Skip to content
This repository has been archived by the owner on Dec 19, 2019. It is now read-only.

Commit

Permalink
Merge remote-tracking branch 'upstream/2.3-develop' into feature/brai…
Browse files Browse the repository at this point in the history 
…ntree-payment
  • Loading branch information
@pmclain
pmclain committed Jun 15, 2019
2 parents a59a919 + 6e534ad commit 411a559
Show file tree
Hide file tree
Showing 1,458 changed files with 57,297 additions and 13,402 deletions.
24 changes: 18 additions & 6 deletions .github/CONTRIBUTING.md
View file
Original file line number Diff line number Diff line change
@@ -1,18 +1,23 @@
# Contributing to Magento 2 code

Contributions to the Magento 2 codebase are done using the fork & pull model.
This contribution model has contributors maintaining their own copy of the forked codebase (which can easily be synced with the main copy). The forked repository is then used to submit a request to the base repository to “pull” a set of changes. For more information on pull requests please refer to [GitHub Help](https://help.github.com/articles/about-pull-requests/).
This contribution model has contributors maintaining their own fork of the Magento 2 repository.
The forked repository is then used to submit a request to the base repository to “pull” a set of changes.
For more information on pull requests please refer to [GitHub Help](https://help.github.com/articles/about-pull-requests/).

Contributions can take the form of new components or features, changes to existing features, tests, documentation (such as developer guides, user guides, examples, or specifications), bug fixes or optimizations.

The Magento 2 development team will review all issues and contributions submitted by the community of developers in the first in, first out order. During the review we might require clarifications from the contributor. If there is no response from the contributor within two weeks, the pull request will be closed.
The Magento 2 development team or community maintainers will review all issues and contributions submitted by the community of developers in the first in, first out order.
During the review we might require clarifications from the contributor.
If there is no response from the contributor within two weeks, the pull request will be closed.

For more detialed information on contribution please read our [beginners guide](https://github.com/magento/magento2/wiki/Getting-Started).

## Contribution requirements

1. Contributions must adhere to the [Magento coding standards](https://devdocs.magento.com/guides/v2.2/coding-standards/bk-coding-standards.html).
1. Contributions must adhere to the [Magento coding standards](https://devdocs.magento.com/guides/v2.3/coding-standards/bk-coding-standards.html).
2. Pull requests (PRs) must be accompanied by a meaningful description of their purpose. Comprehensive descriptions increase the chances of a pull request being merged quickly and without additional clarification requests.
3. Commits must be accompanied by meaningful commit messages. Please see the [Magento Pull Request Template](https://github.com/magento/magento2/blob/2.2-develop/.github/PULL_REQUEST_TEMPLATE.md) for more information.
3. Commits must be accompanied by meaningful commit messages. Please see the [Magento Pull Request Template](https://github.com/magento/magento2/blob/2.3-develop/.github/PULL_REQUEST_TEMPLATE.md) for more information.
4. PRs which include bug fixes must be accompanied with a step-by-step description of how to reproduce the bug.
3. PRs which include new logic or new features must be submitted along with:
* Unit/integration test coverage
Expand All @@ -22,15 +27,22 @@ The Magento 2 development team will review all issues and contributions submitte

## Contribution process

If you are a new GitHub user, we recommend that you create your own [free github account](https://github.com/signup/free). This will allow you to collaborate with the Magento 2 development team, fork the Magento 2 project and send pull requests.
If you are a new GitHub user, we recommend that you create your own [free github account](https://github.com/signup/free).
This will allow you to collaborate with the Magento 2 development team, fork the Magento 2 project and send pull requests.

1. Search current [listed issues](https://github.com/magento/magento2/issues) (open or closed) for similar proposals of intended contribution before starting work on a new contribution.
2. Review the [Contributor License Agreement](https://magento.com/legaldocuments/mca) if this is your first time contributing.
3. Create and test your work.
4. Fork the Magento 2 repository according to the [Fork A Repository instructions](https://devdocs.magento.com/guides/v2.2/contributor-guide/contributing.html#fork) and when you are ready to send us a pull request – follow the [Create A Pull Request instructions](https://devdocs.magento.com/guides/v2.2/contributor-guide/contributing.html#pull_request).
4. Fork the Magento 2 repository according to the [Fork A Repository instructions](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#fork) and when you are ready to send us a pull request – follow the [Create A Pull Request instructions](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#pull_request).
5. Once your contribution is received the Magento 2 development team will review the contribution and collaborate with you as needed.

## Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. We expect you to agree to its terms when participating in this project.
The full text is available in the repository [Wiki](https://github.com/magento/magento2/wiki/Magento-Code-of-Conduct).

## Connecting with Community!

If you have any questions, join us in [#beginners](https://magentocommeng.slack.com/messages/CH8BGFX9D) Slack chat. If you are not on our slack, [click here](http://tinyurl.com/engcom-slack) to join.

Need to find a project? Check out the [Slack Channels](https://github.com/magento/magento2/wiki/Slack-Channels) (with listed project info) and the [Magento Community Portal](https://opensource.magento.com/).
7 changes: 6 additions & 1 deletion .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,6 @@
There could be 1 or more issues linked here and it will help us find some more information about the reasoning behind this change.
-->
1. magento/magento2#<issue_number>: Issue title
2. ...

### Manual testing scenarios (*)
<!---
Expand All @@ -31,6 +30,12 @@
1. ...
2. ...

### Questions or comments
<!---
If relevant, here you can ask questions or provide comments on your pull request for the reviewer
For example if you need assistance with writing tests or would like some feedback on one of your development ideas
-->

### Contribution checklist (*)
- [ ] Pull request has a meaningful description of its purpose
- [ ] All commits are accompanied by meaningful commit messages
Expand Down
10 changes: 10 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
# Reporting Security Issues

Magento values the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants.

## Where should I report security issues?

We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento). Please provide us with relevant technical details and repro steps to expedite our investigation. If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.

## Learning More About Security
To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).
25 changes: 18 additions & 7 deletions app/code/Magento/AdminNotification/Model/Feed.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel

const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';

/**
* @var \Magento\Framework\Escaper
*/
private $escaper;

/**
* Feed url
*
Expand Down Expand Up @@ -77,6 +82,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
* @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
* @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
* @param array $data
* @param \Magento\Framework\Escaper|null $escaper
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
*/
public function __construct(
Expand All @@ -90,21 +96,26 @@ public function __construct(
\Magento\Framework\UrlInterface $urlBuilder,
\Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
\Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
array $data = []
array $data = [],
\Magento\Framework\Escaper $escaper = null
) {
parent::__construct($context, $registry, $resource, $resourceCollection, $data);
$this->_backendConfig = $backendConfig;
$this->_inboxFactory = $inboxFactory;
$this->curlFactory = $curlFactory;
$this->_backendConfig = $backendConfig;
$this->_inboxFactory = $inboxFactory;
$this->curlFactory = $curlFactory;
$this->_deploymentConfig = $deploymentConfig;
$this->productMetadata = $productMetadata;
$this->urlBuilder = $urlBuilder;
$this->productMetadata = $productMetadata;
$this->urlBuilder = $urlBuilder;
$this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
\Magento\Framework\Escaper::class
);
}

/**
* Init model
*
* @return void
* phpcs:disable Magento2.CodeAnalysis.EmptyBlock
*/
protected function _construct()
{
Expand Down Expand Up @@ -252,6 +263,6 @@ public function getFeedXml()
*/
private function escapeString(\SimpleXMLElement $data)
{
return htmlspecialchars((string)$data);
return $this->escaper->escapeHtml((string)$data);
}
}
12 changes: 5 additions & 7 deletions app/code/Magento/AdminNotification/view/adminhtml/templates/notification/window.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,6 @@
* See COPYING.txt for license details.
*/

// @codingStandardsIgnoreFile

?>
<?php
/**
* @see \Magento\AdminNotification\Block\Window
*/
Expand All @@ -19,11 +15,13 @@
"autoOpen": true,
"buttons": false,
"modalClass": "modal-system-messages",
"title": "<?= /* @escapeNotVerified */ $block->getHeaderText() ?>"
"title": "<?= $block->escapeHtmlAttr($block->getHeaderText()) ?>"
}
}'>
<li class="message message-warning warning">
<?= /* @escapeNotVerified */ $block->getNoticeMessageText() ?><br/>
<a href="<?= /* @escapeNotVerified */ $block->getNoticeMessageUrl() ?>"><?= /* @escapeNotVerified */ $block->getReadDetailsText() ?></a>
<?= $block->escapeHtml($block->getNoticeMessageText()) ?><br/>
<a href="<?= $block->escapeUrl($block->getNoticeMessageUrl()) ?>">
<?= $block->escapeHtml($block->getReadDetailsText()) ?>
</a>
</li>
</ul>
26 changes: 13 additions & 13 deletions app/code/Magento/AdminNotification/view/adminhtml/templates/system/messages.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,41 +4,41 @@
* See COPYING.txt for license details.
*/

