSE_EXTENSION,
-            \Zend_Validate_File_Extension::FALSE_EXTENSION,
-            \Zend_Validate_File_ImageSize::WIDTH_TOO_BIG,
-            \Zend_Validate_File_FilesSize::TOO_BIG,
+        $validateMock->expects($this->exactly(1))->method('getErrors')->willReturn([
+            Zend_Validate_File_ExcludeExtension::FALSE_EXTENSION,
+            Zend_Validate_File_Extension::FALSE_EXTENSION,
+            Zend_Validate_File_ImageSize::WIDTH_TOO_BIG,
+            Zend_Validate_File_FilesSize::TOO_BIG,
         ]);
-        $this->validateFactoryMock->expects($this->once())
-            ->method('create')
-            ->willReturn($validateMock);
+        $this->validateFactoryMock->expects($this->once())->method('create')->willReturn($validateMock);
 
-        $this->model->validate(
-            $this->getOptionValue(),
-            $this->getProductOption()
-        );
+        $this->model->validate($this->getOptionValue(), $this->getProductOption());
     }
 
     /**
+     * @magentoDataFixture Magento/Catalog/_files/validate_image_info.php
      * @return void
      */
-    public function testExceptionWithoutErrors()
+    public function testExceptionWithoutErrors(): void
     {
-        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
+        $this->expectException(LocalizedException::class);
         $this->expectExceptionMessage(
             "The product's required option(s) weren't entered. Make sure the options are entered and try again."
         );
 
-        $validateMock = $this->createPartialMock(\Zend_Validate::class, ['isValid', 'getErrors']);
+        $validateMock = $this->createPartialMock(Zend_Validate::class, ['isValid', 'getErrors']);
         $validateMock->expects($this->once())->method('isValid')->willReturn(false);
-        $validateMock->expects($this->exactly(1))->method('getErrors')->willReturn(false);
+        $validateMock->expects($this->exactly(1))->method('getErrors')->willReturn([]);
         $this->validateFactoryMock->expects($this->once())
             ->method('create')
             ->willReturn($validateMock);
 
-        $this->model->validate(
-            $this->getOptionValue(),
-            $this->getProductOption()
+        $this->model->validate($this->getOptionValue(), $this->getProductOption());
+    }
+
+    /**
+     * @magentoDataFixture Magento/Catalog/_files/validate_image_info_another.php
+     * @return void
+     */
+    public function testExceptionWrongExtension(): void
+    {
+        $this->expectException(LocalizedException::class);
+        $this->expectExceptionMessage(
+            "The product's required option(s) weren't entered. Make sure the options are entered and try again."
         );
+
+        $validateMock = $this->createPartialMock(Zend_Validate::class, ['isValid', 'getErrors']);
+        $validateMock->expects($this->exactly(1))->method('getErrors')->willReturn([]);
+        $this->validateFactoryMock->expects($this->once())->method('create')->willReturn($validateMock);
+
+        $this->model->validate($this->getOptionValue('magento_small_image.svg'), $this->getProductOption());
     }
 
     /**
+     * @magentoDataFixture Magento/Catalog/_files/validate_image_info.php
      * @return void
      */
-    public function testValidate()
+    public function testValidate(): void
     {
         //use actual zend class to test changed functionality
-        $validate = $this->objectManager->create(\Zend_Validate::class);
-        $this->validateFactoryMock->expects($this->once())
-            ->method('create')
-            ->willReturn($validate);
-        $this->assertTrue(
-            $this->model->validate(
-                $this->getOptionValue(),
-                $this->getProductOption()
-            )
-        );
+        $validate = $this->objectManager->create(Zend_Validate::class);
+        $this->validateFactoryMock->expects($this->once())->method('create')->willReturn($validate);
+
+        $result = $this->model->validate($this->getOptionValue(), $this->getProductOption());
+        $this->assertTrue($result);
     }
 
     /**
      * @param array $options
-     * @return \Magento\Catalog\Model\Product\Option
+     * @return Option
      */
-    protected function getProductOption(array $options = [])
+    protected function getProductOption(array $options = []): Option
     {
         $data = [
             'option_id' => '1',
@@ -154,35 +175,35 @@ protected function getProductOption(array $options = [])
             'price' => '5.0000',
             'price_type' => 'fixed',
         ];
-        $option = $this->objectManager->create(
-            \Magento\Catalog\Model\Product\Option::class,
+
+        return $this->objectManager->create(
+            Option::class,
             [
                 'data' => array_merge($data, $options)
             ]
         );
-
-        return $option;
     }
 
     /**
+     * @param string|null $fileName
      * @return array
      */
-    protected function getOptionValue()
+    protected function getOptionValue(?string $fileName = 'magento_small_image.jpg'): array
     {
-        /** @var \Magento\Catalog\Model\Product\Media\Config $config */
-        $config = $this->objectManager->get(\Magento\Catalog\Model\Product\Media\Config::class);
-        $file = $config->getBaseTmpMediaPath() . '/magento_small_image.jpg';
+        /** @var Config $config */
+        $config = $this->objectManager->get(Config::class);
+        $file = $config->getBaseTmpMediaPath() . '/' . $fileName;
 
-        /** @var \Magento\Framework\Filesystem $filesystem */
-        $filesystem = $this->objectManager->get(\Magento\Framework\Filesystem::class);
-        $tmpDirectory = $filesystem->getDirectoryRead(\Magento\Framework\App\Filesystem\DirectoryList::MEDIA);
+        /** @var Filesystem $filesystem */
+        $filesystem = $this->objectManager->get(Filesystem::class);
+        $tmpDirectory = $filesystem->getDirectoryRead(DirectoryList::MEDIA);
         $filePath = $tmpDirectory->getAbsolutePath($file);
 
         return [
             'title' => 'test.jpg',
             'quote_path' => $file,
             'order_path' => $file,
-            'secret_key' => substr(hash('sha256', file_get_contents($filePath)), 0, 20),
+            'secret_key' => substr(hash('sha256', file_get_contents($filePath)), 0, 20)
         ];
     }
 }