Merge pull request #6694 from magento-cia/cia-2.3.7-3112021

cia-fixes-2.3.7
magento · Mar 12, 2021 · 8976a09 · 8976a09
2 parents 57067de + 8d4f861
commit 8976a09
Show file tree

Hide file tree

Showing 34 changed files with 752 additions and 266 deletions.
diff --git a/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml b/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml
@@ -40,9 +40,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                         'validate-cc-type-select':'#<?= /* @noEscape */ $code ?>_cc_number'
                         }">
                 <option value=""><?= $block->escapeHtml(__('Please Select')) ?></option>
-                <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName) : ?>
+                <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
                     <option value="<?= $block->escapeHtmlAttr($typeCode) ?>"
-                            <?php if ($typeCode == $ccType) : ?>selected="selected"<?php endif; ?>>
+                            <?php if ($typeCode == $ccType): ?>selected="selected"<?php endif; ?>>
                         <?= $block->escapeHtml($typeName) ?>
                     </option>
                 <?php endforeach; ?>
@@ -57,6 +57,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
         <div class="admin__field-control">
             <input type="text" id="<?= /* @noEscape */ $code ?>_cc_number"
                    name="payment[cc_number]"
+                   oncopy="return false;"
+                   oncut="return false;"
+                   onpaste="return false;"
                    data-validate="{
                        'required-number':true,
                        'validate-cc-number':'#<?= /* @noEscape */ $code ?>_cc_type',
@@ -80,9 +83,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                         'required':true,
                         'validate-cc-exp':'#<?= /* @noEscape */ $code ?>_expiration_yr'
                         }">
-                <?php foreach ($block->getCcMonths() as $k => $v) : ?>
+                <?php foreach ($block->getCcMonths() as $k => $v): ?>
                     <option value="<?= $block->escapeHtmlAttr($k) ?>"
-                            <?php if ($k == $ccExpMonth) : ?>selected="selected"<?php endif; ?>>
+                            <?php if ($k == $ccExpMonth): ?>selected="selected"<?php endif; ?>>
                         <?= $block->escapeHtml($v) ?>
                     </option>
                 <?php endforeach; ?>
@@ -92,17 +95,17 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
                     class="admin__control-select admin__control-select-year"
                     data-container="<?= /* @noEscape */ $code ?>-cc-year"
                     data-validate="{required:true}">
-                <?php foreach ($block->getCcYears() as $k => $v) : ?>
+                <?php foreach ($block->getCcYears() as $k => $v): ?>
                     <option value="<?= /* @noEscape */ $k ? $block->escapeHtmlAttr($k) : '' ?>"
-                            <?php if ($k == $ccExpYear) : ?>selected="selected"<?php endif; ?>>
+                            <?php if ($k == $ccExpYear): ?>selected="selected"<?php endif; ?>>
                         <?= $block->escapeHtml($v) ?>
                     </option>
                 <?php endforeach; ?>
             </select>
         </div>
     </div>
 
-    <?php if ($block->hasVerification()) : ?>
+    <?php if ($block->hasVerification()): ?>
     <div class="admin__field _required field-cvv">
         <label class="admin__field-label"
                for="<?= /* @noEscape */ $code ?>_cc_cid"
@@ -113,6 +116,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
         <div class="admin__field-control">
             <input type="text"
                    data-container="<?= /* @noEscape */ $code ?>-cc-cvv"
+                   oncopy="return false;"
+                   oncut="return false;"
+                   onpaste="return false;"
                    title="<?= $block->escapeHtmlAttr(__('Card Verification Number')) ?>"
                    class="admin__control-text cvv"
                    id="<?= /* @noEscape */ $code ?>_cc_cid" name="payment[cc_cid]"

