From a98f88f9ddba45b46a78fee98abdd53020de3238 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 08:42:43 +0200 Subject: [PATCH 001/146] Improve Name Validation in Quote Model Refined Regex Pattern --- .../ValidationRules/NameValidationRule.php | 90 +++++++++++++++++++ 1 file changed, 90 insertions(+) create mode 100644 app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php new file mode 100644 index 0000000000000..c11b38f86ab34 --- /dev/null +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -0,0 +1,90 @@ +validationResultFactory = $validationResultFactory; + } + + /** + * Validate the first name and last name in the quote. + * + * @param Quote $quote + * @return array + */ + public function validate(Quote $quote): array + { + $validationErrors = []; + $firstName = $quote->getCustomerFirstname(); + $lastName = $quote->getCustomerLastname(); + + if (!$this->isValidName($firstName)) { + $validationErrors[] = __('First Name is not valid'); + } + + if (!$this->isValidName($lastName)) { + $validationErrors[] = __('Last Name is not valid'); + } + + return [$this->validationResultFactory->create(['errors' => $validationErrors])]; + } + + /** + * Check if a name field is valid according to the pattern. + * + * @param string|null $nameValue + * @return bool + */ + private function isValidName($nameValue): bool + { + if ($nameValue !== null) { + if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { + return $matches[0] === $nameValue; + } + } + return false; + } +} From 213510f310e7d15f69ede1773d3fce04424a353b Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 08:46:17 +0200 Subject: [PATCH 002/146] Update di.xml --- app/code/Magento/Quote/etc/di.xml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/app/code/Magento/Quote/etc/di.xml b/app/code/Magento/Quote/etc/di.xml index 04be517537b02..b4e4c3583f195 100644 --- a/app/code/Magento/Quote/etc/di.xml +++ b/app/code/Magento/Quote/etc/di.xml @@ -117,6 +117,7 @@ Magento\Quote\Model\ValidationRules\BillingAddressValidationRule Magento\Quote\Model\ValidationRules\PaymentMethodValidationRule Magento\Quote\Model\ValidationRules\MinimumAmountValidationRule + Magento\Quote\Model\ValidationRules\NameValidationRule @@ -145,6 +146,11 @@ Enter a valid payment method and try again. + + + Please check the name fields (first name and last name). + + From 65ef19bb39555fe3e4984a504b71c1df1f2d43b9 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 09:32:28 +0200 Subject: [PATCH 003/146] Add middle name for validation --- .../Quote/Model/ValidationRules/NameValidationRule.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index c11b38f86ab34..ed37ddfa33115 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -59,12 +59,17 @@ public function validate(Quote $quote): array { $validationErrors = []; $firstName = $quote->getCustomerFirstname(); + $middleName = $quote->getCustomerMiddlename(); $lastName = $quote->getCustomerLastname(); if (!$this->isValidName($firstName)) { $validationErrors[] = __('First Name is not valid'); } - + + if (!$this->isValidName($middleName)) { + $validationErrors[] = __('Middle Name is not valid'); + } + if (!$this->isValidName($lastName)) { $validationErrors[] = __('Last Name is not valid'); } From 66e445b03817a9c5d5c933a8acf1f00ab1bd66a6 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:10:24 +0200 Subject: [PATCH 004/146] add GlobalForbiddenPatterns --- .../Validator/GlobalForbiddenPatterns.php | 41 +++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php new file mode 100644 index 0000000000000..412822bf11cac --- /dev/null +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -0,0 +1,41 @@ + Date: Fri, 9 Aug 2024 11:14:46 +0200 Subject: [PATCH 005/146] Create GlobalValidationRule.php --- .../ValidationRules/GlobalValidationRule.php | 92 +++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php new file mode 100644 index 0000000000000..41ab318654e9a --- /dev/null +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -0,0 +1,92 @@ +validationResultFactory = $validationResultFactory; + } + + /** + * Extracts data from the quote object for validation. + * + * @param Quote $quote + * @return array + */ + private function extractQuoteData(Quote $quote): array + { + $data = $quote->getData(); + + if ($billingAddress = $quote->getBillingAddress()) { + $data = array_merge($data, $billingAddress->getData()); + } + + if ($shippingAddress = $quote->getShippingAddress()) { + $data = array_merge($data, $shippingAddress->getData()); + } + + return $data; + } + + /** + * Validates the global input fields in the quote. + * + * @param Quote $quote + * @return ValidationResult + */ + public function validateGlobalInput(Quote $quote): ValidationResult + { + $validationErrors = []; + $inputArray = $this->extractQuoteData($quote); + + foreach ($inputArray as $key => $value) { + if (is_string($value) && !$this->isValid($value)) { + $validationErrors[] = __("Field $key contains invalid characters."); + } + } + + return $this->validationResultFactory->create(['errors' => $validationErrors]); + } + + /** + * Checks if the given field value is valid according to the forbidden patterns. + * + * @param string $fieldValue + * @return bool + */ + private function isValid(string $fieldValue): bool + { + foreach (GlobalForbiddenPatterns::getPatterns() as $pattern) { + if (preg_match($pattern, $fieldValue)) { + return false; + } + } + return true; + } +} From 6ecfdbcccd39aeefa845bfc2ce974e741487fb3a Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:16:49 +0200 Subject: [PATCH 006/146] Update di.xml --- app/code/Magento/Quote/etc/di.xml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/code/Magento/Quote/etc/di.xml b/app/code/Magento/Quote/etc/di.xml index b4e4c3583f195..fd247aea8e2b8 100644 --- a/app/code/Magento/Quote/etc/di.xml +++ b/app/code/Magento/Quote/etc/di.xml @@ -118,6 +118,7 @@ Magento\Quote\Model\ValidationRules\PaymentMethodValidationRule Magento\Quote\Model\ValidationRules\MinimumAmountValidationRule Magento\Quote\Model\ValidationRules\NameValidationRule + Magento\Quote\Model\ValidationRules\GlobalValidationRule @@ -151,6 +152,13 @@ Please check the name fields (first name and last name). + + + + Please check all fields for invalid characters. + + + From a834c944c0d0973dee0a78eb6851760b05cc5c3f Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:18:00 +0200 Subject: [PATCH 007/146] Update GlobalForbiddenPatterns.php --- .../Validator/GlobalForbiddenPatterns.php | 31 +++++++------------ 1 file changed, 12 insertions(+), 19 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 412822bf11cac..0a4a86811e7ca 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -9,33 +9,26 @@ /** * Class GlobalForbiddenPatterns - * Provides forbidden patterns for global validation. + * Provides a set of forbidden patterns used for validation across the application. */ class GlobalForbiddenPatterns { /** - * Forbidden patterns for validation. - * - * @var string[] - */ - public const PATTERNS = [ - '/{{.*}}/', - '/<\?=/', - '/<\?php/', - '/base64_decode/', - '/shell_exec/', - '/eval\(/', - '/\${IFS%/', - '/\bcurl\b/', - ]; - - /** - * Retrieve the forbidden patterns. + * Returns an array of forbidden patterns. * * @return string[] */ public static function getPatterns(): array { - return self::PATTERNS; + return [ + '/{{.*}}/', + '/<\?=/', + '/<\?php/', + '/base64_decode/', + '/shell_exec/', + '/eval\(/', + '/\${IFS%/', + '/\bcurl\b/', + ]; } } From 2d92ef27cbf463ad5c79f61a020b74a3eb59d357 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:21:54 +0200 Subject: [PATCH 008/146] GlobalNameValidator.php --- .../Validator/GlobalNameValidator.php | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) create mode 100644 lib/internal/Magento/Framework/Validator/GlobalNameValidator.php diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php new file mode 100644 index 0000000000000..dab32da8f82e4 --- /dev/null +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -0,0 +1,32 @@ + Date: Fri, 9 Aug 2024 11:22:56 +0200 Subject: [PATCH 009/146] Update NameValidationRule.php --- .../ValidationRules/NameValidationRule.php | 47 +++---------------- 1 file changed, 7 insertions(+), 40 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index ed37ddfa33115..b95e5199a4f8c 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -9,6 +9,7 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; +use Magento\Framework\Validator\GlobalNameValidator; /** * Class NameValidationRule @@ -16,24 +17,6 @@ */ class NameValidationRule implements QuoteValidationRuleInterface { - /** - * Regular expression pattern for validating names. - * - * \p{L}: Unicode letters. - * \p{M}: Unicode marks (diacritic marks, accents, etc.). - * ,: Comma. - * -: Hyphen. - * _: Underscore. - * .: Period. - * ': Apostrophe mark. - * ’: Right single quotation mark. - * `: Grave accent. - * &: Ampersand. - * \s: Whitespace characters (spaces, tabs, newlines, etc.). - * \d: Digits (0-9). - */ - private const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u'; - /** * @var ValidationResultFactory */ @@ -50,7 +33,7 @@ public function __construct(ValidationResultFactory $validationResultFactory) } /** - * Validate the first name and last name in the quote. + * Validate the first name, middle name, and last name in the quote. * * @param Quote $quote * @return array @@ -62,34 +45,18 @@ public function validate(Quote $quote): array $middleName = $quote->getCustomerMiddlename(); $lastName = $quote->getCustomerLastname(); - if (!$this->isValidName($firstName)) { + if (!GlobalNameValidator::isValidName($firstName)) { $validationErrors[] = __('First Name is not valid'); } - - if (!$this->isValidName($middleName)) { + + if (!GlobalNameValidator::isValidName($middleName)) { $validationErrors[] = __('Middle Name is not valid'); } - - if (!$this->isValidName($lastName)) { + + if (!GlobalNameValidator::isValidName($lastName)) { $validationErrors[] = __('Last Name is not valid'); } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } - - /** - * Check if a name field is valid according to the pattern. - * - * @param string|null $nameValue - * @return bool - */ - private function isValidName($nameValue): bool - { - if ($nameValue !== null) { - if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { - return $matches[0] === $nameValue; - } - } - return false; - } } From d36abbb9a712c9aead4ee8eae04668f2a453804a Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:28:57 +0200 Subject: [PATCH 010/146] Update Name.php --- .../Magento/Customer/Model/Validator/Name.php | 26 +++---------------- 1 file changed, 4 insertions(+), 22 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php index 75d460358970c..e7dd0f4087d4d 100644 --- a/app/code/Magento/Customer/Model/Validator/Name.php +++ b/app/code/Magento/Customer/Model/Validator/Name.php @@ -9,14 +9,13 @@ use Magento\Customer\Model\Customer; use Magento\Framework\Validator\AbstractValidator; +use Magento\Framework\Validator\GlobalNameValidator; /** * Customer name fields validator. */ class Name extends AbstractValidator { - private const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u'; - /** * Validate name fields. * @@ -25,35 +24,18 @@ class Name extends AbstractValidator */ public function isValid($customer) { - if (!$this->isValidName($customer->getFirstname())) { + if (!GlobalNameValidator::isValidName($customer->getFirstname())) { parent::_addMessages([['firstname' => 'First Name is not valid!']]); } - if (!$this->isValidName($customer->getLastname())) { + if (!GlobalNameValidator::isValidName($customer->getLastname())) { parent::_addMessages([['lastname' => 'Last Name is not valid!']]); } - if (!$this->isValidName($customer->getMiddlename())) { + if (!GlobalNameValidator::isValidName($customer->getMiddlename())) { parent::_addMessages([['middlename' => 'Middle Name is not valid!']]); } return count($this->_messages) == 0; } - - /** - * Check if name field is valid. - * - * @param string|null $nameValue - * @return bool - */ - private function isValidName($nameValue) - { - if ($nameValue != null) { - if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { - return $matches[0] == $nameValue; - } - } - - return true; - } } From aa80b31559e7ac5214c7961776b62cfc08c5d6d6 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:34:14 +0200 Subject: [PATCH 011/146] Update NameTest.php --- .../Test/Unit/Model/Validator/NameTest.php | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php index 5033774d54494..61a63b4534d27 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php @@ -7,7 +7,7 @@ namespace Magento\Customer\Test\Unit\Model\Validator; -use Magento\Customer\Model\Validator\Name; +use Magento\Framework\Validator\GlobalNameValidator; use Magento\Customer\Model\Customer; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -18,9 +18,9 @@ class NameTest extends TestCase { /** - * @var Name + * @var GlobalNameValidator */ - private Name $nameValidator; + private GlobalNameValidator $nameValidator; /** * @var Customer|MockObject @@ -32,7 +32,7 @@ class NameTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new Name; + $this->nameValidator = new GlobalNameValidator(); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -60,7 +60,10 @@ public function testValidateCorrectPunctuationInNames( $this->customerMock->expects($this->once())->method('getMiddlename')->willReturn($middleName); $this->customerMock->expects($this->once())->method('getLastname')->willReturn($lastName); - $isValid = $this->nameValidator->isValid($this->customerMock); + $isValid = $this->nameValidator->isValid($firstName) && + $this->nameValidator->isValid($middleName) && + $this->nameValidator->isValid($lastName); + $this->assertTrue($isValid, $message); } @@ -73,25 +76,25 @@ public function expectedPunctuationInNamesDataProvider(): array [ 'firstName' => 'John', 'middleName' => '', - 'lastNameName' => 'O’Doe', + 'lastName' => 'O’Doe', 'message' => 'Inclined apostrophe must be allowed in names (iOS Smart Punctuation compatibility)' ], [ 'firstName' => 'John', 'middleName' => '', - 'lastNameName' => 'O\'Doe', + 'lastName' => 'O\'Doe', 'message' => 'Legacy straight apostrophe must be allowed in names' ], [ 'firstName' => 'John', 'middleName' => '', - 'lastNameName' => 'O`Doe', + 'lastName' => 'O`Doe', 'message' => 'Grave accent back quote character must be allowed in names' ], [ 'firstName' => 'John & Smith', 'middleName' => '', - 'lastNameName' => 'O`Doe', + 'lastName' => 'O`Doe', 'message' => 'Special character ampersand(&) must be allowed in names' ] ]; From 0d315012edce8eef93dd69ab82ead78892ac9752 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:36:51 +0200 Subject: [PATCH 012/146] Update Name.php --- .../Magento/Customer/Model/Validator/Name.php | 109 ++++++++++++++---- 1 file changed, 89 insertions(+), 20 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php index e7dd0f4087d4d..5d6fa464a5f71 100644 --- a/app/code/Magento/Customer/Model/Validator/Name.php +++ b/app/code/Magento/Customer/Model/Validator/Name.php @@ -5,37 +5,106 @@ */ declare(strict_types=1); -namespace Magento\Customer\Model\Validator; +namespace Magento\Customer\Test\Unit\Model\Validator; -use Magento\Customer\Model\Customer; -use Magento\Framework\Validator\AbstractValidator; +use Magento\Customer\Model\Validator\Name; use Magento\Framework\Validator\GlobalNameValidator; +use Magento\Customer\Model\Customer; +use PHPUnit\Framework\MockObject\MockObject; +use PHPUnit\Framework\TestCase; /** - * Customer name fields validator. + * Customer name validator tests */ -class Name extends AbstractValidator +class NameTest extends TestCase { /** - * Validate name fields. - * - * @param Customer $customer - * @return bool + * @var Name + */ + private Name $nameValidator; + + /** + * @var GlobalNameValidator */ - public function isValid($customer) + private GlobalNameValidator $globalNameValidator; + + /** + * @var Customer|MockObject + */ + private MockObject $customerMock; + + /** + * @return void + */ + protected function setUp(): void { - if (!GlobalNameValidator::isValidName($customer->getFirstname())) { - parent::_addMessages([['firstname' => 'First Name is not valid!']]); - } + $this->nameValidator = new Name(); + $this->globalNameValidator = new GlobalNameValidator(); + $this->customerMock = $this + ->getMockBuilder(Customer::class) + ->disableOriginalConstructor() + ->addMethods(['getFirstname', 'getLastname', 'getMiddlename']) + ->getMock(); + } + + /** + * Test for allowed apostrophe and other punctuation characters in customer names + * + * @param string $firstName + * @param string $middleName + * @param string $lastName + * @param string $message + * @return void + * @dataProvider expectedPunctuationInNamesDataProvider + */ + public function testValidateCorrectPunctuationInNames( + string $firstName, + string $middleName, + string $lastName, + string $message + ) { + $this->customerMock->expects($this->once())->method('getFirstname')->willReturn($firstName); + $this->customerMock->expects($this->once())->method('getMiddlename')->willReturn($middleName); + $this->customerMock->expects($this->once())->method('getLastname')->willReturn($lastName); - if (!GlobalNameValidator::isValidName($customer->getLastname())) { - parent::_addMessages([['lastname' => 'Last Name is not valid!']]); - } + $isValid = $this->nameValidator->isValid($this->customerMock); + $this->assertTrue($isValid, $message); - if (!GlobalNameValidator::isValidName($customer->getMiddlename())) { - parent::_addMessages([['middlename' => 'Middle Name is not valid!']]); - } + // Optionally, you can also test with the global name validator + $isValidGlobal = $this->globalNameValidator->isValid($firstName); + $this->assertTrue($isValidGlobal, $message); + } - return count($this->_messages) == 0; + /** + * @return array + */ + public function expectedPunctuationInNamesDataProvider(): array + { + return [ + [ + 'firstName' => 'John', + 'middleName' => '', + 'lastName' => 'O’Doe', + 'message' => 'Inclined apostrophe must be allowed in names (iOS Smart Punctuation compatibility)' + ], + [ + 'firstName' => 'John', + 'middleName' => '', + 'lastName' => 'O\'Doe', + 'message' => 'Legacy straight apostrophe must be allowed in names' + ], + [ + 'firstName' => 'John', + 'middleName' => '', + 'lastName' => 'O`Doe', + 'message' => 'Grave accent back quote character must be allowed in names' + ], + [ + 'firstName' => 'John & Smith', + 'middleName' => '', + 'lastName' => 'O`Doe', + 'message' => 'Special character ampersand(&) must be allowed in names' + ] + ]; } } From 652a2a98c3176a824c7e2b273dca7bfb0daff95a Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:41:17 +0200 Subject: [PATCH 013/146] Update NameTest.php --- .../Test/Unit/Model/Validator/NameTest.php | 20 +++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php index 61a63b4534d27..5d6fa464a5f71 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php @@ -7,6 +7,7 @@ namespace Magento\Customer\Test\Unit\Model\Validator; +use Magento\Customer\Model\Validator\Name; use Magento\Framework\Validator\GlobalNameValidator; use Magento\Customer\Model\Customer; use PHPUnit\Framework\MockObject\MockObject; @@ -17,10 +18,15 @@ */ class NameTest extends TestCase { + /** + * @var Name + */ + private Name $nameValidator; + /** * @var GlobalNameValidator */ - private GlobalNameValidator $nameValidator; + private GlobalNameValidator $globalNameValidator; /** * @var Customer|MockObject @@ -32,7 +38,8 @@ class NameTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new GlobalNameValidator(); + $this->nameValidator = new Name(); + $this->globalNameValidator = new GlobalNameValidator(); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -60,11 +67,12 @@ public function testValidateCorrectPunctuationInNames( $this->customerMock->expects($this->once())->method('getMiddlename')->willReturn($middleName); $this->customerMock->expects($this->once())->method('getLastname')->willReturn($lastName); - $isValid = $this->nameValidator->isValid($firstName) && - $this->nameValidator->isValid($middleName) && - $this->nameValidator->isValid($lastName); - + $isValid = $this->nameValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); + + // Optionally, you can also test with the global name validator + $isValidGlobal = $this->globalNameValidator->isValid($firstName); + $this->assertTrue($isValidGlobal, $message); } /** From 2d3497cfe2af3e45a991aaf63f6b36af897f5dde Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 11:42:40 +0200 Subject: [PATCH 014/146] Update Name.php --- .../Magento/Customer/Model/Validator/Name.php | 109 ++++-------------- 1 file changed, 20 insertions(+), 89 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php index 5d6fa464a5f71..e7dd0f4087d4d 100644 --- a/app/code/Magento/Customer/Model/Validator/Name.php +++ b/app/code/Magento/Customer/Model/Validator/Name.php @@ -5,106 +5,37 @@ */ declare(strict_types=1); -namespace Magento\Customer\Test\Unit\Model\Validator; +namespace Magento\Customer\Model\Validator; -use Magento\Customer\Model\Validator\Name; -use Magento\Framework\Validator\GlobalNameValidator; use Magento\Customer\Model\Customer; -use PHPUnit\Framework\MockObject\MockObject; -use PHPUnit\Framework\TestCase; +use Magento\Framework\Validator\AbstractValidator; +use Magento\Framework\Validator\GlobalNameValidator; /** - * Customer name validator tests + * Customer name fields validator. */ -class NameTest extends TestCase +class Name extends AbstractValidator { /** - * @var Name - */ - private Name $nameValidator; - - /** - * @var GlobalNameValidator - */ - private GlobalNameValidator $globalNameValidator; - - /** - * @var Customer|MockObject - */ - private MockObject $customerMock; - - /** - * @return void - */ - protected function setUp(): void - { - $this->nameValidator = new Name(); - $this->globalNameValidator = new GlobalNameValidator(); - $this->customerMock = $this - ->getMockBuilder(Customer::class) - ->disableOriginalConstructor() - ->addMethods(['getFirstname', 'getLastname', 'getMiddlename']) - ->getMock(); - } - - /** - * Test for allowed apostrophe and other punctuation characters in customer names + * Validate name fields. * - * @param string $firstName - * @param string $middleName - * @param string $lastName - * @param string $message - * @return void - * @dataProvider expectedPunctuationInNamesDataProvider + * @param Customer $customer + * @return bool */ - public function testValidateCorrectPunctuationInNames( - string $firstName, - string $middleName, - string $lastName, - string $message - ) { - $this->customerMock->expects($this->once())->method('getFirstname')->willReturn($firstName); - $this->customerMock->expects($this->once())->method('getMiddlename')->willReturn($middleName); - $this->customerMock->expects($this->once())->method('getLastname')->willReturn($lastName); + public function isValid($customer) + { + if (!GlobalNameValidator::isValidName($customer->getFirstname())) { + parent::_addMessages([['firstname' => 'First Name is not valid!']]); + } - $isValid = $this->nameValidator->isValid($this->customerMock); - $this->assertTrue($isValid, $message); + if (!GlobalNameValidator::isValidName($customer->getLastname())) { + parent::_addMessages([['lastname' => 'Last Name is not valid!']]); + } - // Optionally, you can also test with the global name validator - $isValidGlobal = $this->globalNameValidator->isValid($firstName); - $this->assertTrue($isValidGlobal, $message); - } + if (!GlobalNameValidator::isValidName($customer->getMiddlename())) { + parent::_addMessages([['middlename' => 'Middle Name is not valid!']]); + } - /** - * @return array - */ - public function expectedPunctuationInNamesDataProvider(): array - { - return [ - [ - 'firstName' => 'John', - 'middleName' => '', - 'lastName' => 'O’Doe', - 'message' => 'Inclined apostrophe must be allowed in names (iOS Smart Punctuation compatibility)' - ], - [ - 'firstName' => 'John', - 'middleName' => '', - 'lastName' => 'O\'Doe', - 'message' => 'Legacy straight apostrophe must be allowed in names' - ], - [ - 'firstName' => 'John', - 'middleName' => '', - 'lastName' => 'O`Doe', - 'message' => 'Grave accent back quote character must be allowed in names' - ], - [ - 'firstName' => 'John & Smith', - 'middleName' => '', - 'lastName' => 'O`Doe', - 'message' => 'Special character ampersand(&) must be allowed in names' - ] - ]; + return count($this->_messages) == 0; } } From 3ecc033eeda651fd8a2828d114084485e2e2b9e2 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 15:48:39 +0200 Subject: [PATCH 015/146] Update GlobalValidationRule.php --- .../Model/ValidationRules/GlobalValidationRule.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index 41ab318654e9a..c77c8f84bbf4d 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -60,6 +60,17 @@ private function extractQuoteData(Quote $quote): array * @param Quote $quote * @return ValidationResult */ + public function validate(Quote $quote): ValidationResult + { + return $this->validateGlobalInput($quote); + } + + /** + * Validates the global input fields extracted from the quote. + * + * @param Quote $quote + * @return ValidationResult + */ public function validateGlobalInput(Quote $quote): ValidationResult { $validationErrors = []; From 148e69c3afaa09879bbe0dc7bbe6dd1e51537a94 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 16:28:21 +0200 Subject: [PATCH 016/146] Update GlobalValidationRule.php --- .../Quote/Model/ValidationRules/GlobalValidationRule.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index c77c8f84bbf4d..e6742d4332a8e 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -62,7 +62,8 @@ private function extractQuoteData(Quote $quote): array */ public function validate(Quote $quote): ValidationResult { - return $this->validateGlobalInput($quote); + $validationResult = $this->validateGlobalInput($quote); + return $validationResult->getErrors(); } /** From d5e13ad9034fc9f4c478e08ada32c55ceef7e8a9 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 17:11:08 +0200 Subject: [PATCH 017/146] Update GlobalValidationRule.php --- .../ValidationRules/GlobalValidationRule.php | 21 ++++--------------- 1 file changed, 4 insertions(+), 17 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index e6742d4332a8e..f6e6f3201c1f1 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -7,10 +7,9 @@ namespace Magento\Quote\Model\ValidationRules; -use Magento\Framework\Validation\ValidationResult; use Magento\Framework\Validation\ValidationResultFactory; -use Magento\Framework\Validator\GlobalForbiddenPatterns; use Magento\Quote\Model\Quote; +use Magento\Framework\Validator\GlobalForbiddenPatterns; /** * Class GlobalValidationRule @@ -58,21 +57,9 @@ private function extractQuoteData(Quote $quote): array * Validates the global input fields in the quote. * * @param Quote $quote - * @return ValidationResult - */ - public function validate(Quote $quote): ValidationResult - { - $validationResult = $this->validateGlobalInput($quote); - return $validationResult->getErrors(); - } - - /** - * Validates the global input fields extracted from the quote. - * - * @param Quote $quote - * @return ValidationResult + * @return array */ - public function validateGlobalInput(Quote $quote): ValidationResult + public function validate(Quote $quote): array { $validationErrors = []; $inputArray = $this->extractQuoteData($quote); @@ -83,7 +70,7 @@ public function validateGlobalInput(Quote $quote): ValidationResult } } - return $this->validationResultFactory->create(['errors' => $validationErrors]); + return $validationErrors; } /** From 1d9973c774d52fa8f77b420013a5ca80b98b50b9 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 20:13:55 +0200 Subject: [PATCH 018/146] Update GlobalNameValidator.php --- .../Framework/Validator/GlobalNameValidator.php | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index dab32da8f82e4..79b714f7695e4 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -22,11 +22,14 @@ class GlobalNameValidator */ public static function isValidName(?string $nameValue): bool { - if ($nameValue !