From ee77a82947630ea422ebf3d960c6e9ca1a9d4808 Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 17:15:21 +0200 Subject: [PATCH 1/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Block/Account/AuthenticationPopup.php | 14 +- .../Customer/Controller/Account/Confirm.php | 2 +- .../Ui/Component/DataProvider/Document.php | 13 +- .../Action/Plugin/BackendAuthentication.php | 13 +- .../Rule/Design/CookieAndSessionMisuse.php | 169 ++++++++++++++++++ .../resources/rulesets/design.xml | 29 +++ .../Magento/Test/Php/_files/phpmd/ruleset.xml | 1 + 7 files changed, 234 insertions(+), 7 deletions(-) create mode 100644 dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php diff --git a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php index 07e0704ee6e43..648ff392e2486 100644 --- a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php +++ b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php @@ -6,6 +6,7 @@ namespace Magento\Customer\Block\Account; use Magento\Customer\Model\Form; +use Magento\Customer\Model\Session; use Magento\Store\Model\ScopeInterface; /** @@ -24,21 +25,29 @@ class AuthenticationPopup extends \Magento\Framework\View\Element\Template */ private $serializer; + /** + * @var Session|null + */ + private $session; + /** * @param \Magento\Framework\View\Element\Template\Context $context * @param array $data * @param \Magento\Framework\Serialize\Serializer\Json|null $serializer + * @param Session|null $session * @throws \RuntimeException */ public function __construct( \Magento\Framework\View\Element\Template\Context $context, array $data = [], - \Magento\Framework\Serialize\Serializer\Json $serializer = null + \Magento\Framework\Serialize\Serializer\Json $serializer = null, + Session $session = null ) { parent::__construct($context, $data); $this->jsLayout = isset($data['jsLayout']) && is_array($data['jsLayout']) ? $data['jsLayout'] : []; $this->serializer = $serializer ?: \Magento\Framework\App\ObjectManager::getInstance() ->get(\Magento\Framework\Serialize\Serializer\Json::class); + $this->session = $session; } /** @@ -60,7 +69,8 @@ public function getConfig() 'autocomplete' => $this->escapeHtml($this->isAutocompleteEnabled()), 'customerRegisterUrl' => $this->escapeUrl($this->getCustomerRegisterUrlUrl()), 'customerForgotPasswordUrl' => $this->escapeUrl($this->getCustomerForgotPasswordUrl()), - 'baseUrl' => $this->escapeUrl($this->getBaseUrl()) + 'baseUrl' => $this->escapeUrl($this->getBaseUrl()), + 'tst' => $this->session->getData('somedata') ]; } diff --git a/app/code/Magento/Customer/Controller/Account/Confirm.php b/app/code/Magento/Customer/Controller/Account/Confirm.php index 2b3cb9aa61ab5..5299ce8c3efe4 100644 --- a/app/code/Magento/Customer/Controller/Account/Confirm.php +++ b/app/code/Magento/Customer/Controller/Account/Confirm.php @@ -167,7 +167,7 @@ public function execute() $resultRedirect->setUrl($this->getSuccessRedirect()); return $resultRedirect; } catch (StateException $e) { - $this->messageManager->addException($e, __('This confirmation key is invalid or has expired.')); + $this->messageManager->addException($e, __('This confirmation key is invalid or has expired.TEST')); } catch (\Exception $e) { $this->messageManager->addException($e, __('There was an error confirming the account')); } diff --git a/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php b/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php index 468a9e7946f2d..86ec19d43b0ac 100644 --- a/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php +++ b/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php @@ -12,6 +12,7 @@ use Magento\Framework\Exception\NoSuchEntityException; use Magento\Customer\Api\GroupRepositoryInterface; use Magento\Framework\App\ObjectManager; +use Magento\Framework\Stdlib\Cookie\CookieReaderInterface; use Magento\Store\Model\ScopeInterface; use Magento\Store\Model\StoreManagerInterface; @@ -70,6 +71,11 @@ class Document extends \Magento\Framework\View\Element\UiComponent\DataProvider\ */ private $scopeConfig; + /** + * @var CookieReaderInterface + */ + private $cookie; + /** * Document constructor. * @@ -78,19 +84,22 @@ class Document extends \Magento\Framework\View\Element\UiComponent\DataProvider\ * @param CustomerMetadataInterface $customerMetadata * @param StoreManagerInterface $storeManager * @param ScopeConfigInterface $scopeConfig + * @param CookieReaderInterface|null $cookie */ public function __construct( AttributeValueFactory $attributeValueFactory, GroupRepositoryInterface $groupRepository, CustomerMetadataInterface $customerMetadata, StoreManagerInterface $storeManager, - ScopeConfigInterface $scopeConfig = null + ScopeConfigInterface $scopeConfig = null, + CookieReaderInterface $cookie = null ) { parent::__construct($attributeValueFactory); $this->customerMetadata = $customerMetadata; $this->groupRepository = $groupRepository; $this->storeManager = $storeManager; $this->scopeConfig = $scopeConfig ?: ObjectManager::getInstance()->create(ScopeConfigInterface::class); + $this->cookie = $cookie; } /** @@ -129,7 +138,7 @@ private function setGenderValue() $value = $this->getData(self::$genderAttributeCode); if (!$value) { - $this->setCustomAttribute(self::$genderAttributeCode, 'N/A'); + $this->setCustomAttribute(self::$genderAttributeCode, $this->cookie->getCookie('NA')); return; } diff --git a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php index 5351bee8b5d56..f8eec0858890d 100644 --- a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php +++ b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php @@ -8,6 +8,7 @@ namespace Magento\Rss\App\Action\Plugin; use Magento\Backend\App\AbstractAction; +use Magento\Backend\Model\Session; use Magento\Framework\App\RequestInterface; use Magento\Framework\App\ResponseInterface; use Magento\Framework\Exception\AuthenticationException; @@ -39,6 +40,11 @@ class BackendAuthentication extends \Magento\Backend\App\Action\Plugin\Authentic */ protected $aclResources; + /** + * @var Session + */ + private $session; + /** * @param \Magento\Backend\Model\Auth $auth * @param \Magento\Backend\Model\UrlInterface $url @@ -53,6 +59,7 @@ class BackendAuthentication extends \Magento\Backend\App\Action\Plugin\Authentic * @param \Psr\Log\LoggerInterface $logger * @param \Magento\Framework\AuthorizationInterface $authorization * @param array $aclResources + * @param Session $session * @SuppressWarnings(PHPMD.ExcessiveParameterList) */ public function __construct( @@ -68,12 +75,14 @@ public function __construct( \Magento\Framework\HTTP\Authentication $httpAuthentication, \Psr\Log\LoggerInterface $logger, \Magento\Framework\AuthorizationInterface $authorization, - array $aclResources + array $aclResources, + Session $session ) { $this->httpAuthentication = $httpAuthentication; $this->logger = $logger; $this->authorization = $authorization; $this->aclResources = $aclResources; + $this->session = $session; parent::__construct( $auth, $url, @@ -106,7 +115,7 @@ public function aroundDispatch(AbstractAction $subject, \Closure $proceed, Reque : $this->aclResources[$request->getControllerName()] : null; - $type = $request->getParam('type'); + $type = $request->getParam('type'.$this->session->getName()); $resourceType = isset($this->aclResources[$type]) ? $this->aclResources[$type] : null; if (!$resource || !$resourceType) { diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php new file mode 100644 index 0000000000000..fd1e4238258ab --- /dev/null +++ b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php @@ -0,0 +1,169 @@ +isSubclassOf(\Magento\Framework\App\ActionInterface::class); + } + + /** + * Is given class a block? + * + * @param \ReflectionClass $class + * @return bool + */ + private function isBlock(\ReflectionClass $class): bool + { + return $class->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class); + } + + /** + * Is given class an HTML UI data provider? + * + * @param \ReflectionClass $class + * @return bool + */ + private function isUiDataProvider(\ReflectionClass $class): bool + { + return $class->isSubclassOf( + \Magento\Framework\View\Element\UiComponent\DataProvider\DataProviderInterface::class + ); + } + + /** + * Is given class an HTML UI Document? + * + * @param \ReflectionClass $class + * @return bool + */ + private function isUiDocument(\ReflectionClass $class): bool + { + return $class->isSubclassOf(\Magento\Framework\View\Element\UiComponent\DataProvider\Document::class) + || $class->getName() === \Magento\Framework\View\Element\UiComponent\DataProvider\Document::class; + } + + /** + * Is given class a plugin for controllers? + * + * @param \ReflectionClass $class + * @return bool + */ + private function isControllerPlugin(\ReflectionClass $class): bool + { + try { + foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { + if (preg_match('/^(after|around|before).+/i', $method->getName())) { + $argument = $method->getParameters()[0]->getClass(); + $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) + || $argument->getName() === \Magento\Framework\App\ActionInterface::class; + if ($isAction) { + return true; + } + } + } + } catch (\Throwable $exception) { + return false; + } + } + + /** + * Is given class a plugin for blocks? + * + * @param \ReflectionClass $class + * @return bool + */ + private function isBlockPlugin(\ReflectionClass $class): bool + { + try { + foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { + if (preg_match('/^(after|around|before).+/i', $method->getName())) { + $argument = $method->getParameters()[0]->getClass(); + $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) + || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; + if ($isBlock) { + return true; + } + } + } + } catch (\Throwable $exception) { + return false; + } + } + + /** + * Whether given class depends on classes to pay attention to. + * + * @param \ReflectionClass $class + * @return bool + */ + private function doesUseRestrictedClasses(\ReflectionClass $class): bool + { + $constructor = $class->getConstructor(); + if ($constructor) { + foreach ($constructor->getParameters() as $argument) { + if ($class = $argument->getClass()) { + if ($class->isSubclassOf(\Magento\Framework\Session\SessionManagerInterface::class) + || $class->getName() === \Magento\Framework\Session\SessionManagerInterface::class + || $class->isSubclassOf(\Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class) + || $class->getName() === \Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class + ) { + return true; + } + } + } + } + + return false; + } + + /** + * @inheritdoc + * + * @param ClassNode|ASTClass $node + */ + public function apply(AbstractNode $node) + { + try { + $class = new \ReflectionClass($node->getFullQualifiedName()); + } catch (\Throwable $exception) { + //Failed to load class, nothing we can do + return; + } + + if ($this->doesUseRestrictedClasses($class)) { + if (!