diff --git a/app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/templates/form/cc.phtml b/app/code/Magento/AuthorizenetAcceptjs/view/adminhtml/templates/form/cc.phtml
@@ -22,8 +22,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             <select id="<?= /* @noEscape */ $code ?>_cc_type" name="payment[cc_type]"
                     class="required-entry validate-cc-type-select admin__control-select">
                 <option value=""></option>
-                <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName) : ?>
-                    <option value="<?= $block->escapeHtmlAttr($typeCode) ?>" <?php if ($typeCode == $ccType) : ?>selected="selected"<?php endif ?>>
+                <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
+                    <option value="<?= $block->escapeHtmlAttr($typeCode) ?>"
+                        <?php if ($typeCode == $ccType): ?>selected="selected"<?php endif ?>>
                         <?= $block->escapeHtml($typeName) ?>
                     </option>
                 <?php endforeach ?>
@@ -35,8 +36,14 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             <span><?= $block->escapeHtml(__('Credit Card Number')) ?></span>
         </label>
         <div class="admin__field-control">
-            <input type="text" id="<?= /* @noEscape */ $code ?>_cc_number" name="payment[cc_number]"
-                   title="<?= $block->escapeHtmlAttr(__('Credit Card Number')) ?>" class="admin__control-text validate-cc-number"
+            <input type="text"
+                   id="<?= /* @noEscape */ $code ?>_cc_number"
+                   name="payment[cc_number]"
+                   oncopy="return false;"
+                   oncut="return false;"
+                   onpaste="return false;"
+                   title="<?= $block->escapeHtmlAttr(__('Credit Card Number')) ?>"
+                   class="admin__control-text validate-cc-number"
                    value="<?= /* @noEscape */ $block->getInfoData('cc_number') ?>"/>
         </div>
     </div>
@@ -47,35 +54,40 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
         <div class="admin__field-control">
             <select id="<?= /* @noEscape */ $code ?>_cc_exp_month" name="payment[cc_exp_month]"
                     class="admin__control-select admin__control-select-month validate-cc-exp required-entry">
-                <?php foreach ($block->getCcMonths() as $k => $v) : ?>
+                <?php foreach ($block->getCcMonths() as $k => $v): ?>
                     <option value="<?= $block->escapeHtmlAttr($k) ?>"
-                            <?php if ($k == $ccExpMonth) : ?>selected="selected"<?php endif ?>>
+                            <?php if ($k == $ccExpMonth): ?>selected="selected"<?php endif ?>>
                         <?= $block->escapeHtml($v) ?>
                     </option>
                 <?php endforeach; ?>
             </select>
             <select id="<?= /* @noEscape */ $code ?>_cc_exp_year" name="payment[cc_exp_year]"
                     class="admin__control-select admin__control-select-year required-entry">
-                <?php foreach ($block->getCcYears() as $k => $v) : ?>
+                <?php foreach ($block->getCcYears() as $k => $v): ?>
                     <option value="<?= /* @noEscape */ $k ? $block->escapeHtml($k) : '' ?>"
-                            <?php if ($k == $ccExpYear) : ?>selected="selected"<?php endif ?>>
+                            <?php if ($k == $ccExpYear): ?>selected="selected"<?php endif ?>>
                         <?= $block->escapeHtml($v) ?>
                     </option>
                 <?php endforeach ?>
             </select>
         </div>
     </div>
 
-    <?php if ($block->isCvvEnabled()) : ?>
+    <?php if ($block->isCvvEnabled()): ?>
         <div class="field-number required admin__field _required">
             <label class="admin__field-label" for="<?= /* @noEscape */ $code ?>_cc_cid">
                 <span><?= $block->escapeHtml(__('Card Verification Number')) ?></span>
             </label>
             <div class="admin__field-control">
-                <input type="text" title="<?= $block->escapeHtmlAttr(__('Card Verification Number')) ?>"
+                <input type="text"
+                       title="<?= $block->escapeHtmlAttr(__('Card Verification Number')) ?>"
+                       oncopy="return false;"
+                       oncut="return false;"
+                       onpaste="return false;"
                        class="required-entry validate-cc-cvn admin__control-cvn admin__control-text"
                        id="<?= /* @noEscape */ $code ?>_cc_cid"
-                       name="payment[cc_cid]" value="<?= /* @noEscape */ $block->getInfoData('cc_cid') ?>"/>
+                       name="payment[cc_cid]"
+                       value="<?= /* @noEscape */ $block->getInfoData('cc_cid') ?>"/>
             </div>
         </div>
     <?php endif; ?>

diff --git a/app/code/Magento/Captcha/view/adminhtml/templates/default.phtml b/app/code/Magento/Captcha/view/adminhtml/templates/default.phtml
@@ -8,8 +8,11 @@
 