== null) { - if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { - return $matches[0] === $nameValue; - } + if ($nameValue === null || $nameValue === '') { + return true; } + + if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { + return $matches[0] === $nameValue; + } + return false; } } From adf906bc7ec56d47e5e68f5d9640a2759b26e770 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 9 Aug 2024 20:19:16 +0200 Subject: [PATCH 019/146] Create GlobalPhoneValidation --- .../Framework/Validator/GlobalPhoneValidation | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 lib/internal/Magento/Framework/Validator/GlobalPhoneValidation diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation new file mode 100644 index 0000000000000..223bd6fb07636 --- /dev/null +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation @@ -0,0 +1,35 @@ + Date: Tue, 13 Aug 2024 07:51:09 +0200 Subject: [PATCH 020/146] Update NameTest.php Fix Test: Call to undefined method Magento\Framework\Validator\GlobalNameValidator::isValid() --- .../Magento/Customer/Test/Unit/Model/Validator/NameTest.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php index 5d6fa464a5f71..52e505ffe5482 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php @@ -70,8 +70,7 @@ public function testValidateCorrectPunctuationInNames( $isValid = $this->nameValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); - // Optionally, you can also test with the global name validator - $isValidGlobal = $this->globalNameValidator->isValid($firstName); + $isValidGlobal = $this->globalNameValidator->isValidName($firstName); $this->assertTrue($isValidGlobal, $message); } From 9df5657c66c0b896a5eee6979e2fdd0c49dab377 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 07:53:39 +0200 Subject: [PATCH 021/146] Update Name.php Translatable Massage --- app/code/Magento/Customer/Model/Validator/Name.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php index e7dd0f4087d4d..b374fc6d06e8d 100644 --- a/app/code/Magento/Customer/Model/Validator/Name.php +++ b/app/code/Magento/Customer/Model/Validator/Name.php @@ -25,15 +25,15 @@ class Name extends AbstractValidator public function isValid($customer) { if (!GlobalNameValidator::isValidName($customer->getFirstname())) { - parent::_addMessages([['firstname' => 'First Name is not valid!']]); + parent::_addMessages([['firstname' => __('First Name is not valid!')]]); } if (!GlobalNameValidator::isValidName($customer->getLastname())) { - parent::_addMessages([['lastname' => 'Last Name is not valid!']]); + parent::_addMessages([['lastname' => __('Last Name is not valid!')]]); } if (!GlobalNameValidator::isValidName($customer->getMiddlename())) { - parent::_addMessages([['middlename' => 'Middle Name is not valid!']]); + parent::_addMessages([['middlename' => __('Middle Name is not valid!')]]); } return count($this->_messages) == 0; From 0e0977e7f86618dfc4cabae16e1d49679df8d272 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 07:58:42 +0200 Subject: [PATCH 022/146] Update Telephone.php --- .../Customer/Model/Validator/Telephone.php | 32 ++----------------- 1 file changed, 3 insertions(+), 29 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Telephone.php b/app/code/Magento/Customer/Model/Validator/Telephone.php index 0c85cb51f7e3d..676fe2312b48f 100644 --- a/app/code/Magento/Customer/Model/Validator/Telephone.php +++ b/app/code/Magento/Customer/Model/Validator/Telephone.php @@ -9,22 +9,13 @@ use Magento\Customer\Model\Customer; use Magento\Framework\Validator\AbstractValidator; +use Magento\Framework\Validator\GlobalPhoneValidation; /** * Customer telephone fields validator. */ class Telephone extends AbstractValidator { - /** - * Allowed char: - * - * \() :Matches open and close parentheses - * \+: Matches the plus sign. - * \-: Matches the hyphen. - * \d: Digits (0-9). - */ - private const PATTERN_TELEPHONE = '/(?:[\d\s\+\-\()]{1,20})/u'; - /** * Validate telephone fields. * @@ -33,29 +24,12 @@ class Telephone extends AbstractValidator */ public function isValid($customer) { - if (!$this->isValidTelephone($customer->getTelephone())) { + if (!GlobalPhoneValidation::isValidPhone($customer->getTelephone())) { parent::_addMessages([[ - 'telephone' => "Invalid Phone Number. Please use 0-9, +, -, (, ) and space." + 'telephone' => __('Invalid Phone Number. Please use 0-9, +, -, (, ) and space.') ]]); } return count($this->_messages) == 0; } - - /** - * Check if telephone field is valid. - * - * @param string|null $telephoneValue - * @return bool - */ - private function isValidTelephone($telephoneValue) - { - if ($telephoneValue != null) { - if (preg_match(self::PATTERN_TELEPHONE, (string) $telephoneValue, $matches)) { - return $matches[0] == $telephoneValue; - } - } - - return true; - } } From 39b443676e64b4db160e30a62ef189bedac34766 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 08:00:18 +0200 Subject: [PATCH 023/146] Update TelephoneTest.php --- .../Unit/Model/Validator/TelephoneTest.php | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php index 47a9d6da18831..ad20144095be2 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php @@ -9,6 +9,7 @@ use Magento\Customer\Model\Validator\Telephone; use Magento\Customer\Model\Customer; +use Magento\Framework\Validator\GlobalPhoneValidation; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -20,7 +21,12 @@ class TelephoneTest extends TestCase /** * @var Telephone */ - private Telephone $nameValidator; + private Telephone $telephoneValidator; + + /** + * @var GlobalPhoneValidation + */ + private GlobalPhoneValidation $globalPhoneValidation; /** * @var Customer|MockObject @@ -32,7 +38,8 @@ class TelephoneTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new Telephone; + $this->telephoneValidator = new Telephone(); + $this->globalPhoneValidation = new GlobalPhoneValidation(); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -41,44 +48,48 @@ protected function setUp(): void } /** - * Test for allowed apostrophe and other punctuation characters in customer names + * Test for allowed characters in customer telephone numbers. * * @param string $telephone * @param string $message * @return void - * @dataProvider expectedPunctuationInNamesDataProvider + * @dataProvider expectedPunctuationInTelephoneDataProvider */ - public function testValidateCorrectPunctuationInNames( + public function testValidateCorrectPunctuationInTelephone( string $telephone, string $message ) { $this->customerMock->expects($this->once())->method('getTelephone')->willReturn($telephone); - $isValid = $this->nameValidator->isValid($this->customerMock); + $isValid = $this->telephoneValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); + + // Optionally, you can also test with the global phone validator + $isValidGlobal = $this->globalPhoneValidation->isValidPhone($telephone); + $this->assertTrue($isValidGlobal, $message); } /** * @return array */ - public function expectedPunctuationInNamesDataProvider(): array + public function expectedPunctuationInTelephoneDataProvider(): array { return [ [ 'telephone' => '(1)99887766', - 'message' => 'parentheses must be allowed in telephone' + 'message' => 'Parentheses must be allowed in telephone numbers.' ], [ 'telephone' => '+6255554444', - 'message' => 'plus sign be allowed in telephone' + 'message' => 'Plus sign must be allowed in telephone numbers.' ], [ 'telephone' => '555-555-555', - 'message' => 'hyphen must be allowed in telephone' + 'message' => 'Hyphen must be allowed in telephone numbers.' ], [ 'telephone' => '123456789', - 'message' => 'Digits (numbers) must be allowed in telephone' + 'message' => 'Digits (numbers) must be allowed in telephone numbers.' ] ]; } From 021b601564637f257132d2c851227dd0dacecfc8 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 08:20:09 +0200 Subject: [PATCH 024/146] Update GlobalForbiddenPatterns.php base64_decode Validation --- .../Validator/GlobalForbiddenPatterns.php | 25 ++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 0a4a86811e7ca..beffea47b91d6 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -24,11 +24,34 @@ public static function getPatterns(): array '/{{.*}}/', '/<\?=/', '/<\?php/', - '/base64_decode/', '/shell_exec/', '/eval\(/', '/\${IFS%/', '/\bcurl\b/', ]; } + + /** + * Checks if the given field value is valid according to the forbidden patterns. + * + * @param string $fieldValue + * @return bool + */ + public static function isValid(string $fieldValue): bool + { + foreach (self::getPatterns() as $pattern) { + if (preg_match($pattern, $fieldValue)) { + return false; + } + } + + // Check if the field contains a base64 encoded string and decode it for further validation + if (preg_match('/base64_decode\(/', $fieldValue)) { + $decodedValue = base64_decode($fieldValue); + // Recursively check the decoded value + return self::isValid($decodedValue); + } + + return true; + } } From 506ccb4dfc32cfe882aa660865205f95266cdd5e Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 08:24:10 +0200 Subject: [PATCH 025/146] Update GlobalValidationRule.php Change validation to GlobalForbiddenPatterns --- .../ValidationRules/GlobalValidationRule.php | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index f6e6f3201c1f1..f3046fe0d0fe1 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -65,27 +65,11 @@ public function validate(Quote $quote): array $inputArray = $this->extractQuoteData($quote); foreach ($inputArray as $key => $value) { - if (is_string($value) && !$this->isValid($value)) { + if (is_string($value) && !GlobalForbiddenPatterns::isValid($value)) { $validationErrors[] = __("Field $key contains invalid characters."); } } return $validationErrors; } - - /** - * Checks if the given field value is valid according to the forbidden patterns. - * - * @param string $fieldValue - * @return bool - */ - private function isValid(string $fieldValue): bool - { - foreach (GlobalForbiddenPatterns::getPatterns() as $pattern) { - if (preg_match($pattern, $fieldValue)) { - return false; - } - } - return true; - } } From d016a1b8903fec6311a08452dd924b730bbdb107 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 09:10:13 +0200 Subject: [PATCH 026/146] Update system.xml add banned_hosts --- app/code/Magento/Customer/etc/adminhtml/system.xml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/code/Magento/Customer/etc/adminhtml/system.xml b/app/code/Magento/Customer/etc/adminhtml/system.xml index ec76e09fdf459..bf30acf5100ef 100644 --- a/app/code/Magento/Customer/etc/adminhtml/system.xml +++ b/app/code/Magento/Customer/etc/adminhtml/system.xml @@ -267,6 +267,13 @@ Magento\Customer\Model\Config\Backend\Show\AddressOnly + + + + + Enter banned hosts, one per line. + + From 5e7c11e5e22825aa2f3e0fa327ac46ef4f16513a Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 09:20:33 +0200 Subject: [PATCH 027/146] Update EmailAddress.php --- .../Framework/Validator/EmailAddress.php | 47 +++++++++++++------ 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/EmailAddress.php b/lib/internal/Magento/Framework/Validator/EmailAddress.php index dd402cba79155..f491d062c4178 100644 --- a/lib/internal/Magento/Framework/Validator/EmailAddress.php +++ b/lib/internal/Magento/Framework/Validator/EmailAddress.php @@ -6,9 +6,15 @@ namespace Magento\Framework\Validator; use Laminas\Validator\EmailAddress as LaminasEmailAddress; +use Magento\Framework\App\Config\ScopeConfigInterface; class EmailAddress extends LaminasEmailAddress implements ValidatorInterface { + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + /** * @var string[] */ @@ -16,10 +22,8 @@ class EmailAddress extends LaminasEmailAddress implements ValidatorInterface self::INVALID => "Invalid type given. String expected", self::INVALID_FORMAT => "'%value%' is not a valid email address in the basic format local-part@hostname", self::INVALID_HOSTNAME => "'%hostname%' is not a valid hostname for email address '%value%'", - self::INVALID_MX_RECORD => "'%hostname%' does not appear to have a valid MX record for the email address " . - " '%value%'", - self::INVALID_SEGMENT => "'%hostname%' is not in a routable network segment. The email address '%value%' " . - " should not be resolved from public network", + self::INVALID_MX_RECORD => "'%hostname%' does not appear to have a valid MX record for the email address '%value%'", + self::INVALID_SEGMENT => "'%hostname%' is not in a routable network segment. The email address '%value%' should not be resolved from public network", self::DOT_ATOM => "'%localPart%' can not be matched against dot-atom format", self::QUOTED_STRING => "'%localPart%' can not be matched against quoted-string format", self::INVALID_LOCAL_PART => "'%localPart%' is not a valid local part for email address '%value%'", @@ -27,19 +31,14 @@ class EmailAddress extends LaminasEmailAddress implements ValidatorInterface ]; /** - * Instantiates hostname validator for local use. - * TLD validation is off by default. + * Constructor. * - * The following option keys are supported: - * 'hostname' => A hostname validator, see \Laminas\Validator\Hostname - * 'allow' => Options for the hostname validator, see \Laminas\Validator\Hostname::ALLOW_* - * 'mx' => If MX check should be enabled, boolean - * 'deep' => If a deep MX check should be done, boolean - * - * @inheritdoc + * @param ScopeConfigInterface $scopeConfig + * @param array $options */ - public function __construct($options = []) + public function __construct(ScopeConfigInterface $scopeConfig, $options = []) { + $this->scopeConfig = $scopeConfig; parent::__construct($options); $this->getHostnameValidator()->setOptions(['useTldCheck' => false]); @@ -55,4 +54,24 @@ public function setValidateTld(bool $shouldValidate) { $this->getHostnameValidator()->setOptions(['useTldCheck' => $shouldValidate]); } + + /** + * Validate an email address + * + * @param string $value + * @return bool + */ + public function isValid($value) + { + $bannedHostsConfig = $this->scopeConfig->getValue('customer/email_validation/banned_hosts'); + $bannedHosts = array_map('trim', explode("\n", $bannedHostsConfig)); + + $hostname = explode('@', $value)[1] ?? ''; + if (in_array($hostname, $bannedHosts, true)) { + $this->error(self::INVALID_HOSTNAME, $hostname); + return false; + } + + return parent::isValid($value); + } } From bbba9d3515c2c8dcd4d21845cabeb743fa9f7ebe Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 09:26:51 +0200 Subject: [PATCH 028/146] Update GlobalValidationRule.php --- .../Model/ValidationRules/GlobalValidationRule.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index f3046fe0d0fe1..f529862ec20be 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -10,6 +10,7 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\Validator\EmailAddress; /** * Class GlobalValidationRule @@ -65,9 +66,18 @@ public function validate(Quote $quote): array $inputArray = $this->extractQuoteData($quote); foreach ($inputArray as $key => $value) { + // Check for forbidden patterns if (is_string($value) && !GlobalForbiddenPatterns::isValid($value)) { $validationErrors[] = __("Field $key contains invalid characters."); } + + // Email validation + if ($key === 'customer_email' && !empty($value)) { + $emailValidator = new EmailAddress(); + if (!$emailValidator->isValid($value)) { + $validationErrors[] = __("Field $key contains an invalid email address."); + } + } } return $validationErrors; From 6c3c8f45ecc9c1760fda023c0022af73dfed74e0 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 10:19:43 +0200 Subject: [PATCH 029/146] Update EmailAddress.php There is an error in /var/www/html/lib/internal/Magento/Framework/Validator/EmailAddress.php at line: 39 Too few arguments to function Magento\Framework\Validator\EmailAddress::__construct(), 0 passed in /var/www/html/app/code/Magento/User/Model/UserValidationRules.php on line 52 and at least 1 expected#0 /var/www/html/app/code/Magento/User/Model/UserValidationRules.php(52): Magento\Framework\Validator\EmailAddress->__construct() --- lib/internal/Magento/Framework/Validator/EmailAddress.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/EmailAddress.php b/lib/internal/Magento/Framework/Validator/EmailAddress.php index f491d062c4178..add3aedfb79ae 100644 --- a/lib/internal/Magento/Framework/Validator/EmailAddress.php +++ b/lib/internal/Magento/Framework/Validator/EmailAddress.php @@ -7,6 +7,7 @@ use Laminas\Validator\EmailAddress as LaminasEmailAddress; use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Framework\App\ObjectManager; class EmailAddress extends LaminasEmailAddress implements ValidatorInterface { @@ -33,12 +34,12 @@ class EmailAddress extends LaminasEmailAddress implements ValidatorInterface /** * Constructor. * - * @param ScopeConfigInterface $scopeConfig * @param array $options */ - public function __construct(ScopeConfigInterface $scopeConfig, $options = []) + public function __construct($options = []) { - $this->scopeConfig = $scopeConfig; + // ScopeConfigInterface wird über den ObjectManager bezogen + $this->scopeConfig = ObjectManager::getInstance()->get(ScopeConfigInterface::class); parent::__construct($options); $this->getHostnameValidator()->setOptions(['useTldCheck' => false]); From 2aee657f4dc15e86dc5448cc8eef9c1ca5700e9a Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 10:25:29 +0200 Subject: [PATCH 030/146] Update City.php --- app/code/Magento/Customer/Model/Validator/City.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/City.php b/app/code/Magento/Customer/Model/Validator/City.php index 0b53551dfd88f..c7ac379a16021 100644 --- a/app/code/Magento/Customer/Model/Validator/City.php +++ b/app/code/Magento/Customer/Model/Validator/City.php @@ -35,7 +35,7 @@ public function isValid($customer) { if (!$this->isValidCity($customer->getCity())) { parent::_addMessages([[ - 'city' => "Invalid City. Please use A-Z, a-z, 0-9, -, ', spaces" + 'city' => __("Invalid City. Please use A-Z, a-z, 0-9, -, ', spaces") ]]); } From fa21fcf99adfec35b503fe8028574bab5f05a6de Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 10:26:02 +0200 Subject: [PATCH 031/146] Update Street.php --- app/code/Magento/Customer/Model/Validator/Street.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/Street.php b/app/code/Magento/Customer/Model/Validator/Street.php index 7de57d0ed32ef..21f771f02cb85 100644 --- a/app/code/Magento/Customer/Model/Validator/Street.php +++ b/app/code/Magento/Customer/Model/Validator/Street.php @@ -41,7 +41,7 @@ public function isValid($customer) foreach ($customer->getStreet() as $street) { if (!$this->isValidStreet($street)) { parent::_addMessages([[ - 'street' => "Invalid Street Address. Please use A-Z, a-z, 0-9, , - . ' ’ ` & spaces" + 'street' => __("Invalid Street Address. Please use A-Z, a-z, 0-9, , - . ' ’ ` & spaces") ]]); } } From dd121183a37a004f76ed3bfd20b429f32d9b7565 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 11:09:32 +0200 Subject: [PATCH 032/146] Update EmailAddress.php [Exception] Deprecated Functionality: explode(): Passing null to parameter #2 ($string) of type string is deprecated in /var/www/html/lib/internal/Magento/Framewo rk/Validator/EmailAddress.php on line 68 --- lib/internal/Magento/Framework/Validator/EmailAddress.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/EmailAddress.php b/lib/internal/Magento/Framework/Validator/EmailAddress.php index add3aedfb79ae..c2f0d7d4a247e 100644 --- a/lib/internal/Magento/Framework/Validator/EmailAddress.php +++ b/lib/internal/Magento/Framework/Validator/EmailAddress.php @@ -64,8 +64,9 @@ public function setValidateTld(bool $shouldValidate) */ public function isValid($value) { - $bannedHostsConfig = $this->scopeConfig->getValue('customer/email_validation/banned_hosts'); - $bannedHosts = array_map('trim', explode("\n", $bannedHostsConfig)); + $bannedHostsConfig = $this->scopeConfig->getValue('customer/email_validation/banned_hosts', \Magento\Store\Model\ScopeInterface::SCOPE_STORE); + + $bannedHosts = array_map('trim', explode("\n", (string) $bannedHostsConfig)); $hostname = explode('@', $value)[1] ?? ''; if (in_array($hostname, $bannedHosts, true)) { From e81a0e63bad9793bceba58419555bdadf372b649 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 11:10:51 +0200 Subject: [PATCH 033/146] Update Sharing.php --- .../Wishlist/Block/Customer/Sharing.php | 33 +++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/app/code/Magento/Wishlist/Block/Customer/Sharing.php b/app/code/Magento/Wishlist/Block/Customer/Sharing.php index 48e84b3486198..b051e143febb0 100644 --- a/app/code/Magento/Wishlist/Block/Customer/Sharing.php +++ b/app/code/Magento/Wishlist/Block/Customer/Sharing.php @@ -7,6 +7,8 @@ namespace Magento\Wishlist\Block\Customer; use Magento\Captcha\Block\Captcha; +use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\Exception\LocalizedException; /** * Wishlist customer sharing block @@ -35,18 +37,26 @@ class Sharing extends \Magento\Framework\View\Element\Template */ protected $_wishlistSession; + /** + * @var GlobalForbiddenPatterns + */ + protected $globalForbiddenPatterns; + /** * @param \Magento\Framework\View\Element\Template\Context $context * @param \Magento\Wishlist\Model\Config $wishlistConfig * @param \Magento\Framework\Session\Generic $wishlistSession + * @param GlobalForbiddenPatterns $globalForbiddenPatterns * @param array $data */ public function __construct( \Magento\Framework\View\Element\Template\Context $context, \Magento\Wishlist\Model\Config $wishlistConfig, \Magento\Framework\Session\Generic $wishlistSession, + GlobalForbiddenPatterns $globalForbiddenPatterns, array $data = [] ) { + $this->globalForbiddenPatterns = $globalForbiddenPatterns; $this->_wishlistConfig = $wishlistConfig; $this->_wishlistSession = $wishlistSession; parent::__construct($context, $data); @@ -134,4 +144,27 @@ public function getTextSharingLimit() { return $this->_wishlistConfig->getSharingTextLimit(); } + + /** + * Validate the sharing data (emails and message) against forbidden patterns + * + * @param string $emails + * @param string $message + * @return bool + * @throws LocalizedException + */ + public function validateSharingData($emails, $message) + { + // Validate the emails input + if (!$this->globalForbiddenPatterns->validate($emails)) { + throw new LocalizedException(__('The email addresses contain forbidden patterns.')); + } + + // Validate the message input + if (!$this->globalForbiddenPatterns->validate($message)) { + throw new LocalizedException(__('The message contains forbidden patterns.')); + } + + return true; + } } From f8c14199e7dca6d033b8b658d26ac2413fad90ff Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 15:35:06 +0200 Subject: [PATCH 034/146] Update EmailAddress.php reset due to api test fail, nice to have --- .../Framework/Validator/EmailAddress.php | 47 +++++-------------- 1 file changed, 13 insertions(+), 34 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/EmailAddress.php b/lib/internal/Magento/Framework/Validator/EmailAddress.php index c2f0d7d4a247e..dd402cba79155 100644 --- a/lib/internal/Magento/Framework/Validator/EmailAddress.php +++ b/lib/internal/Magento/Framework/Validator/EmailAddress.php @@ -6,16 +6,9 @@ namespace Magento\Framework\Validator; use Laminas\Validator\EmailAddress as LaminasEmailAddress; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Framework\App\ObjectManager; class EmailAddress extends LaminasEmailAddress implements ValidatorInterface { - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - /** * @var string[] */ @@ -23,8 +16,10 @@ class EmailAddress extends LaminasEmailAddress implements ValidatorInterface self::INVALID => "Invalid type given. String expected", self::INVALID_FORMAT => "'%value%' is not a valid email address in the basic format local-part@hostname", self::INVALID_HOSTNAME => "'%hostname%' is not a valid hostname for email address '%value%'", - self::INVALID_MX_RECORD => "'%hostname%' does not appear to have a valid MX record for the email address '%value%'", - self::INVALID_SEGMENT => "'%hostname%' is not in a routable network segment. The email address '%value%' should not be resolved from public network", + self::INVALID_MX_RECORD => "'%hostname%' does not appear to have a valid MX record for the email address " . + " '%value%'", + self::INVALID_SEGMENT => "'%hostname%' is not in a routable network segment. The email address '%value%' " . + " should not be resolved from public network", self::DOT_ATOM => "'%localPart%' can not be matched against dot-atom format", self::QUOTED_STRING => "'%localPart%' can not be matched against quoted-string format", self::INVALID_LOCAL_PART => "'%localPart%' is not a valid local part for email address '%value%'", @@ -32,14 +27,19 @@ class EmailAddress extends LaminasEmailAddress implements ValidatorInterface ]; /** - * Constructor. + * Instantiates hostname validator for local use. + * TLD validation is off by default. + * + * The following option keys are supported: + * 'hostname' => A hostname validator, see \Laminas\Validator\Hostname + * 'allow' => Options for the hostname validator, see \Laminas\Validator\Hostname::ALLOW_* + * 'mx' => If MX check should be enabled, boolean + * 'deep' => If a deep MX check should be done, boolean * - * @param array $options + * @inheritdoc */ public function __construct($options = []) { - // ScopeConfigInterface wird über den ObjectManager bezogen - $this->scopeConfig = ObjectManager::getInstance()->get(ScopeConfigInterface::class); parent::__construct($options); $this->getHostnameValidator()->setOptions(['useTldCheck' => false]); @@ -55,25 +55,4 @@ public function setValidateTld(bool $shouldValidate) { $this->getHostnameValidator()->setOptions(['useTldCheck' => $shouldValidate]); } - - /** - * Validate an email address - * - * @param string $value - * @return bool - */ - public function isValid($value) - { - $bannedHostsConfig = $this->scopeConfig->getValue('customer/email_validation/banned_hosts', \Magento\Store\Model\ScopeInterface::SCOPE_STORE); - - $bannedHosts = array_map('trim', explode("\n", (string) $bannedHostsConfig)); - - $hostname = explode('@', $value)[1] ?? ''; - if (in_array($hostname, $bannedHosts, true)) { - $this->error(self::INVALID_HOSTNAME, $hostname); - return false; - } - - return parent::isValid($value); - } } From 0e4928c0d580f0f1bb4eda352bd0979674118cc5 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 13 Aug 2024 15:36:03 +0200 Subject: [PATCH 035/146] Update system.xml reset due to api test fail, nice to have --- app/code/Magento/Customer/etc/adminhtml/system.xml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/app/code/Magento/Customer/etc/adminhtml/system.xml b/app/code/Magento/Customer/etc/adminhtml/system.xml index bf30acf5100ef..ec76e09fdf459 100644 --- a/app/code/Magento/Customer/etc/adminhtml/system.xml +++ b/app/code/Magento/Customer/etc/adminhtml/system.xml @@ -267,13 +267,6 @@ Magento\Customer\Model\Config\Backend\Show\AddressOnly - - - - - Enter banned hosts, one per line. - - From f0535159eb35da28eefc791db4fce0270812ea4c Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 14 Aug 2024 03:31:46 +0200 Subject: [PATCH 036/146] Update TelephoneTest.php --- .../Test/Unit/Model/Validator/TelephoneTest.php | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php index ad20144095be2..12dded4038d67 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php @@ -23,25 +23,20 @@ class TelephoneTest extends TestCase */ private Telephone $telephoneValidator; - /** - * @var GlobalPhoneValidation - */ - private GlobalPhoneValidation $globalPhoneValidation; - /** * @var Customer|MockObject */ private MockObject $customerMock; /** + * Set up the test environment. + * * @return void */ protected function setUp(): void { $this->telephoneValidator = new Telephone(); - $this->globalPhoneValidation = new GlobalPhoneValidation(); - $this->customerMock = $this - ->getMockBuilder(Customer::class) + $this->customerMock = $this->getMockBuilder(Customer::class) ->disableOriginalConstructor() ->addMethods(['getTelephone']) ->getMock(); @@ -63,13 +58,11 @@ public function testValidateCorrectPunctuationInTelephone( $isValid = $this->telephoneValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); - - // Optionally, you can also test with the global phone validator - $isValidGlobal = $this->globalPhoneValidation->isValidPhone($telephone); - $this->assertTrue($isValidGlobal, $message); } /** + * Data provider for testValidateCorrectPunctuationInTelephone. + * * @return array */ public function expectedPunctuationInTelephoneDataProvider(): array From e0b602bd6892995532c20a0547809e9c9d82e0f8 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 14 Aug 2024 03:39:05 +0200 Subject: [PATCH 037/146] Update TelephoneTest.php --- .../Test/Unit/Model/Validator/TelephoneTest.php | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php index 12dded4038d67..e73fee5104506 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php @@ -23,6 +23,11 @@ class TelephoneTest extends TestCase */ private Telephone $telephoneValidator; + /** + * @var GlobalPhoneValidation + */ + private GlobalPhoneValidation $globalPhoneValidation; + /** * @var Customer|MockObject */ @@ -36,6 +41,7 @@ class TelephoneTest extends TestCase protected function setUp(): void { $this->telephoneValidator = new Telephone(); + $this->globalPhoneValidation = new GlobalPhoneValidation(); $this->customerMock = $this->getMockBuilder(Customer::class) ->disableOriginalConstructor() ->addMethods(['getTelephone']) @@ -56,8 +62,13 @@ public function testValidateCorrectPunctuationInTelephone( ) { $this->customerMock->expects($this->once())->method('getTelephone')->willReturn($telephone); + // Validate using the Telephone validator $isValid = $this->telephoneValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); + + // Validate using the GlobalPhoneValidation directly + $isValidGlobal = $this->globalPhoneValidation->isValidPhone($telephone); + $this->assertTrue($isValidGlobal, $message); } /** From 806305f072e9494a406f01fa715567068b1b4814 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:12:39 +0200 Subject: [PATCH 038/146] Update GlobalValidationRule.php --- .../ValidationRules/GlobalValidationRule.php | 84 ------------------- 1 file changed, 84 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php index f529862ec20be..8b137891791fe 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php @@ -1,85 +1 @@ -validationResultFactory = $validationResultFactory; - } - - /** - * Extracts data from the quote object for validation. - * - * @param Quote $quote - * @return array - */ - private function extractQuoteData(Quote $quote): array - { - $data = $quote->getData(); - - if ($billingAddress = $quote->getBillingAddress()) { - $data = array_merge($data, $billingAddress->getData()); - } - - if ($shippingAddress = $quote->getShippingAddress()) { - $data = array_merge($data, $shippingAddress->getData()); - } - - return $data; - } - - /** - * Validates the global input fields in the quote. - * - * @param Quote $quote - * @return array - */ - public function validate(Quote $quote): array - { - $validationErrors = []; - $inputArray = $this->extractQuoteData($quote); - - foreach ($inputArray as $key => $value) { - // Check for forbidden patterns - if (is_string($value) && !GlobalForbiddenPatterns::isValid($value)) { - $validationErrors[] = __("Field $key contains invalid characters."); - } - - // Email validation - if ($key === 'customer_email' && !empty($value)) { - $emailValidator = new EmailAddress(); - if (!