Merge pull request #3572 from magento-qwerty/2.1.17-bugfixes-181218

Fixed issues:
- MAGETWO-90469: Added posibility to use captcha on share wishlist page
- MAGETWO-88651: Wrong swatches behavior
- MAGETWO-92727: Fixed wrong admin notifications behavior
- MAGETWO-95401: Fixed incorrect flow of send-friend feature
- MAGETWO-95440: Fixed incorrect sitemap request flow

Author: dvoskoboinikov

app/code/Magento/AdminNotification/Block/Grid/Renderer/Actions.php

@@ -39,7 +39,8 @@ public function __construct(
      */
     public function render(\Magento\Framework\DataObject $row)
     {
-        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' . $row->getUrl() . '">' . __(
+        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' .
+            $this->escapeUrl($row->getUrl()) . '">' . __(
             'Read Details'
         ) . '</a> | ' : '';
 

app/code/Magento/Checkout/view/frontend/web/template/minicart/item/default.html

@@ -45,7 +45,7 @@
                                 <span data-bind="html: option.value.join('<br>')"></span>
                             <!-- /ko -->
                             <!-- ko ifnot: Array.isArray(option.value) -->
-                                <span data-bind="html: option.value"></span>
+                                <span data-bind="text: option.value"></span>
                             <!-- /ko -->
                         </dd>
                         <!-- /ko -->

app/code/Magento/Checkout/view/frontend/web/template/summary/item/details.html

@@ -35,7 +35,7 @@
                     <dd class="values" data-bind="html: full_view"></dd>
                     <!-- /ko -->
                     <!-- ko ifnot: ($data.full_view)-->
-                    <dd class="values" data-bind="html: value"></dd>
+                    <dd class="values" data-bind="text: value"></dd>
                     <!-- /ko -->
                 <!-- /ko -->
             </dl>

app/code/Magento/ConfigurableProduct/view/adminhtml/web/js/components/dynamic-rows-configurable.js

@@ -6,8 +6,9 @@
 define([
     'underscore',
     'uiRegistry',
-    'Magento_Ui/js/dynamic-rows/dynamic-rows'
-], function (_, registry, dynamicRows) {
+    'Magento_Ui/js/dynamic-rows/dynamic-rows',
+    'jquery'
+], function (_, registry, dynamicRows, $) {
     'use strict';
 
     return dynamicRows.extend({
@@ -217,6 +218,8 @@ define([
 
             _.each(tmpData, function (row, index) {
                 path = this.dataScope + '.' + this.index + '.' + (this.startIndex + index);
+                row.attributes = $('<i></i>').text(row.attributes).text();
+                row.sku = $('<i></i>').text(row.sku).text();
                 this.source.set(path, row);
             }, this);
 
@@ -376,8 +379,8 @@ define([
                 product = {
                     'id': row.productId,
                     'product_link': row.productUrl,
-                    'name': row.name,
-                    'sku': row.sku,
+                    'name': $('<i></i>').text(row.name).text(),
+                    'sku': $('<i></i>').text(row.sku).text(),
                     'status': row.status,
                     'price': row.price,
                     'price_currency': row.priceCurrency,

app/code/Magento/SendFriend/Block/Send.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\SendFriend\Block;
 
+use Magento\Captcha\Block\Captcha;
 use Magento\Customer\Model\Context;
 
 /**
@@ -168,6 +169,7 @@ public function setFormData($data)
     /**
      * Retrieve Current Product Id
      *
+     * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
      * @return int
      */
     public function getProductId()
@@ -178,6 +180,7 @@ public function getProductId()
     /**
      * Retrieve current category id for product
      *
+     * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
      * @return int
      */
     public function getCategoryId()
@@ -220,4 +223,24 @@ public function canSend()
     {
         return !$this->sendfriend->isExceedLimit();
     }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _prepareLayout()
+    {
+        if (!$this->getChildBlock('captcha')) {
+            $this->addChild(
+                'captcha',
+                Captcha::class,
+                [
+                    'cacheable' => false,
+                    'after' => '-',
+                    'form_id' => 'product_sendtofriend_form',
+                    'image_width' => 230,
+                    'image_height' => 230
+                ]
+            );
+        }
+    }
 }

app/code/Magento/SendFriend/Controller/Product/Sendmail.php

@@ -4,13 +4,18 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 namespace Magento\SendFriend\Controller\Product;
 
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\App\ObjectManager;
+use Magento\SendFriend\Model\CaptchaValidator;
 
+/**
+ * Controller class Sendmail. Represents send-mail action request flow
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class Sendmail extends \Magento\SendFriend\Controller\Product
 {
     /** @var  \Magento\Catalog\Api\CategoryRepositoryInterface */
@@ -21,6 +26,11 @@ class Sendmail extends \Magento\SendFriend\Controller\Product
      */
     protected $catalogSession;
 
