Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Admin user can call arbitrary Module class's constructor via Cart Pri… #35588

Closed
wants to merge 1 commit into from
Closed

Admin user can call arbitrary Module class's constructor via Cart Pri… #35588

wants to merge 1 commit into from

Conversation

SergeyP18
Copy link

@SergeyP18 SergeyP18 commented Jun 7, 2022
edited by ihor-sviziev
Loading

…ce Rule #35135

Redefined the check of the using class

Description (*)

Related Pull Requests

Fixed Issues (if relevant)

  1. Fixes Admin user can call arbitrary Module class's constructor via Cart Price Rules  #35135

Manual testing scenarios (*)

  1. ...
  2. ...

Questions or comments

Contribution checklist (*)

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • README.md files for modified modules are updated and included in the pull request if any README.md predefined sections require an update
  • All automated tests passed successfully (all builds are green)

@m2-assistant
Copy link

m2-assistant bot commented Jun 7, 2022

Hi @SergeyP18. Thank you for your contribution
Here are some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento give me test instance - deploy test instance based on PR changes
  • @magento give me 2.4-develop instance - deploy vanilla Magento instance

❗ Automated tests can be triggered manually with an appropriate comment:

  • @magento run all tests - run or re-run all required tests against the PR changes
  • @magento run <test-build(s)> - run or re-run specific test build(s)
    For example: @magento run Unit Tests

<test-build(s)> is a comma-separated list of build names. Allowed build names are:

  1. Database Compare
  2. Functional Tests CE
  3. Functional Tests EE,
  4. Functional Tests B2B
  5. Integration Tests
  6. Magento Health Index
  7. Sample Data Tests CE
  8. Sample Data Tests EE
  9. Sample Data Tests B2B
  10. Static Tests
  11. Unit Tests
  12. WebAPI Tests
  13. Semantic Version Checker

You can find more information about the builds here

ℹ️ Run only required test builds during development. Run all test builds before sending your pull request for review.

For more details, review the Magento Contributor Guide documentation.

⚠️ According to the Magento Contribution requirements, all Pull Requests must go through the Community Contributions Triage process. Community Contributions Triage is a public meeting.

🕙 You can find the schedule on the Magento Community Calendar page.

📞 The triage of Pull Requests happens in the queue order. If you want to speed up the delivery of your contribution, join the Community Contributions Triage session to discuss the appropriate ticket.

✏️ Feel free to post questions/proposals/feedback related to the Community Contributions Triage process to the corresponding Slack Channel

@m2-community-project m2-community-project bot added the Priority: P1 Once P0 defects have been fixed, a defect having this priority is the next candidate for fixing. label Jun 7, 2022
@ihor-sviziev
Copy link
Contributor

ihor-sviziev commented Jun 23, 2022
edited
Loading

Hi @SergeyP18,
You created 2 PRs with a different list of changes for fixing the same issue - #35588 and #35589.

Could you explain which one we should review?

@engcom-Hotel engcom-Hotel self-requested a review May 11, 2023 10:32
engcom-Hotel
engcom-Hotel requested changes May 11, 2023
View reviewed changes
Copy link
Contributor

@engcom-Hotel engcom-Hotel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hello @SergeyP18,

Thanks for the contribution!

After looking into the code changes, it seems that the issue is fixed and merged with the 2.4-develop branch. Can you please try to resolve the conflicts, so that we can move further with this PR?

Thanks

@engcom-Dash
Copy link
Contributor

Hello @SergeyP18,

Thank you for your contribution!

Can you please resolve the conflicts in order to proceed further.

Thank you!

@engcom-Dash
Copy link
Contributor

engcom-Dash commented Sep 30, 2024
edited
Loading

@SergeyP18 - Closing this PR due to no response to the last comment. Feel free to reopen it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@engcom-Hotel engcom-Hotel engcom-Hotel requested changes

Assignees

@engcom-Hotel engcom-Hotel

Labels
Priority: P1 Once P0 defects have been fixed, a defect having this priority is the next candidate for fixing.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Admin user can call arbitrary Module class's constructor via Cart Price Rules
4 participants
@SergeyP18 @ihor-sviziev @engcom-Dash @engcom-Hotel