$emailValidator->isValid($value)) { - $validationErrors[] = __("Field $key contains an invalid email address."); - } - } - } - - return $validationErrors; - } -} From b246ca02cd34ae7ef0bee876c28697fb5a0f22a2 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:13:24 +0200 Subject: [PATCH 039/146] Update di.xml --- app/code/Magento/Quote/etc/di.xml | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/app/code/Magento/Quote/etc/di.xml b/app/code/Magento/Quote/etc/di.xml index fd247aea8e2b8..a0694ec752395 100644 --- a/app/code/Magento/Quote/etc/di.xml +++ b/app/code/Magento/Quote/etc/di.xml @@ -118,7 +118,6 @@ Magento\Quote\Model\ValidationRules\PaymentMethodValidationRule Magento\Quote\Model\ValidationRules\MinimumAmountValidationRule Magento\Quote\Model\ValidationRules\NameValidationRule - Magento\Quote\Model\ValidationRules\GlobalValidationRule @@ -149,14 +148,7 @@ - Please check the name fields (first name and last name). - - - - - - Please check all fields for invalid characters. - + Please check the name fields. From b35a8544152e9e49c3062744a71bb6d9c3029b0a Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:13:58 +0200 Subject: [PATCH 040/146] Update NameValidationRule.php --- .../ValidationRules/NameValidationRule.php | 68 +++++++++++++------ 1 file changed, 49 insertions(+), 19 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index b95e5199a4f8c..dc2bfa78a3592 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -1,8 +1,4 @@ validationResultFactory = $validationResultFactory; + $this->nameValidator = $nameValidator; + $this->scopeConfig = $scopeConfig; } /** - * Validate the first name, middle name, and last name in the quote. + * Validate the first name, middle name, last name, prefix, and suffix in the quote. * * @param Quote $quote * @return array @@ -41,20 +56,35 @@ public function __construct(ValidationResultFactory $validationResultFactory) public function validate(Quote $quote): array { $validationErrors = []; - $firstName = $quote->getCustomerFirstname(); - $middleName = $quote->getCustomerMiddlename(); - $lastName = $quote->getCustomerLastname(); - if (!GlobalNameValidator::isValidName($firstName)) { - $validationErrors[] = __('First Name is not valid'); - } + $isRegexEnabled = $this->scopeConfig->isSetFlag( + 'system/security/security_regex_enabled', + ScopeInterface::SCOPE_STORE + ); - if (!GlobalNameValidator::isValidName($middleName)) { - $validationErrors[] = __('Middle Name is not valid'); - } + if ($isRegexEnabled) { + $firstName = $quote->getCustomerFirstname(); + $middleName = $quote->getCustomerMiddlename(); + $lastName = $quote->getCustomerLastname(); + $customerPrefix = $quote->getCustomerPrefix(); + $customerSuffix = $quote->getCustomerSuffix(); - if (!GlobalNameValidator::isValidName($lastName)) { - $validationErrors[] = __('Last Name is not valid'); + // Validate each name-related field + if (!GlobalNameValidator::isValidName($firstName)) { + $validationErrors[] = __('First Name is not valid'); + } + if (!GlobalNameValidator::isValidName($middleName)) { + $validationErrors[] = __('Middle Name is not valid'); + } + if (!GlobalNameValidator::isValidName($lastName)) { + $validationErrors[] = __('Last Name is not valid'); + } + if (!GlobalNameValidator::isValidName($customerPrefix)) { + $validationErrors[] = __('Prefix is not valid'); + } + if (!GlobalNameValidator::isValidName($customerSuffix)) { + $validationErrors[] = __('Suffix is not valid'); + } } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From 88a881c74cad79afb151af01de17e576f9745f60 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:16:33 +0200 Subject: [PATCH 041/146] Update BillingAddressValidationRule.php --- .../BillingAddressValidationRule.php | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 465aebdc418ed..244d9380138e5 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -9,6 +9,9 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; +use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Store\Model\ScopeInterface; /** * @inheritdoc @@ -25,15 +28,31 @@ class BillingAddressValidationRule implements QuoteValidationRuleInterface */ private $validationResultFactory; + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + + /** + * @var GlobalForbiddenPatterns + */ + private $forbiddenPatternsValidator; + /** * @param ValidationResultFactory $validationResultFactory + * @param ScopeConfigInterface $scopeConfig + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param string $generalMessage */ public function __construct( ValidationResultFactory $validationResultFactory, + ScopeConfigInterface $scopeConfig, + GlobalForbiddenPatterns $forbiddenPatternsValidator, string $generalMessage = '' ) { $this->validationResultFactory = $validationResultFactory; + $this->scopeConfig = $scopeConfig; + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; $this->generalMessage = $generalMessage; } @@ -45,6 +64,8 @@ public function validate(Quote $quote): array $validationErrors = []; $billingAddress = $quote->getBillingAddress(); $billingAddress->setStoreId($quote->getStoreId()); + + // Validate the billing address $validationResult = $billingAddress->validate(); if ($validationResult !== true) { $validationErrors = [__($this->generalMessage)]; @@ -53,6 +74,21 @@ public function validate(Quote $quote): array $validationErrors = array_merge($validationErrors, $validationResult); } + // Check if regex validation is enabled + $isRegexEnabled = $this->scopeConfig->isSetFlag( + 'system/security/security_regex_enabled', + ScopeInterface::SCOPE_STORE + ); + + if ($isRegexEnabled) { + // Validate billing address fields against forbidden patterns + foreach ($billingAddress->getData() as $key => $value) { + if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { + $validationErrors[] = __("Field %1 contains invalid characters.", $key); + } + } + } + return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } } From 92825bf5e404ea4e43e7de72a3819e454c6e13b2 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:16:52 +0200 Subject: [PATCH 042/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 36 +++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 2f215c17e6d73..0d17fe9e5d9bb 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -9,6 +9,9 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; +use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Store\Model\ScopeInterface; /** * @inheritdoc @@ -25,15 +28,31 @@ class ShippingAddressValidationRule implements QuoteValidationRuleInterface */ private $validationResultFactory; + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + + /** + * @var GlobalForbiddenPatterns + */ + private $forbiddenPatternsValidator; + /** * @param ValidationResultFactory $validationResultFactory + * @param ScopeConfigInterface $scopeConfig + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param string $generalMessage */ public function __construct( ValidationResultFactory $validationResultFactory, + ScopeConfigInterface $scopeConfig, + GlobalForbiddenPatterns $forbiddenPatternsValidator, string $generalMessage = '' ) { $this->validationResultFactory = $validationResultFactory; + $this->scopeConfig = $scopeConfig; + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; $this->generalMessage = $generalMessage; } @@ -47,6 +66,8 @@ public function validate(Quote $quote): array if (!$quote->isVirtual()) { $shippingAddress = $quote->getShippingAddress(); $shippingAddress->setStoreId($quote->getStoreId()); + + // Validate the shipping address $validationResult = $shippingAddress->validate(); if ($validationResult !== true) { $validationErrors = [__($this->generalMessage)]; @@ -54,6 +75,21 @@ public function validate(Quote $quote): array if (is_array($validationResult)) { $validationErrors = array_merge($validationErrors, $validationResult); } + + // Check if regex validation is enabled + $isRegexEnabled = $this->scopeConfig->isSetFlag( + 'system/security/security_regex_enabled', + ScopeInterface::SCOPE_STORE + ); + + if ($isRegexEnabled) { + // Validate shipping address fields against forbidden patterns + foreach ($shippingAddress->getData() as $key => $value) { + if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { + $validationErrors[] = __("Field %1 contains invalid characters.", $key); + } + } + } } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From ecb10b41744b515f5848c9adedb7c19d535c0088 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:17:20 +0200 Subject: [PATCH 043/146] Delete app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php --- .../Magento/Quote/Model/ValidationRules/GlobalValidationRule.php | 1 - 1 file changed, 1 deletion(-) delete mode 100644 app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php diff --git a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php deleted file mode 100644 index 8b137891791fe..0000000000000 --- a/app/code/Magento/Quote/Model/ValidationRules/GlobalValidationRule.php +++ /dev/null @@ -1 +0,0 @@ - From 5529550b77226538f2ff34e146432dfe84b3f74d Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 08:18:04 +0200 Subject: [PATCH 044/146] Update system.xml --- app/code/Magento/Security/etc/adminhtml/system.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/code/Magento/Security/etc/adminhtml/system.xml b/app/code/Magento/Security/etc/adminhtml/system.xml index a31e1b1949b1a..6a9c244dcdac1 100644 --- a/app/code/Magento/Security/etc/adminhtml/system.xml +++ b/app/code/Magento/Security/etc/adminhtml/system.xml @@ -57,6 +57,11 @@ Magento\Security\Model\Config\Backend\Session\SessionSize Limit the maximum session size in bytes. Use 0 to disable. + + + Magento\Config\Model\Config\Source\Yesno + Activate the extended regex function to limit code injection. +
From 3f2fe6c46fe4f3403ea66d8d1e0654900a141861 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 09:10:45 +0200 Subject: [PATCH 045/146] Update Sharing.php --- .../Wishlist/Block/Customer/Sharing.php | 71 ++++++++++--------- 1 file changed, 39 insertions(+), 32 deletions(-) diff --git a/app/code/Magento/Wishlist/Block/Customer/Sharing.php b/app/code/Magento/Wishlist/Block/Customer/Sharing.php index b051e143febb0..79a9d1134c169 100644 --- a/app/code/Magento/Wishlist/Block/Customer/Sharing.php +++ b/app/code/Magento/Wishlist/Block/Customer/Sharing.php @@ -7,8 +7,8 @@ namespace Magento\Wishlist\Block\Customer; use Magento\Captcha\Block\Captcha; +use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\Validator\GlobalForbiddenPatterns; -use Magento\Framework\Exception\LocalizedException; /** * Wishlist customer sharing block @@ -37,28 +37,38 @@ class Sharing extends \Magento\Framework\View\Element\Template */ protected $_wishlistSession; + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + /** * @var GlobalForbiddenPatterns */ - protected $globalForbiddenPatterns; + private $forbiddenPatternsValidator; /** + * Constructor. + * * @param \Magento\Framework\View\Element\Template\Context $context * @param \Magento\Wishlist\Model\Config $wishlistConfig * @param \Magento\Framework\Session\Generic $wishlistSession - * @param GlobalForbiddenPatterns $globalForbiddenPatterns + * @param ScopeConfigInterface $scopeConfig + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param array $data */ public function __construct( \Magento\Framework\View\Element\Template\Context $context, \Magento\Wishlist\Model\Config $wishlistConfig, \Magento\Framework\Session\Generic $wishlistSession, - GlobalForbiddenPatterns $globalForbiddenPatterns, + ScopeConfigInterface $scopeConfig, + GlobalForbiddenPatterns $forbiddenPatternsValidator, array $data = [] ) { - $this->globalForbiddenPatterns = $globalForbiddenPatterns; $this->_wishlistConfig = $wishlistConfig; $this->_wishlistSession = $wishlistSession; + $this->scopeConfig = $scopeConfig; + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; parent::__construct($context, $data); } @@ -101,6 +111,7 @@ public function getSendUrl() * * @param string $key * @return string|null + * @throws \Magento\Framework\Exception\LocalizedException */ public function getEnteredData($key) { @@ -108,11 +119,30 @@ public function getEnteredData($key) $this->_enteredData = $this->_wishlistSession->getData('sharing_form', true); } - if (!$this->_enteredData || !isset($this->_enteredData[$key])) { - return null; - } else { - return $this->escapeHtml($this->_enteredData[$key]); + $value = $this->_enteredData[$key] ?? null; + + if ($this->isRegexEnabled() && $value !== null) { + if (!$this->forbiddenPatternsValidator->isValid($value)) { + throw new \Magento\Framework\Exception\LocalizedException( + __('Field %1 contains invalid characters.', $key) + ); + } } + + return $value ? $this->escapeHtml($value) : null; + } + + /** + * Check if the regex validation is enabled + * + * @return bool + */ + private function isRegexEnabled(): bool + { + return $this->scopeConfig->isSetFlag( + 'system/security/security_regex_enabled', + \Magento\Store\Model\ScopeInterface::SCOPE_STORE + ); } /** @@ -144,27 +174,4 @@ public function getTextSharingLimit() { return $this->_wishlistConfig->getSharingTextLimit(); } - - /** - * Validate the sharing data (emails and message) against forbidden patterns - * - * @param string $emails - * @param string $message - * @return bool - * @throws LocalizedException - */ - public function validateSharingData($emails, $message) - { - // Validate the emails input - if (!$this->globalForbiddenPatterns->validate($emails)) { - throw new LocalizedException(__('The email addresses contain forbidden patterns.')); - } - - // Validate the message input - if (!$this->globalForbiddenPatterns->validate($message)) { - throw new LocalizedException(__('The message contains forbidden patterns.')); - } - - return true; - } } From 32d500824256b62e986a87de75d3056e8d890215 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 10:33:27 +0200 Subject: [PATCH 046/146] Update City.php --- .../Magento/Customer/Model/Validator/City.php | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/City.php b/app/code/Magento/Customer/Model/Validator/City.php index c7ac379a16021..59741c1a183d5 100644 --- a/app/code/Magento/Customer/Model/Validator/City.php +++ b/app/code/Magento/Customer/Model/Validator/City.php @@ -22,8 +22,13 @@ class City extends AbstractValidator * \p{M}: Unicode marks (diacritic marks, accents, etc.). * ': Apostrophe mark. * \s: Whitespace characters (spaces, tabs, newlines, etc.). + * \-: Hyphen. + * \.: Period. + * \&: Ampersand. + * \[\]: Square brackets. + * \(\): Parentheses. */ - private const PATTERN_CITY = '/(?:[\p{L}\p{M}\s\-\']{1,100})/u'; + private const PATTERN_CITY = '/^[\p{L}\p{M}\s\-\.\'\&\[\]\(\)]{1,100}$/u'; /** * Validate city fields. @@ -31,11 +36,11 @@ class City extends AbstractValidator * @param Customer $customer * @return bool */ - public function isValid($customer) + public function isValid($customer): bool { if (!$this->isValidCity($customer->getCity())) { parent::_addMessages([[ - 'city' => __("Invalid City. Please use A-Z, a-z, 0-9, -, ', spaces") + 'city' => __("Invalid City. Please use only letters, spaces, hyphens, apostrophes, periods, ampersands, square brackets, and parentheses.") ]]); } @@ -48,11 +53,11 @@ public function isValid($customer) * @param string|null $cityValue * @return bool */ - private function isValidCity($cityValue) + private function isValidCity(?string $cityValue): bool { - if ($cityValue != null) { + if ($cityValue !== null) { if (preg_match(self::PATTERN_CITY, $cityValue, $matches)) { - return $matches[0] == $cityValue; + return $matches[0] === $cityValue; } } From f2b2652d463f23a4f0c233e5ee0aab95ec449676 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 10:37:00 +0200 Subject: [PATCH 047/146] Update CityTest.php --- .../Test/Unit/Model/Validator/CityTest.php | 46 +++++++++++++------ 1 file changed, 31 insertions(+), 15 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php index 9c15427154fea..366269d7066a5 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php @@ -20,7 +20,7 @@ class CityTest extends TestCase /** * @var City */ - private City $nameValidator; + private City $cityValidator; /** * @var Customer|MockObject @@ -32,7 +32,7 @@ class CityTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new City; + $this->cityValidator = new City(); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -41,45 +41,61 @@ protected function setUp(): void } /** - * Test for allowed apostrophe and other punctuation characters in customer names + * Test for allowed punctuation characters in city names * * @param string $city * @param string $message * @return void - * @dataProvider expectedPunctuationInNamesDataProvider + * @dataProvider expectedPunctuationInCityDataProvider */ - public function testValidateCorrectPunctuationInNames( + public function testValidateCorrectPunctuationInCity( string $city, string $message ) { $this->customerMock->expects($this->once())->method('getCity')->willReturn($city); - $isValid = $this->nameValidator->isValid($this->customerMock); + $isValid = $this->cityValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); } /** * @return array */ - public function expectedPunctuationInNamesDataProvider(): array + public function expectedPunctuationInCityDataProvider(): array { return [ + [ + 'city' => 'New York', + 'message' => 'Spaces must be allowed in city names' + ], + [ + 'city' => 'São Paulo', + 'message' => 'Accented characters and spaces must be allowed in city names' + ], + [ + 'city' => 'St. Louis', + 'message' => 'Periods and spaces must be allowed in city names' + ], [ 'city' => 'Москва', - 'message' => 'Unicode letters must be allowed in city' + 'message' => 'Unicode letters must be allowed in city names' + ], + [ + 'city' => 'Moscow \'', + 'message' => 'Apostrophe characters must be allowed in city names' ], [ - 'city' => 'Мо́сква', - 'message' => 'Unicode marks must be allowed in city' + 'city' => 'St.-Pierre', + 'message' => 'Hyphens must be allowed in city names' ], [ - 'city' => ' Moscow \'', - 'message' => 'Apostrophe characters must be allowed in city' + 'city' => 'Offenbach (Main)', + 'message' => 'Parentheses must be allowed in city names' ], [ - 'city' => ' Moscow Moscow', - 'message' => 'Whitespace characters must be allowed in city' - ] + 'city' => 'Rome: The Eternal City', + 'message' => 'Colons must be allowed in city names' + ], ]; } } From 98e6a401d5096d18a0f21b7b378e612000f5bf6e Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 10:46:06 +0200 Subject: [PATCH 048/146] Update Street.php --- .../Magento/Customer/Model/Validator/Street.php | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Street.php b/app/code/Magento/Customer/Model/Validator/Street.php index 21f771f02cb85..aa1e1c7910e8d 100644 --- a/app/code/Magento/Customer/Model/Validator/Street.php +++ b/app/code/Magento/Customer/Model/Validator/Street.php @@ -27,8 +27,10 @@ class Street extends AbstractValidator * &: Ampersand. * \s: Whitespace characters (spaces, tabs, newlines, etc.). * \d: Digits (0-9). + * \[\]: Square brackets. + * \(\): Parentheses. */ - private const PATTERN_STREET = "/(?:[\p{L}\p{M}\"[],-.'’`&\s\d]){1,255}+/u"; + private const PATTERN_STREET = "/^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u"; /** * Validate street fields. @@ -36,17 +38,17 @@ class Street extends AbstractValidator * @param Customer $customer * @return bool */ - public function isValid($customer) + public function isValid($customer): bool { foreach ($customer->getStreet() as $street) { if (!$this->isValidStreet($street)) { parent::_addMessages([[ - 'street' => __("Invalid Street Address. Please use A-Z, a-z, 0-9, , - . ' ’ ` & spaces") + 'street' => __("Invalid Street Address. Please use only letters, numbers, spaces, commas, hyphens, periods, apostrophes, ampersands, square brackets, and parentheses.") ]]); } } - return count($this->_messages) == 0; + return count($this->_messages) === 0; } /** @@ -55,11 +57,11 @@ public function isValid($customer) * @param string|null $streetValue * @return bool */ - private function isValidStreet($streetValue) + private function isValidStreet(?string $streetValue): bool { - if ($streetValue != null) { + if ($streetValue !== null) { if (preg_match(self::PATTERN_STREET, $streetValue, $matches)) { - return $matches[0] == $streetValue; + return $matches[0] === $streetValue; } } From 99d8e559ba6034bfbd6f92dc1b939f93e3771597 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 10:48:45 +0200 Subject: [PATCH 049/146] Update StreetTest.php --- .../Test/Unit/Model/Validator/StreetTest.php | 28 +++++++++++++------ 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php index 6d40bec460b3e..ca2157b5d3a6e 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php @@ -20,7 +20,7 @@ class StreetTest extends TestCase /** * @var Street */ - private Street $nameValidator; + private Street $streetValidator; /** * @var Customer|MockObject @@ -32,7 +32,7 @@ class StreetTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new Street; + $this->streetValidator = new Street(); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -41,27 +41,29 @@ protected function setUp(): void } /** - * Test for allowed apostrophe and other punctuation characters in customer names + * Test for allowed characters in street addresses * * @param array $street * @param string $message * @return void - * @dataProvider expectedPunctuationInNamesDataProvider + * @dataProvider expectedPunctuationInStreetDataProvider */ - public function testValidateCorrectPunctuationInNames( + public function testValidateCorrectPunctuationInStreet( array $street, string $message - ) { + ): void { $this->customerMock->expects($this->once())->method('getStreet')->willReturn($street); - $isValid = $this->nameValidator->isValid($this->customerMock); + $isValid = $this->streetValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); } /** + * Data provider for valid street names + * * @return array */ - public function expectedPunctuationInNamesDataProvider(): array + public function expectedPunctuationInStreetDataProvider(): array { return [ [ @@ -102,7 +104,7 @@ public function expectedPunctuationInNamesDataProvider(): array 'O`Connell Street', '321 Birch Boulevard ’Willow Retreat’' ], - 'message' => 'quotes must be allowed in street' + 'message' => 'Quotes must be allowed in street' ], [ 'street' => [ @@ -127,6 +129,14 @@ public function expectedPunctuationInNamesDataProvider(): array '876 Elm Way' ], 'message' => 'Digits must be allowed in street' + ], + [ + 'street' => [ + '1234 Elm St. [Apartment 5]', + 'Main St. (Suite 200)', + '456 Pine St. [Unit 10]' + ], + 'message' => 'Square brackets and parentheses must be allowed in street' ] ]; } From 38b27dffef406f41beb0ca0ef0874d5872478874 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:02:53 +0200 Subject: [PATCH 050/146] Create GlobalStreetValidator.php --- .../Validator/GlobalStreetValidator.php | 35 +++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php new file mode 100644 index 0000000000000..611d527133843 --- /dev/null +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -0,0 +1,35 @@ + Date: Fri, 23 Aug 2024 15:05:41 +0200 Subject: [PATCH 051/146] Update GlobalStreetValidator.php --- .../Validator/GlobalStreetValidator.php | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php index 611d527133843..8c688aac26874 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -11,9 +11,22 @@ class GlobalStreetValidator { /** * Regular expression pattern for validating street addresses. + * Allowed characters: + * + * \p{L}: Unicode letters. + * \p{M}: Unicode marks (diacritic marks, accents, etc.). + * ,: Comma. + * -: Hyphen. + * .: Period. + * `'’: Single quotes, both regular and right single quotation marks. + * &: Ampersand. + * \s: Whitespace characters (spaces, tabs, newlines, etc.). + * \d: Digits (0-9). + * \[\]: Square brackets. + * \(\): Parentheses. */ - public const PATTERN_STREET = "/^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u"; - + private const PATTERN_STREET = "/^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u"; + /** * Validate a street address string. * From a76fcb9eef3cc2de3b294fbfaaf1d68b0511d152 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:09:57 +0200 Subject: [PATCH 052/146] Update Street.php --- .../Customer/Model/Validator/Street.php | 41 ++----------------- 1 file changed, 4 insertions(+), 37 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Street.php b/app/code/Magento/Customer/Model/Validator/Street.php index aa1e1c7910e8d..44f052435e66d 100644 --- a/app/code/Magento/Customer/Model/Validator/Street.php +++ b/app/code/Magento/Customer/Model/Validator/Street.php @@ -9,29 +9,13 @@ use Magento\Customer\Model\Customer; use Magento\Framework\Validator\AbstractValidator; +use Magento\Framework\Validator\GlobalStreetValidator; /** * Customer street fields validator. */ class Street extends AbstractValidator { - /** - * Allowed characters: - * - * \p{L}: Unicode letters. - * \p{M}: Unicode marks (diacritic marks, accents, etc.). - * ,: Comma. - * -: Hyphen. - * .: Period. - * `'’: Single quotes, both regular and right single quotation marks. - * &: Ampersand. - * \s: Whitespace characters (spaces, tabs, newlines, etc.). - * \d: Digits (0-9). - * \[\]: Square brackets. - * \(\): Parentheses. - */ - private const PATTERN_STREET = "/^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u"; - /** * Validate street fields. * @@ -41,30 +25,13 @@ class Street extends AbstractValidator public function isValid($customer): bool { foreach ($customer->getStreet() as $street) { - if (!