magento-engcom
diff --git a/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php
Lines changed: 24 additions & 3 deletions b/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFiles.php
Lines changed: 24 additions & 3 deletions
diff --git a/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php
Lines changed: 25 additions & 3 deletions b/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php
Lines changed: 25 additions & 3 deletions
diff --git a/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/NewFolder.php
Lines changed: 24 additions & 3 deletions b/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/NewFolder.php
Lines changed: 24 additions & 3 deletions
diff --git a/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/Upload.php
Lines changed: 26 additions & 5 deletions b/‎app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/Upload.php
Lines changed: 26 additions & 5 deletions
diff --git a/‎app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php
Lines changed: 6 additions & 3 deletions b/‎app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php
Lines changed: 6 additions & 3 deletions
@@ -7,6 +7,9 @@
 
 use Magento\Framework\App\Filesystem\DirectoryList;
 
+/**
+ * Delete image files.
+ */
 class DeleteFiles extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
 {
     /**
@@ -19,29 +22,40 @@ class DeleteFiles extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
      */
     protected $resultRawFactory;
 
+    /**
+     * @var \Magento\Framework\App\Filesystem\DirectoryResolver
+     */
+    private $directoryResolver;
+
     /**
      * Constructor
      *
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\Registry $coreRegistry
      * @param \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
      * @param \Magento\Framework\Controller\Result\RawFactory $resultRawFactory
+     * @param \Magento\Framework\App\Filesystem\DirectoryResolver|null $directoryResolver
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\Framework\Registry $coreRegistry,
         \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory,
-        \Magento\Framework\Controller\Result\RawFactory $resultRawFactory
+        \Magento\Framework\Controller\Result\RawFactory $resultRawFactory,
+        \Magento\Framework\App\Filesystem\DirectoryResolver $directoryResolver = null
     ) {
+        parent::__construct($context, $coreRegistry);
+
         $this->resultRawFactory = $resultRawFactory;
         $this->resultJsonFactory = $resultJsonFactory;
-        parent::__construct($context, $coreRegistry);
+        $this->directoryResolver = $directoryResolver
+            ?: $this->_objectManager->get(\Magento\Framework\App\Filesystem\DirectoryResolver::class);
     }
 
     /**
-     * Delete file from media storage
+     * Delete file from media storage.
      *
      * @return \Magento\Framework\Controller\ResultInterface
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function execute()
     {
@@ -54,6 +68,11 @@ public function execute()
             /** @var $helper \Magento\Cms\Helper\Wysiwyg\Images */
             $helper = $this->_objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class);
             $path = $this->getStorage()->getSession()->getCurrentPath();
+            if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
+                throw new \Magento\Framework\Exception\LocalizedException(
+                    __('Directory %1 is not under storage root path.', $path)
+                );
+            }
             foreach ($files as $file) {
                 $file = $helper->idDecode($file);
                 /** @var \Magento\Framework\Filesystem $filesystem */
@@ -64,11 +83,13 @@ public function execute()
                     $this->getStorage()->deleteFile($filePath);
                 }
             }
+            
             return $this->resultRawFactory->create();
         } catch (\Exception $e) {
             $result = ['error' => true, 'message' => $e->getMessage()];
             /** @var \Magento\Framework\Controller\Result\Json $resultJson */
             $resultJson = $this->resultJsonFactory->create();
+
             return $resultJson->setData($result);
         }
     }
 
@@ -6,6 +6,11 @@
  */
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
+use Magento\Framework\App\Filesystem\DirectoryList;
+
+/**
+ * Delete image folder.
+ */
 class DeleteFolder extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
 {
     /**
@@ -18,38 +23,55 @@ class DeleteFolder extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
      */
     protected $resultRawFactory;
 
+    /**
+     * @var \Magento\Framework\App\Filesystem\DirectoryResolver
+     */
+    private $directoryResolver;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\Registry $coreRegistry
      * @param \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
      * @param \Magento\Framework\Controller\Result\RawFactory $resultRawFactory
+     * @param \Magento\Framework\App\Filesystem\DirectoryResolver|null $directoryResolver
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\Framework\Registry $coreRegistry,
         \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory,
-        \Magento\Framework\Controller\Result\RawFactory $resultRawFactory
+        \Magento\Framework\Controller\Result\RawFactory $resultRawFactory,
+        \Magento\Framework\App\Filesystem\DirectoryResolver $directoryResolver = null
     ) {
+        parent::__construct($context, $coreRegistry);
         $this->resultRawFactory = $resultRawFactory;
         $this->resultJsonFactory = $resultJsonFactory;
-        parent::__construct($context, $coreRegistry);
+        $this->directoryResolver = $directoryResolver
+            ?: $this->_objectManager->get(\Magento\Framework\App\Filesystem\DirectoryResolver::class);
     }
 
     /**
-     * Delete folder action
+     * Delete folder action.
      *
      * @return \Magento\Framework\Controller\ResultInterface
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function execute()
     {
         try {
             $path = $this->getStorage()->getCmsWysiwygImages()->getCurrentPath();
+            if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
+                throw new \Magento\Framework\Exception\LocalizedException(
+                    __('Directory %1 is not under storage root path.', $path)
+                );
+            }
             $this->getStorage()->deleteDirectory($path);
+            
             return $this->resultRawFactory->create();
         } catch (\Exception $e) {
             $result = ['error' => true, 'message' => $e->getMessage()];
             /** @var \Magento\Framework\Controller\Result\Json $resultJson */
             $resultJson = $this->resultJsonFactory->create();
+
             return $resultJson->setData($result);
         }
     }
 
