Merge branch '2.2-develop' of github.com:magento/magento2 into 2.2-develop-dbmediastorage3

Author: sivaschenko

.github/PULL_REQUEST_TEMPLATE.md

@@ -35,4 +35,4 @@
  - [ ] Pull request has a meaningful description of its purpose
  - [ ] All commits are accompanied by meaningful commit messages
  - [ ] All new or changed code is covered with unit/integration tests (if applicable)
- - [ ] All automated tests passed successfully (all builds on Travis CI are green)
+ - [ ] All automated tests passed successfully (all builds are green)

.gitignore

@@ -49,6 +49,8 @@ atlassian*
 /pub/media/import/*
 !/pub/media/import/.htaccess
 /pub/media/logo/*
+/pub/media/custom_options/*
+!/pub/media/custom_options/.htaccess
 /pub/media/theme/*
 /pub/media/theme_customization/*
 !/pub/media/theme_customization/.htaccess

.htaccess

@@ -29,6 +29,8 @@
 
 ############################################
 ## default index file
+## Specifies option, to use methods arguments in backtrace or not
+    SetEnv MAGE_DEBUG_SHOW_ARGS 1
 
     DirectoryIndex index.php
 
@@ -364,6 +366,15 @@
             Require all denied
         </IfVersion>
     </Files>
+    <Files .user.ini>
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
+    </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
 ErrorDocument 404 /pub/errors/404.php

.htaccess.sample

@@ -341,6 +341,15 @@
             Require all denied
         </IfVersion>
     </Files>
+    <Files .user.ini>
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
+    </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
 ErrorDocument 404 /pub/errors/404.php

.travis.yml .travis.yml.sample.travis.yml renamed to .travis.yml.sample

@@ -1,4 +1,3 @@
-[![Build Status](https://travis-ci.org/magento/magento2.svg?branch=2.2-develop)](https://travis-ci.org/magento/magento2)
 [![Open Source Helpers](https://www.codetriage.com/magento/magento2/badges/users.svg)](https://www.codetriage.com/magento/magento2)
 [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/magento/magento2?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/magento-2/localized.png)](https://crowdin.com/project/magento-2)

CHANGELOG.md

@@ -8,6 +8,7 @@
  * Environment initialization
  */
 error_reporting(E_ALL);
+stream_wrapper_unregister('phar');
 #ini_set('display_errors', 1);
 
 /* PHP version validation */

README.md

@@ -8,6 +8,9 @@
 
 namespace Magento\AdminNotification\Block\Grid\Renderer;
 
+/**
+ * Renderer class for action in the admin notifications grid.
+ */
 class Actions extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\AbstractRenderer
 {
     /**
@@ -37,19 +40,23 @@ public function __construct(
      */
     public function render(\Magento\Framework\DataObject $row)
     {
-        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' . $row->getUrl() . '">' .
+        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' .
+            $this->escapeUrl($row->getUrl())
+            . '">' .
             __('Read Details') . '</a>' : '';
 
-        $markAsReadHtml = !$row->getIsRead() ? '<a class="action-mark" href="' . $this->getUrl(
-            '*/*/markAsRead/',
-            ['_current' => true, 'id' => $row->getId()]
-        ) . '">' . __(
-            'Mark as Read'
-        ) . '</a>' : '';
+        $markAsReadHtml = !$row->getIsRead() ? '<a class="action-mark" href="' .
+            $this->getUrl(
+                '*/*/markAsRead/',
+                ['_current' => true, 'id' => $row->getId()]
+            ) . '">' . __(
+                'Mark as Read'
+            ) . '</a>' : '';
 
         $encodedUrl = $this->_urlHelper->getEncodedUrl();
         return sprintf(
-            '%s%s<a class="action-delete" href="%s" onClick="deleteConfirm(\'%s\', this.href); return false;">%s</a>',
+            '%s%s<a class="action-delete" href="%s" onclick="deleteConfirm(\'%s\', this.href, {data: {}});' .
+            ' return false;">%s</a>',
             $readDetailsHtml,
             $markAsReadHtml,
             $this->getUrl(

app/bootstrap.php

@@ -25,6 +25,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +82,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param \Magento\Framework\Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,7 +96,8 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
         $this->_backendConfig    = $backendConfig;
@@ -99,12 +106,16 @@ public function __construct(
         $this->_deploymentConfig = $deploymentConfig;
         $this->productMetadata   = $productMetadata;
         $this->urlBuilder        = $urlBuilder;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -255,6 +266,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }