Merge pull request #322 from magento-sparta/MDVA-53_PART2

[Sparta] Bugs Patch 2.0.1 (Combined)

Author: Momotenko,Natalia(nmomotenko)

CHANGELOG.md

@@ -11,9 +11,45 @@
     * Fixed a potential vulnerability on checkout page
     * Fixed an issue with upload empty file to custom option
     * Fixed an issue with performance on customer edit form
+    * Fixed an issue where minicart does not clears after completing an order via PayPal
+    * Fixed an potential XSS vulnerability
+    * USPS January 17, 2016 API Changes
+    * Fixed an issue plugin incorrect calls when proxy exists
+    * Fixed an issue when travis CI builds fail due to authentication
+    * Fixed an issue when custom options calculated incorrect for configurable products
+    * Fixed an issue with changing category form on store view level
+    * Updated composer version in braintree package
+    * Fixed an issue where URL rewrites works incorrect for sample data
+    * Fixed an issue with BaseURL in static files
+    * Fixed an issue where customer custom attribute of 'file' type isn't supported by UI Form Component
+    * Fixed an issue when bin/magento setup:upgrade does not clear cache properly
+    * Fixed an issue where MessageBox plugin duplicating logic
+    * Fixed an issue where unnecessary StoreCookie plugin is executed on each request
+    * Fixed a potential security issue in input filter
+    * Fixed an issue where category creation from product page fails if google experiments enabled
+    * Fixed a potential security issue with frontend captcha
+    * Fixed a potential security issue with block cache
+    * Fixed an issue where information about selected country in address is not presented on checkout flow
+    * Fixed an issue where customer segments prevent page from caching
+    * Fixed an performance issue related to swatch module
+    * Fixed an issue where import product with replace behaviour causes an error for multistore
+    * Fixed an issue with validation of url_key during import
+    * Fixed an issue with "Learn More" link for Payments Pro goes to Payflow Pro
+    * Fixed an issue with JS error appears if loading product grid after clean cache and static files
+Tests:
+    * Fixed an issue with test failure in testGetPackagesForUpdate
+    * Fixed integration tests related to setup/upgrade functionality
+    * Fixed an issue where PHP7 Integration test failed
+    * Fixed an issue with autoload functionality for jmx-generator.php file
+    * Fixed an issue with legacy tests
+    * Fixed an issues in tests related to PHP7
 * GitHub requests:
     * [#2519](https://github.com/magento/magento2/issues/2519) -- Fixed an issue where synonyms don't work with Magento 2.0
-    
+    * [#2675](https://github.com/magento/magento2/issues/2675) -- Fixed an issue with admin order creation when config "Include Tax In Order Total" set to yes
+    * [#2471](https://github.com/magento/magento2/issues/2471) -- Fixed an issue with incorrect prices on configurable product page when catalog prices include tax
+    * [#2674](https://github.com/magento/magento2/issues/2674) -- Fixed an issue where plugins/interceptors don't work with early stage single instance objects
+    * [#2888](https://github.com/magento/magento2/issues/2888) -- Fixed an issue where not all files are pre-compiled
+
 2.0.0
 =============
 * Fixed bugs:

app/code/Magento/Braintree/composer.json

@@ -16,7 +16,7 @@
         "magento/module-directory": "100.0.*",
         "magento/module-theme": "100.0.*",
         "magento/framework": "100.0.*",
-        "braintree/braintree_php": "2.39.0"
+        "braintree/braintree_php": "3.7.0"
     },
     "suggest": {
         "magento/module-checkout-agreements": "100.0.*"

app/code/Magento/Catalog/Block/Adminhtml/Category/Tab/Attributes.php

@@ -11,7 +11,7 @@
  */
 namespace Magento\Catalog\Block\Adminhtml\Category\Tab;
 