 /** @var \Magento\Captcha\Model\DefaultModel $captcha */
 $captcha = $block->getCaptchaModel();
+$name = $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE);
+/** @var bool $validationEnabled */
+$validationEnabled = $block->hasData('frontend_validation') ? $block->getData('frontend_validation') : true;
 ?>
-<div class="admin__field _required">
+<div class="admin__field<?php if ($validationEnabled): ?> _required<?php endif; ?>">
     <label for="captcha" class="admin__field-label">
         <span><?= $block->escapeHtml(__('Please enter the letters and numbers from the image')) ?></span>
     </label>
@@ -18,11 +21,13 @@ $captcha = $block->getCaptchaModel();
             id="captcha"
             class="admin__control-text"
             type="text"
-            name="<?= $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE) ?>[<?= $block->escapeHtml($block->getFormId()) ?>]"
-            data-validate="{required:true}"/>
-        <?php if ($captcha->isCaseSensitive()) :?>
+            name="<?= /** @noEscape */ $name ?>[<?= $block->escapeHtmlAttr($block->getFormId()) ?>]"
+            <?php if ($validationEnabled): ?>data-validate="{required:true}"<?php endif; ?>/>
+        <?php if ($captcha->isCaseSensitive()): ?>
             <div class="admin__field-note">
-                <span><?= $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?></span>
+                <span>
+                    <?= $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?>
+                </span>
             </div>
         <?php endif; ?>
     </div>
@@ -43,7 +48,10 @@ $captcha = $block->getCaptchaModel();
     require(["prototype", "mage/captcha"], function(){
 
 //<![CDATA[
-        var captcha = new Captcha('<?= $block->escapeJs($block->escapeUrl($block->getRefreshUrl())) ?>', '<?= $block->escapeJs($block->escapeHtml($block->getFormId())) ?>');
+        var captcha = new Captcha(
+            '<?= $block->escapeJs($block->getRefreshUrl()) ?>',
+            '<?= $block->escapeJs($block->getFormId()) ?>'
+        );
 
         $('captcha-reload').observe('click', function () {
             captcha.refresh(this);

diff --git a/app/code/Magento/Captcha/view/frontend/templates/default.phtml b/app/code/Magento/Captcha/view/frontend/templates/default.phtml
@@ -8,27 +8,46 @@
 
