Created
February 17, 2022 19:44
-
-
Save gwillem/ae79b66b26d8765920f44e77645e5ede to your computer and use it in GitHub Desktop.
MDVA-43395
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/vendor/magento/module-email/Model/Template/Filter.php b/vendor/magento/module-email/Model/Template/Filter.php | |
| index ccb04937675..5cc50bc4507 100644 | |
| --- a/vendor/magento/module-email/Model/Template/Filter.php | |
| +++ b/vendor/magento/module-email/Model/Template/Filter.php | |
| @@ -379,14 +379,14 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * Retrieve Block html directive | |
| - * | |
| * @param array $construction | |
| + * | |
| * @return string | |
| + * | |
| * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| * @SuppressWarnings(PHPMD.NPathComplexity) | |
| */ | |
| - public function blockDirective($construction) | |
| + private function resolveBlockDirective($construction) | |
| { | |
| $skipParams = ['class', 'id', 'output']; | |
| $blockParameters = $this->getParameters($construction[2]); | |
| @@ -427,12 +427,26 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * Retrieve layout html directive | |
| + * Retrieve Block html directive | |
| * | |
| + * @param array $construction | |
| + * @return string | |
| + * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| + * @SuppressWarnings(PHPMD.NPathComplexity) | |
| + */ | |
| + public function blockDirective($construction) | |
| + { | |
| + $result = $this->resolveBlockDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| + /** | |
| * @param string[] $construction | |
| + * | |
| * @return string | |
| */ | |
| - public function layoutDirective($construction) | |
| + private function resolveLayoutDirective($construction) | |
| { | |
| $this->_directiveParams = $this->getParameters($construction[2]); | |
| if (!isset($this->_directiveParams['area'])) { | |
| @@ -448,6 +462,19 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| } | |
| + /** | |
| + * Retrieve layout html directive | |
| + * | |
| + * @param string[] $construction | |
| + * @return string | |
| + */ | |
| + public function layoutDirective($construction) | |
| + { | |
| + $result = $this->resolveLayoutDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| /** | |
| * Retrieve layout html directive callback | |
| * | |
| @@ -515,7 +542,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| $url = $this->_assetRepo->getUrlWithParams($params['url'], $params); | |
| - return $url; | |
| + return $this->sanitizeValue($url); | |
| } | |
| /** | |
| @@ -528,8 +555,11 @@ class Filter extends \Magento\Framework\Filter\Template | |
| { | |
| // phpcs:disable Magento2.Functions.DiscouragedFunction | |
| $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES)); | |
| - return $this->_storeManager->getStore() | |
| - ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url']; | |
| + return $this->sanitizeValue( | |
| + $this->_storeManager->getStore() | |
| + ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url'] | |
| + ); | |
| + | |
| } | |
| /** | |
| @@ -567,7 +597,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| unset($params['url']); | |
| } | |
| - return $this->urlModel->getUrl($path, $params); | |
| + return $this->sanitizeValue($this->urlModel->getUrl($path, $params)); | |
| } | |
| /** | |
| @@ -606,12 +636,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $text = __($text, $params)->render(); | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $text = preg_replace($pattern, '', (string)$text); | |
| - } while (preg_match($pattern, $text)); | |
| - | |
| - return $this->applyModifiers($text, $modifiers); | |
| + return $this->applyModifiers($this->sanitizeValue($text), $modifiers); | |
| } | |
| /** | |
| @@ -655,7 +680,10 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $construction[2] . ($construction['filters'] ?? ''), | |
| 'escape' | |
| ); | |
| - return $this->applyModifiers($this->getVariable($directive, ''), $modifiers); | |
| + | |
| + $result = $this->sanitizeValue($this->getVariable($directive, '')); | |
| + | |
| + return $this->applyModifiers($result, $modifiers); | |
| } | |
| /** | |
| @@ -736,20 +764,11 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * HTTP Protocol directive | |
| - * | |
| - * Usage: | |
| - * | |
| - * {{protocol}} - current protocol http or https | |
| - * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| - * {{protocol http="http://url" https="https://url"}} | |
| - * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| - * | |
| * @param string[] $construction | |
| * @throws \Magento\Framework\Exception\MailException | |
| * @return string | |
| */ | |
| - public function protocolDirective($construction) | |
| + private function resolveProtocolDirective($construction) | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| $store = null; | |
