1. Install cweagans patch
composer require cweagans/composer-patches
2. add file patch/magento/framework/<your_magento_release_version>-MDVA-43395_EE_v1.patch
--- a/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
+++ b/vendor/magento/framework/Filter/DirectiveProcessor/VarDirective.php
@@ -55,6 +55,11 @@ public function process(array $construction, Template $filter, array $templateVa
$result = $this->filterApplier->applyFromRawParam($construction['filters'], $result);
}
+ $pattern = '/{{.*?}}/';
+ do {
+ $result = preg_replace($pattern, '', (string)$result);
+ } while (preg_match($pattern, $result));
+
return $result;
}
3. add file patch/magento/email/<your_magento_release_version>-MDVA-43395_EE_v1.patch
--- a/vendor/magento/module-email/Model/Template/Filter.php
+++ b/vendor/magento/module-email/Model/Template/Filter.php
@@ -605,6 +605,12 @@ class Filter extends \Magento\Framework\Filter\Template
}
$text = __($text, $params)->render();
+
+ $pattern = '/{{.*?}}/';
+ do {
+ $text = preg_replace($pattern, '', (string)$text);
+ } while (preg_match($pattern, $text));
+
return $this->applyModifiers($text, $modifiers);
}
"extra" : {
"magento-force" : " override" ,
"composer-exit-on-patch-failure" : true ,
"patches" : {
"magento/framework" : {
"MDVA-43395_EE_v1" : " patch/magento/framework/<your_magento_release_version>-MDVA-43395_EE_v1.patch"
},
"magento/module-email" : {
"MDVA-43395_EE_v1" : " patch/magento/email/<your_magento_release_version>-MDVA-43395_EE_v1.patch"
}
}
},
composer install
git add .
git commit -m "[MDVA-43395] apply security patch"