Merge pull request #105 from magento-ogre/PR_Branch

[Ogres] Bug Fixes

Author: Kopylova,Olga(okopylova)

app/code/Magento/Theme/Model/Theme/ThemeDependencyChecker.php

@@ -115,6 +115,8 @@ public function checkChildTheme($themePaths)
     private function getParentChildThemeMap()
     {
         $map = [];
+        $this->themeCollection->resetConstraints();
+        $this->themeCollection->clear();
         /** @var \Magento\Theme\Model\Theme\Data $theme */
         foreach ($this->themeCollection as $theme) {
             if ($theme->getParentTheme()) {

lib/internal/Magento/Framework/App/Router/ActionList.php

@@ -10,18 +10,18 @@
 
 class ActionList
 {
+    /**
+     * Not allowed string in route's action path to avoid disclosing admin url
+     */
+    const NOT_ALLOWED_IN_NAMESPACE_PATH = 'adminhtml_';
+
     /**
      * List of application actions
      *
      * @var array
      */
     protected $actions;
 
-    /**
-     * @var ModuleReader
-     */
-    protected $moduleReader;
-
     /**
      * @var array
      */
@@ -52,9 +52,8 @@ public function __construct(
         $this->reservedWords = array_merge($reservedWords, $this->reservedWords);
         $this->actionInterface = $actionInterface;
         $data = $cache->load($cacheKey);
-        $this->moduleReader = $moduleReader;
         if (!$data) {
-            $this->actions = $this->moduleReader->getActionFiles();
+            $this->actions = $moduleReader->getActionFiles();
             $cache->save(serialize($this->actions), $cacheKey);
         } else {
             $this->actions = unserialize($data);
@@ -75,20 +74,19 @@ public function get($module, $area, $namespace, $action)
         if ($area) {
             $area = '\\' . $area;
         }
+        if (strpos($namespace, self::NOT_ALLOWED_IN_NAMESPACE_PATH) !== false) {
+            return null;
+        }
         if (in_array(strtolower($action), $this->reservedWords)) {
             $action .= 'action';
         }
-        $fullPath = str_replace(
-            '_',
-            '\\',
-            strtolower(
-                $module . '\\controller' . $area . '\\' . $namespace . '\\' . $action
-            )
+        $fullPath = strtolower(
+            str_replace('_', '\\', $module) . '\\controller' . $area
+            . '\\' . str_replace('_', '\\', $namespace) . '\\' . $action
         );
         if (isset($this->actions[$fullPath])) {
             return is_subclass_of($this->actions[$fullPath], $this->actionInterface) ? $this->actions[$fullPath] : null;
         }
-
         return null;
     }
 }

lib/internal/Magento/Framework/App/Test/Unit/Router/ActionListTest.php

@@ -142,6 +142,14 @@ public function getDataProvider()
                 ['magento\module\controller\area\namespace\catchaction' => $mockClassName],
                 $actionClass
             ],
+            [
+                'Magento_Module',
+                'Area',
+                'Namespace_A',
+                'Index_edit',
+                ['magento\module\controller\area\namespace\a\index_edit' => $mockClassName],
+                $actionClass
+            ],
             [
                 'Magento_Module',
                 'Area',
@@ -158,6 +166,14 @@ public function getDataProvider()
                 [],
                 null
             ],
+            [
+                'Magento_Module',
+                null,
+                'adminhtml_product',
+                'index',
+                'magento\module\controller\adminhtml\product\index' => '$mockClassName',
+                null
+            ],
         ];
     }
 }

nginx.conf.sample

@@ -39,6 +39,10 @@ location /setup {
     location ~ ^/setup/(?!pub/). {
         deny all;
     }
+
+    location ~ ^/setup/pub/ {
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
 }
 
 location /update {
@@ -55,6 +59,10 @@ location /update {
     location ~ ^/update/(?!pub/). {
         deny all;
     }
+
+    location ~ ^/update/pub/ {
+        add_header X-Frame-Options "SAMEORIGIN";
+    }
 }
 