| @@ -776,6 +795,27 @@ class Filter extends \Magento\Framework\Filter\Template | |
| return $protocol; | |
| } | |
| + /** | |
| + * HTTP Protocol directive | |
| + * | |
| + * Usage: | |
| + * | |
| + * {{protocol}} - current protocol http or https | |
| + * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| + * {{protocol http="http://url" https="https://url"}} | |
| + * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| + * | |
| + * @param string[] $construction | |
| + * @throws \Magento\Framework\Exception\MailException | |
| + * @return string | |
| + */ | |
| + public function protocolDirective($construction) | |
| + { | |
| + return $this->sanitizeValue( | |
| + $this->resolveProtocolDirective($construction) | |
| + ); | |
| + } | |
| + | |
| /** | |
| * Store config directive | |
| * | |
| @@ -794,7 +834,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $storeId | |
| ); | |
| } | |
| - return $configValue; | |
| + return $this->sanitizeValue($configValue); | |
| } | |
| /** | |
| @@ -835,7 +875,8 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $customVarValue = $value; | |
| } | |
| } | |
| - return $customVarValue; | |
| + | |
| + return $this->sanitizeValue($customVarValue); | |
| } | |
| /** | |
| @@ -1062,4 +1103,14 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| return $value; | |
| } | |
| + | |
| + /** | |
| + * @param string $value | |
| + * | |
| + * @return string|bool | |
| + */ | |
| + private function sanitizeValue($value) | |
| + { | |
| + return is_bool($value) ? $value : str_replace(['{', '}'], '', (string) $value); | |
| + } | |
| } | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| index f557f7465b5..83345acd6e5 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| @@ -32,9 +32,13 @@ class DependDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| // If template processing | |
| @@ -48,6 +52,16 @@ class DependDirective implements DirectiveProcessorInterface | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| index 2b51185b1b5..41cd58118fd 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| @@ -36,14 +36,13 @@ class ForDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * Filter the string as template. | |
| - * | |
| * @param array $construction | |
| * @param Template $filter | |
| * @param array $templateVariables | |
| + * | |
| * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (!$this->isValidLoop($construction)) { | |
| return $construction[0]; | |
| @@ -67,6 +66,16 @@ class ForDirective implements DirectiveProcessorInterface | |
| return $construction[0]; | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * Check if the matched construction is valid. | |
| * | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| index 7fedc7946f2..469dae71d06 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| @@ -32,9 +32,13 @@ class IfDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| return $construction[0]; | |
| @@ -50,6 +54,16 @@ class IfDirective implements DirectiveProcessorInterface | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| index 9f4b30d0c96..b9280aec283 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| @@ -68,7 +68,7 @@ class SimpleDirective implements DirectiveProcessorInterface | |
| ->get($construction['directiveName']); | |
| } catch (\InvalidArgumentException $e) { | |
| // This directive doesn't have a SimpleProcessor | |
| - return $construction[0]; | |
| + return ''; | |
| } | |
| $parameters = $this->extractParameters($construction, $filter, $templateVariables); | |
| @@ -79,6 +79,8 @@ class SimpleDirective implements DirectiveProcessorInterface | |
| !empty($construction['content']) ? $filter->filter($construction['content']) : null | |
| ); | |
| + $value = str_replace(['{', '}'], '', (string) $value); | |
| + | |
| $value = $this->filterApplier->applyFromRawParam( | |
| $construction['filters'] ?? '', | |
| $value, | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| index 78034d70ba5..a7d6790acc7 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| @@ -55,10 +55,7 @@ class VarDirective implements DirectiveProcessorInterface | |
| $result = $this->filterApplier->applyFromRawParam($construction['filters'], $result); | |
| } | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $result = preg_replace($pattern, '', (string)$result); | |
| - } while (preg_match($pattern, $result)); | |
| + $result = str_replace(['{', '}'], '', (string) $result); | |
| return $result; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/vendor/magento/module-email/Model/Template/Filter.php b/vendor/magento/module-email/Model/Template/Filter.php | |
| index 88b204307f2..52b1018e1af 100644 | |
| --- a/vendor/magento/module-email/Model/Template/Filter.php | |
| +++ b/vendor/magento/module-email/Model/Template/Filter.php | |
| @@ -379,14 +379,14 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * Retrieve Block html directive | |