$this->isController($class) + && !$this->isBlock($class) + && !$this->isUiDataProvider($class) + && !$this->isUiDocument($class) + && !$this->isControllerPlugin($class) + && !$this->isBlockPlugin($class) + ) { + $this->addViolation($node, [$node->getFullQualifiedName()]); + } + } + } +} diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml index c9bfe4fe6e308..79622331fe5e7 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml +++ b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml @@ -54,6 +54,35 @@ class PostOrder implements ActionInterface ... return $response; } +} + ]]> + + + + + + + 2 + + + session = $session; + } + + public function place(OrderInterface $order) + { + //Will not be present if processing a WebAPI request + $currentOrder = $this->session->get('current_order'); + ... + } } ]]> diff --git a/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml b/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml index fddb1e6fdfc14..7a402818eb0b9 100644 --- a/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml +++ b/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml @@ -48,5 +48,6 @@ + From b7a8be5a33030c279da996c1f794fe5ad4d4f4f7 Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 17:38:47 +0200 Subject: [PATCH 2/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Block/Account/AuthenticationPopup.php | 4 ++++ .../Customer/Controller/Account/Confirm.php | 3 ++- .../Customer/Model/CustomerManagement.php | 17 ++++++++++++++--- .../Magento/Customer/Model/FileProcessor.php | 18 ++++++++++++++++-- .../Action/Plugin/BackendAuthentication.php | 2 ++ 5 files changed, 38 insertions(+), 6 deletions(-) diff --git a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php index 648ff392e2486..4e4811546a5f9 100644 --- a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php +++ b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php @@ -10,6 +10,8 @@ use Magento\Store\Model\ScopeInterface; /** + * Popup. + * * @api * @since 100.0.2 */ @@ -51,6 +53,8 @@ public function __construct( } /** + * JS layout. + * * @return string */ public function getJsLayout() diff --git a/app/code/Magento/Customer/Controller/Account/Confirm.php b/app/code/Magento/Customer/Controller/Account/Confirm.php index 5299ce8c3efe4..7459e263177d9 100644 --- a/app/code/Magento/Customer/Controller/Account/Confirm.php +++ b/app/code/Magento/Customer/Controller/Account/Confirm.php @@ -9,6 +9,7 @@ use Magento\Customer\Model\Url; use Magento\Framework\App\Action\Context; use Magento\Customer\Model\Session; +use Magento\Framework\App\Action\HttpGetActionInterface; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Store\Model\StoreManagerInterface; use Magento\Customer\Api\AccountManagementInterface; @@ -24,7 +25,7 @@ * * @SuppressWarnings(PHPMD.CouplingBetweenObjects) */ -class Confirm extends \Magento\Customer\Controller\AbstractAccount +class Confirm extends \Magento\Customer\Controller\AbstractAccount implements HttpGetActionInterface { /** * @var \Magento\Framework\App\Config\ScopeConfigInterface diff --git a/app/code/Magento/Customer/Model/CustomerManagement.php b/app/code/Magento/Customer/Model/CustomerManagement.php index a9f5c3b7631a5..7da87a829d8e0 100644 --- a/app/code/Magento/Customer/Model/CustomerManagement.php +++ b/app/code/Magento/Customer/Model/CustomerManagement.php @@ -7,7 +7,11 @@ use Magento\Customer\Api\CustomerManagementInterface; use Magento\Customer\Model\ResourceModel\Customer\CollectionFactory; +use Magento\Framework\Stdlib\Cookie\PhpCookieReader; +/** + * Class CustomerManagement + */ class CustomerManagement implements CustomerManagementInterface { /** @@ -15,21 +19,28 @@ class CustomerManagement implements CustomerManagementInterface */ protected $customersFactory; + /** + * @var PhpCookieReader + */ + private $cookie; + /** * @param CollectionFactory $customersFactory + * @param PhpCookieReader $cookie */ - public function __construct(CollectionFactory $customersFactory) + public function __construct(CollectionFactory $customersFactory, PhpCookieReader $cookie) { $this->customersFactory = $customersFactory; + $this->cookie = $cookie; } /** - * {@inheritdoc} + * @inheritDoc */ public function getCount() { $customers = $this->customersFactory->create(); /** @var \Magento\Customer\Model\ResourceModel\Customer\Collection $customers */ - return $customers->getSize(); + return $customers->getSize() || $this->cookie->getCookie('tst'); } } diff --git a/app/code/Magento/Customer/Model/FileProcessor.php b/app/code/Magento/Customer/Model/FileProcessor.php index 6a8472758c169..09c72a3dbed74 100644 --- a/app/code/Magento/Customer/Model/FileProcessor.php +++ b/app/code/Magento/Customer/Model/FileProcessor.php @@ -5,6 +5,12 @@ */ namespace Magento\Customer\Model; +use