Merge pull request #8814 from magento-gl/Sync-2.4-develop-with-2.4.7-beta3-develop

Sync 2.4 develop with 2.4.7 beta3 develop

Author: sidolov

app/code/Magento/CatalogImportExport/Model/Import/Product.php

@@ -6,6 +6,7 @@
 
 namespace Magento\CatalogImportExport\Model\Import;
 
+use Magento\AwsS3\Driver\AwsS3;
 use Magento\Catalog\Api\ProductRepositoryInterface;
 use Magento\Catalog\Model\Config as CatalogConfig;
 use Magento\Catalog\Model\Indexer\Product\Category as ProductCategoryIndexer;
@@ -2309,6 +2310,14 @@ protected function _getUploader()
 
             $tmpPath = $this->getImportDir();
 
+            if (is_a($this->_mediaDirectory->getDriver(), AwsS3::class)) {
+                if (!$this->_mediaDirectory->create($tmpPath)) {
+                    throw new LocalizedException(
+                        __('Directory \'%1\' could not be created.', $tmpPath)
+                    );
+                }
+            }
+
             if (!$fileUploader->setTmpDir($tmpPath)) {
                 throw new LocalizedException(
                     __('File directory \'%1\' is not readable.', $tmpPath)

app/code/Magento/CatalogImportExport/composer.json

@@ -17,7 +17,8 @@
         "magento/module-media-storage": "*",
         "magento/module-store": "*",
         "magento/module-tax": "*",
-        "magento/module-authorization": "*"
+        "magento/module-authorization": "*",
+        "magento/module-aws-s3": "*"
     },
     "type": "magento2-module",
     "license": [

app/code/Magento/Config/Block/System/Config/Form/Field/File.php

@@ -9,6 +9,8 @@
  *
  * @author     Magento Core Team <core@magentocommerce.com>
  */
+declare(strict_types=1);
+
 namespace Magento\Config\Block\System\Config\Form\Field;
 
 class File extends \Magento\Framework\Data\Form\Element\File
@@ -35,7 +37,7 @@ protected function _getDeleteCheckbox()
         $html = '';
         if ((string)$this->getValue()) {
             $label = __('Delete File');
-            $html .= '<div>' . $this->getValue() . ' ';
+            $html .= '<div>' . $this->_escaper->escapeHtml($this->getValue()) . ' ';
             $html .= '<input type="checkbox" name="' .
                 parent::getName() .
                 '[delete]" value="1" class="checkbox" id="' .

app/code/Magento/Config/Test/Unit/Block/System/Config/Form/Field/FileTest.php

@@ -8,49 +8,85 @@
 namespace Magento\Config\Test\Unit\Block\System\Config\Form\Field;
 
 use Magento\Config\Block\System\Config\Form\Field\File;
+use Magento\Framework\Data\Form\Element\Factory;
+use Magento\Framework\Data\Form\Element\CollectionFactory;
 use Magento\Framework\DataObject;
 use Magento\Framework\Escaper;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
 /**
  * Tests for \Magento\Framework\Data\Form\Field\File
  */
 class FileTest extends TestCase
 {
+    /**
+     * XSS value
+     */
+    private const XSS_FILE_NAME_TEST = '<img src=x onerror=alert(1)>.crt';
+
+    /**
+     * Input name
+     */
+    private const INPUT_NAME_TEST = 'test_name';
+
     /**
      * @var File
      */
     protected $file;
 
+    /**
+     * @var Factory|MockObject
+     */
+    private $factoryMock;
+
+    /**
+     * @var CollectionFactory|MockObject
+     */
+    private $factoryCollectionMock;
+
+    /**
+     * @var Escaper|MockObject
+     */
+    private $escaperMock;
+
     /**
      * @var array
      */
-    protected $testData;
+    protected array $testData = [
+        'before_element_html' => 'test_before_element_html',
+        'html_id' => 'test_id',
+        'name' => 'test_name',
+        'value' => 'test_value',
+        'title' => 'test_title',
+        'disabled' => true,
+        'after_element_js' => 'test_after_element_js',
+        'after_element_html' => 'test_after_element_html',
+        'html_id_prefix' => 'test_id_prefix_',
+        'html_id_suffix' => '_test_id_suffix',
+    ];
 
     protected function setUp(): void
     {
         $objectManager = new ObjectManager($this);
 