$this->isValidStreet($street)) { + if (!GlobalStreetValidator::isValidStreet($street)) { parent::_addMessages([[ - 'street' => __("Invalid Street Address. Please use only letters, numbers, spaces, commas, hyphens, periods, apostrophes, ampersands, square brackets, and parentheses.") + 'street' => __("Invalid Street Address. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', &, [], ()") ]]); } } - return count($this->_messages) === 0; - } - - /** - * Check if street field is valid. - * - * @param string|null $streetValue - * @return bool - */ - private function isValidStreet(?string $streetValue): bool - { - if ($streetValue !== null) { - if (preg_match(self::PATTERN_STREET, $streetValue, $matches)) { - return $matches[0] === $streetValue; - } - } - - return true; + return count($this->_messages) == 0; } } From a0b5c1f86724cca1e9e674c6e58a14f11a8f9c2b Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:13:33 +0200 Subject: [PATCH 053/146] Create GlobalCityValidator.php --- .../Validator/GlobalCityValidator.php | 46 +++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 lib/internal/Magento/Framework/Validator/GlobalCityValidator.php diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php new file mode 100644 index 0000000000000..87b26da50c39d --- /dev/null +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -0,0 +1,46 @@ + Date: Fri, 23 Aug 2024 15:14:31 +0200 Subject: [PATCH 054/146] Update City.php --- .../Magento/Customer/Model/Validator/City.php | 37 ++----------------- 1 file changed, 3 insertions(+), 34 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/City.php b/app/code/Magento/Customer/Model/Validator/City.php index 59741c1a183d5..aac037b6991fb 100644 --- a/app/code/Magento/Customer/Model/Validator/City.php +++ b/app/code/Magento/Customer/Model/Validator/City.php @@ -9,27 +9,13 @@ use Magento\Customer\Model\Customer; use Magento\Framework\Validator\AbstractValidator; +use Magento\Framework\Validator\GlobalCityValidator; /** * Customer city fields validator. */ class City extends AbstractValidator { - /** - * Allowed characters: - * - * \p{L}: Unicode letters. - * \p{M}: Unicode marks (diacritic marks, accents, etc.). - * ': Apostrophe mark. - * \s: Whitespace characters (spaces, tabs, newlines, etc.). - * \-: Hyphen. - * \.: Period. - * \&: Ampersand. - * \[\]: Square brackets. - * \(\): Parentheses. - */ - private const PATTERN_CITY = '/^[\p{L}\p{M}\s\-\.\'\&\[\]\(\)]{1,100}$/u'; - /** * Validate city fields. * @@ -38,29 +24,12 @@ class City extends AbstractValidator */ public function isValid($customer): bool { - if (!$this->isValidCity($customer->getCity())) { + if (!GlobalCityValidator::isValidCity($customer->getCity())) { parent::_addMessages([[ - 'city' => __("Invalid City. Please use only letters, spaces, hyphens, apostrophes, periods, ampersands, square brackets, and parentheses.") + 'city' => __("Invalid City. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', &, [], ().") ]]); } return count($this->_messages) == 0; } - - /** - * Check if city field is valid. - * - * @param string|null $cityValue - * @return bool - */ - private function isValidCity(?string $cityValue): bool - { - if ($cityValue !== null) { - if (preg_match(self::PATTERN_CITY, $cityValue, $matches)) { - return $matches[0] === $cityValue; - } - } - - return true; - } } From 82f4df97060df9b5bacbb546ce2667095f4a5d30 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:14:58 +0200 Subject: [PATCH 055/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index 87b26da50c39d..c4bef885c5992 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -1,4 +1,4 @@ - Date: Fri, 23 Aug 2024 15:19:33 +0200 Subject: [PATCH 056/146] Rename GlobalPhoneValidation to GlobalPhoneValidation.php --- .../{GlobalPhoneValidation => GlobalPhoneValidation.php} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename lib/internal/Magento/Framework/Validator/{GlobalPhoneValidation => GlobalPhoneValidation.php} (100%) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php similarity index 100% rename from lib/internal/Magento/Framework/Validator/GlobalPhoneValidation rename to lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php From 557fb0f542d3690b73c9e44d6b14f30293958fb5 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:30:25 +0200 Subject: [PATCH 057/146] Update TelephoneTest.php --- .../Test/Unit/Model/Validator/TelephoneTest.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php index e73fee5104506..85ddd0ee40cde 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php @@ -94,7 +94,15 @@ public function expectedPunctuationInTelephoneDataProvider(): array [ 'telephone' => '123456789', 'message' => 'Digits (numbers) must be allowed in telephone numbers.' - ] + ], + [ + 'telephone' => '123 456 789', + 'message' => 'Spaces must be allowed in telephone numbers.' + ], + [ + 'telephone' => '123/456/789', + 'message' => 'Forward slashes must be allowed in telephone numbers.' + ], ]; } } From 586b31332832c07f960605af7cea03cf97da999d Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:32:04 +0200 Subject: [PATCH 058/146] Update Telephone.php --- app/code/Magento/Customer/Model/Validator/Telephone.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/Telephone.php b/app/code/Magento/Customer/Model/Validator/Telephone.php index 676fe2312b48f..b0c015e2d73d2 100644 --- a/app/code/Magento/Customer/Model/Validator/Telephone.php +++ b/app/code/Magento/Customer/Model/Validator/Telephone.php @@ -26,7 +26,7 @@ public function isValid($customer) { if (!GlobalPhoneValidation::isValidPhone($customer->getTelephone())) { parent::_addMessages([[ - 'telephone' => __('Invalid Phone Number. Please use 0-9, +, -, (, ) and space.') + 'telephone' => __('Invalid Phone Number. Please use 0-9, +, -, (), /, and space.') ]]); } From 3fb20264375485b547d175ffb84d0360edbf0559 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:49:36 +0200 Subject: [PATCH 059/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 65 +++++++++++++++++-- 1 file changed, 60 insertions(+), 5 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 0d17fe9e5d9bb..221407aecbd52 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -1,20 +1,20 @@ validationResultFactory = $validationResultFactory; $this->scopeConfig = $scopeConfig; $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; + $this->cityValidator = $cityValidator; + $this->nameValidator = $nameValidator; + $this->phoneValidator = $phoneValidator; + $this->streetValidator = $streetValidator; $this->generalMessage = $generalMessage; } @@ -76,6 +108,14 @@ public function validate(Quote $quote): array $validationErrors = array_merge($validationErrors, $validationResult); } + // Validate specific fields against the corresponding validators + $this->validateField($shippingAddress->getCity(), 'City', $this->cityValidator, $validationErrors); + $this->validateField($shippingAddress->getFirstname(), 'First Name', $this->nameValidator, $validationErrors); + $this->validateField($shippingAddress->getLastname(), 'Last Name', $this->nameValidator, $validationErrors); + $this->validateField($shippingAddress->getTelephone(), 'Telephone', $this->phoneValidator, $validationErrors); + $this->validateField($shippingAddress->getFax(), 'Fax', $this->phoneValidator, $validationErrors); + $this->validateField($shippingAddress->getStreet(), 'Street', $this->streetValidator, $validationErrors); + // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( 'system/security/security_regex_enabled', @@ -94,4 +134,19 @@ public function validate(Quote $quote): array return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } + + /** + * Validate a specific field + * + * @param string|null $fieldValue + * @param string $fieldName + * @param object $validator + * @param array $validationErrors + */ + private function validateField(?string $fieldValue, string $fieldName, $validator, &$validationErrors) + { + if ($fieldValue !== null && !$validator->isValid($fieldValue)) { + $validationErrors[] = __("Invalid %1.", $fieldName); + } + } } From 5e91253174efe2d92f57e01680e6268501454bef Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 15:58:25 +0200 Subject: [PATCH 060/146] Update GlobalForbiddenPatterns.php --- .../Framework/Validator/GlobalForbiddenPatterns.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index beffea47b91d6..e4c0694feefdd 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -34,11 +34,15 @@ public static function getPatterns(): array /** * Checks if the given field value is valid according to the forbidden patterns. * - * @param string $fieldValue + * @param string|null $fieldValue * @return bool */ - public static function isValid(string $fieldValue): bool + public static function isValid(?string $fieldValue): bool { + if ($fieldValue === null || trim($fieldValue) === '') { + return true; + } + foreach (self::getPatterns() as $pattern) { if (preg_match($pattern, $fieldValue)) { return false; From fa97229090b0b050597f09d371b438ce0ad75771 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 16:12:37 +0200 Subject: [PATCH 061/146] Update ShippingAddressValidationRule.php --- .../Model/ValidationRules/ShippingAddressValidationRule.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 221407aecbd52..c6baf071b9ec3 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -111,7 +111,10 @@ public function validate(Quote $quote): array // Validate specific fields against the corresponding validators $this->validateField($shippingAddress->getCity(), 'City', $this->cityValidator, $validationErrors); $this->validateField($shippingAddress->getFirstname(), 'First Name', $this->nameValidator, $validationErrors); + $this->validateField($shippingAddress->getMiddlename(), 'Middle Name', $this->nameValidator, $validationErrors); $this->validateField($shippingAddress->getLastname(), 'Last Name', $this->nameValidator, $validationErrors); + $this->validateField($shippingAddress->getPrefix(), 'Prefix', $this->nameValidator, $validationErrors); + $this->validateField($shippingAddress->getSuffix(), 'Suffix', $this->nameValidator, $validationErrors); $this->validateField($shippingAddress->getTelephone(), 'Telephone', $this->phoneValidator, $validationErrors); $this->validateField($shippingAddress->getFax(), 'Fax', $this->phoneValidator, $validationErrors); $this->validateField($shippingAddress->getStreet(), 'Street', $this->streetValidator, $validationErrors); From 4cac2b77ee8cf9c1749ed5492709f8d0f1530799 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 16:21:58 +0200 Subject: [PATCH 062/146] Update BillingAddressValidationRule.php --- .../BillingAddressValidationRule.php | 72 ++++++++++++++++++- 1 file changed, 70 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 244d9380138e5..0e6a085e0d4cd 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -10,11 +10,16 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\Validator\GlobalNameValidator; +use Magento\Framework\Validator\GlobalCityValidator; +use Magento\Framework\Validator\GlobalPhoneValidation; +use Magento\Framework\Validator\GlobalStreetValidator; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Store\Model\ScopeInterface; /** - * @inheritdoc + * Class BillingAddressValidationRule + * Validates billing address fields in a quote. */ class BillingAddressValidationRule implements QuoteValidationRuleInterface { @@ -39,20 +44,54 @@ class BillingAddressValidationRule implements QuoteValidationRuleInterface private $forbiddenPatternsValidator; /** + * @var GlobalNameValidator + */ + private $nameValidator; + + /** + * @var GlobalCityValidator + */ + private $cityValidator; + + /** + * @var GlobalPhoneValidation + */ + private $phoneValidator; + + /** + * @var GlobalStreetValidator + */ + private $streetValidator; + + /** + * Constructor. + * * @param ValidationResultFactory $validationResultFactory * @param ScopeConfigInterface $scopeConfig * @param GlobalForbiddenPatterns $forbiddenPatternsValidator + * @param GlobalNameValidator $nameValidator + * @param GlobalCityValidator $cityValidator + * @param GlobalPhoneValidation $phoneValidator + * @param GlobalStreetValidator $streetValidator * @param string $generalMessage */ public function __construct( ValidationResultFactory $validationResultFactory, ScopeConfigInterface $scopeConfig, GlobalForbiddenPatterns $forbiddenPatternsValidator, + GlobalNameValidator $nameValidator, + GlobalCityValidator $cityValidator, + GlobalPhoneValidation $phoneValidator, + GlobalStreetValidator $streetValidator, string $generalMessage = '' ) { $this->validationResultFactory = $validationResultFactory; $this->scopeConfig = $scopeConfig; $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; + $this->nameValidator = $nameValidator; + $this->cityValidator = $cityValidator; + $this->phoneValidator = $phoneValidator; + $this->streetValidator = $streetValidator; $this->generalMessage = $generalMessage; } @@ -68,12 +107,41 @@ public function validate(Quote $quote): array // Validate the billing address $validationResult = $billingAddress->validate(); if ($validationResult !== true) { - $validationErrors = [__($this->generalMessage)]; + $validationErrors[] = __($this->generalMessage); } if (is_array($validationResult)) { $validationErrors = array_merge($validationErrors, $validationResult); } + // Validate each field + if (!$this->nameValidator->isValidName($billingAddress->getFirstname())) { + $validationErrors[] = __('First Name is not valid'); + } + if (!$this->nameValidator->isValidName($billingAddress->getMiddlename())) { + $validationErrors[] = __('Middle Name is not valid'); + } + if (!$this->nameValidator->isValidName($billingAddress->getLastname())) { + $validationErrors[] = __('Last Name is not valid'); + } + if (!$this->nameValidator->isValidName($billingAddress->getPrefix())) { + $validationErrors[] = __('Prefix is not valid'); + } + if (!$this->nameValidator->isValidName($billingAddress->getSuffix())) { + $validationErrors[] = __('Suffix is not valid'); + } + if (!$this->cityValidator->isValidCity($billingAddress->getCity())) { + $validationErrors[] = __('City is not valid'); + } + if (!$this->phoneValidator->isValidPhone($billingAddress->getTelephone())) { + $validationErrors[] = __('Telephone is not valid'); + } + if (!$this->phoneValidator->isValidPhone($billingAddress->getFax())) { + $validationErrors[] = __('Fax is not valid'); + } + if (!$this->streetValidator->isValidStreet($billingAddress->getStreet())) { + $validationErrors[] = __('Street is not valid'); + } + // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( 'system/security/security_regex_enabled', From 3229a5874f1679ce50e12e080233ccf1fedda399 Mon Sep 17 00:00:00 2001 From: in-session Date: Fri, 23 Aug 2024 16:24:55 +0200 Subject: [PATCH 063/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 77 ++++++++++--------- 1 file changed, 42 insertions(+), 35 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index c6baf071b9ec3..510ee88153f8c 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -1,15 +1,19 @@ validationResultFactory = $validationResultFactory; $this->scopeConfig = $scopeConfig; $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; - $this->cityValidator = $cityValidator; $this->nameValidator = $nameValidator; + $this->cityValidator = $cityValidator; $this->phoneValidator = $phoneValidator; $this->streetValidator = $streetValidator; $this->generalMessage = $generalMessage; @@ -102,22 +106,40 @@ public function validate(Quote $quote): array // Validate the shipping address $validationResult = $shippingAddress->validate(); if ($validationResult !== true) { - $validationErrors = [__($this->generalMessage)]; + $validationErrors[] = __($this->generalMessage); } if (is_array($validationResult)) { $validationErrors = array_merge($validationErrors, $validationResult); } - // Validate specific fields against the corresponding validators - $this->validateField($shippingAddress->getCity(), 'City', $this->cityValidator, $validationErrors); - $this->validateField($shippingAddress->getFirstname(), 'First Name', $this->nameValidator, $validationErrors); - $this->validateField($shippingAddress->getMiddlename(), 'Middle Name', $this->nameValidator, $validationErrors); - $this->validateField($shippingAddress->getLastname(), 'Last Name', $this->nameValidator, $validationErrors); - $this->validateField($shippingAddress->getPrefix(), 'Prefix', $this->nameValidator, $validationErrors); - $this->validateField($shippingAddress->getSuffix(), 'Suffix', $this->nameValidator, $validationErrors); - $this->validateField($shippingAddress->getTelephone(), 'Telephone', $this->phoneValidator, $validationErrors); - $this->validateField($shippingAddress->getFax(), 'Fax', $this->phoneValidator, $validationErrors); - $this->validateField($shippingAddress->getStreet(), 'Street', $this->streetValidator, $validationErrors); + // Validate each field + if (!$this->nameValidator->isValidName($shippingAddress->getFirstname())) { + $validationErrors[] = __('First Name is not valid'); + } + if (!$this->nameValidator->isValidName($shippingAddress->getMiddlename())) { + $validationErrors[] = __('Middle Name is not valid'); + } + if (!$this->nameValidator->isValidName($shippingAddress->getLastname())) { + $validationErrors[] = __('Last Name is not valid'); + } + if (!$this->nameValidator->isValidName($shippingAddress->getPrefix())) { + $validationErrors[] = __('Prefix is not valid'); + } + if (!$this->nameValidator->isValidName($shippingAddress->getSuffix())) { + $validationErrors[] = __('Suffix is not valid'); + } + if (!$this->cityValidator->isValidCity($shippingAddress->getCity())) { + $validationErrors[] = __('City is not valid'); + } + if (!$this->phoneValidator->isValidPhone($shippingAddress->getTelephone())) { + $validationErrors[] = __('Telephone is not valid'); + } + if (!$this->phoneValidator->isValidPhone($shippingAddress->getFax())) { + $validationErrors[] = __('Fax is not valid'); + } + if (!$this->streetValidator->isValidStreet($shippingAddress->getStreet())) { + $validationErrors[] = __('Street is not valid'); + } // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( @@ -137,19 +159,4 @@ public function validate(Quote $quote): array return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } - - /** - * Validate a specific field - * - * @param string|null $fieldValue - * @param string $fieldName - * @param object $validator - * @param array $validationErrors - */ - private function validateField(?string $fieldValue, string $fieldName, $validator, &$validationErrors) - { - if ($fieldValue !== null && !$validator->isValid($fieldValue)) { - $validationErrors[] = __("Invalid %1.", $fieldName); - } - } } From b3a2402710a5edbf3508e83adc324ba99c3ce731 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:46:52 +0200 Subject: [PATCH 064/146] Update Sharing.php --- .../Wishlist/Block/Customer/Sharing.php | 38 ++++++++----------- 1 file changed, 16 insertions(+), 22 deletions(-) diff --git a/app/code/Magento/Wishlist/Block/Customer/Sharing.php b/app/code/Magento/Wishlist/Block/Customer/Sharing.php index 79a9d1134c169..0d3764b4fb757 100644 --- a/app/code/Magento/Wishlist/Block/Customer/Sharing.php +++ b/app/code/Magento/Wishlist/Block/Customer/Sharing.php @@ -9,6 +9,7 @@ use Magento\Captcha\Block\Captcha; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Store\Model\ScopeInterface; /** * Wishlist customer sharing block @@ -48,8 +49,6 @@ class Sharing extends \Magento\Framework\View\Element\Template private $forbiddenPatternsValidator; /** - * Constructor. - * * @param \Magento\Framework\View\Element\Template\Context $context * @param \Magento\Wishlist\Model\Config $wishlistConfig * @param \Magento\Framework\Session\Generic $wishlistSession @@ -111,7 +110,6 @@ public function getSendUrl() * * @param string $key * @return string|null - * @throws \Magento\Framework\Exception\LocalizedException */ public function getEnteredData($key) { @@ -119,30 +117,26 @@ public function getEnteredData($key) $this->_enteredData = $this->_wishlistSession->getData('sharing_form', true); } - $value = $this->_enteredData[$key] ?? null; - - if ($this->isRegexEnabled() && $value !== null) { - if (!$this->forbiddenPatternsValidator->isValid($value)) { - throw new \Magento\Framework\Exception\LocalizedException( - __('Field %1 contains invalid characters.', $key) - ); - } + if (!$this->_enteredData || !isset($this->_enteredData[$key])) { + return null; } - return $value ? $this->escapeHtml($value) : null; - } + $value = $this->_enteredData[$key]; - /** - * Check if the regex validation is enabled - * - * @return bool - */ - private function isRegexEnabled(): bool - { - return $this->scopeConfig->isSetFlag( + // Check if regex validation is enabled + $isRegexEnabled = $this->scopeConfig->isSetFlag( 'system/security/security_regex_enabled', - \Magento\Store\Model\ScopeInterface::SCOPE_STORE + ScopeInterface::SCOPE_STORE ); + + // Perform regex validation + if ($isRegexEnabled && is_string($value)) { + if (!$this->forbiddenPatternsValidator->isValid($value)) { + return null; // or throw an exception or return a sanitized value + } + } + + return $this->escapeHtml($value); } /** From c3bb45ba538f566208e291abff18ad12f2f08b7c Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:47:10 +0200 Subject: [PATCH 065/146] Update BillingAddressValidationRule.php --- .../BillingAddressValidationRule.php | 73 ++++++++++--------- 1 file changed, 37 insertions(+), 36 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 0e6a085e0d4cd..a74e656a8da25 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -18,8 +18,7 @@ use Magento\Store\Model\ScopeInterface; /** - * Class BillingAddressValidationRule - * Validates billing address fields in a quote. + * @inheritdoc */ class BillingAddressValidationRule implements QuoteValidationRuleInterface { @@ -64,8 +63,6 @@ class BillingAddressValidationRule implements QuoteValidationRuleInterface private $streetValidator; /** - * Constructor. - * * @param ValidationResultFactory $validationResultFactory * @param ScopeConfigInterface $scopeConfig * @param GlobalForbiddenPatterns $forbiddenPatternsValidator @@ -91,7 +88,7 @@ public function __construct( $this->nameValidator = $nameValidator; $this->cityValidator = $cityValidator; $this->phoneValidator = $phoneValidator; - $this->streetValidator = $streetValidator; + $this->streetValidator = $streetValidator; $this->generalMessage = $generalMessage; } @@ -101,45 +98,49 @@ public function __construct( public function validate(Quote $quote): array { $validationErrors = []; + $billingAddress = $quote->getBillingAddress(); $billingAddress->setStoreId($quote->getStoreId()); - - // Validate the billing address + $validationResult = $billingAddress->validate(); if ($validationResult !== true) { - $validationErrors[] = __($this->generalMessage); + $validationErrors = [__($this->generalMessage)]; } if (is_array($validationResult)) { $validationErrors = array_merge($validationErrors, $validationResult); } + // Define the fields to validate with their respective validators + $fieldsToValidate = [ + 'First Name' => [$billingAddress->getFirstname(), 'isValidName', GlobalNameValidator::class], + 'Middle Name' => [$billingAddress->getMiddlename(), 'isValidName', GlobalNameValidator::class], + 'Last Name' => [$billingAddress->getLastname(), 'isValidName', GlobalNameValidator::class], + 'Prefix' => [$billingAddress->getPrefix(), 'isValidName', GlobalNameValidator::class], + 'Suffix' => [$billingAddress->getSuffix(), 'isValidName', GlobalNameValidator::class], + 'City' => [$billingAddress->getCity(), 'isValidCity', GlobalCityValidator::class], + 'Telephone' => [$billingAddress->getTelephone(), 'isValidPhone', GlobalPhoneValidation::class], + 'Fax' => [$billingAddress->getFax(), 'isValidPhone', GlobalPhoneValidation::class], + ]; + // Validate each field - if (!$this->nameValidator->isValidName($billingAddress->getFirstname())) { - $validationErrors[] = __('First Name is not valid'); - } - if (!$this->nameValidator->isValidName($billingAddress->getMiddlename())) { - $validationErrors[] = __('Middle Name is not valid'); - } - if (!$this->nameValidator->isValidName($billingAddress->getLastname())) { - $validationErrors[] = __('Last Name is not valid'); - } - if (!$this->nameValidator->isValidName($billingAddress->getPrefix())) { - $validationErrors[] = __('Prefix is not valid'); - } - if (!$this->nameValidator->isValidName($billingAddress->getSuffix())) { - $validationErrors[] = __('Suffix is not valid'); - } - if (!$this->cityValidator->isValidCity($billingAddress->getCity())) { - $validationErrors[] = __('City is not valid'); - } - if (!$this->phoneValidator->isValidPhone($billingAddress->getTelephone())) { - $validationErrors[] = __('Telephone is not valid'); - } - if (!$this->phoneValidator->isValidPhone($billingAddress->getFax())) { - $validationErrors[] = __('Fax is not valid'); + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { + if (!$validatorClass::$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); + } } - if (!