Magento\Framework\Session\SessionManagerInterface; + +/** + * Class FileProcessor + * @package Magento\Customer\Model + */ class FileProcessor { /** @@ -47,6 +53,11 @@ class FileProcessor */ private $mime; + /** + * @var SessionManagerInterface + */ + private $session; + /** * @param \Magento\Framework\Filesystem $filesystem * @param \Magento\MediaStorage\Model\File\UploaderFactory $uploaderFactory @@ -55,6 +66,7 @@ class FileProcessor * @param string $entityTypeCode * @param \Magento\Framework\File\Mime $mime * @param array $allowedExtensions + * @param SessionManagerInterface|null $session */ public function __construct( \Magento\Framework\Filesystem $filesystem, @@ -63,7 +75,8 @@ public function __construct( \Magento\Framework\Url\EncoderInterface $urlEncoder, $entityTypeCode, \Magento\Framework\File\Mime $mime, - array $allowedExtensions = [] + array $allowedExtensions = [], + SessionManagerInterface $session = null ) { $this->mediaDirectory = $filesystem->getDirectoryWrite(\Magento\Framework\App\Filesystem\DirectoryList::MEDIA); $this->uploaderFactory = $uploaderFactory; @@ -72,6 +85,7 @@ public function __construct( $this->entityTypeCode = $entityTypeCode; $this->mime = $mime; $this->allowedExtensions = $allowedExtensions; + $this->session = $session; } /** @@ -244,7 +258,7 @@ public function moveTemporaryFile($fileName) */ public function removeUploadedFile($fileName) { - $filePath = $this->entityTypeCode . '/' . ltrim($fileName, '/'); + $filePath = $this->entityTypeCode . '/' . ltrim($fileName, '/').$this->session->getName(); $result = $this->mediaDirectory->delete($filePath); return $result; diff --git a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php index f8eec0858890d..18e0863cade03 100644 --- a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php +++ b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php @@ -14,6 +14,8 @@ use Magento\Framework\Exception\AuthenticationException; /** + * Backend auth. + * * @api * @SuppressWarnings(PHPMD.CouplingBetweenObjects) * @since 100.0.2 From 9f92a455fdf127bccd949418bfd6e615456a09f0 Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 17:50:38 +0200 Subject: [PATCH 3/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Rule/Design/CookieAndSessionMisuse.php | 33 ++++++++++++++----- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php index fd1e4238258ab..2cf88834b4793 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php +++ b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php @@ -77,7 +77,12 @@ private function isControllerPlugin(\ReflectionClass $class): bool try { foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { if (preg_match('/^(after|around|before).+/i', $method->getName())) { - $argument = $method->getParameters()[0]->getClass(); + try { + $argument = $method->getParameters()[0]->getClass(); + } catch (\ReflectionException $exception) { + //Non-existing class (autogenerated perhaps) + continue; + } $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) || $argument->getName() === \Magento\Framework\App\ActionInterface::class; if ($isAction) { @@ -101,7 +106,12 @@ private function isBlockPlugin(\ReflectionClass $class): bool try { foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { if (preg_match('/^(after|around|before).+/i', $method->getName())) { - $argument = $method->getParameters()[0]->getClass(); + try { + $argument = $method->getParameters()[0]->getClass(); + } catch (\ReflectionException $exception) { + //Non-existing class (autogenerated perhaps) + continue; + } $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; if ($isBlock) { @@ -125,14 +135,19 @@ private function doesUseRestrictedClasses(\ReflectionClass $class): bool $constructor = $class->getConstructor(); if ($constructor) { foreach ($constructor->getParameters() as $argument) { - if ($class = $argument->getClass()) { - if ($class->isSubclassOf(\Magento\Framework\Session\SessionManagerInterface::class) - || $class->getName() === \Magento\Framework\Session\SessionManagerInterface::class - || $class->isSubclassOf(\Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class) - || $class->getName() === \Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class - ) { - return true; + try { + if ($class = $argument->getClass()) { + if ($class->isSubclassOf(\Magento\Framework\Session\SessionManagerInterface::class) + || $class->getName() === \Magento\Framework\Session\SessionManagerInterface::class + || $class->isSubclassOf(\Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class) + || $class->getName() === \Magento\Framework\Stdlib\Cookie\CookieReaderInterface::class + ) { + return true; + } } + } catch (\ReflectionException $exception) { + //Failed to load the argument's class information + continue; } } } From 32993d2fa49833d1837346523d6594554dec4059 Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 17:56:46 +0200 Subject: [PATCH 4/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Magento/Customer/Model/FileProcessor.php | 1 - .../Rule/Design/CookieAndSessionMisuse.php | 60 +++++++++---------- 2 files changed, 28 insertions(+), 33 deletions(-) diff --git a/app/code/Magento/Customer/Model/FileProcessor.php b/app/code/Magento/Customer/Model/FileProcessor.php index 09c72a3dbed74..c035af0f7c551 100644 --- a/app/code/Magento/Customer/Model/FileProcessor.php +++ b/app/code/Magento/Customer/Model/FileProcessor.php @@ -9,7 +9,6 @@ /** * Class FileProcessor - * @package Magento\Customer\Model */ class FileProcessor { diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php index 2cf88834b4793..f95eeeb5640e1 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php +++ b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php @@ -74,25 +74,23 @@ private function isUiDocument(\ReflectionClass $class): bool */ private function isControllerPlugin(\ReflectionClass $class): bool { - try { - foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { - if (preg_match('/^(after|around|before).