 /** @var \Magento\Captcha\Model\DefaultModel $captcha */
 $captcha = $block->getCaptchaModel();
+/** @var bool $validationEnabled */
+$validationEnabled = $block->hasData('frontend_validation') ? $block->getData('frontend_validation') : true;
+$inputName = $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE);
+$loaderUrl = $block->escapeUrl($block->getViewFileUrl('images/loader-2.gif'));
+$note = $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']);
 ?>
-<div class="field captcha required" role="<?= $block->escapeHtmlAttr($block->getFormId()) ?>">
-    <label for="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" class="label"><span><?= $block->escapeHtml(__('Please type the letters and numbers below')) ?></span></label>
+<div class="field captcha<?php if ($validationEnabled): ?> required<?php endif; ?>"
+     role="<?= $block->escapeHtmlAttr($block->getFormId()) ?>">
+    <label for="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" class="label">
+        <span><?= $block->escapeHtml(__('Please type the letters and numbers below')) ?></span>
+    </label>
     <div class="control captcha">
-        <input name="<?= $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE) ?>[<?= $block->escapeHtmlAttr($block->getFormId()) ?>]" type="text" class="input-text required-entry" data-validate="{required:true}" id="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>" autocomplete="off"/>
+        <input
+            name="<?= /* @noEscape */ $inputName ?>[<?= $block->escapeHtmlAttr($block->getFormId()) ?>]"
+            type="text"
+            class="input-text<?php if ($validationEnabled): ?> required-entry<?php endif; ?>"
+            <?php if ($validationEnabled): ?>data-validate="{required:true}"<?php endif; ?>
+            id="captcha_<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
+            autocomplete="off"/>
         <div class="nested">
             <div class="field captcha no-label"
                  data-captcha="<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
                  id="captcha-container-<?= $block->escapeHtmlAttr($block->getFormId()) ?>"
                  data-mage-init='{"captcha":{"url": "<?= $block->escapeUrl($block->getRefreshUrl()) ?>",
-                                            "imageLoader": "<?= $block->escapeUrl($block->getViewFileUrl('images/loader-2.gif')) ?>",
+                                            "imageLoader": "<?= /* @noEscape */ $loaderUrl ?>",
                                              "type": "<?= $block->escapeHtmlAttr($block->getFormId()) ?>"}}'>
                 <div class="control captcha-image">
-                    <img alt="<?= $block->escapeHtmlAttr(__('Please type the letters and numbers below')) ?>" class="captcha-img" height="<?= /* @noEscape */ (float) $block->getImgHeight() ?>" src="<?= $block->escapeUrl($captcha->getImgSrc()) ?>"/>
-                    <button type="button" class="action reload captcha-reload" title="<?= $block->escapeHtmlAttr(__('Reload captcha')) ?>"><span><?= $block->escapeHtml(__('Reload captcha')) ?></span></button>
+                    <img alt="<?= $block->escapeHtmlAttr(__('Please type the letters and numbers below')) ?>"
+                         class="captcha-img"
+                         height="<?= /* @noEscape */ (float) $block->getImgHeight() ?>"
+                         src="<?= $block->escapeUrl($captcha->getImgSrc()) ?>"/>
+                    <button type="button"
+                            class="action reload captcha-reload"
+                            title="<?= $block->escapeHtmlAttr(__('Reload captcha')) ?>">
+                        <span><?= $block->escapeHtml(__('Reload captcha')) ?></span>
+                    </button>
                 </div>
             </div>
-            <?php if ($captcha->isCaseSensitive()) :?>
-                <div class="captcha-note note">
-                    <?= $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?>
-                </div>
+            <?php if ($captcha->isCaseSensitive()):?>
+                <div class="captcha-note note"><?= /* @noEscape */ $note ?></div>
             <?php endif; ?>
         </div>
     </div>

diff --git a/app/code/Magento/Checkout/Api/Exception/PaymentProcessingRateLimitExceededException.php b/app/code/Magento/Checkout/Api/Exception/PaymentProcessingRateLimitExceededException.php
@@ -11,7 +11,7 @@
 use Magento\Framework\Exception\LocalizedException;
 
 /**
- * Thrown when too many payment processing requests have been initiated by a user.
+ * Thrown when too many payment processing/saving requests have been initiated by a user.
  */
 class PaymentProcessingRateLimitExceededException extends LocalizedException
 {

diff --git a/app/code/Magento/Checkout/Api/PaymentSavingRateLimiterInterface.php b/app/code/Magento/Checkout/Api/PaymentSavingRateLimiterInterface.php
@@ -0,0 +1,25 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Checkout\Api;
+
+use Magento\Checkout\Api\Exception\PaymentProcessingRateLimitExceededException;
+
+/**
+ * Limits number of times a user can store payment method info.
+ */
+interface PaymentSavingRateLimiterInterface
+{
+    /**
+     * Limit an attempt.
+     *
+     * @return void
+     * @throws PaymentProcessingRateLimitExceededException
+     */
+    public function limit(): void;
+}
diff --git a/app/code/Magento/Checkout/Block/Cart/Coupon.php b/app/code/Magento/Checkout/Block/Cart/Coupon.php
@@ -57,8 +57,8 @@ protected function _prepareLayout()
                     'cacheable' => false,
                     'after' => '-',
                     'form_id' => 'sales_rule_coupon_request',
-                    'image_width' => 230,
-                    'image_height' => 230
+                    'img_width' => 230,
+                    'img_height' => 50
                 ]
             );
         }