-class Attributes extends \Magento\Backend\Block\Widget\Form\Generic
+class Attributes extends \Magento\Catalog\Block\Adminhtml\Form
 {
     /**
      * Retrieve Category object

app/code/Magento/CatalogUrlRewrite/etc/adminhtml/di.xml

@@ -16,9 +16,6 @@
         <plugin name="category_move_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Category\Move"/>
         <plugin name="category_delete_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Category\Remove"/>
     </type>
-    <type name="Magento\UrlRewrite\Model\StorageInterface">
-        <plugin name="storage_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Storage"/>
-    </type>
     <type name="Magento\Catalog\Block\Adminhtml\Category\Tab\Attributes">
         <plugin name="category_form_url_key_plugin" type="Magento\CatalogUrlRewrite\Plugin\Catalog\Block\Adminhtml\Category\Tab\Attributes"/>
     </type>

app/code/Magento/CatalogUrlRewrite/etc/di.xml

@@ -20,4 +20,7 @@
         <plugin name="category_move_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Category\Move"/>
         <plugin name="category_delete_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Category\Remove"/>
     </type>
+    <type name="Magento\UrlRewrite\Model\StorageInterface">
+        <plugin name="storage_plugin" type="Magento\CatalogUrlRewrite\Model\Category\Plugin\Storage"/>
+    </type>
 </config>

app/code/Magento/Config/Model/Config/Structure/Element/Group/Proxy.php

@@ -5,7 +5,8 @@
  */
 namespace Magento\Config\Model\Config\Structure\Element\Group;
 
-class Proxy extends \Magento\Config\Model\Config\Structure\Element\Group
+class Proxy extends \Magento\Config\Model\Config\Structure\Element\Group implements
+    \Magento\Framework\ObjectManager\NoninterceptableInterface
 {
     /**
      * Object manager

app/code/Magento/Config/Model/Config/Structure/Search/Proxy.php

@@ -5,7 +5,9 @@
  */
 namespace Magento\Config\Model\Config\Structure\Search;
 
-class Proxy implements \Magento\Config\Model\Config\Structure\SearchInterface
+class Proxy implements
+    \Magento\Config\Model\Config\Structure\SearchInterface,
+    \Magento\Framework\ObjectManager\NoninterceptableInterface
 {
     /**
      * Object manager

app/code/Magento/ConfigurableProduct/Model/Product/Type/Configurable/Price.php

@@ -22,16 +22,16 @@ public function getFinalPrice($qty, $product)
             return $product->getCalculatedFinalPrice();
         }
         if ($product->getCustomOption('simple_product') && $product->getCustomOption('simple_product')->getProduct()) {
-            return parent::getFinalPrice($qty, $product->getCustomOption('simple_product')->getProduct());
+            $finalPrice = parent::getFinalPrice($qty, $product->getCustomOption('simple_product')->getProduct());
         } else {
             $priceInfo = $product->getPriceInfo();
             $finalPrice = $priceInfo->getPrice('final_price')->getAmount()->getValue();
-            $finalPrice = $this->_applyOptionsPrice($product, $qty, $finalPrice);
-            $finalPrice = max(0, $finalPrice);
-            $product->setFinalPrice($finalPrice);
-
-            return $finalPrice;
         }
+        $finalPrice = $this->_applyOptionsPrice($product, $qty, $finalPrice);
+        $finalPrice = max(0, $finalPrice);
+        $product->setFinalPrice($finalPrice);
+
+        return $finalPrice;
     }
 
     /**

app/code/Magento/ConfigurableProduct/Pricing/Price/FinalPriceResolver.php

@@ -16,7 +16,6 @@ class FinalPriceResolver implements PriceResolverInterface
      */
     public function resolvePrice(\Magento\Framework\Pricing\SaleableInterface $product)
     {
-        return $product->getPriceInfo()->getPrice(CatalogFinalPrice::PRICE_CODE)
-            ->getAmount()->getBaseAmount();
+        return $product->getPriceInfo()->getPrice(CatalogFinalPrice::PRICE_CODE)->getValue();
     }
 }

app/code/Magento/Paypal/Block/Iframe.php

@@ -89,10 +89,10 @@ public function __construct(
         $this->_hssHelper = $hssHelper;
         $this->_orderFactory = $orderFactory;
         $this->_checkoutSession = $checkoutSession;
-        parent::__construct($context, $data);
         $this->_isScopePrivate = true;
         $this->readFactory = $readFactory;
         $this->reader = $reader;
+        parent::__construct($context, $data);
     }
 