$this->streetValidator->isValidStreet($billingAddress->getStreet())) { - $validationErrors[] = __('Street is not valid'); + + // Validate each street line if it's an array + $streetArray = $billingAddress->getStreet(); + if (is_array($streetArray)) { + foreach ($streetArray as $streetLine) { + if (!GlobalStreetValidator::isValidStreet($streetLine)) { + $validationErrors[] = __('Street is not valid'); + } + } + } else { + if (!GlobalStreetValidator::isValidStreet($streetArray)) { + $validationErrors[] = __('Street is not valid'); + } } // Check if regex validation is enabled @@ -148,15 +149,15 @@ public function validate(Quote $quote): array ScopeInterface::SCOPE_STORE ); - if ($isRegexEnabled) { - // Validate billing address fields against forbidden patterns + // Perform regex validation only if no other errors exist + if (empty($validationErrors) && $isRegexEnabled) { foreach ($billingAddress->getData() as $key => $value) { if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { $validationErrors[] = __("Field %1 contains invalid characters.", $key); } } } - + return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } } From 3e770faa6f97d4edb65bbfb731bb12538bdc91bb Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:47:30 +0200 Subject: [PATCH 066/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 71 ++++++++++--------- 1 file changed, 36 insertions(+), 35 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 510ee88153f8c..e8d4a6d065fc4 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -1,8 +1,4 @@ nameValidator = $nameValidator; $this->cityValidator = $cityValidator; $this->phoneValidator = $phoneValidator; - $this->streetValidator = $streetValidator; + $this->streetValidator = $streetValidator; $this->generalMessage = $generalMessage; } @@ -105,50 +101,55 @@ public function validate(Quote $quote): array // Validate the shipping address $validationResult = $shippingAddress->validate(); + if ($validationResult !== true) { - $validationErrors[] = __($this->generalMessage); + $validationErrors = [__($this->generalMessage)]; } if (is_array($validationResult)) { $validationErrors = array_merge($validationErrors, $validationResult); } + + // Define the fields to validate with their respective validators + $fieldsToValidate = [ + 'First Name' => [$shippingAddress->getFirstname(), 'isValidName', GlobalNameValidator::class], + 'Middle Name' => [$shippingAddress->getMiddlename(), 'isValidName', GlobalNameValidator::class], + 'Last Name' => [$shippingAddress->getLastname(), 'isValidName', GlobalNameValidator::class], + 'Prefix' => [$shippingAddress->getPrefix(), 'isValidName', GlobalNameValidator::class], + 'Suffix' => [$shippingAddress->getSuffix(), 'isValidName', GlobalNameValidator::class], + 'City' => [$shippingAddress->getCity(), 'isValidCity', GlobalCityValidator::class], + 'Telephone' => [$shippingAddress->getTelephone(), 'isValidPhone', GlobalPhoneValidation::class], + 'Fax' => [$shippingAddress->getFax(), 'isValidPhone', GlobalPhoneValidation::class], + ]; // Validate each field - if (!$this->nameValidator->isValidName($shippingAddress->getFirstname())) { - $validationErrors[] = __('First Name is not valid'); - } - if (!$this->nameValidator->isValidName($shippingAddress->getMiddlename())) { - $validationErrors[] = __('Middle Name is not valid'); - } - if (!$this->nameValidator->isValidName($shippingAddress->getLastname())) { - $validationErrors[] = __('Last Name is not valid'); - } - if (!$this->nameValidator->isValidName($shippingAddress->getPrefix())) { - $validationErrors[] = __('Prefix is not valid'); - } - if (!$this->nameValidator->isValidName($shippingAddress->getSuffix())) { - $validationErrors[] = __('Suffix is not valid'); - } - if (!$this->cityValidator->isValidCity($shippingAddress->getCity())) { - $validationErrors[] = __('City is not valid'); - } - if (!$this->phoneValidator->isValidPhone($shippingAddress->getTelephone())) { - $validationErrors[] = __('Telephone is not valid'); - } - if (!$this->phoneValidator->isValidPhone($shippingAddress->getFax())) { - $validationErrors[] = __('Fax is not valid'); - } - if (!$this->streetValidator->isValidStreet($shippingAddress->getStreet())) { - $validationErrors[] = __('Street is not valid'); + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { + if (!$validatorClass::$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); + } } + // Validate each street line if it's an array + $streetArray = $shippingAddress->getStreet(); + if (is_array($streetArray)) { + foreach ($streetArray as $streetLine) { + if (!GlobalStreetValidator::isValidStreet($streetLine)) { + $validationErrors[] = __('Street is not valid'); + } + } + } else { + if (!GlobalStreetValidator::isValidStreet($streetArray)) { + $validationErrors[] = __('Street is not valid'); + } + } + // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( 'system/security/security_regex_enabled', ScopeInterface::SCOPE_STORE ); - if ($isRegexEnabled) { - // Validate shipping address fields against forbidden patterns + // Perform regex validation only if no other errors exist + if (empty($validationErrors) && $isRegexEnabled) { foreach ($shippingAddress->getData() as $key => $value) { if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { $validationErrors[] = __("Field %1 contains invalid characters.", $key); From 0290b52110bdee63880f4abb37d61dafb742187b Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:47:56 +0200 Subject: [PATCH 067/146] Update NameValidationRule.php --- .../ValidationRules/NameValidationRule.php | 54 +++++++++++-------- 1 file changed, 32 insertions(+), 22 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index dc2bfa78a3592..df78ad87e1b22 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -5,6 +5,7 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; +use Magento\Framework\Validator\GlobalForbiddenPatterns; use Magento\Framework\Validator\GlobalNameValidator; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Store\Model\ScopeInterface; @@ -25,6 +26,11 @@ class NameValidationRule implements QuoteValidationRuleInterface */ private $nameValidator; + /** + * @var GlobalForbiddenPatterns + */ + private $forbiddenPatternsValidator; + /** * @var ScopeConfigInterface */ @@ -35,15 +41,18 @@ class NameValidationRule implements QuoteValidationRuleInterface * * @param ValidationResultFactory $validationResultFactory * @param GlobalNameValidator $nameValidator + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param ScopeConfigInterface $scopeConfig */ public function __construct( ValidationResultFactory $validationResultFactory, GlobalNameValidator $nameValidator, + GlobalForbiddenPatterns $forbiddenPatternsValidator, ScopeConfigInterface $scopeConfig ) { $this->validationResultFactory = $validationResultFactory; $this->nameValidator = $nameValidator; + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; $this->scopeConfig = $scopeConfig; } @@ -56,34 +65,35 @@ public function __construct( public function validate(Quote $quote): array { $validationErrors = []; + + // Define the fields to validate with their respective validators + $fieldsToValidate = [ + 'First Name' => [$quote->getCustomerFirstname(), 'isValidName', GlobalNameValidator::class], + 'Middle Name' => [$quote->getCustomerMiddlename(), 'isValidName', GlobalNameValidator::class], + 'Last Name' => [$quote->getCustomerLastname(), 'isValidName', GlobalNameValidator::class], + 'Prefix' => [$quote->getCustomerPrefix(), 'isValidName', GlobalNameValidator::class], + 'Suffix' => [$quote->getCustomerSuffix(), 'isValidName', GlobalNameValidator::class], + ]; + + // Validate each field + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { + if (!$validatorClass::$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); + } + } + // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( 'system/security/security_regex_enabled', ScopeInterface::SCOPE_STORE ); - if ($isRegexEnabled) { - $firstName = $quote->getCustomerFirstname(); - $middleName = $quote->getCustomerMiddlename(); - $lastName = $quote->getCustomerLastname(); - $customerPrefix = $quote->getCustomerPrefix(); - $customerSuffix = $quote->getCustomerSuffix(); - - // Validate each name-related field - if (!GlobalNameValidator::isValidName($firstName)) { - $validationErrors[] = __('First Name is not valid'); - } - if (!GlobalNameValidator::isValidName($middleName)) { - $validationErrors[] = __('Middle Name is not valid'); - } - if (!GlobalNameValidator::isValidName($lastName)) { - $validationErrors[] = __('Last Name is not valid'); - } - if (!GlobalNameValidator::isValidName($customerPrefix)) { - $validationErrors[] = __('Prefix is not valid'); - } - if (!GlobalNameValidator::isValidName($customerSuffix)) { - $validationErrors[] = __('Suffix is not valid'); + // Perform regex validation only if no other errors exist + if (empty($validationErrors) && $isRegexEnabled) { + foreach ($quote->getData() as $key => $value) { + if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { + $validationErrors[] = __("Field %1 contains invalid characters.", $key); + } } } From fdb3158dffd3bc47cbb38fa36ace86e482c18af4 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:59:04 +0200 Subject: [PATCH 068/146] Update BillingAddressValidationRule.php --- .../BillingAddressValidationRule.php | 43 ++++++++----------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index a74e656a8da25..2e4162b12f949 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -112,34 +112,29 @@ public function validate(Quote $quote): array // Define the fields to validate with their respective validators $fieldsToValidate = [ - 'First Name' => [$billingAddress->getFirstname(), 'isValidName', GlobalNameValidator::class], - 'Middle Name' => [$billingAddress->getMiddlename(), 'isValidName', GlobalNameValidator::class], - 'Last Name' => [$billingAddress->getLastname(), 'isValidName', GlobalNameValidator::class], - 'Prefix' => [$billingAddress->getPrefix(), 'isValidName', GlobalNameValidator::class], - 'Suffix' => [$billingAddress->getSuffix(), 'isValidName', GlobalNameValidator::class], - 'City' => [$billingAddress->getCity(), 'isValidCity', GlobalCityValidator::class], - 'Telephone' => [$billingAddress->getTelephone(), 'isValidPhone', GlobalPhoneValidation::class], - 'Fax' => [$billingAddress->getFax(), 'isValidPhone', GlobalPhoneValidation::class], + 'First Name' => [$billingAddress->getFirstname(), 'isValidName', $this->nameValidator], + 'Middle Name' => [$billingAddress->getMiddlename(), 'isValidName', $this->nameValidator], + 'Last Name' => [$billingAddress->getLastname(), 'isValidName', $this->nameValidator], + 'Prefix' => [$billingAddress->getPrefix(), 'isValidName', $this->nameValidator], + 'Suffix' => [$billingAddress->getSuffix(), 'isValidName', $this->nameValidator], + 'City' => [$billingAddress->getCity(), 'isValidCity', $this->cityValidator], + 'Telephone' => [$billingAddress->getTelephone(), 'isValidPhone', $this->phoneValidator], + 'Fax' => [$billingAddress->getFax(), 'isValidPhone', $this->phoneValidator], + 'Street' => [$billingAddress->getStreet(), 'isValidStreet', $this->streetValidator], ]; // Validate each field - foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { - if (!$validatorClass::$validationMethod($fieldValue)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - - // Validate each street line if it's an array - $streetArray = $billingAddress->getStreet(); - if (is_array($streetArray)) { - foreach ($streetArray as $streetLine) { - if (!GlobalStreetValidator::isValidStreet($streetLine)) { - $validationErrors[] = __('Street is not valid'); + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { + if (is_array($fieldValue)) { + foreach ($fieldValue as $value) { + if (!$validatorInstance->$validationMethod($value)) { + $validationErrors[] = __("$fieldName is not valid"); + } + } + } else { + if (!$validatorInstance->$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); } - } - } else { - if (!GlobalStreetValidator::isValidStreet($streetArray)) { - $validationErrors[] = __('Street is not valid'); } } From 548b1d97a4a5466d584ebdae28f2863da84f9a7d Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:59:20 +0200 Subject: [PATCH 069/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 43 ++++++++----------- 1 file changed, 19 insertions(+), 24 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index e8d4a6d065fc4..d50ba34378d4d 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -111,34 +111,29 @@ public function validate(Quote $quote): array // Define the fields to validate with their respective validators $fieldsToValidate = [ - 'First Name' => [$shippingAddress->getFirstname(), 'isValidName', GlobalNameValidator::class], - 'Middle Name' => [$shippingAddress->getMiddlename(), 'isValidName', GlobalNameValidator::class], - 'Last Name' => [$shippingAddress->getLastname(), 'isValidName', GlobalNameValidator::class], - 'Prefix' => [$shippingAddress->getPrefix(), 'isValidName', GlobalNameValidator::class], - 'Suffix' => [$shippingAddress->getSuffix(), 'isValidName', GlobalNameValidator::class], - 'City' => [$shippingAddress->getCity(), 'isValidCity', GlobalCityValidator::class], - 'Telephone' => [$shippingAddress->getTelephone(), 'isValidPhone', GlobalPhoneValidation::class], - 'Fax' => [$shippingAddress->getFax(), 'isValidPhone', GlobalPhoneValidation::class], + 'First Name' => [$shippingAddress->getFirstname(), 'isValidName', $this->nameValidator], + 'Middle Name' => [$shippingAddress->getMiddlename(), 'isValidName', $this->nameValidator], + 'Last Name' => [$shippingAddress->getLastname(), 'isValidName', $this->nameValidator], + 'Prefix' => [$shippingAddress->getPrefix(), 'isValidName', $this->nameValidator], + 'Suffix' => [$shippingAddress->getSuffix(), 'isValidName', $this->nameValidator], + 'City' => [$shippingAddress->getCity(), 'isValidCity', $this->cityValidator], + 'Telephone' => [$shippingAddress->getTelephone(), 'isValidPhone', $this->phoneValidator], + 'Fax' => [$shippingAddress->getFax(), 'isValidPhone', $this->phoneValidator], + 'Street' => [$shippingAddress->getStreet(), 'isValidStreet', $this->streetValidator], ]; // Validate each field - foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { - if (!$validatorClass::$validationMethod($fieldValue)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - - // Validate each street line if it's an array - $streetArray = $shippingAddress->getStreet(); - if (is_array($streetArray)) { - foreach ($streetArray as $streetLine) { - if (!GlobalStreetValidator::isValidStreet($streetLine)) { - $validationErrors[] = __('Street is not valid'); + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { + if (is_array($fieldValue)) { + foreach ($fieldValue as $value) { + if (!$validatorInstance->$validationMethod($value)) { + $validationErrors[] = __("$fieldName is not valid"); + } + } + } else { + if (!$validatorInstance->$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); } - } - } else { - if (!GlobalStreetValidator::isValidStreet($streetArray)) { - $validationErrors[] = __('Street is not valid'); } } From ef5413a6b32d34bca652a88978537c55f2af763a Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 10:59:38 +0200 Subject: [PATCH 070/146] Update NameValidationRule.php --- .../Model/ValidationRules/NameValidationRule.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index df78ad87e1b22..6285212e853c0 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -68,16 +68,16 @@ public function validate(Quote $quote): array // Define the fields to validate with their respective validators $fieldsToValidate = [ - 'First Name' => [$quote->getCustomerFirstname(), 'isValidName', GlobalNameValidator::class], - 'Middle Name' => [$quote->getCustomerMiddlename(), 'isValidName', GlobalNameValidator::class], - 'Last Name' => [$quote->getCustomerLastname(), 'isValidName', GlobalNameValidator::class], - 'Prefix' => [$quote->getCustomerPrefix(), 'isValidName', GlobalNameValidator::class], - 'Suffix' => [$quote->getCustomerSuffix(), 'isValidName', GlobalNameValidator::class], + 'First Name' => [$quote->getCustomerFirstname(), 'isValidName', $this->nameValidator], + 'Middle Name' => [$quote->getCustomerMiddlename(), 'isValidName', $this->nameValidator], + 'Last Name' => [$quote->getCustomerLastname(), 'isValidName', $this->nameValidator], + 'Prefix' => [$quote->getCustomerPrefix(), 'isValidName', $this->nameValidator], + 'Suffix' => [$quote->getCustomerSuffix(), 'isValidName', $this->nameValidator], ]; // Validate each field - foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorClass]) { - if (!$validatorClass::$validationMethod($fieldValue)) { + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { + if (!$validatorInstance->$validationMethod($fieldValue)) { $validationErrors[] = __("$fieldName is not valid"); } } From d705242f660a53d065a46da79790aa226884f94e Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 12:05:39 +0200 Subject: [PATCH 071/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index c4bef885c5992..566667f3f6944 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -10,7 +10,6 @@ class GlobalCityValidator { /** - * Regular expression pattern for validating city names. * Allowed characters: * * \p{L}: Unicode letters. @@ -22,8 +21,9 @@ class GlobalCityValidator * \&: Ampersand. * \[\]: Square brackets. * \(\): Parentheses. + * \:: Colon. */ - public const PATTERN_CITY = '/^[\p{L}\p{M}\s\-\.\'\&\[\]\(\)]{1,100}$/u'; + private const PATTERN_CITY = '/^[\p{L}\p{M}\s\-\.\'\&\[\]\(\):]{1,100}$/u'; /** * Validate a city name string. From b06f792c770eeecaf76e1a2253e1cba52eadbc86 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 12:06:08 +0200 Subject: [PATCH 072/146] Update ShippingAddressValidationRule.php --- .../Model/ValidationRules/ShippingAddressValidationRule.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index d50ba34378d4d..9e7438f5c3ef2 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -1,4 +1,8 @@ Date: Sat, 24 Aug 2024 12:06:32 +0200 Subject: [PATCH 073/146] Update NameValidationRule.php --- .../Quote/Model/ValidationRules/NameValidationRule.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index 6285212e853c0..a968a627a426b 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -1,4 +1,8 @@ Date: Sat, 24 Aug 2024 12:10:08 +0200 Subject: [PATCH 074/146] Update Street.php --- app/code/Magento/Customer/Model/Validator/Street.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/Street.php b/app/code/Magento/Customer/Model/Validator/Street.php index 44f052435e66d..6c097c8238197 100644 --- a/app/code/Magento/Customer/Model/Validator/Street.php +++ b/app/code/Magento/Customer/Model/Validator/Street.php @@ -27,7 +27,10 @@ public function isValid($customer): bool foreach ($customer->getStreet() as $street) { if (!GlobalStreetValidator::isValidStreet($street)) { parent::_addMessages([[ - 'street' => __("Invalid Street Address. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', &, [], ()") + 'street' => __( + "Invalid Street Address. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', " . + "&, [], ()" + ) ]]); } } From f2fe7be10b8199a0fe5437c892536bbad23bdf7a Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:12:49 +0200 Subject: [PATCH 075/146] Update GlobalForbiddenPatterns.php --- .../Framework/Validator/GlobalForbiddenPatterns.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index e4c0694feefdd..3e4df663b7828 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -13,6 +13,13 @@ */ class GlobalForbiddenPatterns { + /** + * XML path for regex validation. + * + * @var string + */ + const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; + /** * Returns an array of forbidden patterns. * From 8bfaaaf1c68366945f05e4aea6739de4895cf729 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:14:43 +0200 Subject: [PATCH 076/146] Update Sharing.php --- app/code/Magento/Wishlist/Block/Customer/Sharing.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Wishlist/Block/Customer/Sharing.php b/app/code/Magento/Wishlist/Block/Customer/Sharing.php index 0d3764b4fb757..f8770b8d02059 100644 --- a/app/code/Magento/Wishlist/Block/Customer/Sharing.php +++ b/app/code/Magento/Wishlist/Block/Customer/Sharing.php @@ -125,7 +125,7 @@ public function getEnteredData($key) // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( - 'system/security/security_regex_enabled', + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, ScopeInterface::SCOPE_STORE ); From 10da227199b1de1822ecfb4493159b181f8468b3 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:15:17 +0200 Subject: [PATCH 077/146] Update ShippingAddressValidationRule.php --- .../Model/ValidationRules/ShippingAddressValidationRule.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 9e7438f5c3ef2..ca232bdab2178 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -143,7 +143,7 @@ public function validate(Quote $quote): array // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( - 'system/security/security_regex_enabled', + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, ScopeInterface::SCOPE_STORE ); From f5bf45e4b93a664f0845df07c1acbda6b05e9756 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:15:44 +0200 Subject: [PATCH 078/146] Update NameValidationRule.php --- .../Magento/Quote/Model/ValidationRules/NameValidationRule.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index a968a627a426b..5b9b30248749b 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -88,7 +88,7 @@ public function validate(Quote $quote): array // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( - 'system/security/security_regex_enabled', + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, ScopeInterface::SCOPE_STORE ); From baddb62935616483b431fd2e6e4d5b0983308e44 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:17:25 +0200 Subject: [PATCH 079/146] Update BillingAddressValidationRule.php --- .../Model/ValidationRules/BillingAddressValidationRule.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 2e4162b12f949..c8589e7c4f06b 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -140,7 +140,7 @@ public function validate(Quote $quote): array // Check if regex validation is enabled $isRegexEnabled = $this->scopeConfig->isSetFlag( - 'system/security/security_regex_enabled', + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, ScopeInterface::SCOPE_STORE ); From 199789e2171271bbde9e10a9d5f42fe961f26a40 Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:18:32 +0200 Subject: [PATCH 080/146] Update Review.php --- app/code/Magento/Review/Model/Review.php | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/app/code/Magento/Review/Model/Review.php b/app/code/Magento/Review/Model/Review.php index ef2474637f384..dc26bb9f4c2f5 100644 --- a/app/code/Magento/Review/Model/Review.php +++ b/app/code/Magento/Review/Model/Review.php @@ -14,6 +14,9 @@ use Magento\Framework\Validator\ValidatorChain; use Magento\Review\Model\ResourceModel\Review\Product\Collection as ProductCollection; use Magento\Review\Model\ResourceModel\Review\Status\Collection as StatusCollection; +use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Store\Model\ScopeInterface; /** * Review model @@ -125,6 +128,18 @@ class Review extends \Magento\Framework\Model\AbstractModel implements IdentityI protected $_urlModel; /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + + /** + * @var GlobalForbiddenPatterns + */ + private $forbiddenPatternsValidator; + + /** + * Constructor. + * * @param \Magento\Framework\Model\Context $context * @param \Magento\Framework\Registry $registry * @param \Magento\Review\Model\ResourceModel\Review\Product\CollectionFactory $productFactory @@ -134,6 +149,8 @@ class Review extends \Magento\Framework\Model\AbstractModel implements IdentityI * @param \Magento\Review\Model\Review\Summary $reviewSummary * @param \Magento\Store\Model\StoreManagerInterface $storeManager * @param \Magento\Framework\UrlInterface $urlModel + * @param ScopeConfigInterface $scopeConfig + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection * @param array $data @@ -149,6 +166,8 @@ public function __construct( \Magento\Review\Model\Review\Summary $reviewSummary, \Magento\Store\Model\StoreManagerInterface $storeManager, \Magento\Framework\UrlInterface $urlModel, + ScopeConfigInterface $scopeConfig, + GlobalForbiddenPatterns $forbiddenPatternsValidator, \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null, \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null, array $data = [] @@ -160,6 +179,8 @@ public function __construct( $this->_reviewSummary = $reviewSummary; $this->_storeManager = $storeManager; $this->_urlModel = $urlModel; + $this->scopeConfig = $scopeConfig; + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; parent::__construct($context, $registry, $resource, $resourceCollection, $data); } @@ -292,6 +313,27 @@ public function validate() $errors[] = __('Please enter a review.'); } + // Check if regex validation is enabled + $isRegexEnabled = $this->scopeConfig->isSetFlag( + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, + ScopeInterface::SCOPE_STORE + ); + + // Perform regex validation only if no other errors exist + if (empty($errors) && $isRegexEnabled) { + $dataToValidate = [ + 'Title' => $this->getTitle(), + 'Nickname' => $this->getNickname(), + 'Detail' => $this->getDetail(), + ]; + + foreach ($dataToValidate as $fieldName => $fieldValue) { + if (is_string($fieldValue) && !