+    /**
+     * @var CaptchaValidator
+     */
+    private $captchaValidator;
+
     /**
      * @param \Magento\Framework\App\Action\Context $context
      * @param \Magento\Framework\Registry $coreRegistry
@@ -29,6 +39,9 @@ class Sendmail extends \Magento\SendFriend\Controller\Product
      * @param \Magento\Catalog\Api\ProductRepositoryInterface $productRepository
      * @param \Magento\Catalog\Api\CategoryRepositoryInterface $categoryRepository
      * @param \Magento\Catalog\Model\Session $catalogSession
+     * @param CaptchaValidator|null $captchaValidator
+     *
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
         \Magento\Framework\App\Action\Context $context,
@@ -37,11 +50,13 @@ public function __construct(
         \Magento\SendFriend\Model\SendFriend $sendFriend,
         \Magento\Catalog\Api\ProductRepositoryInterface $productRepository,
         \Magento\Catalog\Api\CategoryRepositoryInterface $categoryRepository,
-        \Magento\Catalog\Model\Session $catalogSession
+        \Magento\Catalog\Model\Session $catalogSession,
+        CaptchaValidator $captchaValidator = null
     ) {
         parent::__construct($context, $coreRegistry, $formKeyValidator, $sendFriend, $productRepository);
         $this->categoryRepository = $categoryRepository;
         $this->catalogSession = $catalogSession;
+        $this->captchaValidator = $captchaValidator ?: ObjectManager::getInstance()->create(CaptchaValidator::class);
     }
 
     /**
@@ -89,6 +104,7 @@ public function execute()
 
         try {
             $validate = $this->sendFriend->validate();
+            $this->captchaValidator->validateSending($this->getRequest());
             if ($validate === true) {
                 $this->sendFriend->send();
                 $this->messageManager->addSuccess(__('The link to a friend was sent.'));

app/code/Magento/SendFriend/Model/CaptchaValidator.php

@@ -0,0 +1,124 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\SendFriend\Model;
+
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Captcha\Helper\Data;
+use Magento\Captcha\Model\DefaultModel;
+use Magento\Captcha\Observer\CaptchaStringResolver;
+use Magento\Authorization\Model\UserContextInterface;
+use Magento\Customer\Api\CustomerRepositoryInterface;
+
+/**
+ * Class CaptchaValidator. Performs captcha validation
+ */
+class CaptchaValidator
+{
+    /**
+     * @var Data
+     */
+    private $captchaHelper;
+
+    /**
+     * @var CaptchaStringResolver
+     */
+    private $captchaStringResolver;
+
+    /**
+     * @var UserContextInterface
+     */
+    private $currentUser;
+
+    /**
+     * @var CustomerRepositoryInterface
+     */
+    private $customerRepository;
+
+    /**
+     * CaptchaValidator constructor.
+     *
+     * @param Data $captchaHelper
+     * @param CaptchaStringResolver $captchaStringResolver
+     * @param UserContextInterface $currentUser
+     * @param CustomerRepositoryInterface $customerRepository
+     */
+    public function __construct(
+        Data $captchaHelper,
+        CaptchaStringResolver $captchaStringResolver,
+        UserContextInterface $currentUser,
+        CustomerRepositoryInterface $customerRepository
+    ) {
+        $this->captchaHelper = $captchaHelper;
+        $this->captchaStringResolver = $captchaStringResolver;
+        $this->currentUser = $currentUser;
+        $this->customerRepository = $customerRepository;
+    }
+
+    /**
+     * Entry point for captcha validation
+     *
+     * @param RequestInterface $request
+     * @throws LocalizedException
+     * @throws \Magento\Framework\Exception\NoSuchEntityException
+     * @return void
+     */
+    public function validateSending(RequestInterface $request)
+    {
+        $this->validateCaptcha($request);
+    }
+
+    /**
+     * Validates captcha and triggers log attempt
+     *
+     * @param RequestInterface $request
+     * @throws LocalizedException
+     * @throws \Magento\Framework\Exception\NoSuchEntityException
+     * @return void
+     */
+    private function validateCaptcha(RequestInterface $request)
+    {
+        $captchaTargetFormName = 'product_sendtofriend_form';
+        /** @var DefaultModel $captchaModel */
+        $captchaModel = $this->captchaHelper->getCaptcha($captchaTargetFormName);
+
+        if ($captchaModel->isRequired()) {
+            $word = $this->captchaStringResolver->resolve(
+                $request,
+                $captchaTargetFormName
+            );
+
+            $isCorrectCaptcha = $captchaModel->isCorrect($word);
+
+            if (!$isCorrectCaptcha) {
+                $this->logCaptchaAttempt($captchaModel);
+                throw new LocalizedException(__('Incorrect CAPTCHA'));
+            }
+        }
+
+        $this->logCaptchaAttempt($captchaModel);
+    }
+
+    /**
+     * Log captcha attempts
+     *
+     * @param DefaultModel $captchaModel
+     * @throws LocalizedException
+     * @throws \Magento\Framework\Exception\NoSuchEntityException
+     * @return void
+     */
+    private function logCaptchaAttempt(DefaultModel $captchaModel)
+    {
+        $email = '';
+
+        if ($this->currentUser->getUserType() == UserContextInterface::USER_TYPE_CUSTOMER) {
+            $email = $this->customerRepository->getById($this->currentUser->getUserId())->getEmail();
+        }
+
+        $captchaModel->logAttempt($email);
+    }
+}