AC-10815 - API Input validation

sreenia806 · sreenia806 · commit 2a0af7ad8bea · 2024-04-22T22:18:39.000+05:30
diff --git a/app/design/adminhtml/Magento/backend/i18n/en_US.csv b/app/design/adminhtml/Magento/backend/i18n/en_US.csv
@@ -547,4 +547,3 @@ Dashboard,Dashboard
 "Web Section","Web Section"
 "Store Email Addresses Section","Store Email Addresses Section"
 "Email to a Friend","Email to a Friend"
-"Invalid input.","Invalid input."
diff --git a/app/design/frontend/Magento/blank/i18n/en_US.csv b/app/design/frontend/Magento/blank/i18n/en_US.csv
@@ -423,7 +423,6 @@
 "You need write permissions for: %1","You need write permissions for: %1"
 "Your operating system is not supported to work with this command","Your operating system is not supported to work with this command"
 "Zookeeper connection timed out!","Zookeeper connection timed out!"
-"Invalid input.","Invalid input."
 Account,Account
 CSV,CSV
 dummy,dummy
diff --git a/app/design/frontend/Magento/luma/i18n/en_US.csv b/app/design/frontend/Magento/luma/i18n/en_US.csv
@@ -472,7 +472,6 @@
 "Your Shipment #%shipment_id for Order #%order_id","Your Shipment #%shipment_id for Order #%order_id"
 "Your shipping confirmation is below. Thank you again for your business.","Your shipping confirmation is below. Thank you again for your business."
 "Zookeeper connection timed out!","Zookeeper connection timed out!"
-"Invalid input.","Invalid input."
 CSV,CSV
 dummy,dummy
 Email:,Email:
diff --git a/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php b/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php
@@ -22,7 +22,6 @@
 use Magento\Framework\Phrase;
 use Magento\Framework\Reflection\MethodsMap;
 use Magento\Framework\Reflection\TypeProcessor;
-use Magento\Framework\Simplexml\Element as SimplexmlElement;
 use Magento\Framework\Webapi\Exception as WebapiException;
 use Magento\Framework\Webapi\CustomAttribute\PreprocessorInterface;
 use Laminas\Code\Reflection\ClassReflection;
@@ -38,11 +37,6 @@
  */
 class ServiceInputProcessor implements ServicePayloadConverterInterface, ResetAfterRequestInterface
 {
-    /**
-     *  Input param to be rejected when it contains xml content
-     */
-    private const REJECTED_INPUT_PARAM_SOURCEDATA = 'sourcedata';
-
     public const EXTENSION_ATTRIBUTES_TYPE = \Magento\Framework\Api\ExtensionAttributesInterface::class;
 
     /**
@@ -235,6 +229,9 @@ private function getConstructorData(string $className, array $data): array
     {
         $preferenceClass = $this->config->getPreference($className);
         $class = new ClassReflection($preferenceClass ?: $className);
+        if ($class->isSubclassOf(\SimpleXMLElement::class) || $class->isSubclassOf( \DOMNode::class)) {
+            return [];
+        }
 
         try {
             $constructor = $class->getMethod('__construct');
@@ -253,11 +250,6 @@ private function getConstructorData(string $className, array $data): array
                 $parameterType = $this->typeProcessor->getParamType($parameter);
 
                 try {
-                    if (ltrim($parameterType, "\\") === SimplexmlElement::Class &&
-                        strtolower($parameter->getName()) === self::REJECTED_INPUT_PARAM_SOURCEDATA) {
-                        throw new InputException(new Phrase('Invalid input.'));
-                    }
-
                     $res[$parameter->getName()] = $this->convertValue($data[$parameter->getName()], $parameterType);
                 } catch (\ReflectionException $e) {
                     // Parameter was not correclty declared or the class is uknown.