@@ -6,44 +6,65 @@
  */
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
+use Magento\Framework\App\Filesystem\DirectoryList;
+
+/**
+ * Creates new folder.
+ */
 class NewFolder extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
 {
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */
     protected $resultJsonFactory;
 
+    /**
+     * @var \Magento\Framework\App\Filesystem\DirectoryResolver
+     */
+    private $directoryResolver;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\Registry $coreRegistry
      * @param \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
+     * @param \Magento\Framework\App\Filesystem\DirectoryResolver|null $directoryResolver
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\Framework\Registry $coreRegistry,
-        \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
+        \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory,
+        \Magento\Framework\App\Filesystem\DirectoryResolver $directoryResolver = null
     ) {
-        $this->resultJsonFactory = $resultJsonFactory;
         parent::__construct($context, $coreRegistry);
+        $this->resultJsonFactory = $resultJsonFactory;
+        $this->directoryResolver = $directoryResolver
+            ?: $this->_objectManager->get(\Magento\Framework\App\Filesystem\DirectoryResolver::class);
     }
 
     /**
-     * New folder action
+     * New folder action.
      *
      * @return \Magento\Framework\Controller\ResultInterface
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function execute()
     {
         try {
             $this->_initAction();
             $name = $this->getRequest()->getPost('name');
             $path = $this->getStorage()->getSession()->getCurrentPath();
+            if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
+                throw new \Magento\Framework\Exception\LocalizedException(
+                    __('Directory %1 is not under storage root path.', $path)
+                );
+            }
             $result = $this->getStorage()->createDirectory($name, $path);
         } catch (\Exception $e) {
             $result = ['error' => true, 'message' => $e->getMessage()];
         }
         /** @var \Magento\Framework\Controller\Result\Json $resultJson */
         $resultJson = $this->resultJsonFactory->create();
+        
         return $resultJson->setData($result);
     }
 }
@@ -6,43 +6,64 @@
  */
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
+use Magento\Framework\App\Filesystem\DirectoryList;
+
+/**
+ * Upload image.
+ */
 class Upload extends \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images
 {
     /**
      * @var \Magento\Framework\Controller\Result\JsonFactory
      */
     protected $resultJsonFactory;
 
+    /**
+     * @var \Magento\Framework\App\Filesystem\DirectoryResolver
+     */
+    private $directoryResolver;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\Registry $coreRegistry
      * @param \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
+     * @param \Magento\Framework\App\Filesystem\DirectoryResolver|null $directoryResolver
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\Framework\Registry $coreRegistry,
-        \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory
+        \Magento\Framework\Controller\Result\JsonFactory $resultJsonFactory,
+        \Magento\Framework\App\Filesystem\DirectoryResolver $directoryResolver = null
     ) {
-        $this->resultJsonFactory = $resultJsonFactory;
         parent::__construct($context, $coreRegistry);
+        $this->resultJsonFactory = $resultJsonFactory;
+        $this->directoryResolver = $directoryResolver
+            ?: $this->_objectManager->get(\Magento\Framework\App\Filesystem\DirectoryResolver::class);
     }
 
     /**
-     * Files upload processing
+     * Files upload processing.
      *
      * @return \Magento\Framework\Controller\ResultInterface
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function execute()
     {
         try {
             $this->_initAction();
-            $targetPath = $this->getStorage()->getSession()->getCurrentPath();
-            $result = $this->getStorage()->uploadFile($targetPath, $this->getRequest()->getParam('type'));
+            $path = $this->getStorage()->getSession()->getCurrentPath();
+            if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
+                throw new \Magento\Framework\Exception\LocalizedException(
+                    __('Directory %1 is not under storage root path.', $path)
+                );
+            }
+            $result = $this->getStorage()->uploadFile($path, $this->getRequest()->getParam('type'));
         } catch (\Exception $e) {
             $result = ['error' => $e->getMessage(), 'errorcode' => $e->getCode()];
         }
         /** @var \Magento\Framework\Controller\Result\Json $resultJson */
         $resultJson = $this->resultJsonFactory->create();
+        
         return $resultJson->setData($result);
     }
 }
@@ -127,7 +127,7 @@ protected function setUp()
 
         $this->directoryMock = $this->createPartialMock(
             \Magento\Framework\Filesystem\Directory\Write::class,
-            ['delete', 'getDriver', 'create']
+            ['delete', 'getDriver', 'create', 'getRelativePath', 'isExist']
         );
         $this->directoryMock->expects(
             $this->any()
@@ -151,7 +151,7 @@ protected function setUp()
         $this->adapterFactoryMock = $this->createMock(\Magento\Framework\Image\AdapterFactory::class);
         $this->imageHelperMock = $this->createPartialMock(
             \Magento\Cms\Helper\Wysiwyg\Images::class,
-            ['getStorageRoot']
+            ['getStorageRoot', 'getCurrentPath']
         );
         $this->imageHelperMock->expects(
             $this->any()
@@ -182,7 +182,10 @@ protected function setUp()
         $this->uploaderFactoryMock = $this->getMockBuilder(\Magento\MediaStorage\Model\File\UploaderFactory::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $this->sessionMock = $this->createMock(\Magento\Backend\Model\Session::class);
+        $this->sessionMock = $this->getMockBuilder(\Magento\Backend\Model\Session::class)
+            ->setMethods(['getCurrentPath'])
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->backendUrlMock = $this->createMock(\Magento\Backend\Model\Url::class);
 
         $this->coreFileStorageMock = $this->getMockBuilder(\Magento\MediaStorage\Helper\File\Storage\Database::class)