Merge branch '2.3-qwerty' of github.com:magento/magento2ce into MC-13900

CHANGELOG.md

@@ -4136,7 +4136,7 @@ Tests:
   * Moved Multishipping functionality to newly created module Multishipping
   * Extracted Product duplication behavior from Product model to Product\Copier model
   * Replaced event "catalog_model_product_duplicate" with composite Product\Copier model
-  * Replaced event "catalog_product_prepare_save" with controller product initialization helper that can be customozed via plugins
+  * Replaced event "catalog_product_prepare_save" with controller product initialization helper that can be customized via plugins
   * Consolidated Authorize.Net functionality in single module Authorizenet
   * Eliminated dependency of Sales module on Shipping and Usa modules
   * Eliminated dependency of Shipping module on Customer module
@@ -4335,7 +4335,7 @@ Tests:
   * Fixed order placing with virtual product using Express Checkout
   * Fixed the error during order placement with Recurring profile payment
   * Fixed wrong redirect after customer registration during multishipping checkout
-  * Fixed inability to crate shipping labels
+  * Fixed inability to create shipping labels
   * Fixed inability to switch language, if the default language is English
   * Fixed an issue with incorrect XML appearing in cache after some actions on the frontend
   * Fixed product export

README.md

@@ -45,7 +45,7 @@ Please review the [Code Contributions guide](https://devdocs.magento.com/guides/
 
 ## Reporting Security Issues
 
-To report security vulnerabilities in Magento software or web sites, please create a Bugcrowd researcher account [there](https://bugcrowd.com/magento) to submit and follow-up your issue. Learn more about reporting security issues [here](https://magento.com/security/reporting-magento-security-issue).
+To report security vulnerabilities or learn more about reporting security issues in Magento software or web sites visit the [Magento Bug Bounty Program](https://hackerone.com/magento) on hackerone. Please create a hackerone account [there](https://hackerone.com/magento) to submit and follow-up your issue.
 
 Stay up-to-date on the latest security news and patches for Magento by signing up for [Security Alert Notifications](https://magento.com/security/sign-up).
 

app/bootstrap.php

@@ -8,7 +8,9 @@
  * Environment initialization
  */
 error_reporting(E_ALL);
-stream_wrapper_unregister('phar');
+if (in_array('phar', \stream_get_wrappers())) {
+    stream_wrapper_unregister('phar');
+}
 #ini_set('display_errors', 1);
 
 /* PHP version validation */

app/code/Magento/AuthorizenetAcceptjs/Gateway/Validator/TransactionResponseValidator.php

@@ -54,15 +54,15 @@ public function validate(array $validationSubject): ResultInterface
             if (isset($transactionResponse['messages']['message']['code'])) {
                 $errorCodes[] = $transactionResponse['messages']['message']['code'];
                 $errorMessages[] = $transactionResponse['messages']['message']['text'];
-            } elseif ($transactionResponse['messages']['message']) {
+            } elseif (isset($transactionResponse['messages']['message'])) {
                 foreach ($transactionResponse['messages']['message'] as $message) {
                     $errorCodes[] = $message['code'];
                     $errorMessages[] = $message['description'];
                 }
             } elseif (isset($transactionResponse['errors'])) {
                 foreach ($transactionResponse['errors'] as $message) {
                     $errorCodes[] = $message['errorCode'];
-                    $errorMessages[] = $message['errorCode'];
+                    $errorMessages[] = $message['errorText'];
                 }
             }
 
@@ -85,8 +85,10 @@ private function isResponseCodeAnError(array $transactionResponse): bool
             ?? $transactionResponse['errors'][0]['errorCode']
             ?? null;
 
-        return in_array($transactionResponse['responseCode'], [self::RESPONSE_CODE_APPROVED, self::RESPONSE_CODE_HELD])
-            && $code
+        return !in_array($transactionResponse['responseCode'], [
+                self::RESPONSE_CODE_APPROVED, self::RESPONSE_CODE_HELD
+            ])
+            || $code
             && !in_array(
                 $code,
                 [

app/code/Magento/AuthorizenetAcceptjs/Test/Unit/Gateway/Validator/TransactionResponseValidatorTest.php

@@ -15,13 +15,18 @@
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 
+/**
+ * Tests for the transaction response validator
+ */
 class TransactionResponseValidatorTest extends TestCase
 {
     private const RESPONSE_CODE_APPROVED = 1;
     private const RESPONSE_CODE_HELD = 4;
+    private const RESPONSE_CODE_DENIED = 2;
     private const RESPONSE_REASON_CODE_APPROVED = 1;
     private const RESPONSE_REASON_CODE_PENDING_REVIEW_AUTHORIZED = 252;
     private const RESPONSE_REASON_CODE_PENDING_REVIEW = 253;
+    private const ERROR_CODE_AVS_MISMATCH = 27;
 
     /**
      * @var ResultInterfaceFactory|MockObject
@@ -86,16 +91,6 @@ public function testValidateScenarios($transactionResponse, $isValid, $errorCode
     public function scenarioProvider()
     {
         return [
-            // This validator only cares about successful edge cases so test for default behavior
-            [
-                [
-                    'responseCode' => 'foo',
-                ],
-                true,
-                [],
-                []
-            ],
-
             // Test for acceptable reason codes
             [
                 [
@@ -208,6 +203,29 @@ public function scenarioProvider()
                 ['foo'],
                 ['bar']
             ],
+            [
+                [
+                    'responseCode' => self::RESPONSE_CODE_DENIED,
+                    'errors' => [
+                        [
+                            'errorCode' => self::ERROR_CODE_AVS_MISMATCH,
+                            'errorText' => 'bar'
+                        ]
+                    ]
+                ],
+                false,
+                [self::ERROR_CODE_AVS_MISMATCH],
+                ['bar']
+            ],
+            // This validator only cares about successful edge cases so test for default behavior
+            [
+                [
+                    'responseCode' => 'foo',
+                ],
+                false,
+                [],
+                []
+            ],
         ];
     }
 }