Merge pull request #23 from magento/2.1-develop

latest 2.1 develop

Author: mageprince

.gitignore

@@ -23,6 +23,8 @@ atlassian*
 /lib/internal/flex/varien/.settings
 /node_modules
 /.grunt
+/Gruntfile.js
+/package.json
 
 /pub/media/*.*
 !/pub/media/.htaccess

.htaccess

@@ -1,13 +1,13 @@
 # All explanations you could find in .htaccess.sample file
 DirectoryIndex index.php
 <IfModule mod_php5.c>
-    php_value memory_limit 768M
+    php_value memory_limit 756M
     php_value max_execution_time 18000
     php_flag session.auto_start off
     php_flag suhosin.session.cryptua off
 </IfModule>
 <IfModule mod_php7.c>
-    php_value memory_limit 768M
+    php_value memory_limit 756M
     php_value max_execution_time 18000
     php_flag session.auto_start off
     php_flag suhosin.session.cryptua off
@@ -106,6 +106,10 @@ DirectoryIndex index.php
         order allow,deny
         deny from all
     </Files>
+    <Files auth.json>
+       order allow,deny
+       deny from all
+    </Files>
     <Files magento_umask>
         order allow,deny
         deny from all

.htaccess.sample

@@ -36,7 +36,7 @@ DirectoryIndex index.php
 ############################################
 ## adjust memory limit
 
-    php_value memory_limit 768M
+    php_value memory_limit 756M
     php_value max_execution_time 18000
 
 ############################################
@@ -59,7 +59,7 @@ DirectoryIndex index.php
 ############################################
 ## adjust memory limit
 
-    php_value memory_limit 768M
+    php_value memory_limit 756M
     php_value max_execution_time 18000
 
 ############################################
@@ -270,6 +270,10 @@ DirectoryIndex index.php
         order allow,deny
         deny from all
     </Files>
+    <Files auth.json>
+       order allow,deny
+       deny from all
+    </Files>
     <Files magento_umask>
         order allow,deny
         deny from all

.php_cs

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 

.user.ini

@@ -1,4 +1,4 @@
-memory_limit = 768M
+memory_limit = 756M
 max_execution_time = 18000
 session.auto_start = off
 suhosin.session.cryptua = off

CHANGELOG.md

@@ -29,3 +29,8 @@ If you are a new GitHub user, we recommend that you create your own [free github
 3. Create and test your work.
 4. Fork the Magento 2 repository according to [Fork a repository instructions](http://devdocs.magento.com/guides/v2.0/contributor-guide/contributing.html#fork) and when you are ready to send us a pull request – follow [Create a pull request instructions](http://devdocs.magento.com/guides/v2.0/contributor-guide/contributing.html#pull_request).
 5. Once your contribution is received, Magento 2 development team will review the contribution and collaborate with you as needed to improve the quality of the contribution.
+
+## Code of Conduct
+
+Please note that this project is released with a Contributor Code of Conduct. We expect you to agree to its terms when participating in this project.
+The full text is available in the repository [Wiki](https://github.com/magento/magento2/wiki/Magento-Code-of-Conduct).

CONTRIBUTING.md

@@ -1,3 +1,5 @@
+Copyright © 2013-present Magento, Inc.
+
 Each Magento source file included in this distribution is licensed under OSL 3.0 or the Magento Enterprise Edition (MEE) license
 
 http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)

COPYING.txt

@@ -1,5 +1,5 @@
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 

Gruntfile.js.sample

@@ -1,7 +1,8 @@
-[![Build Status](https://travis-ci.org/magento/magento2.svg?branch=develop)](https://travis-ci.org/magento/magento2)
+[![Build Status](https://travis-ci.org/magento/magento2.svg?branch=2.1-develop)](https://travis-ci.org/magento/magento2)
+[![Open Source Helpers](https://www.codetriage.com/magento/magento2/badges/users.svg)](https://www.codetriage.com/magento/magento2)
 [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/magento/magento2?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 <h2>Welcome</h2>
-Welcome to Magento 2 installation! We're glad you chose to install Magento 2, a cutting edge, feature-rich eCommerce solution that gets results.
+Welcome to Magento 2 installation! We're glad you chose to install Magento 2, a cutting-edge, feature-rich eCommerce solution that gets results.
 