 location / {
@@ -66,6 +74,7 @@ location /pub {
         deny all;
     }
     alias $MAGE_ROOT/pub;
+    add_header X-Frame-Options "SAMEORIGIN";
 }
 
 location /static/ {
@@ -74,6 +83,7 @@ location /static/ {
     }
     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
         add_header Cache-Control "public";
+        add_header X-Frame-Options "SAMEORIGIN";
         expires +1y;
 
         if (!-f $request_filename) {
@@ -82,6 +92,7 @@ location /static/ {
     }
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
         add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN";
         expires    off;
 
         if (!-f $request_filename) {
@@ -91,6 +102,7 @@ location /static/ {
     if (!-f $request_filename) {
         rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last;
     }
+    add_header X-Frame-Options "SAMEORIGIN";
 }
 
 location /media/ {
@@ -102,14 +114,17 @@ location /media/ {
 
     location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ {
         add_header Cache-Control "public";
+        add_header X-Frame-Options "SAMEORIGIN";
         expires +1y;
         try_files $uri $uri/ /get.php?$args;
     }
     location ~* \.(zip|gz|gzip|bz2|csv|xml)$ {
         add_header Cache-Control "no-store";
+        add_header X-Frame-Options "SAMEORIGIN";
         expires    off;
         try_files $uri $uri/ /get.php?$args;
     }
+    add_header X-Frame-Options "SAMEORIGIN";
 }
 
 location /media/customer/ {

pub/.htaccess

@@ -208,3 +208,9 @@
         order allow,deny
         deny from all
     </Files>
+
+<IfModule mod_headers.c>
+    ############################################
+    ## prevent clickjacking
+    Header set X-Frame-Options SAMEORIGIN
+</IfModule>

setup/config/states.installer.config.php renamed to setup/config/states.install.config.php

@@ -8,7 +8,7 @@
 
 return [
     'navInstallerTitles' => [
-        'installer'    => 'Magento Installer',
+        'install'    => 'Magento Installer',
     ],
     'navInstaller' => [
         [
@@ -24,39 +24,39 @@
             'main'        => true,
             'nav'         => false,
             'order'       => -1,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
-            'id'          => 'root.landing-installer',
-            'url'         => 'landing-installer',
+            'id'          => 'root.landing-install',
+            'url'         => 'landing-install',
             'templateUrl' => "$base/landing-installer",
             'title'       => 'Landing',
             'controller'  => 'landingController',
             'main'        => true,
             'default'     => true,
             'order'       => 0,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
-            'id'          => 'root.readiness-check-installer',
-            'url'         => 'readiness-check-installer',
+            'id'          => 'root.readiness-check-install',
+            'url'         => 'readiness-check-install',
             'templateUrl' => "{$base}/readiness-check-installer",
             'title'       => "Readiness \n Check",
             'header'      => 'Step 1: Readiness Check',
             'nav'         => true,
             'order'       => 1,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
-            'id'          => 'root.readiness-check-installer.progress',
-            'url'         => 'readiness-check-installer/progress',
+            'id'          => 'root.readiness-check-install.progress',
+            'url'         => 'readiness-check-install/progress',
             'templateUrl' => "{$base}/readiness-check-installer/progress",
             'title'       => 'Readiness Check',
             'header'      => 'Step 1: Readiness Check',
             'controller'  => 'readinessCheckController',
             'nav'         => false,
             'order'       => 2,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.add-database',
@@ -68,7 +68,7 @@
             'nav'         => true,
             'validate'    => true,
             'order'       => 3,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.web-configuration',
@@ -80,7 +80,7 @@
             'nav'         => true,
             'validate'    => true,
             'order'       => 4,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.customize-your-store',
@@ -91,7 +91,7 @@
             'controller'  => 'customizeYourStoreController',
             'nav'         => true,
             'order'       => 5,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.create-admin-account',
@@ -103,7 +103,7 @@
             'nav'         => true,
             'validate'    => true,
             'order'       => 6,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.install',
@@ -114,7 +114,7 @@
             'controller'  => 'installController',
             'nav'         => true,
             'order'       => 7,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
         [
             'id'          => 'root.success',
@@ -123,7 +123,7 @@
             'controller'  => 'successController',
             'main'        => true,
             'order'       => 8,
-            'type'        => 'installer'
+            'type'        => 'install'
         ],
     ],
 ];