// @codingStandardsIgnoreFile

/** @var $block \Magento\AdminNotification\Block\System\Messages */
?>
<?php /** @var $block \Magento\AdminNotification\Block\System\Messages */ ?>

<?php $lastCritical = $block->getLastCritical();?>
<div id="system_messages" class="message-system<?php if ($lastCritical): ?> message-system-unread<?php endif; ?>">
<div id="system_messages"
class="message-system<?php if ($lastCritical) : ?>
message-system-unread<?php endif; ?>">
<div class="message-system-inner">
<?php if ($lastCritical): ?>
<?php if ($lastCritical) : ?>
<ul class="message-system-list">
<li class="message message-warning error">
<?= /* @escapeNotVerified */ $lastCritical->getText() ?>
<?= $block->escapeHtml($lastCritical->getText()) ?>
</li>
</ul>
<?php endif; ?>
<div class="message-system-short">
<span class="message-system-short-label">
<?= /* @escapeNotVerified */ __('System Messages:') ?>
<?= $block->escapeHtml(__('System Messages:')) ?>
</span>

<?php if ($block->getCriticalCount()): ?>
<?php if ($block->getCriticalCount()) : ?>
<div class="message message-warning error">
<a class="message-link" href="#" title="<?= $block->escapeHtml(__('Critical System Messages')) ?>">
<?= /* @escapeNotVerified */ $block->getCriticalCount() ?>
<?= (int) $block->getCriticalCount() ?>
</a>
</div>
<?php endif;?>
<?php endif; ?>

<?php if ($block->getMajorCount()): ?>
<?php if ($block->getMajorCount()) : ?>
<div class="message message-warning warning">
<a class="message-link" href="#" title="<?= $block->escapeHtml(__('Major System Messages')) ?>">
<?= /* @escapeNotVerified */ $block->getMajorCount() ?>
<?= (int) $block->getMajorCount() ?>
</a>
</div>
<?php endif;?>
<?php endif; ?>
</div>
<div id="message-system-all" title="<?= $block->escapeHtml(__('System messages')) ?>" data-mage-init='<?= $block->escapeHtml($block->getSystemMessageDialogJson()) ?>'></div>
</div>
Expand Down
15 changes: 7 additions & 8 deletions app/code/Magento/AdminNotification/view/adminhtml/templates/system/messages/popup.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,15 @@
* See COPYING.txt for license details.
*/

// @codingStandardsIgnoreFile

/** @var $block \Magento\AdminNotification\Block\System\Messages\UnreadMessagePopup */
?>
<?php /** @var $block \Magento\AdminNotification\Block\System\Messages\UnreadMessagePopup */ ?>

<div style="display:none" id="system_messages_list" data-role="system_messages_list" title="<?= $block->escapeHtml($block->getPopupTitle()) ?>">
<div style="display:none" id="system_messages_list" data-role="system_messages_list"
title="<?= $block->escapeHtmlAttr($block->getPopupTitle()) ?>">
<ul class="message-system-list messages">
<?php foreach ($block->getUnreadMessages() as $message): ?>
<li class="message message-warning <?= /* @escapeNotVerified */ $block->getItemClass($message) ?>">
<?= /* @escapeNotVerified */ $message->getText() ?>
<?php foreach ($block->getUnreadMessages() as $message) : ?>
<li class="message message-warning <?= $block->escapeHtmlAttr($block->getItemClass($message)) ?>">
<?= $block->escapeHtml($message->getText()) ?>
</li>
<?php endforeach;?>
</ul>
Expand All @@ -27,4 +26,4 @@
}
}
}
</script>
</script>
Loading

0 comments on commit 411a559

Please sign in to comment.