Merge pull request #8805 from magento-cia/cia-2.4.7-develop-bugfix-03012024

Cia 2.4.7 develop bugfix 03012024

Author: pawan-adobe-security

app/code/Magento/Config/Model/Config/Backend/File.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Config\Model\Config\Backend;
 
 use Exception;
@@ -114,7 +116,7 @@ public function beforeSave()
             if (is_array($value) && !empty($value['delete'])) {
                 $this->setValue('');
             } elseif (is_array($value) && !empty($value['value'])) {
-                $this->setValue($value['value']);
+                $this->setValueAfterValidation($value['value']);
             } else {
                 $this->unsValue();
             }
@@ -266,4 +268,21 @@ protected function _getAllowedExtensions()
     {
         return [];
     }
+
+    /**
+     * Validate if the value is intercepted
+     *
+     * @param string $value
+     * @return void
+     * @throws LocalizedException
+     */
+    private function setValueAfterValidation(string $value): void
+    {
+        // avoid intercepting value
+        if (preg_match('/[^a-z0-9_\/\\-\\.]+/i', $value)) {
+            throw new LocalizedException(__('Invalid file name'));
+        }
+
+        $this->setValue($value);
+    }
 }

app/code/Magento/Config/i18n/en_US.csv

@@ -122,3 +122,4 @@ Dashboard,Dashboard
 "Web Section","Web Section"
 "Store Email Addresses Section","Store Email Addresses Section"
 "Email to a Friend","Email to a Friend"
+"Invalid file name", "Invalid file name"

app/code/Magento/Customer/Model/ResourceModel/CustomerRepository.php

@@ -3,6 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+declare(strict_types=1);
+
 namespace Magento\Customer\Model\ResourceModel;
 
 use Magento\Customer\Api\CustomerMetadataInterface;
@@ -27,6 +30,7 @@
 use Magento\Framework\Api\SearchCriteriaInterface;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Event\ManagerInterface;
+use Magento\Framework\Exception\InputException;
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Store\Model\StoreManagerInterface;
@@ -195,12 +199,19 @@ public function __construct(
      * @throws \Magento\Framework\Exception\LocalizedException
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      * @SuppressWarnings(PHPMD.NPathComplexity)
+     * @SuppressWarnings(PHPMD.ExcessiveMethodLength)
      */
     public function save(CustomerInterface $customer, $passwordHash = null)
     {
         /** @var NewOperation|null $delegatedNewOperation */
         $delegatedNewOperation = !$customer->getId() ? $this->delegatedStorage->consumeNewOperation() : null;
         $prevCustomerData = $prevCustomerDataArr = null;
+        if ($customer->getDefaultBilling()) {
+            $this->validateDefaultAddress($customer, CustomerInterface::DEFAULT_BILLING);
+        }
+        if ($customer->getDefaultShipping()) {
+            $this->validateDefaultAddress($customer, CustomerInterface::DEFAULT_SHIPPING);
+        }
         if ($customer->getId()) {
             $prevCustomerData = $this->getById($customer->getId());
             $prevCustomerDataArr = $this->prepareCustomerData($prevCustomerData->__toArray());
@@ -228,7 +239,7 @@ public function save(CustomerInterface $customer, $passwordHash = null)
                 $prevCustomerData ? $prevCustomerData->getStoreId() : $this->storeManager->getStore()->getId()
             );
         }
-        $this->validateGroupId($customer->getGroupId());
+        $this->validateGroupId((int)$customer->getGroupId());
         $this->setCustomerGroupId($customerModel, $customerArr, $prevCustomerDataArr);
         // Need to use attribute set or future updates can cause data loss
         if (!$customerModel->getAttributeSetId()) {
@@ -553,4 +564,34 @@ private function prepareCustomerData(array $customerData): array
         }
         return $customerData;
     }
+
+    /**
+     * To validate default address
+     *
+     * @param CustomerInterface $customer
+     * @param string $defaultAddressType
+     * @return void
+     * @throws InputException
+     */
+    private function validateDefaultAddress(
+        CustomerInterface $customer,
+        string $defaultAddressType
+    ): void {
+        $addressId = $defaultAddressType === CustomerInterface::DEFAULT_BILLING ? $customer->getDefaultBilling()
+            : $customer->getDefaultShipping();
+        if ($customer->getAddresses()) {
+            foreach ($customer->getAddresses() as $address) {
+                if ((int) $addressId === (int) $address->getId()) {
+                    return;
+                }
+            }
+
+            throw new InputException(
+                __(
+                    'The %fieldName value is invalid. Set the correct value and try again.',
+                    ['fieldName' => $defaultAddressType]
+                )
+            );
+        }
+    }
 }

dev/tests/api-functional/testsuite/Magento/Customer/Api/AccountManagementTest.php

