MCLOUD-10226: Fix regexp cache tag validation

BaDos · BaDos · commit 51402859250e · 2023-06-01T14:41:54.000-05:00
diff --git a/patches.json b/patches.json
@@ -396,5 +396,10 @@
       ">=2.3.4-p2 <2.3.7-p3 || >=2.4.0 <2.4.3": "MDVA-43443__parser_token_new_fix__2.3.4-p2.patch",
       ">=2.4.3 <2.4.3-p2": "MDVA-43443__parser_token_new_fix__2.4.3.patch"
     }
+  },
+  "magento/framework": {
+    "Fix regexp cache tag validation": {
+      ">=103.0.6 <103.0.7": "MCLOUD-10226__fix_regexp_cache_tag_validation__2.4.6.patch"
+    }
   }
 }
diff --git a/patches/MCLOUD-10226__fix_regexp_cache_tag_validation__2.4.6.patch b/patches/MCLOUD-10226__fix_regexp_cache_tag_validation__2.4.6.patch
@@ -0,0 +1,46 @@
+diff -Nuar a/lib/internal/Magento/Framework/Cache/Core.php b/lib/internal/Magento/Framework/Cache/Core.php
+--- a/lib/internal/Magento/Framework/Cache/Core.php
++++ b/lib/internal/Magento/Framework/Cache/Core.php
+@@ -5,6 +5,10 @@
+  */
+ namespace Magento\Framework\Cache;
+
++use Magento\Framework\Cache\Backend\Redis;
++use Zend_Cache;
++use Zend_Cache_Exception;
++
+ class Core extends \Zend_Cache_Core
+ {
+     /**
+@@ -126,6 +130,34 @@ public function getIdsNotMatchingTags($tags = [])
+         return parent::getIdsNotMatchingTags($tags);
+     }
+
++    /**
++     * Validate a cache id or a tag (security, reliable filenames, reserved prefixes...)
++     *
++     * Throw an exception if a problem is found
++     *
++     * @param  string $string Cache id or tag
++     * @throws Zend_Cache_Exception
++     * @return void
++     */
++    protected function _validateIdOrTag($string)
++    {
++        if ($this->_backend instanceof Redis) {
++            if (!is_string($string)) {
++                Zend_Cache::throwException('Invalid id or tag : must be a string');
++            }
++            if (substr($string, 0, 9) == 'internal-') {
++                Zend_Cache::throwException('"internal-*" ids or tags are reserved');
++            }
++            if (!preg_match('~^[a-zA-Z0-9_{}]+$~D', $string)) {
++                Zend_Cache::throwException("Invalid id or tag '$string' : must use only [a-zA-Z0-9_{}]");
++            }
++
++            return;
++        }
++
++        parent::_validateIdOrTag($string);
++    }
++
diff --git a/src/Test/Functional/Acceptance/AcceptanceCest.php b/src/Test/Functional/Acceptance/AcceptanceCest.php
@@ -49,7 +49,8 @@ public function testPatches(\CliTester $I, \Codeception\Example $data): void
     protected function patchesDataProvider(): array
     {
         return [
-            ['templateVersion' => '2.4.6', 'magentoVersion' => null],
+            ['templateVersion' => '2.4.6', 'magentoVersion' => '2.4.6'],
+            ['templateVersion' => '2.4.6', 'magentoVersion' => '2.4.6-p1'],
         ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -396,5 +396,10 @@`
`396`	`396`	`">=2.3.4-p2 <2.3.7-p3 \|\| >=2.4.0 <2.4.3": "MDVA-43443__parser_token_new_fix__2.3.4-p2.patch",`
`397`	`397`	`">=2.4.3 <2.4.3-p2": "MDVA-43443__parser_token_new_fix__2.4.3.patch"`
`398`	`398`	`}`
	`399`	`+ },`
	`400`	`+ "magento/framework": {`
	`401`	`+ "Fix regexp cache tag validation": {`
	`402`	`+ ">=103.0.6 <103.0.7": "MCLOUD-10226__fix_regexp_cache_tag_validation__2.4.6.patch"`
	`403`	`+ }`
`399`	`404`	`}`
`400`	`405`	`}`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,8 @@ public function testPatches(\CliTester $I, \Codeception\Example $data): void`
`49`	`49`	`protected function patchesDataProvider(): array`
`50`	`50`	`{`
`51`	`51`	`return [`
`52`		`- ['templateVersion' => '2.4.6', 'magentoVersion' => null],`
	`52`	`+ ['templateVersion' => '2.4.6', 'magentoVersion' => '2.4.6'],`
	`53`	`+ ['templateVersion' => '2.4.6', 'magentoVersion' => '2.4.6-p1'],`
`53`	`54`	`];`
`54`	`55`	`}`
`55`	`56`	`}`