magento
diff --git a/‎.github/CONTRIBUTING.md
Lines changed: 18 additions & 6 deletions b/‎.github/CONTRIBUTING.md
Lines changed: 18 additions & 6 deletions
diff --git a/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 7 additions & 2 deletions b/‎.github/PULL_REQUEST_TEMPLATE.md
Lines changed: 7 additions & 2 deletions
diff --git a/‎.gitignore
Lines changed: 2 additions & 0 deletions b/‎.gitignore
Lines changed: 2 additions & 0 deletions
diff --git a/‎.htaccess
Lines changed: 14 additions & 0 deletions b/‎.htaccess
Lines changed: 14 additions & 0 deletions
diff --git a/‎.htaccess.sample
Lines changed: 14 additions & 0 deletions b/‎.htaccess.sample
Lines changed: 14 additions & 0 deletions
diff --git a/‎.travis.yml renamed to ‎.travis.yml.sample b/‎.travis.yml renamed to ‎.travis.yml.sample
diff --git a/‎CHANGELOG.md
Lines changed: 4 additions & 4 deletions b/‎CHANGELOG.md
Lines changed: 4 additions & 4 deletions
diff --git a/‎README.md
Lines changed: 7 additions & 8 deletions b/‎README.md
Lines changed: 7 additions & 8 deletions
diff --git a/‎SECURITY.md
Lines changed: 10 additions & 0 deletions b/‎SECURITY.md
Lines changed: 10 additions & 0 deletions
diff --git a/‎app/bootstrap.php
Lines changed: 3 additions & 0 deletions b/‎app/bootstrap.php
Lines changed: 3 additions & 0 deletions
diff --git a/‎app/code/Magento/AdminNotification/Block/Grid/Renderer/Actions.php
Lines changed: 8 additions & 1 deletion b/‎app/code/Magento/AdminNotification/Block/Grid/Renderer/Actions.php
Lines changed: 8 additions & 1 deletion
diff --git a/‎app/code/Magento/AdminNotification/Model/Feed.php
Lines changed: 20 additions & 7 deletions b/‎app/code/Magento/AdminNotification/Model/Feed.php
Lines changed: 20 additions & 7 deletions
diff --git a/‎app/code/Magento/AdminNotification/Test/Mftf/Data/AdminMenuData.xml
Lines changed: 21 additions & 0 deletions b/‎app/code/Magento/AdminNotification/Test/Mftf/Data/AdminMenuData.xml
Lines changed: 21 additions & 0 deletions
@@ -1,18 +1,23 @@
 # Contributing to Magento 2 code
 
 Contributions to the Magento 2 codebase are done using the fork & pull model.
-This contribution model has contributors maintaining their own copy of the forked codebase (which can easily be synced with the main copy). The forked repository is then used to submit a request to the base repository to “pull” a set of changes. For more information on pull requests please refer to [GitHub Help](https://help.github.com/articles/about-pull-requests/).
+This contribution model has contributors maintaining their own fork of the Magento 2 repository.
+The forked repository is then used to submit a request to the base repository to “pull” a set of changes.
+For more information on pull requests please refer to [GitHub Help](https://help.github.com/articles/about-pull-requests/).
 
 Contributions can take the form of new components or features, changes to existing features, tests, documentation (such as developer guides, user guides, examples, or specifications), bug fixes or optimizations.
 
-The Magento 2 development team will review all issues and contributions submitted by the community of developers in the first in, first out order. During the review we might require clarifications from the contributor. If there is no response from the contributor within two weeks, the pull request will be closed.
+The Magento 2 development team or community maintainers will review all issues and contributions submitted by the community of developers in the first in, first out order.
+During the review we might require clarifications from the contributor.
+If there is no response from the contributor within two weeks, the pull request will be closed.
 
+For more detailed information on contribution please read our [beginners guide](https://github.com/magento/magento2/wiki/Getting-Started).
 