     /**

app/code/Magento/Paypal/Controller/Payflow.php

@@ -73,6 +73,8 @@ public function __construct(
      */
     protected function _cancelPayment($errorMsg = '')
     {
+        $errorMsg = trim(strip_tags($errorMsg));
+
         $gotoSection = false;
         $this->_checkoutHelper->cancelCurrentOrder($errorMsg);
         if ($this->_checkoutSession->restoreQuote()) {

app/code/Magento/Paypal/Controller/Payflow/ReturnUrl.php

@@ -7,6 +7,7 @@
 namespace Magento\Paypal\Controller\Payflow;
 
 use Magento\Paypal\Controller\Payflow;
+use Magento\Paypal\Model\Config;
 use Magento\Sales\Model\Order;
 
 class ReturnUrl extends Payflow
@@ -19,6 +20,15 @@ class ReturnUrl extends Payflow
         Order::STATE_COMPLETE,
     ];
 
+    /**
+     * Payment method code
+     * @var string
+     */
+    protected $allowedPaymentMethodCodes = [
+        Config::METHOD_PAYFLOWPRO,
+        Config::METHOD_PAYFLOWLINK
+    ];
+
     /**
      * When a customer return to website from payflow gateway.
      *
@@ -35,16 +45,44 @@ public function execute()
             $order = $this->_orderFactory->create()->loadByIncrementId($this->_checkoutSession->getLastRealOrderId());
 
             if ($order->getIncrementId()) {
-                if (in_array($order->getState(), $this->allowedOrderStates)) {
+                if ($this->checkOrderState($order)) {
                     $redirectBlock->setData('goto_success_page', true);
                 } else {
-                    $gotoSection = $this->_cancelPayment(strval($this->getRequest()->getParam('RESPMSG')));
-                    $redirectBlock->setData('goto_section', $gotoSection);
-                    $redirectBlock->setData('error_msg', __('Your payment has been declined. Please try again.'));
+                    if ($this->checkPaymentMethod($order)) {
+                        $gotoSection = $this->_cancelPayment(strval($this->getRequest()->getParam('RESPMSG')));
+                        $redirectBlock->setData('goto_section', $gotoSection);
+                        $redirectBlock->setData('error_msg', __('Your payment has been declined. Please try again.'));
+                    } else {
+                        $redirectBlock->setData('goto_section', false);
+                        $redirectBlock->setData('error_msg', __('Requested payment method does not match with order.'));
+                    }
                 }
             }
         }
 
         $this->_view->renderLayout();
     }
+
+    /**
+     * Check order state
+     *
+     * @param Order $order
+     * @return bool
+     */
+    protected function checkOrderState(Order $order)
+    {
+        return in_array($order->getState(), $this->allowedOrderStates);
+    }
+
+    /**
+     * Check requested payment method
+     *
+     * @param Order $order
+     * @return bool
+     */
+    protected function checkPaymentMethod(Order $order)
+    {
+        $payment = $order->getPayment();
+        return in_array($payment->getMethod(), $this->allowedPaymentMethodCodes);
+    }
 }

app/code/Magento/Paypal/Controller/Payflowadvanced/ReturnUrl.php

@@ -6,11 +6,21 @@
  */
 namespace Magento\Paypal\Controller\Payflowadvanced;
 
+use Magento\Paypal\Model\Config;
+
 class ReturnUrl extends \Magento\Paypal\Controller\Payflow\ReturnUrl
 {
     /**
      * Redirect block name
      * @var string
      */
     protected $_redirectBlockName = 'payflow.advanced.iframe';
+
+    /**
+     * Payment method code
+     * @var string
+     */
+    protected $allowedPaymentMethodCodes = [
+        Config::METHOD_PAYFLOWADVANCED
+    ];
 }