-        $this->testData = [
-            'before_element_html' => 'test_before_element_html',
-            'html_id' => 'test_id',
-            'name' => 'test_name',
-            'value' => 'test_value',
-            'title' => 'test_title',
-            'disabled' => true,
-            'after_element_js'    => 'test_after_element_js',
-            'after_element_html'  => 'test_after_element_html',
-            'html_id_prefix'      => 'test_id_prefix_',
-            'html_id_suffix'      => '_test_id_suffix',
-        ];
-
+        $this->factoryMock = $this->getMockBuilder(Factory::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->factoryCollectionMock = $this->getMockBuilder(CollectionFactory::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->escaperMock = $this->getMockBuilder(Escaper::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->file = $objectManager->getObject(
             File::class,
             [
-                '_escaper' => $objectManager->getObject(Escaper::class),
+                'factoryElement' => $this->factoryMock,
+                'factoryCollection' => $this->factoryCollectionMock,
+                '_escaper' => $this->escaperMock,
                 'data' => $this->testData,
-
             ]
         );
 
@@ -60,13 +96,20 @@ protected function setUp(): void
         $this->file->setForm($formMock);
     }
 
-    public function testGetElementHtml()
+    public function testGetElementHtml(): void
     {
-        $html = $this->file->getElementHtml();
-
         $expectedHtmlId = $this->testData['html_id_prefix']
             . $this->testData['html_id']
             . $this->testData['html_id_suffix'];
+        $this->escaperMock->expects($this->any())->method('escapeHtml')->willReturnMap(
+            [
+                [$expectedHtmlId, null, $expectedHtmlId],
+                [self::XSS_FILE_NAME_TEST, null, self::XSS_FILE_NAME_TEST],
+                [self::INPUT_NAME_TEST, null, self::INPUT_NAME_TEST],
+            ]
+        );
+
+        $html = $this->file->getElementHtml();
 
         $this->assertStringContainsString('<label class="addbefore" for="' . $expectedHtmlId . '"', $html);
         $this->assertStringContainsString($this->testData['before_element_html'], $html);

app/code/Magento/ConfigurableProduct/etc/adminhtml/di.xml

@@ -81,4 +81,7 @@
     <type name="Magento\Sales\Model\Order\Invoice">
         <plugin name="update_configurable_product_total_qty" type="Magento\ConfigurableProduct\Plugin\Model\Order\Invoice\UpdateConfigurableProductTotalQty"/>
     </type>
+    <type name="Magento\CatalogWidget\Block\Product\ProductsList">
+        <plugin name="configurable_product_widget_product_list" type="Magento\ConfigurableProduct\Plugin\CatalogWidget\Block\Product\ProductsListPlugin" sortOrder="2"/>
+    </type>
 </config>

app/code/Magento/ConfigurableProduct/etc/di.xml

@@ -21,9 +21,6 @@
     <preference for="Magento\ConfigurableProduct\Model\ResourceModel\Product\Indexer\Price\OptionsSelectBuilderInterface" type="Magento\ConfigurableProduct\Model\ResourceModel\Product\Indexer\Price\OptionsSelectBuilder" />
     <preference for="Magento\ConfigurableProduct\Pricing\Price\ConfigurableOptionsFilterInterface" type="Magento\ConfigurableProduct\Pricing\Price\ConfigurableOptionsCompositeFilter" />
 
-    <type name="Magento\CatalogWidget\Block\Product\ProductsList">
-        <plugin name="configurable_product_widget_product_list" type="Magento\ConfigurableProduct\Plugin\CatalogWidget\Block\Product\ProductsListPlugin" sortOrder="2"/>
-    </type>
     <type name="Magento\CatalogInventory\Model\Quote\Item\QuantityValidator\Initializer\Option">
         <plugin name="configurable_product" type="Magento\ConfigurableProduct\Model\Quote\Item\QuantityValidator\Initializer\Option\Plugin\ConfigurableProduct" sortOrder="50" />
     </type>