@@ -265,6 +265,7 @@ public function testActivateCustomer()
             $customerData[Customer::ID],
             [
                 'id' => $customerData[Customer::ID],
+                'addresses' => $customerData[Customer::KEY_ADDRESSES],
                 'confirmation' => CustomerHelper::CONFIRMATION
             ]
         );

dev/tests/integration/testsuite/Magento/Customer/Model/AccountManagement/CreateAccountTest.php

@@ -421,6 +421,8 @@ public function testCreateNewCustomerWithPasswordHashWithNotAllowedCountry(): vo
         $customerData = $this->customerRepository->getById($customerId);
         $customerData->getAddresses()[1]->setRegion(null)->setCountryId($allowedCountryIdForSecondWebsite)
             ->setRegionId(null);
+        $customerData->getAddresses()[1]->setIsDefaultBilling(true);
+        $customerData->getAddresses()[1]->setIsDefaultShipping(true);
         $customerData->setStoreId($store->getId())->setWebsiteId($store->getWebsiteId())->setId(null);
         $password = $this->random->getRandomString(8);
         $passwordHash = $this->encryptor->getHash($password, true);

dev/tests/integration/testsuite/Magento/Quote/Model/Quote/AddressTest.php

@@ -172,7 +172,7 @@ public function testSameAsBillingWhenCustomerHasNoDefaultShippingAddress($unsetI
         /** @var AddressRepositoryInterface $addressRepository */
         $addressRepository = Bootstrap::getObjectManager()
             ->create(AddressRepositoryInterface::class);
-        $this->_customer->setDefaultShipping(-1)
+        $this->_customer->setDefaultShipping(1)
             ->setAddresses(
                 [
                     $addressRepository->getById($this->_address->getId()),
@@ -211,7 +211,7 @@ public function testSameAsBillingWhenCustomerHasDefaultShippingAddress()
         /** @var AddressRepositoryInterface $addressRepository */
         $addressRepository = Bootstrap::getObjectManager()
             ->create(AddressRepositoryInterface::class);
-        $this->_customer->setDefaultShipping(2)
+        $this->_customer->setDefaultShipping(1)
             ->setAddresses([$addressRepository->getById($this->_address->getId())]);
         $this->_customer = $this->customerRepository->save($this->_customer);
         // we should save the customer data in order to be able to use it

lib/internal/Magento/Framework/Data/Form/Element/Image.php

@@ -71,30 +71,27 @@ public function getElementHtml()
     {
         $html = '';
 
-        if ((string)$this->getValue()) {
+        if ((string)$this->getEscapedValue()) {
             $url = $this->_getUrl();
 
             if (!preg_match("/^http\:\/\/|https\:\/\//", $url)) {
                 $url = $this->_urlBuilder->getBaseUrl(['_type' => UrlInterface::URL_TYPE_MEDIA]) . $url;
             }
 
             $linkId = 'linkId' .$this->random->getRandomString(8);
-            $html = '<a previewlinkid="' .$linkId .'" href="' .
-                $url .
-                '" ' .
+            $html = '<a previewlinkid="' .$linkId  .'" href="' .
+                $url . '" ' .
                 $this->_getUiId(
                     'link'
                 ) .
                 '>' .
-                '<img src="' .
-                $url .
-                '" id="' .
+                '<img src="' . $url . '" id="' .
                 $this->getHtmlId() .
                 '_image" title="' .
-                $this->getValue() .
+                $this->getEscapedValue() .
                 '"' .
                 ' alt="' .
-                $this->getValue() .
+                $this->getEscapedValue() .
                 '" height="22" width="22" class="small-image-preview v-middle"  ' .
                 $this->_getUiId() .
                 ' />' .
@@ -120,7 +117,7 @@ public function getElementHtml()
     protected function _getDeleteCheckbox()
     {
         $html = '';
-        if ($this->getValue()) {
+        if ($this->getEscapedValue()) {
             $label = (string)new \Magento\Framework\Phrase('Delete Image');
             $html .= '<span class="delete-image">';
             $html .= '<input type="checkbox"' .
@@ -153,7 +150,8 @@ protected function _getDeleteCheckbox()
      */
     protected function _getHiddenInput()
     {
-        return '<input type="hidden" name="' . parent::getName() . '[value]" value="' . $this->getValue() . '" />';
+        return '<input type="hidden" name="' . parent::getName() .
+            '[value]" value="' . $this->getEscapedValue() . '" />';
     }
 