 ## Contribution requirements
 
-1. Contributions must adhere to the [Magento coding standards](https://devdocs.magento.com/guides/v2.2/coding-standards/bk-coding-standards.html).
+1. Contributions must adhere to the [Magento coding standards](https://devdocs.magento.com/guides/v2.3/coding-standards/bk-coding-standards.html).
 2. Pull requests (PRs) must be accompanied by a meaningful description of their purpose. Comprehensive descriptions increase the chances of a pull request being merged quickly and without additional clarification requests.
-3. Commits must be accompanied by meaningful commit messages. Please see the [Magento Pull Request Template](https://github.com/magento/magento2/blob/2.2-develop/.github/PULL_REQUEST_TEMPLATE.md) for more information.
+3. Commits must be accompanied by meaningful commit messages. Please see the [Magento Pull Request Template](https://github.com/magento/magento2/blob/2.3-develop/.github/PULL_REQUEST_TEMPLATE.md) for more information.
 4. PRs which include bug fixes must be accompanied with a step-by-step description of how to reproduce the bug.
 3. PRs which include new logic or new features must be submitted along with:
 * Unit/integration test coverage
@@ -22,15 +27,22 @@ The Magento 2 development team will review all issues and contributions submitte
 
 ## Contribution process
 
-If you are a new GitHub user, we recommend that you create your own [free github account](https://github.com/signup/free). This will allow you to collaborate with the Magento 2 development team, fork the Magento 2 project and send pull requests.
+If you are a new GitHub user, we recommend that you create your own [free github account](https://github.com/signup/free).
+This will allow you to collaborate with the Magento 2 development team, fork the Magento 2 project and send pull requests.
 
 1. Search current [listed issues](https://github.com/magento/magento2/issues) (open or closed) for similar proposals of intended contribution before starting work on a new contribution.
 2. Review the [Contributor License Agreement](https://magento.com/legaldocuments/mca) if this is your first time contributing.
 3. Create and test your work.
-4. Fork the Magento 2 repository according to the [Fork A Repository instructions](https://devdocs.magento.com/guides/v2.2/contributor-guide/contributing.html#fork) and when you are ready to send us a pull request – follow the [Create A Pull Request instructions](https://devdocs.magento.com/guides/v2.2/contributor-guide/contributing.html#pull_request).
+4. Fork the Magento 2 repository according to the [Fork A Repository instructions](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#fork) and when you are ready to send us a pull request – follow the [Create A Pull Request instructions](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#pull_request).
 5. Once your contribution is received the Magento 2 development team will review the contribution and collaborate with you as needed.
 
 ## Code of Conduct
 
 Please note that this project is released with a Contributor Code of Conduct. We expect you to agree to its terms when participating in this project.
 The full text is available in the repository [Wiki](https://github.com/magento/magento2/wiki/Magento-Code-of-Conduct).
+
+## Connecting with Community!
+
+If you have any questions, join us in [#beginners](https://magentocommeng.slack.com/messages/CH8BGFX9D) Slack chat. If you are not on our slack, [click here](http://tinyurl.com/engcom-slack) to join.
+
+Need to find a project? Check out the [Slack Channels](https://github.com/magento/magento2/wiki/Slack-Channels) (with listed project info) and the [Magento Community Portal](https://opensource.magento.com/).
@@ -21,7 +21,6 @@
     There could be 1 or more issues linked here and it will help us find some more information about the reasoning behind this change.
 -->
 1. magento/magento2#<issue_number>: Issue title
-2. ...
 
 ### Manual testing scenarios (*)
 <!---
@@ -31,8 +30,14 @@
 1. ...
 2. ...
 
+### Questions or comments
+<!---
+	If relevant, here you can ask questions or provide comments on your pull request for the reviewer
+	For example if you need assistance with writing tests or would like some feedback on one of your development ideas
+-->
+
 ### Contribution checklist (*)
  - [ ] Pull request has a meaningful description of its purpose
  - [ ] All commits are accompanied by meaningful commit messages
  - [ ] All new or changed code is covered with unit/integration tests (if applicable)
- - [ ] All automated tests passed successfully (all builds on Travis CI are green)
+ - [ ] All automated tests passed successfully (all builds are green)
@@ -48,6 +48,8 @@ atlassian*
 /pub/media/import/*
 !/pub/media/import/.htaccess
 /pub/media/logo/*
+/pub/media/custom_options/*
+!/pub/media/custom_options/.htaccess
 /pub/media/theme/*
 /pub/media/theme_customization/*
 !/pub/media/theme_customization/.htaccess
 
@@ -27,6 +27,11 @@
     #AddType x-mapp-php5 .php
     #AddHandler x-mapp-php5 .php
 
+############################################
+## enable usage of methods arguments in backtrace
+
+    SetEnv MAGE_DEBUG_SHOW_ARGS 1
+
 ############################################
 ## default index file
 
@@ -364,6 +369,15 @@
             Require all denied
         </IfVersion>
     </Files>
+    <Files .user.ini>
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
+    </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
 ErrorDocument 404 /pub/errors/404.php
 