setup/pub/.htaccess

@@ -0,0 +1,5 @@
+<IfModule mod_headers.c>
+    ############################################
+    ## prevent clickjacking
+    Header set X-Frame-Options SAMEORIGIN
+</IfModule>

setup/pub/magento/setup/component-grid.js

@@ -117,7 +117,12 @@ angular.module('component-grid', ['ngStorage'])
                 if ($localStorage.titles['update'].indexOf(component.moduleName) < 0 ) {
                     $localStorage.titles['update'] = 'Update ' + component.moduleName;
                 }
-                $localStorage.moduleName = component.moduleName;
+                if (component.moduleName) {
+                    $localStorage.moduleName = component.moduleName;
+                } else {
+                    $localStorage.moduleName = component.name;
+                }
+
                 $scope.nextState();
             };
 
@@ -131,7 +136,11 @@ angular.module('component-grid', ['ngStorage'])
                     $localStorage.titles['uninstall'] = 'Uninstall ' + component.moduleName;
                 }
                 $localStorage.componentType = component.type;
-                $localStorage.moduleName = component.moduleName;
+                if (component.moduleName) {
+                    $localStorage.moduleName = component.moduleName;
+                } else {
+                    $localStorage.moduleName = component.name;
+                }
                 $state.go('root.readiness-check-uninstall');
             };
 

setup/pub/magento/setup/landing.js

@@ -10,7 +10,6 @@ angular.module('landing', ['ngStorage'])
         '$location',
         '$localStorage',
         function ($scope, $location, $localStorage) {
-            $localStorage.$reset();
             $scope.selectLanguage = function () {
                 $localStorage.lang = $scope.modelLanguage;
                 window.location = 'index.php/' + $scope.modelLanguage + '/index';

setup/pub/magento/setup/main.js

@@ -83,8 +83,8 @@ main.controller('navigationController',
         }
 
         $scope.goToStart = function() {
-            if ($state.current.type === 'installer') {
-                $state.go('root.landing-installer');
+            if ($state.current.type === 'install') {
+                $state.go('root.landing-install');
             } else if ($state.current.type === 'upgrade') {
                 $state.go('root.upgrade');
             } else {
@@ -103,6 +103,7 @@ main.controller('navigationController',
         mainState: {},
         states: [],
         load: function () {
+            $localStorage.$reset();
             var self = this;
             return $http.get('index.php/navigation').success(function (data) {
                 var currentState = $location.path().replace('/', '');

setup/pub/magento/setup/readiness-check.js

@@ -156,7 +156,9 @@ angular.module('readiness-check', [])
                 process: function(data) {
                     $scope.extensions.processed = true;
                     angular.extend($scope.extensions, data);
-                    $scope.extensions.length = Object.keys($scope.extensions.data.required).length;
+                    if(data.responseType !== 'error') {
+                        $scope.extensions.length = Object.keys($scope.extensions.data.required).length;
+                    }
                     $scope.updateOnProcessed($scope.extensions.responseType);
                     $scope.stopProgress();
                 },
@@ -334,4 +336,27 @@ angular.module('readiness-check', [])
                 $scope.progress();
             }
         });
+
+        $scope.wordingOfReadinessCheckAction = function() {
+            var $actionString = 'We\'re making sure your server environment is ready for ';
+            if ($localStorage.moduleName) {
+                $actionString += $localStorage.moduleName;
+            } else {
+                if($state.current.type === 'install' || $state.current.type === 'upgrade') {
+                    $actionString += 'Magento';
+                    if ($state.current.type === 'upgrade' && $localStorage.packages.length > 1 ) {
+                        $actionString += ' and selected components';
+                    }
+                } else {
+                    $actionString += 'package';
+                }
+            }
+            $actionString += " to be " + $state.current.type;
+            if ($scope.endsWith($state.current.type, 'e')) {
+                $actionString += 'd';
+            } else {
+                $actionString +='ed';
+            }
+            return $actionString;
+        }
     }]);