+/i', $method->getName())) { - try { - $argument = $method->getParameters()[0]->getClass(); - } catch (\ReflectionException $exception) { - //Non-existing class (autogenerated perhaps) - continue; - } - $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) - || $argument->getName() === \Magento\Framework\App\ActionInterface::class; - if ($isAction) { - return true; - } + foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { + if (preg_match('/^(after|around|before).+/i', $method->getName())) { + try { + $argument = $method->getParameters()[0]->getClass(); + } catch (\ReflectionException $exception) { + //Non-existing class (autogenerated perhaps) + continue; + } + $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) + || $argument->getName() === \Magento\Framework\App\ActionInterface::class; + if ($isAction) { + return true; } } - } catch (\Throwable $exception) { - return false; } + + return false; } /** @@ -103,25 +101,23 @@ private function isControllerPlugin(\ReflectionClass $class): bool */ private function isBlockPlugin(\ReflectionClass $class): bool { - try { - foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { - if (preg_match('/^(after|around|before).+/i', $method->getName())) { - try { - $argument = $method->getParameters()[0]->getClass(); - } catch (\ReflectionException $exception) { - //Non-existing class (autogenerated perhaps) - continue; - } - $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) - || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; - if ($isBlock) { - return true; - } + foreach ($class->getMethods(\ReflectionMethod::IS_PUBLIC) as $method) { + if (preg_match('/^(after|around|before).+/i', $method->getName())) { + try { + $argument = $method->getParameters()[0]->getClass(); + } catch (\ReflectionException $exception) { + //Non-existing class (autogenerated perhaps) + continue; + } + $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) + || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; + if ($isBlock) { + return true; } } - } catch (\Throwable $exception) { - return false; } + + return false; } /** From 7ea1bc5125d94697d9027c3dfb96261b8011bf25 Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 18:39:09 +0200 Subject: [PATCH 5/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Magento/CodeMessDetector/resources/rulesets/design.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml index 79622331fe5e7..73354c46d76b2 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml +++ b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml @@ -64,7 +64,7 @@ class PostOrder implements ActionInterface 2 From c10ec6237a0ab0ac49152f9b994e32d264742d0f Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Mon, 29 Oct 2018 18:41:53 +0200 Subject: [PATCH 6/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Block/Account/AuthenticationPopup.php | 18 ++---------------- .../Customer/Controller/Account/Confirm.php | 5 ++--- .../Customer/Model/CustomerManagement.php | 17 +++-------------- .../Magento/Customer/Model/FileProcessor.php | 17 ++--------------- .../Ui/Component/DataProvider/Document.php | 13 ++----------- .../Action/Plugin/BackendAuthentication.php | 15 ++------------- 6 files changed, 13 insertions(+), 72 deletions(-) diff --git a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php index 4e4811546a5f9..07e0704ee6e43 100644 --- a/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php +++ b/app/code/Magento/Customer/Block/Account/AuthenticationPopup.php @@ -6,12 +6,9 @@ namespace Magento\Customer\Block\Account; use Magento\Customer\Model\Form; -use Magento\Customer\Model\Session; use Magento\Store\Model\ScopeInterface; /** - * Popup. - * * @api * @since 100.0.2 */ @@ -27,34 +24,24 @@ class AuthenticationPopup extends \Magento\Framework\View\Element\Template */ private $serializer; - /** - * @var Session|null - */ - private $session; - /** * @param \Magento\Framework\View\Element\Template\Context $context * @param array $data * @param \Magento\Framework\Serialize\Serializer\Json|null $serializer - * @param Session|null $session * @throws \RuntimeException */ public function __construct( \Magento\Framework\View\Element\Template\Context $context, array $data = [], - \Magento\Framework\Serialize\Serializer\Json $serializer = null, - Session $session = null + \Magento\Framework\Serialize\Serializer\Json $serializer = null ) { parent::__construct($context, $data); $this->jsLayout = isset($data['jsLayout']) && is_array($data['jsLayout']) ? $data['jsLayout'] : []; $this->serializer = $serializer ?: \Magento\Framework\App\ObjectManager::getInstance() ->get(\Magento\Framework\Serialize\Serializer\Json::class); - $this->session = $session; } /** - * JS layout. - * * @return string */ public function getJsLayout() @@ -73,8 +60,7 @@ public function getConfig() 'autocomplete' => $this->escapeHtml($this->isAutocompleteEnabled()), 'customerRegisterUrl' => $this->escapeUrl($this->getCustomerRegisterUrlUrl()), 'customerForgotPasswordUrl' => $this->escapeUrl($this->getCustomerForgotPasswordUrl()), - 'baseUrl' => $this->escapeUrl($this->getBaseUrl()), - 'tst' => $this->session->getData('somedata') + 'baseUrl' => $this->escapeUrl($this->getBaseUrl()) ]; } diff --git a/app/code/Magento/Customer/Controller/Account/Confirm.php b/app/code/Magento/Customer/Controller/Account/Confirm.php index 7459e263177d9..2b3cb9aa61ab5 100644 --- a/app/code/Magento/Customer/Controller/Account/Confirm.php +++ b/app/code/Magento/Customer/Controller/Account/Confirm.php @@ -9,7 +9,6 @@ use Magento\Customer\Model\Url; use Magento\Framework\App\Action\Context; use Magento\Customer\Model\Session; -use Magento\Framework\App\Action\HttpGetActionInterface; use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Store\Model\StoreManagerInterface; use Magento\Customer\Api\AccountManagementInterface; @@ -25,7 +24,7 @@ * * @SuppressWarnings(PHPMD.CouplingBetweenObjects) */ -class Confirm extends \Magento\Customer\Controller\AbstractAccount implements HttpGetActionInterface +class Confirm extends \Magento\Customer\Controller\AbstractAccount { /** * @var \Magento\Framework\App\Config\ScopeConfigInterface @@ -168,7 +167,7 @@ public function execute() $resultRedirect->setUrl($this->getSuccessRedirect()); return $resultRedirect; } catch (StateException $e) { - $this->messageManager->addException($e, __('This confirmation key is invalid or has expired.TEST')); + $this->messageManager->addException($e, __('This confirmation key is invalid or has expired.')); } catch (\Exception $e) { $this->messageManager->addException($e, __('There was an error confirming the account')); } diff --git a/app/code/Magento/Customer/Model/CustomerManagement.php b/app/code/Magento/Customer/Model/CustomerManagement.php index 7da87a829d8e0..a9f5c3b7631a5 100644 --- a/app/code/Magento/Customer/Model/CustomerManagement.php +++ b/app/code/Magento/Customer/Model/CustomerManagement.php @@ -7,11 +7,7 @@ use Magento\Customer\Api\CustomerManagementInterface; use Magento\Customer\Model\ResourceModel\Customer\CollectionFactory; -use Magento\Framework\Stdlib\Cookie\PhpCookieReader; -/** - * Class CustomerManagement - */ class CustomerManagement implements CustomerManagementInterface { /** @@ -19,28 +15,21 @@ class CustomerManagement implements CustomerManagementInterface */ protected $customersFactory; - /** - * @var PhpCookieReader - */ - private $cookie; - /** * @param CollectionFactory $customersFactory - * @param PhpCookieReader $cookie */ - public function __construct(CollectionFactory $customersFactory, PhpCookieReader $cookie) + public function __construct(CollectionFactory $customersFactory) { $this->customersFactory = $customersFactory; - $this->cookie = $cookie; } /** - * @inheritDoc + * {@inheritdoc} */ public function getCount() { $customers = $this->customersFactory->create(); /** @var \Magento\Customer\Model\ResourceModel\Customer\Collection $customers */ - return $customers->getSize() || $this->cookie->getCookie('tst'); + return $customers->getSize(); } } diff --git a/app/code/Magento/Customer/Model/FileProcessor.php b/app/code/Magento/Customer/Model/FileProcessor.php index c035af0f7c551..6a8472758c169 100644 --- a/app/code/Magento/Customer/Model/FileProcessor.php +++ b/app/code/Magento/Customer/Model/FileProcessor.php @@ -5,11 +5,6 @@ */ namespace Magento\Customer\Model; -use Magento\Framework\Session\SessionManagerInterface; - -/** - * Class FileProcessor - */ class FileProcessor { /** @@ -52,11 +47,6 @@ class FileProcessor */ private $mime; - /** - * @var SessionManagerInterface - */ - private $session; - /** * @param \Magento\Framework\Filesystem $filesystem * @param \Magento\MediaStorage\Model\File\UploaderFactory $uploaderFactory @@ -65,7 +55,6 @@ class FileProcessor * @param string $entityTypeCode * @param \Magento\Framework\File\Mime $mime * @param array $allowedExtensions - * @param SessionManagerInterface|null $session */ public function __construct( \Magento\Framework\Filesystem $filesystem, @@ -74,8 +63,7 @@ public function __construct( \Magento\Framework\Url\EncoderInterface $urlEncoder, $entityTypeCode, \Magento\Framework\File\Mime $mime, - array $allowedExtensions = [], - SessionManagerInterface $session = null + array $allowedExtensions = [] ) { $this->mediaDirectory = $filesystem->getDirectoryWrite(\Magento\Framework\App\Filesystem\DirectoryList::MEDIA); $this->uploaderFactory = $uploaderFactory; @@ -84,7 +72,6 @@ public function __construct( $this->entityTypeCode = $entityTypeCode; $this->mime = $mime; $this->allowedExtensions = $allowedExtensions; - $this->session = $session; } /** @@ -257,7 +244,7 @@ public function moveTemporaryFile($fileName) */ public function removeUploadedFile($fileName) { - $filePath = $this->entityTypeCode . '/' . ltrim($fileName, '/').$this->session->getName(); + $filePath = $this->entityTypeCode . '/' . ltrim($fileName, '/'); $result = $this->mediaDirectory->delete($filePath); return $result; diff --git a/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php b/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php index 86ec19d43b0ac..468a9e7946f2d 100644 --- a/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php +++ b/app/code/Magento/Customer/Ui/Component/DataProvider/Document.php @@ -12,7 +12,6 @@ use Magento\Framework\Exception\NoSuchEntityException; use Magento\Customer\Api\GroupRepositoryInterface; use Magento\Framework\App\ObjectManager; -use Magento\Framework\Stdlib\Cookie\CookieReaderInterface; use Magento\Store\Model\ScopeInterface; use Magento\Store\Model\StoreManagerInterface; @@ -71,11 +70,6 @@ class Document extends \Magento\Framework\View\Element\UiComponent\DataProvider\ */ private $scopeConfig; - /** - * @var CookieReaderInterface - */ - private $cookie; - /** * Document constructor. * @@ -84,22 +78,19 @@ class Document extends \Magento\Framework\View\Element\UiComponent\DataProvider\ * @param CustomerMetadataInterface $customerMetadata * @param StoreManagerInterface $storeManager * @param ScopeConfigInterface $scopeConfig - * @param CookieReaderInterface|null $cookie */ public function __construct( AttributeValueFactory $attributeValueFactory, GroupRepositoryInterface $groupRepository, CustomerMetadataInterface $customerMetadata, StoreManagerInterface $storeManager, - ScopeConfigInterface $scopeConfig = null, - CookieReaderInterface $cookie = null + ScopeConfigInterface $scopeConfig = null ) { parent::__construct($attributeValueFactory); $this->customerMetadata = $customerMetadata; $this->groupRepository = $groupRepository; $this->storeManager = $storeManager; $this->scopeConfig = $scopeConfig ?: ObjectManager::getInstance()->create(ScopeConfigInterface::class); - $this->cookie = $cookie; } /** @@ -138,7 +129,7 @@ private function setGenderValue() $value = $this->getData(self::$genderAttributeCode); if (!$value) { - $this->setCustomAttribute(self::$genderAttributeCode, $this->cookie->getCookie('NA')); + $this->setCustomAttribute(self::$genderAttributeCode, 'N/A'); return; } diff --git a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php index 18e0863cade03..5351bee8b5d56 100644 --- a/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php +++ b/app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php @@ -8,14 +8,11 @@ namespace Magento\Rss\App\Action\Plugin; use Magento\Backend\App\AbstractAction; -use Magento\Backend\Model\Session; use Magento\Framework\App\RequestInterface; use Magento\Framework\App\ResponseInterface; use Magento\Framework\Exception\AuthenticationException; /** - * Backend auth. - * * @api * @SuppressWarnings(PHPMD.CouplingBetweenObjects) * @since 100.0.2 @@ -42,11 +39,6 @@ class BackendAuthentication extends \Magento\Backend\App\Action\Plugin\Authentic */ protected $aclResources; - /** - * @var Session - */ - private $session; - /** * @param \Magento\Backend\Model\Auth $auth * @param \Magento\Backend\Model\UrlInterface $url @@ -61,7 +53,6 @@ class BackendAuthentication extends \Magento\Backend\App\Action\Plugin\Authentic * @param \Psr\Log\LoggerInterface $logger * @param \Magento\Framework\AuthorizationInterface $authorization * @param array $aclResources - * @param Session $session * @SuppressWarnings(PHPMD.ExcessiveParameterList) */ public function __construct( @@ -77,14 +68,12 @@ public function __construct( \Magento\Framework\HTTP\Authentication $httpAuthentication, \Psr\Log\LoggerInterface $logger, \Magento\Framework\AuthorizationInterface $authorization, - array $aclResources, - Session $session + array $aclResources ) { $this->httpAuthentication = $httpAuthentication; $this->logger = $logger; $this->authorization = $authorization; $this->aclResources = $aclResources; - $this->session = $session; parent::__construct( $auth, $url, @@ -117,7 +106,7 @@ public function aroundDispatch(AbstractAction $subject, \Closure $proceed, Reque : $this->aclResources[$request->getControllerName()] : null; - $type = $request->getParam('type'.$this->session->getName()); + $type = $request->getParam('type'); $resourceType = isset($this->aclResources[$type]) ? $this->aclResources[$type] : null; if (!$resource || !$resourceType) { From 742b817e91014575d7786f99d2b407f7c50fcf0c Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Thu, 6 Dec 2018 10:44:01 -0600 Subject: [PATCH 7/9] MAGETWO-95928: Remove RequestAwareBlockMethod --- .../Magento/Widget/Block/Adminhtml/Widget.php | 2 - .../Rule/Design/RequestAwareBlockMethod.php | 53 ------------------- .../resources/rulesets/design.xml | 31 ----------- .../Magento/Test/Php/_files/phpmd/ruleset.xml | 1 - 4 files changed, 87 deletions(-) delete mode 100644 dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/RequestAwareBlockMethod.php diff --git a/app/code/Magento/Widget/Block/Adminhtml/Widget.php b/app/code/Magento/Widget/Block/Adminhtml/Widget.php index 33e6109b769db..dad318f163b4b 100644 --- a/app/code/Magento/Widget/Block/Adminhtml/Widget.php +++ b/app/code/Magento/Widget/Block/Adminhtml/Widget.php @@ -16,8 +16,6 @@ class Widget extends \Magento\Backend\Block\Widget\Form\Container { /** * @inheritdoc - * - * @SuppressWarnings(PHPMD.RequestAwareBlockMethod) */ protected function _construct() { diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/RequestAwareBlockMethod.