app/code/Magento/ConfigurableProduct/etc/frontend/di.xml

@@ -23,4 +23,7 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\CatalogWidget\Block\Product\ProductsList">
+        <plugin name="configurable_product_widget_product_list" type="Magento\ConfigurableProduct\Plugin\CatalogWidget\Block\Product\ProductsListPlugin" sortOrder="2"/>
+    </type>
 </config>

app/code/Magento/Directory/Test/Unit/Model/CurrencyTest.php

@@ -138,12 +138,16 @@ function (array $args) {
      */
     public function getOutputFormatDataProvider(): array
     {
+        $ar_DZ = "\u{062C}.\u{0645}.\u{200F}\u{00A0}%s";
+        if (version_compare(PHP_VERSION, '8.3', '>=')) {
+            $ar_DZ = "%s\u{00A0}\u{062C}.\u{0645}.\u{200F}";
+        }
         return [
             'en_US:USD' => ['en_US', 'USD', '$%s'],
             'en_US:PLN' => ['en_US', 'PLN', "PLN\u{00A0}%s"],
             'en_US:PKR' => ['en_US', 'PKR', "PKR\u{00A0}%s"],
             'af_ZA:VND' => ['af_ZA', 'VND', "\u{20AB}%s"],
-            'ar_DZ:EGP' => ['ar_DZ', 'EGP', "\u{062C}.\u{0645}.\u{200F}\u{00A0}%s"],
+            'ar_DZ:EGP' => ['ar_DZ', 'EGP', $ar_DZ],
             'ar_SA:USD' => ['ar_SA', 'USD', "%s\u{00A0}US$"],
             'ar_SA:LBP' => ['ar_SA', 'LBP', "%s\u{00A0}\u{0644}.\u{0644}.\u{200F}"],
             'fa_IR:USD' => ['fa_IR', 'USD', "\u{200E}$%s"],

app/code/Magento/DownloadableImportExport/Helper/Uploader.php

@@ -6,6 +6,7 @@
 namespace Magento\DownloadableImportExport\Helper;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Filesystem\Driver\File;
 
 /**
@@ -76,7 +77,7 @@ public function __construct(
      * @param string $type
      * @param array $parameters
      * @return \Magento\CatalogImportExport\Model\Import\Uploader
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @throws LocalizedException
      */
     public function getUploader($type, $parameters)
     {
@@ -94,8 +95,14 @@ public function getUploader($type, $parameters)
             $tmpPath = $dirAddon . '/' . $this->mediaDirectory->getRelativePath('import');
         }
 
+        if (!$this->mediaDirectory->create($tmpPath)) {
+            throw new LocalizedException(
+                __('Directory \'%1\' could not be created.', $tmpPath)
+            );
+        }
+
         if (!$this->fileUploader->setTmpDir($tmpPath)) {
-            throw new \Magento\Framework\Exception\LocalizedException(
+            throw new LocalizedException(
                 __('File directory \'%1\' is not readable.', $tmpPath)
             );
         }
@@ -104,7 +111,7 @@ public function getUploader($type, $parameters)
 
         $this->mediaDirectory->create($destinationPath);
         if (!$this->fileUploader->setDestDir($destinationPath)) {
-            throw new \Magento\Framework\Exception\LocalizedException(
+            throw new LocalizedException(
                 __('File directory \'%1\' is not writable.', $destinationPath)
             );
         }

app/code/Magento/Email/Model/Template/Filter.php

@@ -81,11 +81,6 @@ class Filter extends Template
      */
     protected $_modifiers = ['nl2br' => ''];
 
-    /**
-     * @var string
-     */
-    private const CACHE_KEY_PREFIX = "EMAIL_FILTER_";
-
     /**
      * @var bool
      */
@@ -414,10 +409,6 @@ public function blockDirective($construction)
         $skipParams = ['class', 'id', 'output'];
         $blockParameters = $this->getParameters($construction[2]);
 
-        if (isset($blockParameters['cache_key'])) {
-            $blockParameters['cache_key'] = self::CACHE_KEY_PREFIX . $blockParameters['cache_key'];
-        }
-
         $block = null;
 
         if (isset($blockParameters['class'])) {