$this->forbiddenPatternsValidator->isValid($fieldValue)) { + $errors[] = __("Field %1 contains invalid characters.", $fieldName); + } + } + } + if (empty($errors)) { return true; } From 7486983db034a28d90958289e860e302c7ef248b Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 13:19:14 +0200 Subject: [PATCH 081/146] Update Mail.php --- app/code/Magento/Contact/Model/Mail.php | 40 ++++++++++++++++++++++++- 1 file changed, 39 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Contact/Model/Mail.php b/app/code/Magento/Contact/Model/Mail.php index 43c1974252b5a..76181ed3ad21f 100644 --- a/app/code/Magento/Contact/Model/Mail.php +++ b/app/code/Magento/Contact/Model/Mail.php @@ -10,6 +10,10 @@ use Magento\Store\Model\StoreManagerInterface; use Magento\Framework\App\ObjectManager; use Magento\Framework\App\Area; +use Magento\Framework\Validator\GlobalForbiddenPatterns; +use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Framework\Exception\LocalizedException; +use Magento\Store\Model\ScopeInterface; class Mail implements MailInterface { @@ -33,6 +37,16 @@ class Mail implements MailInterface */ private $storeManager; + /** + * @var GlobalForbiddenPatterns + */ + private $forbiddenPatternsValidator; + + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + /** * Initialize dependencies. * @@ -40,17 +54,23 @@ class Mail implements MailInterface * @param TransportBuilder $transportBuilder * @param StateInterface $inlineTranslation * @param StoreManagerInterface|null $storeManager + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator + * @param ScopeConfigInterface $scopeConfig */ public function __construct( ConfigInterface $contactsConfig, TransportBuilder $transportBuilder, StateInterface $inlineTranslation, - StoreManagerInterface $storeManager = null + StoreManagerInterface $storeManager = null, + GlobalForbiddenPatterns $forbiddenPatternsValidator, + ScopeConfigInterface $scopeConfig ) { $this->contactsConfig = $contactsConfig; $this->transportBuilder = $transportBuilder; $this->inlineTranslation = $inlineTranslation; $this->storeManager = $storeManager ?: ObjectManager::getInstance()->get(StoreManagerInterface::class); + $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; + $this->scopeConfig = $scopeConfig; } /** @@ -59,9 +79,27 @@ public function __construct( * @param string $replyTo * @param array $variables * @return void + * @throws LocalizedException */ public function send($replyTo, array $variables) { + // Check if regex validation is enabled + $isRegexEnabled = $this->scopeConfig->isSetFlag( + GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, + ScopeInterface::SCOPE_STORE + ); + + // Perform regex validation only if it's enabled + if ($isRegexEnabled) { + foreach ($variables['data'] as $key => $value) { + if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { + throw new LocalizedException( + __("Field %1 contains invalid characters.", $key) + ); + } + } + } + /** @see \Magento\Contact\Controller\Index\Post::validatedParams() */ $replyToName = !empty($variables['data']['name']) ? $variables['data']['name'] : null; From 2253d5398c7a6886c7446d7b22fb8dfa5e845f8c Mon Sep 17 00:00:00 2001 From: in-session Date: Sat, 24 Aug 2024 17:44:12 +0200 Subject: [PATCH 082/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 223bd6fb07636..b3d583535586b 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -25,9 +25,10 @@ public static function isValidPhone(?string $phoneValue): bool if ($phoneValue === null || $phoneValue === '') { return true; } - - if (preg_match(self::PATTERN_TELEPHONE, $phoneValue, $matches)) { - return $matches[0] === $phoneValue; + + // Ensure phoneValue is treated as a string for validation if int given + if (preg_match(self::PATTERN_TELEPHONE, (string)$phoneValue, $matches)) { + return $matches[0] === (string)$phoneValue; } return false; From ee5af0eabb779a9f4d67ee8580d79f803cb81287 Mon Sep 17 00:00:00 2001 From: in-session Date: Sun, 25 Aug 2024 07:56:17 +0200 Subject: [PATCH 083/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index b3d583535586b..48fa7c63f2456 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -20,7 +20,7 @@ class GlobalPhoneValidation * @param string|null $phoneValue * @return bool */ - public static function isValidPhone(?string $phoneValue): bool + public static function isValidPhone(mixed $phoneValue): bool { if ($phoneValue === null || $phoneValue === '') { return true; From 9710c8e363d635d8e915474768e99a55a6512c67 Mon Sep 17 00:00:00 2001 From: in-session Date: Sun, 25 Aug 2024 08:02:10 +0200 Subject: [PATCH 084/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 48fa7c63f2456..bbd6804ebef41 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -22,7 +22,7 @@ class GlobalPhoneValidation */ public static function isValidPhone(mixed $phoneValue): bool { - if ($phoneValue === null || $phoneValue === '') { + if ($phoneValue === null || $phoneValue === '' || !is_string($phoneValue)) { return true; } From 2257ff5b0440d01300099f5855e0c70b35c47bce Mon Sep 17 00:00:00 2001 From: in-session Date: Sun, 25 Aug 2024 08:03:41 +0200 Subject: [PATCH 085/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index bbd6804ebef41..81b3c39d5399a 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -26,9 +26,8 @@ public static function isValidPhone(mixed $phoneValue): bool return true; } - // Ensure phoneValue is treated as a string for validation if int given - if (preg_match(self::PATTERN_TELEPHONE, (string)$phoneValue, $matches)) { - return $matches[0] === (string)$phoneValue; + if (preg_match(self::PATTERN_TELEPHONE, $phoneValue, $matches)) { + return $matches[0] === $phoneValue; } return false; From b36496346a68c6a7b6d22f95323a3b1f714cb878 Mon Sep 17 00:00:00 2001 From: in-session Date: Sun, 25 Aug 2024 10:27:35 +0200 Subject: [PATCH 086/146] Update GlobalForbiddenPatterns.php --- .../Magento/Framework/Validator/GlobalForbiddenPatterns.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 3e4df663b7828..4d8d500fb4430 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -44,9 +44,9 @@ public static function getPatterns(): array * @param string|null $fieldValue * @return bool */ - public static function isValid(?string $fieldValue): bool + public static function isValid(mixed $fieldValue): bool { - if ($fieldValue === null || trim($fieldValue) === '') { + if ($fieldValue === null || $fieldValue === '' || !is_string($fieldValue)) { return true; } From de4da4e53d365cda2fbf9efc4c546ec4853d63e9 Mon Sep 17 00:00:00 2001 From: in-session Date: Mon, 26 Aug 2024 16:08:39 +0200 Subject: [PATCH 087/146] Update GlobalStreetValidator.php --- .../Magento/Framework/Validator/GlobalStreetValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php index 8c688aac26874..a1ef186116c06 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -33,9 +33,9 @@ class GlobalStreetValidator * @param string|null $streetValue * @return bool */ - public static function isValidStreet(?string $streetValue): bool + public static function isValidStreet(mixed $streetValue): bool { - if ($streetValue === null || $streetValue === '') { + if ($streetValue === null || $streetValue === '' || !is_string($streetValue)) { return true; } From fbfb1f49b73f8fb8172e01052c97362023caeb93 Mon Sep 17 00:00:00 2001 From: in-session Date: Mon, 26 Aug 2024 16:09:12 +0200 Subject: [PATCH 088/146] Update GlobalNameValidator.php --- .../Magento/Framework/Validator/GlobalNameValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index 79b714f7695e4..c882dce270ecf 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -20,9 +20,9 @@ class GlobalNameValidator * @param string|null $nameValue * @return bool */ - public static function isValidName(?string $nameValue): bool + public static function isValidName(mixed $nameValue): bool { - if ($nameValue === null || $nameValue === '') { + if ($nameValue === null || $nameValue === '' || !is_string($nameValue)) { return true; } From 8ab1c8522fb03166958089f05ecee8a5741aa8c4 Mon Sep 17 00:00:00 2001 From: in-session Date: Mon, 26 Aug 2024 16:09:50 +0200 Subject: [PATCH 089/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index 566667f3f6944..1840314e3585c 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -31,9 +31,9 @@ class GlobalCityValidator * @param string|null $cityValue * @return bool */ - public static function isValidCity(?string $cityValue): bool + public static function isValidCity(mixed $cityValue): bool { - if ($cityValue === null || $cityValue === '') { + if ($cityValue === null || $cityValue === '' || !is_string($cityValue)) { return true; } From 2cc40c45acd2622319363ecf97b5bc5ca4e1fbf7 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 07:06:33 +0200 Subject: [PATCH 090/146] Update Sharing.php Remove changes regarding tests --- .../Wishlist/Block/Customer/Sharing.php | 38 +------------------ 1 file changed, 2 insertions(+), 36 deletions(-) diff --git a/app/code/Magento/Wishlist/Block/Customer/Sharing.php b/app/code/Magento/Wishlist/Block/Customer/Sharing.php index f8770b8d02059..48e84b3486198 100644 --- a/app/code/Magento/Wishlist/Block/Customer/Sharing.php +++ b/app/code/Magento/Wishlist/Block/Customer/Sharing.php @@ -7,9 +7,6 @@ namespace Magento\Wishlist\Block\Customer; use Magento\Captcha\Block\Captcha; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Framework\Validator\GlobalForbiddenPatterns; -use Magento\Store\Model\ScopeInterface; /** * Wishlist customer sharing block @@ -38,36 +35,20 @@ class Sharing extends \Magento\Framework\View\Element\Template */ protected $_wishlistSession; - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - - /** - * @var GlobalForbiddenPatterns - */ - private $forbiddenPatternsValidator; - /** * @param \Magento\Framework\View\Element\Template\Context $context * @param \Magento\Wishlist\Model\Config $wishlistConfig * @param \Magento\Framework\Session\Generic $wishlistSession - * @param ScopeConfigInterface $scopeConfig - * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param array $data */ public function __construct( \Magento\Framework\View\Element\Template\Context $context, \Magento\Wishlist\Model\Config $wishlistConfig, \Magento\Framework\Session\Generic $wishlistSession, - ScopeConfigInterface $scopeConfig, - GlobalForbiddenPatterns $forbiddenPatternsValidator, array $data = [] ) { $this->_wishlistConfig = $wishlistConfig; $this->_wishlistSession = $wishlistSession; - $this->scopeConfig = $scopeConfig; - $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; parent::__construct($context, $data); } @@ -119,24 +100,9 @@ public function getEnteredData($key) if (!$this->_enteredData || !isset($this->_enteredData[$key])) { return null; + } else { + return $this->escapeHtml($this->_enteredData[$key]); } - - $value = $this->_enteredData[$key]; - - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); - - // Perform regex validation - if ($isRegexEnabled && is_string($value)) { - if (!$this->forbiddenPatternsValidator->isValid($value)) { - return null; // or throw an exception or return a sanitized value - } - } - - return $this->escapeHtml($value); } /** From 336ecfbc7987fe4b2bee2a1efcd5cfafa486e119 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:43:26 +0200 Subject: [PATCH 091/146] Create AddressValidationRule.php --- .../ValidationRules/AddressValidationRule.php | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php new file mode 100644 index 0000000000000..dcad3039dd310 --- /dev/null +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -0,0 +1,98 @@ +forbiddenPatternsValidator = $forbiddenPatternsValidator; + $this->nameValidator = $nameValidator; + $this->cityValidator = $cityValidator; + $this->phoneValidator = $phoneValidator; + $this->streetValidator = $streetValidator; + $this->scopeConfig = $scopeConfig; + } + + public function validateAddress($address, array &$validationErrors): void + { + // Define the fields to validate with their respective validators + $fieldsToValidate = [ + 'First Name' => [$address->getFirstname(), 'isValidName', $this->nameValidator], + 'Middle Name' => [$address->getMiddlename(), 'isValidName', $this->nameValidator], + 'Last Name' => [$address->getLastname(), 'isValidName', $this->nameValidator], + 'Prefix' => [$address->getPrefix(), 'isValidName', $this->nameValidator], + 'Suffix' => [$address->getSuffix(), 'isValidName', $this->nameValidator], + 'City' => [$address->getCity(), 'isValidCity', $this->cityValidator], + 'Telephone' => [$address->getTelephone(), 'isValidPhone', $this->phoneValidator], + 'Fax' => [$address->getFax(), 'isValidPhone', $this->phoneValidator], + 'Street' => [$address->getStreet(), 'isValidStreet', $this->streetValidator], + ]; + + // Validate each field + foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { + if (is_array($fieldValue)) { + foreach ($fieldValue as $value) { + if (!$validatorInstance->$validationMethod($value)) { + $validationErrors[] = __("$fieldName is not valid"); + } + } + } else { + if (!$validatorInstance->$validationMethod($fieldValue)) { + $validationErrors[] = __("$fieldName is not valid"); + } + } + } + + $this->forbiddenPatternsValidator->validateData($address->getData(), $validationErrors); + } +} From 6391fc0ee6d621a4ecd592a2bad0f043067ff452 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:43:39 +0200 Subject: [PATCH 092/146] Update BillingAddressValidationRule.php --- .../BillingAddressValidationRule.php | 121 ++---------------- 1 file changed, 10 insertions(+), 111 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index c8589e7c4f06b..fe31d3c81058d 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -9,87 +9,35 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; -use Magento\Framework\Validator\GlobalForbiddenPatterns; -use Magento\Framework\Validator\GlobalNameValidator; -use Magento\Framework\Validator\GlobalCityValidator; -use Magento\Framework\Validator\GlobalPhoneValidation; -use Magento\Framework\Validator\GlobalStreetValidator; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Store\Model\ScopeInterface; +use Magento\Quote\Model\ValidationRules\AddressValidationRule; /** * @inheritdoc */ class BillingAddressValidationRule implements QuoteValidationRuleInterface { - /** - * @var string - */ - private $generalMessage; - /** * @var ValidationResultFactory */ private $validationResultFactory; /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - - /** - * @var GlobalForbiddenPatterns + * @var AddressValidationRule */ - private $forbiddenPatternsValidator; - - /** - * @var GlobalNameValidator - */ - private $nameValidator; - - /** - * @var GlobalCityValidator - */ - private $cityValidator; - - /** - * @var GlobalPhoneValidation - */ - private $phoneValidator; - - /** - * @var GlobalStreetValidator - */ - private $streetValidator; + private $addressValidationRule; /** + * Constructor. + * * @param ValidationResultFactory $validationResultFactory - * @param ScopeConfigInterface $scopeConfig - * @param GlobalForbiddenPatterns $forbiddenPatternsValidator - * @param GlobalNameValidator $nameValidator - * @param GlobalCityValidator $cityValidator - * @param GlobalPhoneValidation $phoneValidator - * @param GlobalStreetValidator $streetValidator - * @param string $generalMessage + * @param AddressValidationRule $addressValidationRule */ public function __construct( ValidationResultFactory $validationResultFactory, - ScopeConfigInterface $scopeConfig, - GlobalForbiddenPatterns $forbiddenPatternsValidator, - GlobalNameValidator $nameValidator, - GlobalCityValidator $cityValidator, - GlobalPhoneValidation $phoneValidator, - GlobalStreetValidator $streetValidator, - string $generalMessage = '' + AddressValidationRule $addressValidationRule ) { $this->validationResultFactory = $validationResultFactory; - $this->scopeConfig = $scopeConfig; - $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; - $this->nameValidator = $nameValidator; - $this->cityValidator = $cityValidator; - $this->phoneValidator = $phoneValidator; - $this->streetValidator = $streetValidator; - $this->generalMessage = $generalMessage; + $this->addressValidationRule = $addressValidationRule; } /** @@ -98,61 +46,12 @@ public function __construct( public function validate(Quote $quote): array { $validationErrors = []; - + $billingAddress = $quote->getBillingAddress(); $billingAddress->setStoreId($quote->getStoreId()); - - $validationResult = $billingAddress->validate(); - if ($validationResult !== true) { - $validationErrors = [__($this->generalMessage)]; - } - if (is_array($validationResult)) { - $validationErrors = array_merge($validationErrors, $validationResult); - } - - // Define the fields to validate with their respective validators - $fieldsToValidate = [ - 'First Name' => [$billingAddress->getFirstname(), 'isValidName', $this->nameValidator], - 'Middle Name' => [$billingAddress->getMiddlename(), 'isValidName', $this->nameValidator], - 'Last Name' => [$billingAddress->getLastname(), 'isValidName', $this->nameValidator], - 'Prefix' => [$billingAddress->getPrefix(), 'isValidName', $this->nameValidator], - 'Suffix' => [$billingAddress->getSuffix(), 'isValidName', $this->nameValidator], - 'City' => [$billingAddress->getCity(), 'isValidCity', $this->cityValidator], - 'Telephone' => [$billingAddress->getTelephone(), 'isValidPhone', $this->phoneValidator], - 'Fax' => [$billingAddress->getFax(), 'isValidPhone', $this->phoneValidator], - 'Street' => [$billingAddress->getStreet(), 'isValidStreet', $this->streetValidator], - ]; - - // Validate each field - foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { - if (is_array($fieldValue)) { - foreach ($fieldValue as $value) { - if (!$validatorInstance->$validationMethod($value)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - } else { - if (!$validatorInstance->$validationMethod($fieldValue)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - } - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); + $this->addressValidationRule->validateAddress($billingAddress, $validationErrors); - // Perform regex validation only if no other errors exist - if (empty($validationErrors) && $isRegexEnabled) { - foreach ($billingAddress->getData() as $key => $value) { - if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { - $validationErrors[] = __("Field %1 contains invalid characters.", $key); - } - } - } - return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } } From d9f714d399c88c90f46cc71a370161ff403524cb Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:44:05 +0200 Subject: [PATCH 093/146] Update ShippingAddressValidationRule.php --- .../ShippingAddressValidationRule.php | 111 ++---------------- 1 file changed, 7 insertions(+), 104 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index ca232bdab2178..5e61f0f1f825b 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -9,13 +9,7 @@ use Magento\Framework\Validation\ValidationResultFactory; use Magento\Quote\Model\Quote; -use Magento\Framework\Validator\GlobalForbiddenPatterns; -use Magento\Framework\Validator\GlobalNameValidator; -use Magento\Framework\Validator\GlobalCityValidator; -use Magento\Framework\Validator\GlobalPhoneValidation; -use Magento\Framework\Validator\GlobalStreetValidator; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Store\Model\ScopeInterface; +use Magento\Quote\Model\ValidationRules\AddressValidationRule; /** * @inheritdoc @@ -33,62 +27,22 @@ class ShippingAddressValidationRule implements QuoteValidationRuleInterface private $validationResultFactory; /** - * @var ScopeConfigInterface + * @var AddressValidationRule */ - private $scopeConfig; - - /** - * @var GlobalForbiddenPatterns - */ - private $forbiddenPatternsValidator; - - /** - * @var GlobalNameValidator - */ - private $nameValidator; - - /** - * @var GlobalCityValidator - */ - private $cityValidator; - - /** - * @var GlobalPhoneValidation - */ - private $phoneValidator; - - /** - * @var GlobalStreetValidator - */ - private $streetValidator; + private $addressValidationRule; /** * @param ValidationResultFactory $validationResultFactory - * @param ScopeConfigInterface $scopeConfig - * @param GlobalForbiddenPatterns $forbiddenPatternsValidator - * @param GlobalNameValidator $nameValidator - * @param GlobalCityValidator $cityValidator - * @param GlobalPhoneValidation $phoneValidator - * @param GlobalStreetValidator $streetValidator + * @param AddressValidationRule $addressValidationRule * @param string $generalMessage */ public function __construct( ValidationResultFactory $validationResultFactory, - ScopeConfigInterface $scopeConfig, - GlobalForbiddenPatterns $forbiddenPatternsValidator, - GlobalNameValidator $nameValidator, - GlobalCityValidator $cityValidator, - GlobalPhoneValidation $phoneValidator, - GlobalStreetValidator $streetValidator, + AddressValidationRule $addressValidationRule, string $generalMessage = '' ) { $this->validationResultFactory = $validationResultFactory; - $this->scopeConfig = $scopeConfig; - $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; - $this->nameValidator = $nameValidator; - $this->cityValidator = $cityValidator; - $this->phoneValidator = $phoneValidator; - $this->streetValidator = $streetValidator; + $this->addressValidationRule = $addressValidationRule; $this->generalMessage = $generalMessage; } @@ -103,58 +57,7 @@ public function validate(Quote $quote): array $shippingAddress = $quote->getShippingAddress(); $shippingAddress->setStoreId($quote->getStoreId()); - // Validate the shipping address - $validationResult = $shippingAddress->validate(); - - if ($validationResult !== true) { - $validationErrors = [__($this->generalMessage)]; - } - if (is_array($validationResult)) { - $validationErrors = array_merge($validationErrors, $validationResult); - } - - // Define the fields to validate with their respective validators - $fieldsToValidate = [ - 'First Name' => [$shippingAddress->getFirstname(), 'isValidName', $this->nameValidator], - 'Middle Name' => [$shippingAddress->getMiddlename(), 'isValidName', $this->nameValidator], - 'Last Name' => [$shippingAddress->getLastname(), 'isValidName', $this->nameValidator], - 'Prefix' => [$shippingAddress->getPrefix(), 'isValidName', $this->nameValidator], - 'Suffix' => [$shippingAddress->getSuffix(), 'isValidName', $this->nameValidator], - 'City' => [$shippingAddress->getCity(), 'isValidCity', $this->cityValidator], - 'Telephone' => [$shippingAddress->getTelephone(), 'isValidPhone', $this->phoneValidator], - 'Fax' => [$shippingAddress->getFax(), 'isValidPhone', $this->phoneValidator], - 'Street' => [$shippingAddress->getStreet(), 'isValidStreet', $this->streetValidator], - ]; - - // Validate each field - foreach ($fieldsToValidate as $fieldName => [$fieldValue, $validationMethod, $validatorInstance]) { - if (is_array($fieldValue)) { - foreach ($fieldValue as $value) { - if (!$validatorInstance->$validationMethod($value)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - } else { - if (!$validatorInstance->$validationMethod($fieldValue)) { - $validationErrors[] = __("$fieldName is not valid"); - } - } - } - - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); - - // Perform regex validation only if no other errors exist - if (empty($validationErrors) && $isRegexEnabled) { - foreach ($shippingAddress->getData() as $key => $value) { - if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { - $validationErrors[] = __("Field %1 contains invalid characters.", $key); - } - } - } + $this->addressValidationRule->validateAddress($shippingAddress, $validationErrors); } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From ac6170eeb7ae6735961245db61ba7819c0dc8de4 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:49:54 +0200 Subject: [PATCH 094/146] Update BillingAddressValidationRule.php --- .../ValidationRules/BillingAddressValidationRule.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index fe31d3c81058d..3d411c4879485 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -16,6 +16,11 @@ */ class BillingAddressValidationRule implements QuoteValidationRuleInterface { + /** + * @var string + */ + private $generalMessage; + /** * @var ValidationResultFactory */ @@ -31,13 +36,16 @@ class BillingAddressValidationRule implements QuoteValidationRuleInterface * * @param ValidationResultFactory $validationResultFactory * @param AddressValidationRule $addressValidationRule + * @param string $generalMessage */ public function __construct( ValidationResultFactory $validationResultFactory, - AddressValidationRule $addressValidationRule + AddressValidationRule $addressValidationRule, + string $generalMessage = '' ) { $this->validationResultFactory = $validationResultFactory; $this->addressValidationRule = $addressValidationRule; + $this->generalMessage = $generalMessage; } /** From 679f56336b05a188b2fd1cf5aaf1ab4b01100b12 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:51:58 +0200 Subject: [PATCH 095/146] Update BillingAddressValidationRule.php --- .../ValidationRules/BillingAddressValidationRule.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 3d411c4879485..577659ab74897 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -58,6 +58,14 @@ public function validate(Quote $quote): array $billingAddress = $quote->getBillingAddress(); $billingAddress->setStoreId($quote->getStoreId()); + $validationResult = $billingAddress->validate(); + if ($validationResult !== true) { + $validationErrors = [__($this->generalMessage)]; + } + if (is_array($validationResult)) { + $validationErrors = array_merge($validationErrors, $validationResult); + } + $this->addressValidationRule->validateAddress($billingAddress, $validationErrors); return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From 7560da1841060caa184ca7f0b3c3894e246e6b20 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:53:59 +0200 Subject: [PATCH 096/146] Update ShippingAddressValidationRule.php --- .../ValidationRules/ShippingAddressValidationRule.php | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 5e61f0f1f825b..ce50778f7e96f 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -57,6 +57,16 @@ public function validate(Quote $quote): array $shippingAddress = $quote->getShippingAddress(); $shippingAddress->setStoreId($quote->getStoreId()); + // Führe die Standard-Adressvalidierung durch + $validationResult = $shippingAddress->validate(); + if ($validationResult !== true) { + $validationErrors = [__($this->generalMessage)]; + } + if (is_array($validationResult)) { + $validationErrors = array_merge($validationErrors, $validationResult); + } + + // Führe die erweiterte Adressvalidierung durch $this->addressValidationRule->validateAddress($shippingAddress, $validationErrors); } From b8b8228b35ed3e3040daefb2f261e35a6e0dd542 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:54:19 +0200 Subject: [PATCH 097/146] Update ShippingAddressValidationRule.php --- .../Model/ValidationRules/ShippingAddressValidationRule.php | 2 -- 1 file changed, 2 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index ce50778f7e96f..82e749d356087 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -57,7 +57,6 @@ public function validate(Quote $quote): array $shippingAddress = $quote->getShippingAddress(); $shippingAddress->setStoreId($quote->getStoreId()); - // Führe die Standard-Adressvalidierung durch $validationResult = $shippingAddress->validate(); if ($validationResult !== true) { $validationErrors = [__($this->generalMessage)]; @@ -66,7 +65,6 @@ public function validate(Quote $quote): array $validationErrors = array_merge($validationErrors, $validationResult); } - // Führe die erweiterte Adressvalidierung durch $this->addressValidationRule->validateAddress($shippingAddress, $validationErrors); } From 2ef3e20dbbae5ef08f2255e6570ef34c83a52896 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:57:34 +0200 Subject: [PATCH 098/146] Update GlobalForbiddenPatterns.php --- .../Validator/GlobalForbiddenPatterns.php | 42 +++++++++++++++++-- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 4d8d500fb4430..c528b72a061a2 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -7,19 +7,32 @@ namespace Magento\Framework\Validator; +use Magento\Framework\App\Config\ScopeConfigInterface; +use Magento\Store\Model\ScopeInterface; + /** * Class GlobalForbiddenPatterns * Provides a set of forbidden patterns used for validation across the application. */ class GlobalForbiddenPatterns { - /** + /** * XML path for regex validation. * * @var string */ const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; - + + /** + * @var ScopeConfigInterface + */ + private $scopeConfig; + + public function __construct(ScopeConfigInterface $scopeConfig) + { + $this->scopeConfig = $scopeConfig; + } + /** * Returns an array of forbidden patterns. * @@ -41,7 +54,7 @@ public static function getPatterns(): array /** * Checks if the given field value is valid according to the forbidden patterns. * - * @param string|null $fieldValue + * @param mixed $fieldValue * @return bool */ public static function isValid(mixed $fieldValue): bool @@ -65,4 +78,27 @@ public static function isValid(mixed $fieldValue): bool return true; } + + /** + * Validate all fields in the provided data array based on forbidden patterns. + * + * @param array $data + * @param array &$validationErrors + * @return void + */ + public function validateData(array $data, array &$validationErrors): void + { + $isRegexEnabled = $this->scopeConfig->isSetFlag( + self::XML_PATH_SECURITY_REGEX_ENABLED, + ScopeInterface::SCOPE_STORE + ); + + if ($isRegexEnabled) { + foreach ($data as $key => $value) { + if (is_string($value) && !