Skip to content

Commit

Permalink
Merge pull request magento#1182 from magento-frontend/PR_08062017
Browse files Browse the repository at this point in the history
Fixed issues:
- MAGETWO-61189: Stored xss using svg images in Favicon
- MAGETWO-54702: Failed ClearAllCompareProductsTest test due to Alert window.
- MAGETWO-66885: Special Characters like % in widget inside of WYSIWYG gives an error magento#9452
- MAGETWO-59514: Hard coded "tax_region_id" in the \Magento\Tax\Setup\InstallData
- MAGETWO-64952: Admin login does not handle autocomplete feature correctly
  • Loading branch information
MomotenkoNatalia authored Jun 12, 2017
2 parents 519a65d + 8022747 commit d1b86ae
Show file tree
Hide file tree
Showing 18 changed files with 119 additions and 22 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@
data-validate="{required:true}"
value=""
placeholder="<?php /* @escapeNotVerified */ echo __('password') ?>"
autocomplete="off"
autocomplete="new-password"
/>
</div>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
<fieldset class="admin__fieldset password-box-container">
<div class="admin__field field _required">
<label for="password" class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('User Password')?></span></label>
<div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="off"></div>
<div class="admin__field-control"><input type="password" name="password" id="password" class="admin__control-text required-entry" autocomplete="new-password"></div>
</div>

<div class="admin__field field maintenance-checkbox-container">
Expand Down Expand Up @@ -119,7 +119,7 @@
<span><?php /* @escapeNotVerified */ echo __('FTP Password') ?></span>
</label>
<div class="admin__field-control">
<input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="off">
<input type="password" class="admin__control-text" name="ftp_pass" id="ftp_pass" autocomplete="new-password">
</div>
</div>
<div class="admin__field field">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down Expand Up @@ -87,7 +87,7 @@
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down Expand Up @@ -147,7 +147,7 @@
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
*/
protected function _getAllowedExtensions()
{
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,6 @@ protected function _addWhetherScopeInfo()
*/
protected function _getAllowedExtensions()
{
return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
return ['jpg', 'jpeg', 'gif', 'png'];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ public function testBeforeSave()
->will($this->returnValue('/tmp/val'));
$this->uploaderMock->expects($this->once())
->method('setAllowedExtensions')
->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png', 'svg']));
->with($this->equalTo(['jpg', 'jpeg', 'gif', 'png']));
$this->model->beforeSave();
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down
92 changes: 92 additions & 0 deletions app/code/Magento/Tax/Setup/RecurringData.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

namespace Magento\Tax\Setup;

use Magento\Directory\Model\RegionFactory;
use Magento\Framework\Api\Search\SearchCriteriaFactory;
use Magento\Framework\Setup\InstallDataInterface;
use Magento\Framework\Setup\ModuleContextInterface;
use Magento\Framework\Setup\ModuleDataSetupInterface;
use Magento\Tax\Api\TaxRateRepositoryInterface;

/**
* Update installed tax region codes
*/
class RecurringData implements InstallDataInterface
{
/**
* Tax rate repository
*
* @var TaxRateRepositoryInterface
*/
private $taxRateRepository;

/**
* @var SearchCriteriaFactory
*/

private $searchCriteriaFactory;

/**
* @var RegionFactory
*/
private $directoryRegionFactory;

/**
* Init
*
* @param TaxRateRepositoryInterface $taxRateRepository
* @param SearchCriteriaFactory $searchCriteriaFactory
* @param RegionFactory $directoryRegionFactory
*/
public function __construct(
TaxRateRepositoryInterface $taxRateRepository,
SearchCriteriaFactory $searchCriteriaFactory,
RegionFactory $directoryRegionFactory
) {
$this->taxRateRepository = $taxRateRepository;
$this->searchCriteriaFactory = $searchCriteriaFactory;
$this->directoryRegionFactory = $directoryRegionFactory;
}

/**
* {@inheritdoc}
*/
public function install(ModuleDataSetupInterface $setup, ModuleContextInterface $context)
{
$taxRateList = $this->taxRateRepository->getList($this->searchCriteriaFactory->create());
/** @var \Magento\Tax\Api\Data\TaxRateInterface $taxRateData */
foreach ($taxRateList->getItems() as $taxRateData) {
$regionCode = $this->parseRegionFromTaxCode($taxRateData->getCode());
if ($regionCode) {
/** @var \Magento\Directory\Model\Region $region */
$region = $this->directoryRegionFactory->create();
$region->loadByCode($regionCode, $taxRateData->getTaxCountryId());
$taxRateData->setTaxRegionId($region->getRegionId());
$this->taxRateRepository->save($taxRateData);
}
}
}