     /**
@@ -163,7 +161,7 @@ protected function _getHiddenInput()
      */
     protected function _getUrl()
     {
-        return $this->getValue();
+        return $this->getEscapedValue();
     }
 
     /**

lib/internal/Magento/Framework/Data/Test/Unit/Form/Element/ImageTest.php

@@ -15,12 +15,13 @@
 use Magento\Framework\Data\Form\Element\Image;
 use Magento\Framework\DataObject;
 use Magento\Framework\Escaper;
+use Magento\Framework\Math\Random;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Framework\Url;
-use Magento\Framework\UrlInterface;
+use Magento\Framework\View\Helper\SecureHtmlRenderer;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
-use Magento\Framework\Math\Random;
-use Magento\Framework\View\Helper\SecureHtmlRenderer;
+use Magento\Framework\UrlInterface;
 
 /**
  * Test for the widget.
@@ -44,11 +45,16 @@ class ImageTest extends TestCase
      */
     protected $_image;
 
+    /**
+     * @var array
+     */
+    protected $testData;
+
     protected function setUp(): void
     {
+        $objectManager = new ObjectManager($this);
         $factoryMock = $this->createMock(Factory::class);
         $collectionFactoryMock = $this->createMock(CollectionFactory::class);
-        $escaperMock = $this->createMock(Escaper::class);
         $this->urlBuilder = $this->createMock(Url::class);
         $randomMock = $this->createMock(Random::class);
         $randomMock->method('getRandomString')->willReturn('some-rando-string');
@@ -67,18 +73,28 @@ function (string $tag, array $attrs, ?string $content): string {
                     return "<$tag {$attrs->serialize()}>$content</$tag>";
                 }
             );
-        $this->_image = new Image(
-            $factoryMock,
-            $collectionFactoryMock,
-            $escaperMock,
-            $this->urlBuilder,
-            [],
-            $secureRendererMock,
-            $randomMock
+        $this->_image = $objectManager->getObject(
+            Image::class,
+            [
+                'factoryMock'=>$factoryMock,
+                'collectionFactoryMock'=>$collectionFactoryMock,
+                'urlBuilder' => $this->urlBuilder,
+                '_escaper' => $objectManager->getObject(Escaper::class),
+                'random' => $randomMock,
+                'secureRenderer' => $secureRendererMock,
+            ]
         );
+        $this->testData = [
+            'html_id_prefix' => 'test_id_prefix_',
+            'html_id' => 'test_id',
+            'html_id_suffix' => '_test_id_suffix',
+            'path' => 'catalog/product/placeholder',
+            'value' => 'test_value',
+        ];
+
         $formMock = new DataObject();
-        $formMock->getHtmlIdPrefix('id_prefix');
-        $formMock->getHtmlIdPrefix('id_suffix');
+        $formMock->getHtmlIdPrefix($this->testData['html_id_prefix']);
+        $formMock->getHtmlIdPrefix($this->testData['html_id_suffix']);
         $this->_image->setForm($formMock);
     }
 
@@ -117,21 +133,32 @@ public function testGetElementHtmlWithoutValue()
      */
     public function testGetElementHtmlWithValue()
     {
-        $this->_image->setValue('test_value');
-        $this->urlBuilder->expects($this->once())
-            ->method('getBaseUrl')
-            ->with(['_type' => UrlInterface::URL_TYPE_MEDIA])
-            ->willReturn('http://localhost/media/');
+        $url = 'http://test.example.com/media/';
+
+        $this->_image->setValue($this->testData['value']);
+        $this->_image->setHtmlId($this->testData['html_id']);
+
+        $this->urlBuilder->expects($this->once())->method('getBaseUrl')
+            ->with(['_type' => UrlInterface::URL_TYPE_MEDIA])->willReturn($url);
+
+        $expectedHtmlId = $this->testData['html_id'];
+
         $html = $this->_image->getElementHtml();
+
         $this->assertStringContainsString('class="input-file"', $html);
         $this->assertStringContainsString('<input', $html);
         $this->assertStringContainsString('type="file"', $html);
         $this->assertStringContainsString('value="test_value"', $html);
+
         $this->assertStringContainsString(
-            '<a previewlinkid="linkIdsome-rando-string" href="http://localhost/media/test_value"',
+            '<a previewlinkid="linkIdsome-rando-string" href="'
+            . $url
+            . $this->testData['value']
+            . '"',
             $html
         );
-        $this->assertStringContainsString("imagePreview('_image');\nreturn false;", $html);
+
+        $this->assertStringContainsString("imagePreview('{$expectedHtmlId}_image');\nreturn false;", $html);
         $this->assertStringContainsString('<input type="checkbox"', $html);
     }
 }