$this->isValid($value)) { + $validationErrors[] = __("Field %1 contains invalid characters.", $key); + } + } + } + } } From a541e5a431e09c574ea260de1505fbca3cae5926 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 08:58:58 +0200 Subject: [PATCH 099/146] Update NameValidationRule.php --- .../ValidationRules/NameValidationRule.php | 28 +++---------------- 1 file changed, 4 insertions(+), 24 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php index 5b9b30248749b..792d556346d03 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/NameValidationRule.php @@ -11,8 +11,6 @@ use Magento\Quote\Model\Quote; use Magento\Framework\Validator\GlobalForbiddenPatterns; use Magento\Framework\Validator\GlobalNameValidator; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Store\Model\ScopeInterface; /** * Class NameValidationRule @@ -35,29 +33,21 @@ class NameValidationRule implements QuoteValidationRuleInterface */ private $forbiddenPatternsValidator; - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - /** * Constructor. * * @param ValidationResultFactory $validationResultFactory * @param GlobalNameValidator $nameValidator * @param GlobalForbiddenPatterns $forbiddenPatternsValidator - * @param ScopeConfigInterface $scopeConfig */ public function __construct( ValidationResultFactory $validationResultFactory, GlobalNameValidator $nameValidator, - GlobalForbiddenPatterns $forbiddenPatternsValidator, - ScopeConfigInterface $scopeConfig + GlobalForbiddenPatterns $forbiddenPatternsValidator ) { $this->validationResultFactory = $validationResultFactory; $this->nameValidator = $nameValidator; $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; - $this->scopeConfig = $scopeConfig; } /** @@ -69,7 +59,7 @@ public function __construct( public function validate(Quote $quote): array { $validationErrors = []; - + // Define the fields to validate with their respective validators $fieldsToValidate = [ 'First Name' => [$quote->getCustomerFirstname(), 'isValidName', $this->nameValidator], @@ -86,19 +76,9 @@ public function validate(Quote $quote): array } } - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); - // Perform regex validation only if no other errors exist - if (empty($validationErrors) && $isRegexEnabled) { - foreach ($quote->getData() as $key => $value) { - if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { - $validationErrors[] = __("Field %1 contains invalid characters.", $key); - } - } + if (empty($validationErrors)) { + $this->forbiddenPatternsValidator->validateData($quote->getData(), $validationErrors); } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From 82f3518337eac7d54f62f049aa3cae4769cf1364 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 09:20:53 +0200 Subject: [PATCH 100/146] Update BillingAddressValidationRule.php --- .../Model/ValidationRules/BillingAddressValidationRule.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php index 577659ab74897..4adc857469481 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/BillingAddressValidationRule.php @@ -66,7 +66,9 @@ public function validate(Quote $quote): array $validationErrors = array_merge($validationErrors, $validationResult); } - $this->addressValidationRule->validateAddress($billingAddress, $validationErrors); + if (empty($validationErrors)) { + $this->addressValidationRule->validateAddress($billingAddress, $validationErrors); + } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; } From 0ac5c7dcc2c213690236d086b47783ee6faf5c54 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 09:22:13 +0200 Subject: [PATCH 101/146] Update ShippingAddressValidationRule.php --- .../Model/ValidationRules/ShippingAddressValidationRule.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php index 82e749d356087..0ee0f987b3790 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/ShippingAddressValidationRule.php @@ -65,7 +65,9 @@ public function validate(Quote $quote): array $validationErrors = array_merge($validationErrors, $validationResult); } - $this->addressValidationRule->validateAddress($shippingAddress, $validationErrors); + if (empty($validationErrors)) { + $this->addressValidationRule->validateAddress($shippingAddress, $validationErrors); + } } return [$this->validationResultFactory->create(['errors' => $validationErrors])]; From 9c2ad6424079702d5648fa62cee72fde020ee0ae Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 09:26:56 +0200 Subject: [PATCH 102/146] Update Mail.php --- app/code/Magento/Contact/Model/Mail.php | 29 ++++--------------------- 1 file changed, 4 insertions(+), 25 deletions(-) diff --git a/app/code/Magento/Contact/Model/Mail.php b/app/code/Magento/Contact/Model/Mail.php index 76181ed3ad21f..2f16df7307929 100644 --- a/app/code/Magento/Contact/Model/Mail.php +++ b/app/code/Magento/Contact/Model/Mail.php @@ -13,7 +13,6 @@ use Magento\Framework\Validator\GlobalForbiddenPatterns; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\Exception\LocalizedException; -use Magento\Store\Model\ScopeInterface; class Mail implements MailInterface { @@ -42,11 +41,6 @@ class Mail implements MailInterface */ private $forbiddenPatternsValidator; - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - /** * Initialize dependencies. * @@ -55,22 +49,19 @@ class Mail implements MailInterface * @param StateInterface $inlineTranslation * @param StoreManagerInterface|null $storeManager * @param GlobalForbiddenPatterns $forbiddenPatternsValidator - * @param ScopeConfigInterface $scopeConfig */ public function __construct( ConfigInterface $contactsConfig, TransportBuilder $transportBuilder, StateInterface $inlineTranslation, StoreManagerInterface $storeManager = null, - GlobalForbiddenPatterns $forbiddenPatternsValidator, - ScopeConfigInterface $scopeConfig + GlobalForbiddenPatterns $forbiddenPatternsValidator ) { $this->contactsConfig = $contactsConfig; $this->transportBuilder = $transportBuilder; $this->inlineTranslation = $inlineTranslation; $this->storeManager = $storeManager ?: ObjectManager::getInstance()->get(StoreManagerInterface::class); $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; - $this->scopeConfig = $scopeConfig; } /** @@ -83,21 +74,9 @@ public function __construct( */ public function send($replyTo, array $variables) { - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); - - // Perform regex validation only if it's enabled - if ($isRegexEnabled) { - foreach ($variables['data'] as $key => $value) { - if (is_string($value) && !$this->forbiddenPatternsValidator->isValid($value)) { - throw new LocalizedException( - __("Field %1 contains invalid characters.", $key) - ); - } - } + $this->forbiddenPatternsValidator->validateData($variables['data'], $validationErrors); + if (!empty($validationErrors)) { + throw new LocalizedException(__(implode(", ", $validationErrors))); } /** @see \Magento\Contact\Controller\Index\Post::validatedParams() */ From 2b733a03444e97c40795e0fc8f9eac5bb1f8fa3f Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 09:31:41 +0200 Subject: [PATCH 103/146] Update Review.php --- app/code/Magento/Review/Model/Review.php | 27 ++++-------------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/app/code/Magento/Review/Model/Review.php b/app/code/Magento/Review/Model/Review.php index dc26bb9f4c2f5..28f8ceada7109 100644 --- a/app/code/Magento/Review/Model/Review.php +++ b/app/code/Magento/Review/Model/Review.php @@ -14,9 +14,7 @@ use Magento\Framework\Validator\ValidatorChain; use Magento\Review\Model\ResourceModel\Review\Product\Collection as ProductCollection; use Magento\Review\Model\ResourceModel\Review\Status\Collection as StatusCollection; -use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\Validator\GlobalForbiddenPatterns; -use Magento\Store\Model\ScopeInterface; /** * Review model @@ -127,11 +125,6 @@ class Review extends \Magento\Framework\Model\AbstractModel implements IdentityI */ protected $_urlModel; - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - /** * @var GlobalForbiddenPatterns */ @@ -149,7 +142,6 @@ class Review extends \Magento\Framework\Model\AbstractModel implements IdentityI * @param \Magento\Review\Model\Review\Summary $reviewSummary * @param \Magento\Store\Model\StoreManagerInterface $storeManager * @param \Magento\Framework\UrlInterface $urlModel - * @param ScopeConfigInterface $scopeConfig * @param GlobalForbiddenPatterns $forbiddenPatternsValidator * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection @@ -166,7 +158,6 @@ public function __construct( \Magento\Review\Model\Review\Summary $reviewSummary, \Magento\Store\Model\StoreManagerInterface $storeManager, \Magento\Framework\UrlInterface $urlModel, - ScopeConfigInterface $scopeConfig, GlobalForbiddenPatterns $forbiddenPatternsValidator, \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null, \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null, @@ -179,7 +170,6 @@ public function __construct( $this->_reviewSummary = $reviewSummary; $this->_storeManager = $storeManager; $this->_urlModel = $urlModel; - $this->scopeConfig = $scopeConfig; $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; parent::__construct($context, $registry, $resource, $resourceCollection, $data); } @@ -313,30 +303,21 @@ public function validate() $errors[] = __('Please enter a review.'); } - // Check if regex validation is enabled - $isRegexEnabled = $this->scopeConfig->isSetFlag( - GlobalForbiddenPatterns::XML_PATH_SECURITY_REGEX_ENABLED, - ScopeInterface::SCOPE_STORE - ); - - // Perform regex validation only if no other errors exist - if (empty($errors) && $isRegexEnabled) { + // Validate fields with forbidden patterns + if (empty($errors)) { $dataToValidate = [ 'Title' => $this->getTitle(), 'Nickname' => $this->getNickname(), 'Detail' => $this->getDetail(), ]; - foreach ($dataToValidate as $fieldName => $fieldValue) { - if (is_string($fieldValue) && !$this->forbiddenPatternsValidator->isValid($fieldValue)) { - $errors[] = __("Field %1 contains invalid characters.", $fieldName); - } - } + $this->forbiddenPatternsValidator->validateData($dataToValidate, $errors); } if (empty($errors)) { return true; } + return $errors; } From 2ffd060e5e74065bafcaa3c46c84bb61d44f39fe Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 09:33:41 +0200 Subject: [PATCH 104/146] Update AddressValidationRule.php --- .../Quote/Model/ValidationRules/AddressValidationRule.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index dcad3039dd310..24da541dcf23a 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -93,6 +93,8 @@ public function validateAddress($address, array &$validationErrors): void } } - $this->forbiddenPatternsValidator->validateData($address->getData(), $validationErrors); + if (empty($validationErrors)) { + $this->forbiddenPatternsValidator->validateData($address->getData(), $validationErrors); + } } } From 2baeff570d88154168cbe19ac2a3d54ccadfba89 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 10:26:17 +0200 Subject: [PATCH 105/146] Update AddressValidationRule.php --- .../ValidationRules/AddressValidationRule.php | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 24da541dcf23a..99089730328f4 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -47,6 +47,16 @@ class AddressValidationRule */ private $scopeConfig; + /** + * Constructor + * + * @param GlobalForbiddenPatterns $forbiddenPatternsValidator + * @param GlobalNameValidator $nameValidator + * @param GlobalCityValidator $cityValidator + * @param GlobalPhoneValidation $phoneValidator + * @param GlobalStreetValidator $streetValidator + * @param ScopeConfigInterface $scopeConfig + */ public function __construct( GlobalForbiddenPatterns $forbiddenPatternsValidator, GlobalNameValidator $nameValidator, @@ -63,6 +73,13 @@ public function __construct( $this->scopeConfig = $scopeConfig; } + /** + * Validates the address fields and applies forbidden pattern checks + * + * @param mixed $address + * @param array &$validationErrors + * @return void + */ public function validateAddress($address, array &$validationErrors): void { // Define the fields to validate with their respective validators From 938e507d178a30d2721c35f3cd6420db168e7c6c Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 10:28:32 +0200 Subject: [PATCH 106/146] Update GlobalForbiddenPatterns.php --- .../Framework/Validator/GlobalForbiddenPatterns.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index c528b72a061a2..248919a95b430 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -21,13 +21,18 @@ class GlobalForbiddenPatterns * * @var string */ - const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; + public const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; /** * @var ScopeConfigInterface */ private $scopeConfig; + /** + * Constructor. + * + * @param ScopeConfigInterface $scopeConfig + */ public function __construct(ScopeConfigInterface $scopeConfig) { $this->scopeConfig = $scopeConfig; From 4af77fb31822d290be78d479b2b8a6684b182cc3 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 10:32:13 +0200 Subject: [PATCH 107/146] Update AddressValidationRule.php --- .../Model/ValidationRules/AddressValidationRule.php | 12 +----------- 1 file changed, 1 insertion(+), 11 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 99089730328f4..261a0cc1d0c0c 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -12,8 +12,6 @@ use Magento\Framework\Validator\GlobalCityValidator; use Magento\Framework\Validator\GlobalPhoneValidation; use Magento\Framework\Validator\GlobalStreetValidator; -use Magento\Framework\App\Config\ScopeConfigInterface; -use Magento\Store\Model\ScopeInterface; class AddressValidationRule { @@ -42,11 +40,6 @@ class AddressValidationRule */ private $streetValidator; - /** - * @var ScopeConfigInterface - */ - private $scopeConfig; - /** * Constructor * @@ -55,22 +48,19 @@ class AddressValidationRule * @param GlobalCityValidator $cityValidator * @param GlobalPhoneValidation $phoneValidator * @param GlobalStreetValidator $streetValidator - * @param ScopeConfigInterface $scopeConfig */ public function __construct( GlobalForbiddenPatterns $forbiddenPatternsValidator, GlobalNameValidator $nameValidator, GlobalCityValidator $cityValidator, GlobalPhoneValidation $phoneValidator, - GlobalStreetValidator $streetValidator, - ScopeConfigInterface $scopeConfig + GlobalStreetValidator $streetValidator ) { $this->forbiddenPatternsValidator = $forbiddenPatternsValidator; $this->nameValidator = $nameValidator; $this->cityValidator = $cityValidator; $this->phoneValidator = $phoneValidator; $this->streetValidator = $streetValidator; - $this->scopeConfig = $scopeConfig; } /** From 2f33722e855e78037b12348c55a36c937b44293c Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 16:22:59 +0200 Subject: [PATCH 108/146] Update Mail.php --- app/code/Magento/Contact/Model/Mail.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/app/code/Magento/Contact/Model/Mail.php b/app/code/Magento/Contact/Model/Mail.php index 2f16df7307929..de71f2fcc5718 100644 --- a/app/code/Magento/Contact/Model/Mail.php +++ b/app/code/Magento/Contact/Model/Mail.php @@ -74,10 +74,12 @@ public function __construct( */ public function send($replyTo, array $variables) { - $this->forbiddenPatternsValidator->validateData($variables['data'], $validationErrors); - if (!empty($validationErrors)) { - throw new LocalizedException(__(implode(", ", $validationErrors))); - } + $fieldsToValidate = [ + 'name' => $variables['data']['name'] ?? '', + 'comment' => $variables['data']['comment'] ?? '', + 'email' => $variables['data']['email'] ?? '', + ]; + $this->forbiddenPatternsValidator->validateData($fieldsToValidate, $validationErrors); /** @see \Magento\Contact\Controller\Index\Post::validatedParams() */ $replyToName = !empty($variables['data']['name']) ? $variables['data']['name'] : null; From df004124979fd414919297229a5491fa98f0c8f6 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 16:25:16 +0200 Subject: [PATCH 109/146] Update GlobalForbiddenPatterns.php --- .../Framework/Validator/GlobalForbiddenPatterns.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 248919a95b430..b587cafaa0c81 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -76,7 +76,7 @@ public static function isValid(mixed $fieldValue): bool // Check if the field contains a base64 encoded string and decode it for further validation if (preg_match('/base64_decode\(/', $fieldValue)) { - $decodedValue = base64_decode($fieldValue); + $decodedValue = base64_decode($fieldValue); // Recursively check the decoded value return self::isValid($decodedValue); } @@ -91,13 +91,15 @@ public static function isValid(mixed $fieldValue): bool * @param array &$validationErrors * @return void */ - public function validateData(array $data, array &$validationErrors): void - { + public function validateData( + array $data, + array &$validationErrors + ): void { $isRegexEnabled = $this->scopeConfig->isSetFlag( self::XML_PATH_SECURITY_REGEX_ENABLED, ScopeInterface::SCOPE_STORE ); - + if ($isRegexEnabled) { foreach ($data as $key => $value) { if (is_string($value) && !$this->isValid($value)) { From 7f2caed95433ecc87027bda385a6617c125e4f09 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 16:35:51 +0200 Subject: [PATCH 110/146] Update AddressValidationRule.php --- .../Quote/Model/ValidationRules/AddressValidationRule.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 261a0cc1d0c0c..3b4002075451f 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -66,8 +66,8 @@ public function __construct( /** * Validates the address fields and applies forbidden pattern checks * - * @param mixed $address - * @param array &$validationErrors + * @param mixed $address The address object to validate. + * @param array &$validationErrors An array to store validation errors. * @return void */ public function validateAddress($address, array &$validationErrors): void From b21065ac115f1f9b794346b974e1ff39f8332e5d Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 16:39:05 +0200 Subject: [PATCH 111/146] Update GlobalForbiddenPatterns.php --- .../Magento/Framework/Validator/GlobalForbiddenPatterns.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index b587cafaa0c81..c6a63d07a6c04 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -87,8 +87,8 @@ public static function isValid(mixed $fieldValue): bool /** * Validate all fields in the provided data array based on forbidden patterns. * - * @param array $data - * @param array &$validationErrors + * @param array $data The data array to be validated. + * @param array &$validationErrors An array to collect validation errors. * @return void */ public function validateData( From 4e01d234076c8220d2b034b617f06a4e9da3b663 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 17:15:40 +0200 Subject: [PATCH 112/146] Update AddressValidationRule.php --- .../Quote/Model/ValidationRules/AddressValidationRule.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 3b4002075451f..45894f89f0b65 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -90,11 +90,13 @@ public function validateAddress($address, array &$validationErrors): void if (is_array($fieldValue)) { foreach ($fieldValue as $value) { if (!$validatorInstance->$validationMethod($value)) { + error_log("Invalid street value: " . $fieldValue); $validationErrors[] = __("$fieldName is not valid"); } } } else { if (!$validatorInstance->$validationMethod($fieldValue)) { + error_log("Invalid street value: " . $fieldValue); $validationErrors[] = __("$fieldName is not valid"); } } From bfd9197848480847ccf33ceb00454eb7ce1a0066 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 17:19:30 +0200 Subject: [PATCH 113/146] Update AddressValidationRule.php --- .../ValidationRules/AddressValidationRule.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 45894f89f0b65..df317d7884456 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -74,15 +74,15 @@ public function validateAddress($address, array &$validationErrors): void { // Define the fields to validate with their respective validators $fieldsToValidate = [ - 'First Name' => [$address->getFirstname(), 'isValidName', $this->nameValidator], - 'Middle Name' => [$address->getMiddlename(), 'isValidName', $this->nameValidator], - 'Last Name' => [$address->getLastname(), 'isValidName', $this->nameValidator], - 'Prefix' => [$address->getPrefix(), 'isValidName', $this->nameValidator], - 'Suffix' => [$address->getSuffix(), 'isValidName', $this->nameValidator], - 'City' => [$address->getCity(), 'isValidCity', $this->cityValidator], - 'Telephone' => [$address->getTelephone(), 'isValidPhone', $this->phoneValidator], - 'Fax' => [$address->getFax(), 'isValidPhone', $this->phoneValidator], - 'Street' => [$address->getStreet(), 'isValidStreet', $this->streetValidator], + 'First Name' => [trim($address->getFirstname()), 'isValidName', $this->nameValidator], + 'Middle Name' => [trim($address->getMiddlename()), 'isValidName', $this->nameValidator], + 'Last Name' => [trim($address->getLastname()), 'isValidName', $this->nameValidator], + 'Prefix' => [trim($address->getPrefix()), 'isValidName', $this->nameValidator], + 'Suffix' => [trim($address->getSuffix()), 'isValidName', $this->nameValidator], + 'City' => [trim($address->getCity()), 'isValidCity', $this->cityValidator], + 'Telephone' => [trim($address->getTelephone()), 'isValidPhone', $this->phoneValidator], + 'Fax' => [trim($address->getFax()), 'isValidPhone', $this->phoneValidator], + 'Street' => [trim($address->getStreet()), 'isValidStreet', $this->streetValidator], ]; // Validate each field From daae5e7eb61ac4c963ecbd3432c015d6cecb4218 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:29:38 +0200 Subject: [PATCH 114/146] Update AddressValidationRule.php --- .../ValidationRules/AddressValidationRule.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index df317d7884456..45894f89f0b65 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -74,15 +74,15 @@ public function validateAddress($address, array &$validationErrors): void { // Define the fields to validate with their respective validators $fieldsToValidate = [ - 'First Name' => [trim($address->getFirstname()), 'isValidName', $this->nameValidator], - 'Middle Name' => [trim($address->getMiddlename()), 'isValidName', $this->nameValidator], - 'Last Name' => [trim($address->getLastname()), 'isValidName', $this->nameValidator], - 'Prefix' => [trim($address->getPrefix()), 'isValidName', $this->nameValidator], - 'Suffix' => [trim($address->getSuffix()), 'isValidName', $this->nameValidator], - 'City' => [trim($address->getCity()), 'isValidCity', $this->cityValidator], - 'Telephone' => [trim($address->getTelephone()), 'isValidPhone', $this->phoneValidator], - 'Fax' => [trim($address->getFax()), 'isValidPhone', $this->phoneValidator], - 'Street' => [trim($address->getStreet()), 'isValidStreet', $this->streetValidator], + 'First Name' => [$address->getFirstname(), 'isValidName', $this->nameValidator], + 'Middle Name' => [$address->getMiddlename(), 'isValidName', $this->nameValidator], + 'Last Name' => [$address->getLastname(), 'isValidName', $this->nameValidator], + 'Prefix' => [$address->getPrefix(), 'isValidName', $this->nameValidator], + 'Suffix' => [$address->getSuffix(), 'isValidName', $this->nameValidator], + 'City' => [$address->getCity(), 'isValidCity', $this->cityValidator], + 'Telephone' => [$address->getTelephone(), 'isValidPhone', $this->phoneValidator], + 'Fax' => [$address->getFax(), 'isValidPhone', $this->phoneValidator], + 'Street' => [$address->getStreet(), 'isValidStreet', $this->streetValidator], ]; // Validate each field From 57f8e7f114ff5dcb3f0f8318f6e8d9d9a2bf0383 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:35:09 +0200 Subject: [PATCH 115/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index 1840314e3585c..e3aa549d1ec76 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -37,8 +37,8 @@ public static function isValidCity(mixed $cityValue): bool return true; } - if (preg_match(self::PATTERN_CITY, $cityValue, $matches)) { - return $matches[0] === $cityValue; + if (preg_match(self::PATTERN_CITY, trim($cityValue), $matches)) { + return $matches[0] === trim($cityValue); } return false; From 777253dd9773cf9742851f774c211bbdae6b6ea4 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:35:32 +0200 Subject: [PATCH 116/146] Update GlobalNameValidator.php --- .../Magento/Framework/Validator/GlobalNameValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index c882dce270ecf..d8195caac4db2 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -26,8 +26,8 @@ public static function isValidName(mixed $nameValue): bool return true; } - if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { - return $matches[0] === $nameValue; + if (preg_match(self::PATTERN_NAME, trim($nameValue), $matches)) { + return $matches[0] === trim($nameValue); } return false; From 8f19095bb711935a7d4818c6808cee65d38b2fad Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:35:56 +0200 Subject: [PATCH 117/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 81b3c39d5399a..6aef35314ce1b 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -26,8 +26,8 @@ public static function isValidPhone(mixed $phoneValue): bool return true; } - if (preg_match(self::PATTERN_TELEPHONE, $phoneValue, $matches)) { - return $matches[0] === $phoneValue; + if (preg_match(self::PATTERN_TELEPHONE, trim($phoneValue), $matches)) { + return $matches[0] === trim($phoneValue); } return false; From 0fea4573625d970d6c70b152bab148a09f9e5431 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:36:20 +0200 Subject: [PATCH 118/146] Update GlobalStreetValidator.php --- .../Magento/Framework/Validator/GlobalStreetValidator.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php index a1ef186116c06..c4645384fe3b5 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -39,8 +39,8 @@ public static function isValidStreet(mixed $streetValue): bool return true; } - if (preg_match(self::PATTERN_STREET, $streetValue, $matches)) { - return $matches[0] === $streetValue; + if (preg_match(self::PATTERN_STREET, trim($streetValue), $matches)) { + return $matches[0] === trim($streetValue); } return false; From a783403600c5aaa6ca56edc5fbb9ab8097bb8f98 Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:37:08 +0200 Subject: [PATCH 119/146] Update GlobalForbiddenPatterns.php --- .../Magento/Framework/Validator/GlobalForbiddenPatterns.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index c6a63d07a6c04..11ab6fd60f382 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -68,6 +68,8 @@ public static function isValid(mixed $fieldValue): bool return true; } + $fieldValue = trim($fieldValue); + foreach (self::getPatterns() as $pattern) { if (preg_match($pattern, $fieldValue)) { return false; From ed5d363d98db07a5a4235f29d40d43d002158e9a Mon Sep 17 00:00:00 2001 From: in-session Date: Tue, 27 Aug 2024 19:39:34 +0200 Subject: [PATCH 120/146] Update Mail.php --- app/code/Magento/Contact/Model/Mail.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/app/code/Magento/Contact/Model/Mail.php b/app/code/Magento/Contact/Model/Mail.php index de71f2fcc5718..7735f5d7dd818 100644 --- a/app/code/Magento/Contact/Model/Mail.php +++ b/app/code/Magento/Contact/Model/Mail.php @@ -74,6 +74,7 @@ public function __construct( */ public function send($replyTo, array $variables) { + $validationErrors = []; $fieldsToValidate = [ 'name' => $variables['data']['name'] ?? '', 'comment' => $variables['data']['comment'] ?? '', @@ -81,6 +82,12 @@ public function send($replyTo, array $variables) ]; $this->forbiddenPatternsValidator->validateData($fieldsToValidate, $validationErrors); + if (!empty($validationErrors)) { + throw new \Magento\Framework\Exception\LocalizedException( + __(implode("\n", $validationErrors)) + ); + } + /** @see \Magento\Contact\Controller\Index\Post::validatedParams() */ $replyToName = !empty($variables['data']['name']) ? $variables['data']['name'] : null; From 8286059bf2f18da2a0857bfb91e5e6eca2fcde64 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:35:24 +0200 Subject: [PATCH 121/146] Update GlobalStreetValidator.php --- .../Magento/Framework/Validator/GlobalStreetValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php index c4645384fe3b5..5aa3143c5e24b 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -33,7 +33,7 @@ class GlobalStreetValidator * @param string|null $streetValue * @return bool */ - public static function isValidStreet(mixed $streetValue): bool + public function isValidStreet(mixed $streetValue): bool { if ($streetValue === null || $streetValue === '' || !is_string($streetValue)) { return true; From 14c1b4ce708aef58e934bd37c714e5308e7e18fc Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:35:43 +0200 Subject: [PATCH 122/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 6aef35314ce1b..6b191d13b5b91 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -20,7 +20,7 @@ class GlobalPhoneValidation * @param string|null $phoneValue * @return bool */ - public static function isValidPhone(mixed $phoneValue): bool + public function isValidPhone(mixed $phoneValue): bool { if ($phoneValue === null || $phoneValue === '' || !is_string($phoneValue)) { return true; From 02baadd9cd636af018441755ae1d3e25f8398622 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:36:06 +0200 Subject: [PATCH 123/146] Update GlobalNameValidator.php --- .../Magento/Framework/Validator/GlobalNameValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index d8195caac4db2..a060930ca9cde 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -20,7 +20,7 @@ class GlobalNameValidator * @param string|null $nameValue * @return bool */ - public static function isValidName(mixed $nameValue): bool + public function isValidName(mixed $nameValue): bool { if ($nameValue === null || $nameValue === '' || !is_string($nameValue)) { return true; From 66a9b3e6e6601c794f0fb1b8c4af0bddf6b569f6 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:37:16 +0200 Subject: [PATCH 124/146] Update GlobalForbiddenPatterns.php --- .../Magento/Framework/Validator/GlobalForbiddenPatterns.