| - * | |
| * @param array $construction | |
| + * | |
| * @return string | |
| + * | |
| * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| * @SuppressWarnings(PHPMD.NPathComplexity) | |
| */ | |
| - public function blockDirective($construction) | |
| + private function resolveBlockDirective($construction) | |
| { | |
| $skipParams = ['class', 'id', 'output']; | |
| $blockParameters = $this->getParameters($construction[2]); | |
| @@ -427,12 +427,26 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * Retrieve layout html directive | |
| + * Retrieve Block html directive | |
| * | |
| + * @param array $construction | |
| + * @return string | |
| + * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| + * @SuppressWarnings(PHPMD.NPathComplexity) | |
| + */ | |
| + public function blockDirective($construction) | |
| + { | |
| + $result = $this->resolveBlockDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| + /** | |
| * @param string[] $construction | |
| + * | |
| * @return string | |
| */ | |
| - public function layoutDirective($construction) | |
| + private function resolveLayoutDirective($construction) | |
| { | |
| $this->_directiveParams = $this->getParameters($construction[2]); | |
| if (!isset($this->_directiveParams['area'])) { | |
| @@ -448,6 +462,19 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| } | |
| + /** | |
| + * Retrieve layout html directive | |
| + * | |
| + * @param string[] $construction | |
| + * @return string | |
| + */ | |
| + public function layoutDirective($construction) | |
| + { | |
| + $result = $this->resolveLayoutDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| /** | |
| * Retrieve layout html directive callback | |
| * | |
| @@ -515,7 +542,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| $url = $this->_assetRepo->getUrlWithParams($params['url'], $params); | |
| - return $url; | |
| + return $this->sanitizeValue($url); | |
| } | |
| /** | |
| @@ -528,8 +555,11 @@ class Filter extends \Magento\Framework\Filter\Template | |
| { | |
| // phpcs:disable Magento2.Functions.DiscouragedFunction | |
| $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES)); | |
| - return $this->_storeManager->getStore() | |
| - ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url']; | |
| + return $this->sanitizeValue( | |
| + $this->_storeManager->getStore() | |
| + ->getBaseUrl(\Magento\Framework\UrlInterface::URL_TYPE_MEDIA) . $params['url'] | |
| + ); | |
| + | |
| } | |
| /** | |
| @@ -567,7 +597,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| unset($params['url']); | |
| } | |
| - return $this->urlModel->getUrl($path, $params); | |
| + return $this->sanitizeValue($this->urlModel->getUrl($path, $params)); | |
| } | |
| /** | |
| @@ -606,12 +636,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $text = __($text, $params)->render(); | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $text = preg_replace($pattern, '', (string)$text); | |
| - } while (preg_match($pattern, $text)); | |
| - | |
| - return $this->applyModifiers($text, $modifiers); | |
| + return $this->applyModifiers($this->sanitizeValue($text), $modifiers); | |
| } | |
| /** | |
| @@ -655,7 +680,10 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $construction[2] . ($construction['filters'] ?? ''), | |
| 'escape' | |
| ); | |
| - return $this->applyModifiers($this->getVariable($directive, ''), $modifiers); | |
| + | |
| + $result = $this->sanitizeValue($this->getVariable($directive, '')); | |
| + | |
| + return $this->applyModifiers($result, $modifiers); | |
| } | |
| /** | |
| @@ -736,21 +764,14 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| /** | |
| - * HTTP Protocol directive | |
| - * | |
| - * Usage: | |
| - * | |
| - * {{protocol}} - current protocol http or https | |
| - * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| - * {{protocol http="http://url" https="https://url"}} | |
| - * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| - * | |
| * @param string[] $construction | |
| + * | |
| * @return string | |
| + * | |
| * @throws MailException | |
| * @throws NoSuchEntityException | |
| */ | |
| - public function protocolDirective($construction) | |
| + private function resolveProtocolDirective($construction) | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| @@ -781,6 +802,28 @@ class Filter extends \Magento\Framework\Filter\Template | |
| return $protocol; | |
| } | |
| + /** | |
| + * HTTP Protocol directive | |
| + * | |
| + * Usage: | |
| + * | |
| + * {{protocol}} - current protocol http or https | |
| + * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| + * {{protocol http="http://url" https="https://url"}} | |
| + * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| + * | |
| + * @param string[] $construction | |
| + * @return string | |
| + * @throws MailException | |
| + * @throws NoSuchEntityException | |