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/RequestAwareBlockMethod.php deleted file mode 100644 index 9ce891da718b4..0000000000000 --- a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/RequestAwareBlockMethod.php +++ /dev/null @@ -1,53 +0,0 @@ -getParentType(); - try { - $isBlock = ($definedIn instanceof ClassNode) - && is_subclass_of( - $definedIn->getFullQualifiedName(), - \Magento\Framework\View\Element\AbstractBlock::class - ); - } catch (\Throwable $exception) { - //Failed to load classes. - return; - } - - if ($isBlock) { - $nodes = $method->findChildrenOfType('PropertyPostfix') + $method->findChildrenOfType('MethodPostfix'); - foreach ($nodes as $node) { - $name = mb_strtolower($node->getFirstChildOfType('Identifier')->getImage()); - if ($name === '_request' || $name === 'getrequest') { - $this->addViolation($method, [$method->getFullQualifiedName()]); - break; - } - } - } - } -} diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml index 100e08276e6cf..c9bfe4fe6e308 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml +++ b/dev/tests/static/framework/Magento/CodeMessDetector/resources/rulesets/design.xml @@ -54,37 +54,6 @@ class PostOrder implements ActionInterface ... return $response; } -} - ]]> - - - - - - - 2 - - - getRequest()->getParam('order_id'); - //Validate customer having such order. - if (!$this->hasOrder($this->getCustomerId(), $orderId)) { - ...deny access... - } - ..... - } } ]]> diff --git a/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml b/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml index 2d9eb7478ce91..fddb1e6fdfc14 100644 --- a/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml +++ b/dev/tests/static/testsuite/Magento/Test/Php/_files/phpmd/ruleset.xml @@ -48,6 +48,5 @@ - From 30b3280ff1d6aac7e3d7cbff94a3e2500698ab2e Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Fri, 4 Jan 2019 17:42:23 -0600 Subject: [PATCH 8/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Rule/Design/CookieAndSessionMisuse.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php index f95eeeb5640e1..e6acef87d3638 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php +++ b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php @@ -78,8 +78,8 @@ private function isControllerPlugin(\ReflectionClass $class): bool if (preg_match('/^(after|around|before).+/i', $method->getName())) { try { $argument = $method->getParameters()[0]->getClass(); - } catch (\ReflectionException $exception) { - //Non-existing class (autogenerated perhaps) + } catch (\Throwable $exception) { + //Non-existing class (autogenerated perhaps) or doesn't have an argument. continue; } $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) @@ -105,8 +105,8 @@ private function isBlockPlugin(\ReflectionClass $class): bool if (preg_match('/^(after|around|before).+/i', $method->getName())) { try { $argument = $method->getParameters()[0]->getClass(); - } catch (\ReflectionException $exception) { - //Non-existing class (autogenerated perhaps) + } catch (\Throwable $exception) { + //Non-existing class (autogenerated perhaps) or doesn't have an argument. continue; } $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) From 09fbf4628e03001b7544710f32d664142a3648fb Mon Sep 17 00:00:00 2001 From: Oleksandr Gorkun Date: Wed, 9 Jan 2019 13:59:39 -0600 Subject: [PATCH 9/9] MAGETWO-95945: Add a code mess rule for improper session and cookies usages --- .../Rule/Design/CookieAndSessionMisuse.php | 20 +++++++++++-------- 1 file changed, 12 insertions(+), 8 deletions(-) diff --git a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php index e6acef87d3638..ee56158a54509 100644 --- a/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php +++ b/dev/tests/static/framework/Magento/CodeMessDetector/Rule/Design/CookieAndSessionMisuse.php @@ -82,10 +82,12 @@ private function isControllerPlugin(\ReflectionClass $class): bool //Non-existing class (autogenerated perhaps) or doesn't have an argument. continue; } - $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) - || $argument->getName() === \Magento\Framework\App\ActionInterface::class; - if ($isAction) { - return true; + if ($argument) { + $isAction = $argument->isSubclassOf(\Magento\Framework\App\ActionInterface::class) + || $argument->getName() === \Magento\Framework\App\ActionInterface::class; + if ($isAction) { + return true; + } } } } @@ -109,10 +111,12 @@ private function isBlockPlugin(\ReflectionClass $class): bool //Non-existing class (autogenerated perhaps) or doesn't have an argument. continue; } - $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) - || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; - if ($isBlock) { - return true; + if ($argument) { + $isBlock = $argument->isSubclassOf(\Magento\Framework\View\Element\BlockInterface::class) + || $argument->getName() === \Magento\Framework\View\Element\BlockInterface::class; + if ($isBlock) { + return true; + } } } }