@@ -27,6 +27,11 @@
     #AddType x-mapp-php5 .php
     #AddHandler x-mapp-php5 .php
 
+############################################
+## enable usage of methods arguments in backtrace
+
+    SetEnv MAGE_DEBUG_SHOW_ARGS 1
+
 ############################################
 ## default index file
 
@@ -341,6 +346,15 @@
             Require all denied
         </IfVersion>
     </Files>
+    <Files .user.ini>
+        <IfVersion < 2.4>
+            order allow,deny
+            deny from all
+        </IfVersion>
+        <IfVersion >= 2.4>
+            Require all denied
+        </IfVersion>
+    </Files>
 
 # For 404s and 403s that aren't handled by the application, show plain 404 response
 ErrorDocument 404 /pub/errors/404.php
 
@@ -626,7 +626,7 @@ Tests:
     * Fixed an issue where filters were not shown on product reviews report grid
     * Fixed an issue where second customer address was not deleted from customer account
     * Fixed an issue where custom options pop-up was still displayed after submit
-    * Fixed an issue where Second Product was not added to Shopping Cart from Wishlist at first atempt
+    * Fixed an issue where Second Product was not added to Shopping Cart from Wishlist at first attempt
     * Fixed an issue where customer invalid email message was not displayed
     * Fixed an issue where All Access Tokens for Customer without Tokens could not be revoked
     * Fixed an issue where it was impossible to add Product to Shopping Cart from shared Wishlist
@@ -785,7 +785,7 @@ Tests:
     * Refactored controller actions in the Product area
     * Moved commands cache.php, indexer.php, log.php, test.php, compiler.php, singletenant\_compiler.php, generator.php, pack.php, deploy.php and file\_assembler.php to the new bin/magento CLI framework
 * Data Migration Tool
-    * The Data Migraiton Tool is published in the separate [repository](https://github.com/magento/data-migration-tool-ce "Data Migration Tool repository")
+    * The Data Migration Tool is published in the separate [repository](https://github.com/magento/data-migration-tool-ce "Data Migration Tool repository")
 * Fixed bugs
     * Fixed an issue where error appeared during placing order with virtual product
     * Fixed an issue where billing and shipping sections didn't contain address information on order print
@@ -4136,7 +4136,7 @@ Tests:
   * Moved Multishipping functionality to newly created module Multishipping
   * Extracted Product duplication behavior from Product model to Product\Copier model
   * Replaced event "catalog_model_product_duplicate" with composite Product\Copier model
-  * Replaced event "catalog_product_prepare_save" with controller product initialization helper that can be customozed via plugins
+  * Replaced event "catalog_product_prepare_save" with controller product initialization helper that can be customized via plugins
   * Consolidated Authorize.Net functionality in single module Authorizenet
   * Eliminated dependency of Sales module on Shipping and Usa modules
   * Eliminated dependency of Shipping module on Customer module
@@ -4335,7 +4335,7 @@ Tests:
   * Fixed order placing with virtual product using Express Checkout
   * Fixed the error during order placement with Recurring profile payment
   * Fixed wrong redirect after customer registration during multishipping checkout
-  * Fixed inability to crate shipping labels
+  * Fixed inability to create shipping labels
   * Fixed inability to switch language, if the default language is English
   * Fixed an issue with incorrect XML appearing in cache after some actions on the frontend
   * Fixed product export
 
@@ -1,18 +1,17 @@
-[![Build Status](https://travis-ci.org/magento/magento2.svg?branch=2.3-develop)](https://travis-ci.org/magento/magento2)
 [![Open Source Helpers](https://www.codetriage.com/magento/magento2/badges/users.svg)](https://www.codetriage.com/magento/magento2)
 [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/magento/magento2?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 [![Crowdin](https://d322cqt584bo4o.cloudfront.net/magento-2/localized.svg)](https://crowdin.com/project/magento-2)
 <h2>Welcome</h2>
 Welcome to Magento 2 installation! We're glad you chose to install Magento 2, a cutting-edge, feature-rich eCommerce solution that gets results.
 
-## Magento system requirements
-[Magento system requirements](https://devdocs.magento.com/guides/v2.3/install-gde/system-requirements2.html).
+## Magento System Requirements
+[Magento System Requirements](https://devdocs.magento.com/guides/v2.3/install-gde/system-requirements.html).
 
 ## Install Magento
 
-*	[Installation guide](https://devdocs.magento.com/guides/v2.3/install-gde/bk-install-guide.html).
+*	[Installation Guide](https://devdocs.magento.com/guides/v2.3/install-gde/bk-install-guide.html).
 
