Closed rhoerr closed 2 months ago
This PR pulls the changes from 2.4.7-p1 vs 2.4.7 onto 2.4-develop (which as of yet does not have them merged in). This is important for security reasons.
I sourced the change list from https://github.com/magento/magento2/compare/2.4.7..2.4.7-p1 with all composer.json changes removed. Summary:
From eb97966a18b85979120cd96ef8daa5d374c51a1b Mon Sep 17 00:00:00 2001 From: Ryan Hoerr <rhoerr@users.noreply.github.com> Date: Sun, 7 Jul 2024 15:58:01 -0400 Subject: [PATCH] Security changes from upstream 2.4.7-p1 --- ...roductImagesAssignedDifferentRolesTest.xml | 2 +- .../Customer/Model/Plugin/UpdateCustomer.php | 17 ++- .../Controller/Rest/ValidateCustomerData.php | 56 -------- .../Rest/ValidateCustomerDataTest.php | 123 ------------------ .../Magento/Customer/etc/webapi_rest/di.xml | 3 - .../Quote/Model/BillingAddressManagement.php | 4 - .../Quote/Model/QuoteAddressValidator.php | 28 +--- .../Magento/Quote/Plugin/QuoteAddress.php | 67 ++++++++++ .../Quote/Plugin/ValidateQuoteOrigOrder.php | 65 +++++++++ .../Controller/Rest/ValidateQuoteData.php | 56 -------- .../Controller/Rest/ValidateQuoteDataTest.php | 114 ---------------- app/code/Magento/Quote/etc/webapi_rest/di.xml | 5 +- app/code/Magento/Quote/i18n/en_US.csv | 1 + app/code/Magento/Sales/Helper/Admin.php | 78 ----------- .../templates/order/comments/view.phtml | 20 +-- app/code/Magento/Ups/Model/Carrier.php | 27 +++- .../Controller/Rest/InputParamsResolver.php | 22 ++++ .../adminhtml/Magento/backend/i18n/en_US.csv | 1 + .../frontend/Magento/blank/i18n/en_US.csv | 1 + .../frontend/Magento/luma/i18n/en_US.csv | 1 + composer.json | 2 +- .../Customer/Api/CustomerRepositoryTest.php | 32 ++--- .../Sales/RetrieveOrdersByOrderNumberTest.php | 18 +-- .../Plugin/CustomerAfterPluginTest.php | 26 ++-- .../ByQuantityAndStockStatusTest.php | 4 +- .../ByProductModel/ByStockDataTest.php | 4 +- .../ByProductModel/ByStockItemTest.php | 8 +- .../ByQuantityAndStockStatusTest.php | 4 +- .../Wysiwyg/Images/DeleteFilesTest.php | 2 + .../Magento/Sales/Helper/AdminTest.php | 4 +- .../Filesystem/Directory/PathValidator.php | 2 +- .../Test/Unit/Directory/PathValidatorTest.php | 6 +- .../Webapi/ServiceInputProcessor.php | 6 + 33 files changed, 270 insertions(+), 539 deletions(-) delete mode 100644 app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php delete mode 100644 app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php create mode 100644 app/code/Magento/Quote/Plugin/QuoteAddress.php create mode 100644 app/code/Magento/Quote/Plugin/ValidateQuoteOrigOrder.php delete mode 100644 app/code/Magento/Quote/Plugin/Webapi/Controller/Rest/ValidateQuoteData.php delete mode 100644 app/code/Magento/Quote/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateQuoteDataTest.php
Someone please check this PR against the source https://github.com/magento/magento2/compare/2.4.7..2.4.7-p1.patch to verify I did not miss anything.
PR looks fine by me, I don't see any issues.
Description (*)
This PR pulls the changes from 2.4.7-p1 vs 2.4.7 onto 2.4-develop (which as of yet does not have them merged in). This is important for security reasons.
I sourced the change list from https://github.com/magento/magento2/compare/2.4.7..2.4.7-p1 with all composer.json changes removed. Summary:
Questions or comments
Someone please check this PR against the source https://github.com/magento/magento2/compare/2.4.7..2.4.7-p1.patch to verify I did not miss anything.
Contribution checklist (*)