/**
* Parse region code from tax code
*
* @param string $taxCode
* @return string
*/
private function parseRegionFromTaxCode($taxCode)
{
$result = '';
$parts = explode('-', $taxCode, 3);

if (isset($parts[1])) {
$result = $parts[1];
}

return $result;
}
}
2 changes: 1 addition & 1 deletion app/code/Magento/Theme/Model/Design/Backend/Favicon.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,6 @@ protected function _addWhetherScopeInfo()
*/
public function getAllowedExtensions()
{
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng', 'svg'];
return ['ico', 'png', 'gif', 'jpg', 'jpeg', 'apng'];
}
}
2 changes: 1 addition & 1 deletion app/code/Magento/Theme/Model/Design/Backend/Logo.php
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,6 @@ protected function _addWhetherScopeInfo()
*/
public function getAllowedExtensions()
{
return ['jpg', 'jpeg', 'gif', 'png', 'svg'];
return ['jpg', 'jpeg', 'gif', 'png'];
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -56,14 +56,14 @@
</settings>
<field name="head_shortcut_icon" formElement="fileUploader">
<settings>
<notice translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng, svg. Not all browsers support all these formats!</notice>
<notice translate="true">Allowed file types: ico, png, gif, jpg, jpeg, apng. Not all browsers support all these formats!</notice>
<label translate="true">Favicon Icon</label>
<componentType>fileUploader</componentType>
</settings>
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg ico apng</allowedExtensions>
<allowedExtensions>jpg jpeg gif png ico apng</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down Expand Up @@ -153,14 +153,14 @@
</settings>
<field name="header_logo_src" formElement="fileUploader">
<settings>
<notice translate="true">Allowed file types: png, gif, jpg, jpeg, svg.</notice>
<notice translate="true">Allowed file types: png, gif, jpg, jpeg.</notice>
<label translate="true">Logo Image</label>
<componentType>fileUploader</componentType>
</settings>
<formElements>
<fileUploader>
<settings>
<allowedExtensions>jpg jpeg gif png svg</allowedExtensions>
<allowedExtensions>jpg jpeg gif png</allowedExtensions>
<maxFileSize>2097152</maxFileSize>
<uploaderConfig>
<param xsi:type="string" name="url">theme/design_config_fileUploader/save</param>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ class ClearAllCompareProductsTest extends AbstractCompareProductsTest
{
/* tags */
const MVP = 'yes';
const TEST_TYPE = 'extended_acceptance_test';
/* end tags */

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="../../../../../../../vendor/magento/mtf/etc/variations.xsd">
<testCase name="Magento\Catalog\Test\TestCase\Product\ClearAllCompareProductsTest" summary="Clear All Compare Products" ticketId="MAGETWO-25961">
<variation name="ClearAllCompareProductsTestVariation1">
<data name="tag" xsi:type="string">stable:no</data>
<data name="config/dataset" xsi:type="string">compare_products</data>
<data name="products" xsi:type="string">catalogProductSimple::simple_for_composite_products,catalogProductVirtual::default,downloadableProduct::default,groupedProduct::grouped_product_with_price,configurableProduct::default,bundleProduct::bundle_dynamic_product,bundleProduct::bundle_fixed_product</data>
<constraint name="Magento\Catalog\Test\Constraint\AssertProductCompareSuccessRemoveAllProductsMessage" />
Expand Down
2 changes: 0 additions & 2 deletions lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js
Original file line number Diff line number Diff line change
Expand Up @@ -463,8 +463,6 @@ define([
var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9,_-]+)'));

content = decodeURIComponent(content);

return content.gsub(reg, function (match) { //eslint-disable-line no-extra-bind
return Base64.mageDecode(match[1]);
});
Expand Down
3 changes: 3 additions & 0 deletions setup/view/magento/setup/marketplace-credentials.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@
</div>
<form name="auth"
role="form"
autocomplete="off"
ng-show="showCredsForm"
>
<fieldset class="fieldset">
Expand Down Expand Up @@ -63,6 +64,7 @@
|| (auth.username.$error.required && user.submitted) }"
autofocus
required
autocomplete="off"
>
<div class="error-container">
This is a required field.
Expand All @@ -84,6 +86,7 @@
&& !auth.password.$pristine)
|| (auth.password.$error.required && user.submitted) }"
required
autocomplete="new-password"
>
<div class="error-container">
This is a required field.
Expand Down
3 changes: 3 additions & 0 deletions setup/view/magento/setup/popupauth.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@
<form
name="auth"
role="form"
autocomplete="off"
>
<fieldset class="fieldset">
<legend ng-show="errors==false" class="legend">
Expand Down Expand Up @@ -62,6 +63,7 @@
|| (auth.username.$error.required && user.submitted) }"
autofocus
required
autocomplete="off"
>
<div class="error-container">
This is a required field.
Expand All @@ -83,6 +85,7 @@
&& !auth.password.$pristine)
|| (auth.password.$error.required && user.submitted) }"
required
autocomplete="new-password"
>
<div class="error-container">
This is a required field.
Expand Down
5 changes: 3 additions & 2 deletions setup/view/magento/setup/system-config.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
<h2 class="page-sub-title">Magento Marketplace</h2>
<p>Sign in to sync your Magento Marketplace purchases.</p>
<fieldset class="form-fieldset">
<form ng-submit="saveAuthJson();" name="auth" role="form">
<form ng-submit="saveAuthJson();" name="auth" role="form" autocomplete="off">
<div class="row form-row">
<div class="col-m-3">
<label class="form-label required" for="username">Public Access Key</label>
Expand All @@ -74,6 +74,7 @@
|| (auth.username.$error.required && user.submitted)}"
autofocus
required
autocomplete="off"
>
<div class="error-container">
This is a required field.
Expand All @@ -100,7 +101,7 @@
ng-class="{ 'invalid' : (auth.password.$error.required && !auth.password.$pristine)
|| (auth.password.$error.required && user.submitted) }"
required
autocomplete="off"
autocomplete="new-password"
>
<div class="error-container">
This is a required field.
Expand Down

0 comments on commit d1b86ae

Please sign in to comment.