-<h2>Contributing to the Magento 2 code base</h2>
+<h2>Contributing to the Magento 2 Code Base</h2>
 Contributions can take the form of new components or features, changes to existing features, tests, documentation (such as developer guides, user guides, examples, or specifications), bug fixes, optimizations, or just good suggestions.
 
 To learn about how to make a contribution, click [here][1].
@@ -39,13 +38,13 @@ Magento is thankful for any contribution that can improve our code base, documen
     <img src="https://raw.githubusercontent.com/wiki/magento/magento2/images/contributors.png"/>
 </a>
 
-### Labels applied by the Magento team
+### Labels Applied by the Magento Team
 We apply labels to public Pull Requests and Issues to help other participants retrieve additional information about current progress, component assignments, Magento release lines, and much more.
 Please review the [Code Contributions guide](https://devdocs.magento.com/guides/v2.3/contributor-guide/contributing.html#labels) for detailed information on labels used in Magento 2 repositories.
 
-## Reporting security issues
+## Reporting Security Issues
 
-To report security vulnerabilities in Magento software or web sites, please create a Bugcrowd researcher account [there](https://bugcrowd.com/magento) to submit and follow-up your issue. Learn more about reporting security issues [here](https://magento.com/security/reporting-magento-security-issue).
+To report security vulnerabilities or learn more about reporting security issues in Magento software or web sites visit the [Magento Bug Bounty Program](https://hackerone.com/magento) on hackerone. Please create a hackerone account [there](https://hackerone.com/magento) to submit and follow-up your issue.
 
 Stay up-to-date on the latest security news and patches for Magento by signing up for [Security Alert Notifications](https://magento.com/security/sign-up).
 
 
@@ -0,0 +1,10 @@
+# Reporting Security Issues
+
+Magento values the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants. 
+
+## Where should I report security issues?
+
+We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `[email protected]` with details and repro steps.  
+
+## Learning More About Security
+To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).
@@ -8,6 +8,9 @@
  * Environment initialization
  */
 error_reporting(E_ALL);
+if (in_array('phar', \stream_get_wrappers())) {
+    stream_wrapper_unregister('phar');
+}
 #ini_set('display_errors', 1);
 
 /* PHP version validation */
 
@@ -8,6 +8,11 @@
 
 namespace Magento\AdminNotification\Block\Grid\Renderer;
 
+/**
+ * Renderer class for action in the admin notifications grid
+ *
+ * @package Magento\AdminNotification\Block\Grid\Renderer
+ */
 class Actions extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\AbstractRenderer
 {
     /**
@@ -37,7 +42,9 @@ public function __construct(
      */
     public function render(\Magento\Framework\DataObject $row)
     {
-        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' . $row->getUrl() . '">' .
+        $readDetailsHtml = $row->getUrl() ? '<a class="action-details" target="_blank" href="' .
+            $this->escapeUrl($row->getUrl())
+            . '">' .
             __('Read Details') . '</a>' : '';
 
         $markAsReadHtml = !$row->getIsRead() ? '<a class="action-mark" href="' . $this->getUrl(
 
@@ -5,6 +5,8 @@
  */
 namespace Magento\AdminNotification\Model;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Config\ConfigOptionsListConstants;
 
 /**
@@ -25,6 +27,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +84,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,21 +98,26 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
-        $this->_backendConfig    = $backendConfig;
-        $this->_inboxFactory     = $inboxFactory;
-        $this->curlFactory       = $curlFactory;
+        $this->_backendConfig = $backendConfig;
+        $this->_inboxFactory = $inboxFactory;
+        $this->curlFactory = $curlFactory;
         $this->_deploymentConfig = $deploymentConfig;
-        $this->productMetadata   = $productMetadata;
-        $this->urlBuilder        = $urlBuilder;
+        $this->productMetadata = $productMetadata;
+        $this->urlBuilder = $urlBuilder;
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -252,6 +265,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="AdminMenuSystem">
+        <data key="pageTitle">System</data>
+        <data key="title">Notifications</data>
+        <data key="dataUiId">magento-backend-system</data>
+    </entity>
+    <entity name="AdminMenuSystemOtherSettingsNotifications">
+        <data key="pageTitle">Notifications</data>
+        <data key="title">Notifications</data>
+        <data key="dataUiId">magento-adminnotification-system-adminnotification</data>
+    </entity>
+</entities>