| + */ | |
| + public function protocolDirective($construction) | |
| + { | |
| + return $this->sanitizeValue( | |
| + $this->resolveProtocolDirective($construction) | |
| + ); | |
| + } | |
| + | |
| /** | |
| * Validate protocol directive HTTP parameters. | |
| * | |
| @@ -830,7 +873,7 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $storeId | |
| ); | |
| } | |
| - return $configValue; | |
| + return $this->sanitizeValue($configValue); | |
| } | |
| /** | |
| @@ -871,7 +914,8 @@ class Filter extends \Magento\Framework\Filter\Template | |
| $customVarValue = $value; | |
| } | |
| } | |
| - return $customVarValue; | |
| + | |
| + return $this->sanitizeValue($customVarValue); | |
| } | |
| /** | |
| @@ -1098,4 +1142,14 @@ class Filter extends \Magento\Framework\Filter\Template | |
| } | |
| return $value; | |
| } | |
| + | |
| + /** | |
| + * @param string $value | |
| + * | |
| + * @return string|bool | |
| + */ | |
| + private function sanitizeValue($value) | |
| + { | |
| + return is_bool($value) ? $value : str_replace(['{', '}'], '', (string) $value); | |
| + } | |
| } | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| index f557f7465b5..83345acd6e5 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| @@ -32,9 +32,13 @@ class DependDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| // If template processing | |
| @@ -48,6 +52,16 @@ class DependDirective implements DirectiveProcessorInterface | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| index 2b51185b1b5..41cd58118fd 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| @@ -36,14 +36,13 @@ class ForDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * Filter the string as template. | |
| - * | |
| * @param array $construction | |
| * @param Template $filter | |
| * @param array $templateVariables | |
| + * | |
| * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (!$this->isValidLoop($construction)) { | |
| return $construction[0]; | |
| @@ -67,6 +66,16 @@ class ForDirective implements DirectiveProcessorInterface | |
| return $construction[0]; | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * Check if the matched construction is valid. | |
| * | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| index 7fedc7946f2..469dae71d06 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| @@ -32,9 +32,13 @@ class IfDirective implements DirectiveProcessorInterface | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| return $construction[0]; | |
| @@ -50,6 +54,16 @@ class IfDirective implements DirectiveProcessorInterface | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| index 9f4b30d0c96..b9280aec283 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| @@ -68,7 +68,7 @@ class SimpleDirective implements DirectiveProcessorInterface | |
| ->get($construction['directiveName']); | |
| } catch (\InvalidArgumentException $e) { | |
| // This directive doesn't have a SimpleProcessor | |
| - return $construction[0]; | |
| + return ''; | |
| } | |
| $parameters = $this->extractParameters($construction, $filter, $templateVariables); | |
| @@ -79,6 +79,8 @@ class SimpleDirective implements DirectiveProcessorInterface | |
| !empty($construction['content']) ? $filter->filter($construction['content']) : null | |
| ); | |
| + $value = str_replace(['{', '}'], '', (string) $value); | |
| + | |
| $value = $this->filterApplier->applyFromRawParam( | |
| $construction['filters'] ?? '', | |
| $value, | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| index 78034d70ba5..a7d6790acc7 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| @@ -55,10 +55,7 @@ class VarDirective implements DirectiveProcessorInterface | |
| $result = $this->filterApplier->applyFromRawParam($construction['filters'], $result); | |
| } | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $result = preg_replace($pattern, '', (string)$result); | |
| - } while (preg_match($pattern, $result)); | |
| + $result = str_replace(['{', '}'], '', (string) $result); | |
| return $result; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| diff --git a/vendor/magento/module-email/Model/Template/Filter.php b/vendor/magento/module-email/Model/Template/Filter.php | |
| index 586cb485ee1f..a7f0825cb41f 100644 | |
| --- a/vendor/magento/module-email/Model/Template/Filter.php | |
| +++ b/vendor/magento/module-email/Model/Template/Filter.php | |
| @@ -392,14 +392,14 @@ public function getStoreId() | |
| } | |
| /** | |
| - * Retrieve Block html directive | |
| - * | |
| * @param array $construction | |
| + * | |
| * @return string | |
| + * | |
| * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| * @SuppressWarnings(PHPMD.NPathComplexity) | |
| */ | |
| - public function blockDirective($construction) | |
| + private function resolveBlockDirective($construction) | |
| { | |
| $skipParams = ['class', 'id', 'output']; | |
| $blockParameters = $this->getParameters($construction[2]); | |
