AC-12738: Cart update API fix

Deepak Tiwari · Deepak Tiwari · commit a86a4602b068 · 2024-10-01T18:41:49.000+05:30
diff --git a/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php b/lib/internal/Magento/Framework/Webapi/ServiceInputProcessor.php
@@ -333,10 +333,10 @@ protected function _createFromArray($className, $data)
                             )
                         );
                     }
-                    if (is_string($setterValue) && $this->containsXSS($setterValue)) {
+                    if (is_string($setterValue) && $this->validateParamsValue($setterValue)) {
                         throw new InputException(
                             new Phrase(
-                                '"%field_name" contains potentially harmful content.',
+                                '"%field_name" does not contains valid value.',
                                 ['field_name' => $propertyName]
                             )
                         );
@@ -362,7 +362,7 @@ protected function _createFromArray($className, $data)
      * @param string $value
      * @return bool
      */
-    private function containsXSS(string $value)
+    private function validateParamsValue(string $value)
     {
         // Check for <script> tags or any common XSS vectors
         return preg_match('/<script\b[^>]*>(.*?)<\/script>/is', $value) ||

Original file line number	Diff line number	Diff line change
`@@ -333,10 +333,10 @@ protected function _createFromArray($className, $data)`
`333`	`333`	`)`
`334`	`334`	`);`
`335`	`335`	`}`
`336`		`- if (is_string($setterValue) && $this->containsXSS($setterValue)) {`
	`336`	`+ if (is_string($setterValue) && $this->validateParamsValue($setterValue)) {`
`337`	`337`	`throw new InputException(`
`338`	`338`	`new Phrase(`
`339`		`- '"%field_name" contains potentially harmful content.',`
	`339`	`+ '"%field_name" does not contains valid value.',`
`340`	`340`	`['field_name' => $propertyName]`
`341`	`341`	`)`
`342`	`342`	`);`
`@@ -362,7 +362,7 @@ protected function _createFromArray($className, $data)`
`362`	`362`	`* @param string $value`
`363`	`363`	`* @return bool`
`364`	`364`	`*/`
`365`		`- private function containsXSS(string $value)`
	`365`	`+ private function validateParamsValue(string $value)`
`366`	`366`	`{`
`367`	`367`	`// Check for <script> tags or any common XSS vectors`
`368`	`368`	`return preg_match('/<script\b[^>]>(.?)<\/script>/is', $value) \|\|`