 The installation instructions that used to be here are now published on our GitHub site. Use the information on this page to get started or go directly to the <a href="http://devdocs.magento.com/guides/v2.0/install-gde/bk-install-guide.html" target="_blank">guide</a>.
 
@@ -73,9 +74,22 @@ To suggest documentation improvements, click [here][4].
 [3]: <https://github.com/magento/magento2/issues>
 [4]: <http://devdocs.magento.com>
 
+<h3>Community Maintainers</h3>
+The members of this team have been recognized for their outstanding commitment to maintaining and improving Magento. Magento has granted them permission to accept, merge, and reject pull requests, as well as review issues, and thanks these Community Maintainers for their valuable contributions.
+
+<a href="https://magento.com/magento-contributors#maintainers">
+    <img src="https://raw.githubusercontent.com/wiki/magento/magento2/images/maintainers.png"/>
+</a>
+
+<h3>Top Contributors</h3>
+Magento is thankful for any contribution that can improve our code base, documentation or increase test coverage. We always recognize our most active members, as their contributions are the foundation of the Magento Open Source platform.
+<a href="https://magento.com/magento-contributors">
+    <img src="https://raw.githubusercontent.com/wiki/magento/magento2/images/contributors.png"/>
+</a>
+
 <h2>Reporting security issues</h2>
 
-To report security vulnerabilities in Magento software or web sites, please e-mail <a href="mailto:[email protected]">[email protected]</a>. Please do not report security issues using GitHub. Be sure to encrypt your e-mail with our <a href="https://info2.magento.com/rs/magentoenterprise/images/security_at_magento.asc">encryption key</a> if it includes sensitive information. Learn more about reporting security issues <a href="https://magento.com/security/reporting-magento-security-issue">here</a>.
+To report security vulnerabilities in Magento software or web sites, please create a Bugcrowd researcher account <a href="https://bugcrowd.com/magento">there</a> to submit and follow-up your issue. Learn more about reporting security issues <a href="https://magento.com/security/reporting-magento-security-issue">here</a>.
 
 Stay up-to-date on the latest vulnerabilities and patches for Magento by signing up for <a href="https://magento.com/security/sign-up">Security Alert Notifications</a>.
 

README.md

@@ -2,7 +2,7 @@
 /**
  * Register basic autoloader that uses include path
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 use Magento\Framework\Autoload\AutoloaderRegistry;
@@ -35,6 +35,3 @@
 }
 
 AutoloaderRegistry::registerAutoloader(new ClassLoaderWrapper($composerAutoloader));
-
-// Sets default autoload mappings, may be overridden in Bootstrap::create
-\Magento\Framework\App\Bootstrap::populateAutoloader(BP, []);

app/autoload.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 
@@ -28,6 +28,9 @@
 }
 
 require_once __DIR__ . '/autoload.php';
+// Sets default autoload mappings, may be overridden in Bootstrap::create
+\Magento\Framework\App\Bootstrap::populateAutoloader(BP, []);
+
 require_once BP . '/app/functions.php';
 