| @@ -440,12 +440,26 @@ public function blockDirective($construction) | |
| } | |
| /** | |
| - * Retrieve layout html directive | |
| + * Retrieve Block html directive | |
| * | |
| + * @param array $construction | |
| + * @return string | |
| + * @SuppressWarnings(PHPMD.CyclomaticComplexity) | |
| + * @SuppressWarnings(PHPMD.NPathComplexity) | |
| + */ | |
| + public function blockDirective($construction) | |
| + { | |
| + $result = $this->resolveBlockDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| + /** | |
| * @param string[] $construction | |
| + * | |
| * @return string | |
| */ | |
| - public function layoutDirective($construction) | |
| + private function resolveLayoutDirective($construction) | |
| { | |
| $this->_directiveParams = $this->getParameters($construction[2]); | |
| if (!isset($this->_directiveParams['area'])) { | |
| @@ -461,6 +475,19 @@ public function layoutDirective($construction) | |
| } | |
| } | |
| + /** | |
| + * Retrieve layout html directive | |
| + * | |
| + * @param string[] $construction | |
| + * @return string | |
| + */ | |
| + public function layoutDirective($construction) | |
| + { | |
| + $result = $this->resolveLayoutDirective($construction); | |
| + | |
| + return preg_replace("/{{/", "{{", $result); | |
| + } | |
| + | |
| /** | |
| * Retrieve layout html directive callback | |
| * | |
| @@ -528,7 +555,7 @@ public function viewDirective($construction) | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| $url = $this->_assetRepo->getUrlWithParams($params['url'], $params); | |
| - return $url; | |
| + return $this->sanitizeValue($url); | |
| } | |
| /** | |
| @@ -541,8 +568,10 @@ public function mediaDirective($construction) | |
| { | |
| // phpcs:disable Magento2.Functions.DiscouragedFunction | |
| $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES)); | |
| - return $this->_storeManager->getStore() | |
| - ->getBaseUrl(UrlInterface::URL_TYPE_MEDIA) . $params['url']; | |
| + return $this->sanitizeValue( | |
| + $this->_storeManager->getStore() | |
| + ->getBaseUrl(UrlInterface::URL_TYPE_MEDIA) . $params['url'] | |
| + ); | |
| } | |
| /** | |
| @@ -580,7 +609,7 @@ public function storeDirective($construction) | |
| unset($params['url']); | |
| } | |
| - return $this->urlModel->getUrl($path, $params); | |
| + return $this->sanitizeValue($this->urlModel->getUrl($path, $params)); | |
| } | |
| /** | |
| @@ -619,12 +648,7 @@ public function transDirective($construction) | |
| $text = __($text, $params)->render(); | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $text = preg_replace($pattern, '', (string)$text); | |
| - } while (preg_match($pattern, $text)); | |
| - | |
| - return $this->applyModifiers($text, $modifiers); | |
| + return $this->applyModifiers($this->sanitizeValue($text), $modifiers); | |
| } | |
| /** | |
| @@ -668,7 +692,10 @@ public function varDirective($construction) | |
| $construction[2] . ($construction['filters'] ?? ''), | |
| 'escape' | |
| ); | |
| - return $this->applyModifiers($this->getVariable($directive, ''), $modifiers); | |
| + | |
| + $result = $this->sanitizeValue($this->getVariable($directive, '')); | |
| + | |
| + return $this->applyModifiers($result, $modifiers); | |
| } | |
| /** | |
| @@ -749,21 +776,14 @@ public function modifierEscape($value, $type = 'html') | |
| } | |
| /** | |
| - * HTTP Protocol directive | |
| - * | |
| - * Usage: | |
| - * | |
| - * {{protocol}} - current protocol http or https | |
| - * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| - * {{protocol http="http://url" https="https://url"}} | |
| - * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| - * | |
| * @param string[] $construction | |
| + * | |
| * @return string | |
| + * | |
| * @throws MailException | |
| * @throws NoSuchEntityException | |
| */ | |
| - public function protocolDirective($construction) | |
| + private function resolveProtocolDirective($construction) | |
| { | |
| $params = $this->getParameters($construction[2]); | |
| @@ -794,6 +814,28 @@ public function protocolDirective($construction) | |
| return $protocol; | |
| } | |
| + /** | |
| + * HTTP Protocol directive | |
| + * | |
| + * Usage: | |
| + * | |
| + * {{protocol}} - current protocol http or https | |
| + * {{protocol url="www.domain.com/"}} - domain URL with current protocol | |
| + * {{protocol http="http://url" https="https://url"}} | |
| + * {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code | |
| + * | |
| + * @param string[] $construction | |
| + * @return string | |
| + * @throws MailException | |
| + * @throws NoSuchEntityException | |
| + */ | |
| + public function protocolDirective($construction) | |
| + { | |
| + return $this->sanitizeValue( | |
| + $this->resolveProtocolDirective($construction) | |
| + ); | |
| + } | |
| + | |
| /** | |
| * Validate protocol directive HTTP parameters. | |
| * | |
| @@ -843,7 +885,7 @@ public function configDirective($construction) | |
| $storeId | |
| ); | |
| } | |
| - return $configValue; | |
| + return $this->sanitizeValue($configValue); | |
| } | |
| /** | |
| @@ -884,7 +926,8 @@ public function customvarDirective($construction) | |
| $customVarValue = $value; | |
| } | |
| } | |
| - return $customVarValue; | |
| + | |
| + return $this->sanitizeValue($customVarValue); | |
| } | |
| /** | |
| @@ -1113,4 +1156,14 @@ public function filter($value) | |
| } | |
| return $value; | |
| } | |
| + | |
| + /** | |
| + * @param string $value | |
| + * | |
| + * @return string|bool | |
| + */ | |
| + private function sanitizeValue($value) | |
| + { | |
| + return is_bool($value) ? $value : str_replace(['{', '}'], '', (string) $value); | |
| + } | |
| } | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| index f557f7465b5f..83345acd6e5b 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/DependDirective.php | |
| @@ -32,9 +32,13 @@ public function __construct( | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| // If template processing | |
| @@ -48,6 +52,16 @@ public function process(array $construction, Template $filter, array $templateVa | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| index 2b51185b1b5f..41cd58118fd6 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/ForDirective.php | |
| @@ -36,14 +36,13 @@ public function __construct( | |
| } | |
| /** | |
| - * Filter the string as template. | |
| - * | |
| * @param array $construction | |
| * @param Template $filter | |
| * @param array $templateVariables | |
| + * | |
| * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (!$this->isValidLoop($construction)) { | |
| return $construction[0]; | |
| @@ -67,6 +66,16 @@ public function process(array $construction, Template $filter, array $templateVa | |
| return $construction[0]; | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * Check if the matched construction is valid. | |
| * | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| index 7fedc7946f21..469dae71d068 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/IfDirective.php | |
| @@ -32,9 +32,13 @@ public function __construct( | |
| } | |
| /** | |
| - * @inheritdoc | |
| + * @param array $construction | |
| + * @param Template $filter | |
| + * @param array $templateVariables | |
| + * | |
| + * @return string | |
| */ | |
| - public function process(array $construction, Template $filter, array $templateVariables): string | |
| + private function resolve(array $construction, Template $filter, array $templateVariables): string | |
| { | |
| if (empty($templateVariables)) { | |
| return $construction[0]; | |
| @@ -50,6 +54,16 @@ public function process(array $construction, Template $filter, array $templateVa | |
| } | |
| } | |
| + /** | |
| + * @inheritdoc | |
| + */ | |
| + public function process(array $construction, Template $filter, array $templateVariables): string | |
| + { | |
| + $result = $this->resolve($construction, $filter, $templateVariables); | |
| + | |
| + return str_replace(['{', '}'], '', (string) $result); | |
| + } | |
| + | |
| /** | |
| * @inheritdoc | |
| */ | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| index 9f4b30d0c96c..b9280aec2833 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/SimpleDirective.php | |
| @@ -68,7 +68,7 @@ public function process(array $construction, Template $filter, array $templateVa | |
| ->get($construction['directiveName']); | |
| } catch (\InvalidArgumentException $e) { | |
| // This directive doesn't have a SimpleProcessor | |
| - return $construction[0]; | |
| + return ''; | |
| } | |
| $parameters = $this->extractParameters($construction, $filter, $templateVariables); | |
| @@ -79,6 +79,8 @@ public function process(array $construction, Template $filter, array $templateVa | |
| !empty($construction['content']) ? $filter->filter($construction['content']) : null | |
| ); | |
| + $value = str_replace(['{', '}'], '', (string) $value); | |
| + | |
| $value = $this->filterApplier->applyFromRawParam( | |
| $construction['filters'] ?? '', | |
| $value, | |
| diff --git a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| index 78034d70ba51..a7d6790acc79 100644 | |
| --- a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| +++ b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php | |
| @@ -55,10 +55,7 @@ public function process(array $construction, Template $filter, array $templateVa | |
| $result = $this->filterApplier->applyFromRawParam($construction['filters'], $result); | |
| } | |
| - $pattern = '/{{.*?}}/'; | |
| - do { | |
| - $result = preg_replace($pattern, '', (string)$result); | |
| - } while (preg_match($pattern, $result)); | |
| + $result = str_replace(['{', '}'], '', (string) $result); | |
| return $result; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment