AC-11831 improve product custom option validation

tranthienbinh1989 · tranthienbinh1989 · commit e987ab9af827 · 2024-04-23T12:53:31.000-05:00
diff --git a/app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php b/app/code/Magento/Catalog/Model/Product/Option/Type/File/ValidatorInfo.php
@@ -20,6 +20,11 @@
  */
 class ValidatorInfo extends Validator
 {
+    /**
+     * @var string
+     */
+    private const PATH_PREFIX = 'custom_options';
+
     /**
      * @var Database
      */
@@ -49,6 +54,7 @@ class ValidatorInfo extends Validator
      * @var IoFile
      */
     private $ioFile;
+
     /**
      * @var NotProtectedExtension
      */
@@ -146,13 +152,19 @@ public function validate($optionValue, $option)
     private function validatePath(array $optionValuePath): bool
     {
         foreach ([$optionValuePath['quote_path'], $optionValuePath['order_path']] as $path) {
+            if (strpos($path, self::PATH_PREFIX) !== 0) {
+                return false;
+            }
+
             $pathInfo = $this->ioFile->getPathInfo($path);
-            if (isset($pathInfo['extension'])) {
-                if (!$this->fileValidator->isValid($pathInfo['extension'])) {
-                    return false;
-                }
+
+            if (isset($pathInfo['extension'])
+                && ($pathInfo['extension'] === '' || !$this->fileValidator->isValid($pathInfo['extension']))
+            ) {
+                return false;
             }
         }
+
         return true;
     }
 
diff --git a/pub/media/.htaccess b/pub/media/.htaccess
@@ -11,7 +11,7 @@ Options -Indexes
 AddHandler cgi-script .php .pl .py .jsp .asp .htm .shtml .sh .cgi
 Options -ExecCGI
 
-<FilesMatch ".+\.(ph(p[3457]?|t|tml)|[aj]sp|p[ly]|sh|cgi|shtml?|html?)$">
+<FilesMatch ".*\.(ph(p[3457]?|t|tml)|[aj]sp|p[ly]|sh|cgi|shtml?|html?)$">
 SetHandler default-handler
 </FilesMatch>
 