 /* Custom umask value may be provided in optional mage_umask file in root */

app/bootstrap.php

@@ -2,7 +2,7 @@
 /**
  * Adminhtml AdminNotification Severity Renderer
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 

app/code/Magento/AdminNotification/Block/Grid/Renderer/Actions.php

@@ -2,7 +2,7 @@
 /**
  * Adminhtml AdminNotification Severity Renderer
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block\Grid\Renderer;

app/code/Magento/AdminNotification/Block/Grid/Renderer/Notice.php

@@ -2,7 +2,7 @@
 /**
  * Adminhtml AdminNotification Severity Renderer
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block\Grid\Renderer;

app/code/Magento/AdminNotification/Block/Grid/Renderer/Severity.php

@@ -2,7 +2,7 @@
 /**
  * Adminhtml AdminNotification inbox grid
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block;

app/code/Magento/AdminNotification/Block/Inbox.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block\System;

app/code/Magento/AdminNotification/Block/System/Messages.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block\System\Messages;

app/code/Magento/AdminNotification/Block/System/Messages/UnreadMessagePopup.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 

app/code/Magento/AdminNotification/Block/ToolbarEntry.php

@@ -2,7 +2,7 @@
 /**
  * Critical notification window
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Block;

app/code/Magento/AdminNotification/Block/Window.php

@@ -2,7 +2,7 @@
 /**
  * Adminhtml AdminNotification controller
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/AjaxMarkAsRead.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/Index.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MarkAsRead.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MassMarkAsRead.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;
@@ -39,6 +39,6 @@ public function execute()
                 $this->messageManager->addException($e, __("We couldn't remove the messages because of an error."));
             }
         }
-        $this->getResponse()->setRedirect($this->_redirect->getRedirectUrl($this->getUrl('*')));
+        $this->_redirect('adminhtml/*/');
     }
 }

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/MassRemove.php

@@ -1,7 +1,7 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\Notification;

app/code/Magento/AdminNotification/Controller/Adminhtml/Notification/Remove.php

@@ -1,13 +1,20 @@
 <?php
 /**
  *
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Controller\Adminhtml\System\Message;
 
 class ListAction extends \Magento\Backend\App\AbstractAction
 {
+    /**
+     * Authorization level of a basic admin session.
+     *
+     * @see _isAllowed()
+     */
+    const ADMIN_RESOURCE = 'Magento_AdminNotification::show_list';
+
     /**
      * @var \Magento\Framework\Json\Helper\Data
      */
@@ -54,8 +61,10 @@ public function execute()
         if (empty($result)) {
             $result[] = [
                 'severity' => (string)\Magento\Framework\Notification\MessageInterface::SEVERITY_NOTICE,
-                'text' => 'You have viewed and resolved all recent system notices. '
-                    . 'Please refresh the web page to clear the notice alert.',
+                'text' => __(
+                    'You have viewed and resolved all recent system notices. '
+                    . 'Please refresh the web page to clear the notice alert.'
+                )
             ];
         }
         $this->getResponse()->representJson($this->jsonHelper->jsonEncode($result));

app/code/Magento/AdminNotification/Controller/Adminhtml/System/Message/ListAction.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Model\Config\Source;

app/code/Magento/AdminNotification/Model/Config/Source/Frequency.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Model;
@@ -146,9 +146,9 @@ public function checkUpdate()
                     $feedData[] = [
                         'severity' => (int)$item->severity,
                         'date_added' => date('Y-m-d H:i:s', $itemPublicationDate),
-                        'title' => (string)$item->title,
-                        'description' => (string)$item->description,
-                        'url' => (string)$item->link,
+                        'title' => $this->escapeString($item->title),
+                        'description' => $this->escapeString($item->description),
+                        'url' => $this->escapeString($item->link),
                     ];
                 }
             }
@@ -244,4 +244,15 @@ public function getFeedXml()
 
         return $xml;
     }
+
+    /**
+     * Converts incoming data to string format and escapes special characters.
+     *
+     * @param \SimpleXMLElement $data
+     * @return string
+     */
+    private function escapeString(\SimpleXMLElement $data)
+    {
+        return htmlspecialchars((string)$data);
+    }
 }

app/code/Magento/AdminNotification/Model/Feed.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * Copyright © 2013-2017 Magento, Inc. All rights reserved.
+ * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\AdminNotification\Model;