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index 11ab6fd60f382..b1d867db6a0a5 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -43,7 +43,7 @@ public function __construct(ScopeConfigInterface $scopeConfig) * * @return string[] */ - public static function getPatterns(): array + public function getPatterns(): array { return [ '/{{.*}}/', @@ -62,7 +62,7 @@ public static function getPatterns(): array * @param mixed $fieldValue * @return bool */ - public static function isValid(mixed $fieldValue): bool + public function isValid(mixed $fieldValue): bool { if ($fieldValue === null || $fieldValue === '' || !is_string($fieldValue)) { return true; From b9f1668f5231efa07baf119f86ecde0530509e7a Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:37:41 +0200 Subject: [PATCH 125/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index e3aa549d1ec76..1c555c6bd1063 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -31,7 +31,7 @@ class GlobalCityValidator * @param string|null $cityValue * @return bool */ - public static function isValidCity(mixed $cityValue): bool + public function isValidCity(mixed $cityValue): bool { if ($cityValue === null || $cityValue === '' || !is_string($cityValue)) { return true; From c489a90306f49155880daa410c26c3ec646db0c7 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:41:26 +0200 Subject: [PATCH 126/146] Update City.php --- .../Magento/Customer/Model/Validator/City.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/City.php b/app/code/Magento/Customer/Model/Validator/City.php index aac037b6991fb..6ff8665f32a83 100644 --- a/app/code/Magento/Customer/Model/Validator/City.php +++ b/app/code/Magento/Customer/Model/Validator/City.php @@ -16,6 +16,21 @@ */ class City extends AbstractValidator { + /** + * @var GlobalCityValidator + */ + private $cityValidator; + + /** + * City constructor. + * + * @param GlobalCityValidator $cityValidator + */ + public function __construct(GlobalCityValidator $cityValidator) + { + $this->cityValidator = $cityValidator; + } + /** * Validate city fields. * @@ -24,7 +39,7 @@ class City extends AbstractValidator */ public function isValid($customer): bool { - if (!GlobalCityValidator::isValidCity($customer->getCity())) { + if (!$this->cityValidator->isValidCity($customer->getCity())) { parent::_addMessages([[ 'city' => __("Invalid City. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', &, [], ().") ]]); From 663e8115c487838c369739cec18fb66458ccfa15 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:43:24 +0200 Subject: [PATCH 127/146] Update Name.php --- .../Magento/Customer/Model/Validator/Name.php | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/app/code/Magento/Customer/Model/Validator/Name.php b/app/code/Magento/Customer/Model/Validator/Name.php index b374fc6d06e8d..3a2f05bad4989 100644 --- a/app/code/Magento/Customer/Model/Validator/Name.php +++ b/app/code/Magento/Customer/Model/Validator/Name.php @@ -16,6 +16,21 @@ */ class Name extends AbstractValidator { + /** + * @var GlobalNameValidator + */ + private $nameValidator; + + /** + * Name constructor. + * + * @param GlobalNameValidator $nameValidator + */ + public function __construct(GlobalNameValidator $nameValidator) + { + $this->nameValidator = $nameValidator; + } + /** * Validate name fields. * @@ -24,15 +39,15 @@ class Name extends AbstractValidator */ public function isValid($customer) { - if (!GlobalNameValidator::isValidName($customer->getFirstname())) { + if (!$this->nameValidator->isValidName($customer->getFirstname())) { parent::_addMessages([['firstname' => __('First Name is not valid!')]]); } - if (!GlobalNameValidator::isValidName($customer->getLastname())) { + if (!$this->nameValidator->isValidName($customer->getLastname())) { parent::_addMessages([['lastname' => __('Last Name is not valid!')]]); } - if (!GlobalNameValidator::isValidName($customer->getMiddlename())) { + if (!$this->nameValidator->isValidName($customer->getMiddlename())) { parent::_addMessages([['middlename' => __('Middle Name is not valid!')]]); } From fab1c33126bba84fd274dac60e62a947d4e4985b Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:44:39 +0200 Subject: [PATCH 128/146] Update Street.php --- .../Magento/Customer/Model/Validator/Street.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/Street.php b/app/code/Magento/Customer/Model/Validator/Street.php index 6c097c8238197..96e5d92e667f7 100644 --- a/app/code/Magento/Customer/Model/Validator/Street.php +++ b/app/code/Magento/Customer/Model/Validator/Street.php @@ -16,6 +16,21 @@ */ class Street extends AbstractValidator { + /** + * @var GlobalStreetValidator + */ + private $streetValidator; + + /** + * Street constructor. + * + * @param GlobalStreetValidator $streetValidator + */ + public function __construct(GlobalStreetValidator $streetValidator) + { + $this->streetValidator = $streetValidator; + } + /** * Validate street fields. * @@ -25,7 +40,7 @@ class Street extends AbstractValidator public function isValid($customer): bool { foreach ($customer->getStreet() as $street) { - if (!GlobalStreetValidator::isValidStreet($street)) { + if (!$this->streetValidator->isValidStreet($street)) { parent::_addMessages([[ 'street' => __( "Invalid Street Address. Please use only A-Z, a-z, 0-9, spaces, commas, -, ., ', " . From 468476ce8274c9c9e6a838c0e29212623960e962 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:45:24 +0200 Subject: [PATCH 129/146] Update Telephone.php --- .../Customer/Model/Validator/Telephone.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Model/Validator/Telephone.php b/app/code/Magento/Customer/Model/Validator/Telephone.php index b0c015e2d73d2..668d89fc26445 100644 --- a/app/code/Magento/Customer/Model/Validator/Telephone.php +++ b/app/code/Magento/Customer/Model/Validator/Telephone.php @@ -16,6 +16,21 @@ */ class Telephone extends AbstractValidator { + /** + * @var GlobalPhoneValidation + */ + private $phoneValidator; + + /** + * Telephone constructor. + * + * @param GlobalPhoneValidation $phoneValidator + */ + public function __construct(GlobalPhoneValidation $phoneValidator) + { + $this->phoneValidator = $phoneValidator; + } + /** * Validate telephone fields. * @@ -24,7 +39,7 @@ class Telephone extends AbstractValidator */ public function isValid($customer) { - if (!GlobalPhoneValidation::isValidPhone($customer->getTelephone())) { + if (!$this->phoneValidator->isValidPhone($customer->getTelephone())) { parent::_addMessages([[ 'telephone' => __('Invalid Phone Number. Please use 0-9, +, -, (), /, and space.') ]]); From 762d1cda4ac50cfebf43e5cc595709f536749171 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:47:53 +0200 Subject: [PATCH 130/146] Update CityTest.php --- .../Test/Unit/Model/Validator/CityTest.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php index 366269d7066a5..01cda4b49fab3 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/CityTest.php @@ -9,6 +9,7 @@ use Magento\Customer\Model\Validator\City; use Magento\Customer\Model\Customer; +use Magento\Framework\Validator\GlobalCityValidator; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -27,12 +28,18 @@ class CityTest extends TestCase */ private MockObject $customerMock; + /** + * @var GlobalCityValidator|MockObject + */ + private MockObject $globalCityValidatorMock; + /** * @return void */ protected function setUp(): void { - $this->cityValidator = new City(); + $this->globalCityValidatorMock = $this->createMock(GlobalCityValidator::class); + $this->cityValidator = new City($this->globalCityValidatorMock); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -54,6 +61,11 @@ public function testValidateCorrectPunctuationInCity( ) { $this->customerMock->expects($this->once())->method('getCity')->willReturn($city); + $this->globalCityValidatorMock->expects($this->once()) + ->method('isValidCity') + ->with($city) + ->willReturn(true); + $isValid = $this->cityValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); } From 22284e0c548204d217819cf03a54caee96729e46 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:49:46 +0200 Subject: [PATCH 131/146] Update NameTest.php --- .../Test/Unit/Model/Validator/NameTest.php | 20 ++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php index 52e505ffe5482..c5f953ff44fa7 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/NameTest.php @@ -24,9 +24,9 @@ class NameTest extends TestCase private Name $nameValidator; /** - * @var GlobalNameValidator + * @var GlobalNameValidator|MockObject */ - private GlobalNameValidator $globalNameValidator; + private MockObject $globalNameValidatorMock; /** * @var Customer|MockObject @@ -38,8 +38,8 @@ class NameTest extends TestCase */ protected function setUp(): void { - $this->nameValidator = new Name(); - $this->globalNameValidator = new GlobalNameValidator(); + $this->globalNameValidatorMock = $this->createMock(GlobalNameValidator::class); + $this->nameValidator = new Name($this->globalNameValidatorMock); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -67,11 +67,17 @@ public function testValidateCorrectPunctuationInNames( $this->customerMock->expects($this->once())->method('getMiddlename')->willReturn($middleName); $this->customerMock->expects($this->once())->method('getLastname')->willReturn($lastName); + // Mock the GlobalNameValidator behavior + $this->globalNameValidatorMock->expects($this->exactly(3)) + ->method('isValidName') + ->willReturnMap([ + [$firstName, true], + [$middleName, true], + [$lastName, true], + ]); + $isValid = $this->nameValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); - - $isValidGlobal = $this->globalNameValidator->isValidName($firstName); - $this->assertTrue($isValidGlobal, $message); } /** From 467ec68edec1efb41ebbf169a39a0f8687d75775 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:58:10 +0200 Subject: [PATCH 132/146] Update StreetTest.php --- .../Test/Unit/Model/Validator/StreetTest.php | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php index ca2157b5d3a6e..9a7a91bd750ca 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/StreetTest.php @@ -8,6 +8,7 @@ namespace Magento\Customer\Test\Unit\Model\Validator; use Magento\Customer\Model\Validator\Street; +use Magento\Framework\Validator\GlobalStreetValidator; use Magento\Customer\Model\Customer; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -22,6 +23,11 @@ class StreetTest extends TestCase */ private Street $streetValidator; + /** + * @var GlobalStreetValidator|MockObject + */ + private MockObject $globalStreetValidatorMock; + /** * @var Customer|MockObject */ @@ -32,7 +38,8 @@ class StreetTest extends TestCase */ protected function setUp(): void { - $this->streetValidator = new Street(); + $this->globalStreetValidatorMock = $this->createMock(GlobalStreetValidator::class); + $this->streetValidator = new Street($this->globalStreetValidatorMock); $this->customerMock = $this ->getMockBuilder(Customer::class) ->disableOriginalConstructor() @@ -54,6 +61,11 @@ public function testValidateCorrectPunctuationInStreet( ): void { $this->customerMock->expects($this->once())->method('getStreet')->willReturn($street); + // Mock the GlobalStreetValidator behavior + $this->globalStreetValidatorMock->expects($this->exactly(count($street))) + ->method('isValidStreet') + ->willReturn(true); + $isValid = $this->streetValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); } From 481ed571ee8a0581e82adcbe33aca962246eee3f Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 07:59:42 +0200 Subject: [PATCH 133/146] Update TelephoneTest.php --- .../Unit/Model/Validator/TelephoneTest.php | 21 ++++++++++--------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php index 85ddd0ee40cde..75388d3ac5484 100644 --- a/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php +++ b/app/code/Magento/Customer/Test/Unit/Model/Validator/TelephoneTest.php @@ -8,8 +8,8 @@ namespace Magento\Customer\Test\Unit\Model\Validator; use Magento\Customer\Model\Validator\Telephone; -use Magento\Customer\Model\Customer; use Magento\Framework\Validator\GlobalPhoneValidation; +use Magento\Customer\Model\Customer; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; @@ -24,9 +24,9 @@ class TelephoneTest extends TestCase private Telephone $telephoneValidator; /** - * @var GlobalPhoneValidation + * @var GlobalPhoneValidation|MockObject */ - private GlobalPhoneValidation $globalPhoneValidation; + private MockObject $globalPhoneValidationMock; /** * @var Customer|MockObject @@ -40,8 +40,8 @@ class TelephoneTest extends TestCase */ protected function setUp(): void { - $this->telephoneValidator = new Telephone(); - $this->globalPhoneValidation = new GlobalPhoneValidation(); + $this->globalPhoneValidationMock = $this->createMock(GlobalPhoneValidation::class); + $this->telephoneValidator = new Telephone($this->globalPhoneValidationMock); $this->customerMock = $this->getMockBuilder(Customer::class) ->disableOriginalConstructor() ->addMethods(['getTelephone']) @@ -62,13 +62,14 @@ public function testValidateCorrectPunctuationInTelephone( ) { $this->customerMock->expects($this->once())->method('getTelephone')->willReturn($telephone); - // Validate using the Telephone validator + // Mock the GlobalPhoneValidation behavior + $this->globalPhoneValidationMock->expects($this->once()) + ->method('isValidPhone') + ->with($telephone) + ->willReturn(true); + $isValid = $this->telephoneValidator->isValid($this->customerMock); $this->assertTrue($isValid, $message); - - // Validate using the GlobalPhoneValidation directly - $isValidGlobal = $this->globalPhoneValidation->isValidPhone($telephone); - $this->assertTrue($isValidGlobal, $message); } /** From b9d7d746b72bc50ca7aa63e42515a46a9cf4047c Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:00:44 +0200 Subject: [PATCH 134/146] Update AddressValidationRule.php --- .../Quote/Model/ValidationRules/AddressValidationRule.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php index 45894f89f0b65..453ee82e354a5 100644 --- a/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php +++ b/app/code/Magento/Quote/Model/ValidationRules/AddressValidationRule.php @@ -90,13 +90,13 @@ public function validateAddress($address, array &$validationErrors): void if (is_array($fieldValue)) { foreach ($fieldValue as $value) { if (!$validatorInstance->$validationMethod($value)) { - error_log("Invalid street value: " . $fieldValue); + error_log("Invalid value: " . $fieldValue); $validationErrors[] = __("$fieldName is not valid"); } } } else { if (!$validatorInstance->$validationMethod($fieldValue)) { - error_log("Invalid street value: " . $fieldValue); + error_log("Invalid value: " . $fieldValue); $validationErrors[] = __("$fieldName is not valid"); } } From 49d2acfcb1f1b17da6aae5a492ba0c6a06779930 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:06:32 +0200 Subject: [PATCH 135/146] Update GlobalNameValidator.php --- .../Framework/Validator/GlobalNameValidator.php | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index a060930ca9cde..7d8736e6b6f4b 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -10,7 +10,22 @@ class GlobalNameValidator { /** - * Regular expression pattern for validating names. + * Allowed characters for validating names: + * + * \p{L}: Unicode letters (e.g., a-z, A-Z, and letters from other languages). + * \p{M}: Unicode marks (diacritic marks, accents, etc.). + * ,: Comma, used for separating elements within a name. + * \-: Hyphen, commonly used in compound names. + * \_: Underscore, occasionally used in names. + * \.: Period, often used in initials or abbreviations in names. + * ': Apostrophe, used in names like "O'Connor". + * ’: Right single quotation mark, used as an apostrophe in some names. + * `: Grave accent, used in some names. + * \&: Ampersand, can appear in business names or titles. + * \s: Whitespace characters (spaces, tabs, newlines, etc.), allowing multi-part names. + * \d: Digits (0-9), to allow names that include numbers, such as "John Doe II". + * + * The pattern ensures that a name can be between 1 and 255 characters long. */ public const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u'; From 568743e886377317444fca017d04fdd7258fd18d Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:07:25 +0200 Subject: [PATCH 136/146] Update GlobalPhoneValidation.php --- .../Framework/Validator/GlobalPhoneValidation.php | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 6b191d13b5b91..75efcc4a0f37f 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -10,7 +10,17 @@ class GlobalPhoneValidation { /** - * Regular expression pattern for validating phone numbers. + * Allowed characters for validating phone numbers: + * + * \d: Digits (0-9), representing the numbers in a phone number. + * \s: Whitespace characters (spaces, tabs, newlines, etc.), allowing separation within the number. + * \+: Plus sign, often used to indicate the country code (e.g., +1 for the USA). + * \-: Hyphen, commonly used to separate different parts of a phone number (e.g., 555-1234). + * \(: Opening parenthesis, often used around area codes (e.g., (555) 123-4567). + * \): Closing parenthesis, used with the opening parenthesis around area codes. + * \/: Forward slash, sometimes used in extensions or other parts of the number. + * + * The pattern ensures that a phone number can be between 1 and 30 characters long. */ public const PATTERN_TELEPHONE = '/(?:[\d\s\+\-\()\/]{1,30})/u'; From fc98ebaded31e4cdb19e0485b586517280ecacef Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:19:47 +0200 Subject: [PATCH 137/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 75efcc4a0f37f..8e6f1b7c389e2 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -22,7 +22,7 @@ class GlobalPhoneValidation * * The pattern ensures that a phone number can be between 1 and 30 characters long. */ - public const PATTERN_TELEPHONE = '/(?:[\d\s\+\-\()\/]{1,30})/u'; + private const PATTERN_TELEPHONE = '/(?:[\d\s\+\-\()\/]{1,30})/u'; /** * Validate a phone number string. From 3e7a738d3c441bd230da5f229ea4278a5487bca7 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:20:19 +0200 Subject: [PATCH 138/146] Update GlobalNameValidator.php --- .../Magento/Framework/Validator/GlobalNameValidator.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index 7d8736e6b6f4b..7e9b0768c548e 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -27,7 +27,7 @@ class GlobalNameValidator * * The pattern ensures that a name can be between 1 and 255 characters long. */ - public const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u'; + private const PATTERN_NAME = '/(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u'; /** * Validate a name string. From f9d3527a842ede7e11ccc051c89bda061424f9b1 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:22:21 +0200 Subject: [PATCH 139/146] Update GlobalForbiddenPatterns.php --- .../Magento/Framework/Validator/GlobalForbiddenPatterns.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php index b1d867db6a0a5..d98256ccd07a4 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php +++ b/lib/internal/Magento/Framework/Validator/GlobalForbiddenPatterns.php @@ -21,7 +21,7 @@ class GlobalForbiddenPatterns * * @var string */ - public const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; + private const XML_PATH_SECURITY_REGEX_ENABLED = 'system/security/security_regex_enabled'; /** * @var ScopeConfigInterface From cb04a742edc67f9fbaa07e92995f0dad3d27a901 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:24:24 +0200 Subject: [PATCH 140/146] Update GlobalNameValidator.php --- .../Magento/Framework/Validator/GlobalNameValidator.php | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php index 7e9b0768c548e..0e5c3ae42f74c 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalNameValidator.php @@ -40,9 +40,10 @@ public function isValidName(mixed $nameValue): bool if ($nameValue === null || $nameValue === '' || !is_string($nameValue)) { return true; } - - if (preg_match(self::PATTERN_NAME, trim($nameValue), $matches)) { - return $matches[0] === trim($nameValue); + + $nameValue = trim($nameValue); + if (preg_match(self::PATTERN_NAME, $nameValue, $matches)) { + return $matches[0] === $nameValue; } return false; From 9539b49503b6d14987334a67d25decdae5a19eca Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:25:04 +0200 Subject: [PATCH 141/146] Update GlobalStreetValidator.php --- .../Magento/Framework/Validator/GlobalStreetValidator.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php index 5aa3143c5e24b..260c64b7871c7 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalStreetValidator.php @@ -39,8 +39,9 @@ public function isValidStreet(mixed $streetValue): bool return true; } - if (preg_match(self::PATTERN_STREET, trim($streetValue), $matches)) { - return $matches[0] === trim($streetValue); + $streetValue = trim($streetValue); + if (preg_match(self::PATTERN_STREET, $streetValue, $matches)) { + return $matches[0] === $streetValue; } return false; From f1408484c45b1b56fe3d219ea1819f8c7551baa5 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:25:47 +0200 Subject: [PATCH 142/146] Update GlobalPhoneValidation.php --- .../Magento/Framework/Validator/GlobalPhoneValidation.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php index 8e6f1b7c389e2..e9de5cdb45310 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php +++ b/lib/internal/Magento/Framework/Validator/GlobalPhoneValidation.php @@ -36,8 +36,9 @@ public function isValidPhone(mixed $phoneValue): bool return true; } - if (preg_match(self::PATTERN_TELEPHONE, trim($phoneValue), $matches)) { - return $matches[0] === trim($phoneValue); + $phoneValue = trim($phoneValue); + if (preg_match(self::PATTERN_TELEPHONE, $phoneValue, $matches)) { + return $matches[0] === $phoneValue; } return false; From 4bd9691b3423aedf1557325fb8bbd0cb4af26240 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 08:26:57 +0200 Subject: [PATCH 143/146] Update GlobalCityValidator.php --- .../Magento/Framework/Validator/GlobalCityValidator.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php index 1c555c6bd1063..524dfd9937def 100644 --- a/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php +++ b/lib/internal/Magento/Framework/Validator/GlobalCityValidator.php @@ -37,8 +37,9 @@ public function isValidCity(mixed $cityValue): bool return true; } - if (preg_match(self::PATTERN_CITY, trim($cityValue), $matches)) { - return $matches[0] === trim($cityValue); + $cityValue = trim($cityValue); + if (preg_match(self::PATTERN_CITY, $cityValue, $matches)) { + return $matches[0] === $cityValue; } return false; From 0ab90612eb590cb05025bfdcc7f848d0e48c1966 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 16:48:29 +0200 Subject: [PATCH 144/146] Update system.xml --- app/code/Magento/Security/etc/adminhtml/system.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/app/code/Magento/Security/etc/adminhtml/system.xml b/app/code/Magento/Security/etc/adminhtml/system.xml index 6a9c244dcdac1..df5893d2d376d 100644 --- a/app/code/Magento/Security/etc/adminhtml/system.xml +++ b/app/code/Magento/Security/etc/adminhtml/system.xml @@ -58,6 +58,11 @@ Limit the maximum session size in bytes. Use 0 to disable. + + Magento\Config\Model\Config\Source\Yesno + Activate the extended field regex function. + + Magento\Config\Model\Config\Source\Yesno Activate the extended regex function to limit code injection. From 5299e3164195fff8ea2f27bcabb47a1c9dbc64f2 Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 17:14:34 +0200 Subject: [PATCH 145/146] Update system.xml --- .../Magento/Security/etc/adminhtml/system.xml | 38 ++++++++++++++++++- 1 file changed, 37 insertions(+), 1 deletion(-) diff --git a/app/code/Magento/Security/etc/adminhtml/system.xml b/app/code/Magento/Security/etc/adminhtml/system.xml index df5893d2d376d..f73f58b17e378 100644 --- a/app/code/Magento/Security/etc/adminhtml/system.xml +++ b/app/code/Magento/Security/etc/adminhtml/system.xml @@ -58,10 +58,46 @@ Limit the maximum session size in bytes. Use 0 to disable. - + Magento\Config\Model\Config\Source\Yesno Activate the extended field regex function. + + + Custom regex pattern for city validation. Default: /^[\p{L}\p{M}\s\-\.\'\&\[\]\(\):]{1,100}$/u + + security_regex_enabled + 1 + + /^[\p{L}\p{M}\s\-\.\'\&\[\]\(\):]{1,100}$/u + + + + Custom regex pattern for name validation. Default: /(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u + + security_regex_enabled + 1 + + /(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u + + + + Custom regex pattern for telephone validation. Default: /(?:[\d\s\+\-\()\/]{1,30})/u + + security_regex_enabled + 1 + + /(?:[\d\s\+\-\()\/]{1,30})/u + + + + Custom regex pattern for street validation. Default: /^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u + + security_regex_enabled + 1 + + /^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u + Magento\Config\Model\Config\Source\Yesno From b8dfb94879768b63d5a09b6cf453431d27e2a4bb Mon Sep 17 00:00:00 2001 From: in-session Date: Wed, 28 Aug 2024 20:55:46 +0200 Subject: [PATCH 146/146] Update system.xml --- .../Magento/Security/etc/adminhtml/system.xml | 43 +------------------ 1 file changed, 1 insertion(+), 42 deletions(-) diff --git a/app/code/Magento/Security/etc/adminhtml/system.xml b/app/code/Magento/Security/etc/adminhtml/system.xml index f73f58b17e378..afb51f0efeb94 100644 --- a/app/code/Magento/Security/etc/adminhtml/system.xml +++ b/app/code/Magento/Security/etc/adminhtml/system.xml @@ -58,51 +58,10 @@ Limit the maximum session size in bytes. Use 0 to disable. - + Magento\Config\Model\Config\Source\Yesno Activate the extended field regex function. - - - Custom regex pattern for city validation. Default: /^[\p{L}\p{M}\s\-\.\'\&\[\]\(\):]{1,100}$/u - - security_regex_enabled - 1 - - /^[\p{L}\p{M}\s\-\.\'\&\[\]\(\):]{1,100}$/u - - - - Custom regex pattern for name validation. Default: /(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u - - security_regex_enabled - 1 - - /(?:[\p{L}\p{M}\,\-\_\.\'’`&\s\d]){1,255}+/u - - - - Custom regex pattern for telephone validation. Default: /(?:[\d\s\+\-\()\/]{1,30})/u - - security_regex_enabled - 1 - - /(?:[\d\s\+\-\()\/]{1,30})/u - - - - Custom regex pattern for street validation. Default: /^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u - - security_regex_enabled - 1 - - /^[\p{L}\p{M}\,\-\.\'’`&\s\d\[\]\(\)]{1,255}$/u - - - - Magento\Config\Model\Config\Source\Yesno - Activate the extended regex function to limit code injection. -