Merge pull request #10227 from adobe-commerce-tier-4/PR_2025_11_20_flowers

[Support Tier-4 flowers] 11-20-2025 Regular delivery of bugfixes and improvements

Author: alzota

app/code/Magento/Customer/Block/Widget/Dob.php

@@ -410,19 +410,25 @@ public function getTranslatedCalendarConfigJson(): string
         $localeData = (new DataBundle())->get($this->localeResolver->getLocale());
         $monthsData = $localeData['calendar']['gregorian']['monthNames'];
         $daysData = $localeData['calendar']['gregorian']['dayNames'];
-
+        $monthsFormat = $monthsData['format'];
+        $daysFormat = $daysData['format'];
+        $monthsAbbreviated = $monthsFormat['abbreviated'];
+        $monthsShort = $monthsAbbreviated ?? $monthsFormat['wide'];
+        $daysAbbreviated = $daysFormat['abbreviated'];
+        $daysShort = $daysAbbreviated ?? $daysFormat['wide'];
+        $daysShortFormat = $daysFormat['short'];
+        $daysMin = $daysShortFormat ?? $daysShort;
         return $this->encoder->encode(
             [
                 'closeText' => __('Done'),
                 'prevText' => __('Prev'),
                 'nextText' => __('Next'),
                 'currentText' => __('Today'),
-                'monthNames' => array_values(iterator_to_array($monthsData['format']['wide'])),
-                'monthNamesShort' => array_values(iterator_to_array($monthsData['format']['abbreviated'])),
-                'dayNames' => array_values(iterator_to_array($daysData['format']['wide'])),
-                'dayNamesShort' => array_values(iterator_to_array($daysData['format']['abbreviated'])),
-                'dayNamesMin' =>
-                 array_values(iterator_to_array(($daysData['format']['short']) ?: $daysData['format']['abbreviated'])),
+                'monthNames' => array_values(iterator_to_array($monthsFormat['wide'])),
+                'monthNamesShort' => array_values(iterator_to_array($monthsShort)),
+                'dayNames' => array_values(iterator_to_array($daysFormat['wide'])),
+                'dayNamesShort' => array_values(iterator_to_array($daysShort)),
+                'dayNamesMin' => array_values(iterator_to_array($daysMin)),
             ]
         );
     }

app/code/Magento/Customer/Plugin/ValidateDobOnSave.php

@@ -14,7 +14,11 @@
 use Magento\Framework\Exception\InputException;
 use Magento\Framework\Serialize\Serializer\Json as JsonSerializer;
 use Magento\Framework\Stdlib\DateTime;
+use Magento\Framework\Locale\ResolverInterface;
 
+/**
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class ValidateDobOnSave
 {
     /**
@@ -27,16 +31,24 @@ class ValidateDobOnSave
      */
     private $json;
 
+    /**
+     * @var ResolverInterface
+     */
+    private $localeResolver;
+
     /**
      * @param EavConfig $eavConfig
      * @param JsonSerializer $json
+     * @param ResolverInterface $localeResolver
      */
     public function __construct(
         EavConfig $eavConfig,
-        JsonSerializer $json
+        JsonSerializer $json,
+        ResolverInterface $localeResolver
     ) {
         $this->eavConfig = $eavConfig;
         $this->json = $json;
+        $this->localeResolver = $localeResolver;
     }
 
     /**
@@ -67,8 +79,9 @@ public function aroundSave(
         }
 
         if ($dobDate) {
+            $normalizedDob = $dobDate->format(DateTime::DATE_PHP_FORMAT);
+            $customer->setDob($normalizedDob);
             $attr = $this->eavConfig->getAttribute('customer', 'dob');
-
             $rules = $attr->getData('validate_rules');
             if (is_string($rules) && $rules !== '') {
                 try {
@@ -127,9 +140,21 @@ private function parseDate($value): ?\DateTimeImmutable
             $seconds = ($intVal >= 10000000000) ? intdiv($intVal, 1000) : $intVal;
             return (new \DateTimeImmutable('@' . $seconds))->setTimezone(new \DateTimeZone('UTC'));
         }
+        $stringValue = (string)$value;
+        $locale = $this->localeResolver->getLocale();
+        $formatter = new \IntlDateFormatter(
+            $locale,
+            \IntlDateFormatter::SHORT,
+            \IntlDateFormatter::NONE
+        );
+        $formatter->setPattern(DateTime::DATE_INTERNAL_FORMAT);
+        $timestamp = $formatter->parse($stringValue);
+        if ($timestamp !== false) {
+            return new \DateTimeImmutable('@' . $timestamp);
+        }
 
         try {
-            return new \DateTimeImmutable((string)$value);
+            return new \DateTimeImmutable($stringValue);
         } catch (\Exception $e) {
             return null;
         }

app/code/Magento/Customer/Test/Unit/Block/Widget/DobTest.php

@@ -447,17 +447,14 @@ protected function getValidationRuleClass($type)
             $validationRule->expects($this->any())
                 ->method('getValue')
                 ->willReturn(strtotime(self::MIN_DATE));
-        }
-        elseif ($type=="MAX") {
+        } elseif ($type=="MAX") {
             $validationRule->expects($this->any())
                 ->method('getName')
                 ->willReturn(Dob::MAX_DATE_RANGE_KEY);
             $validationRule->expects($this->any())
                 ->method('getValue')
                 ->willReturn(strtotime(self::MAX_DATE));
         }
-
-
         return $validationRule;
     }
 
@@ -713,6 +710,25 @@ public static function getTranslatedCalendarConfigJsonDataProvider()
                 'expectedJson' => '{"closeText":"Done","prevText":"Prev","nextText":"Next","currentText":"Today","monthNames":["Januar","Februar","M\u00e4rz","April","Mai","Juni","Juli","August","September","Oktober","November","Dezember"],"monthNamesShort":["Jan.","Feb.","M\u00e4rz","Apr.","Mai","Juni","Juli","Aug.","Sept.","Okt.","Nov.","Dez."],"dayNames":["Sonntag","Montag","Dienstag","Mittwoch","Donnerstag","Freitag","Samstag"],"dayNamesShort":["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."],"dayNamesMin":["So.","Mo.","Di.","Mi.","Do.","Fr.","Sa."]}'
                 // phpcs:enable Generic.Files.LineLength.TooLong
             ],
+            [
+                'locale' => 'ar_SA',
+                'expectedArray' => [
+                    'closeText' => 'Done',
+                    'prevText' => 'Prev',
+                    'nextText' => 'Next',
+                    'currentText' => 'Today',
+                    'monthNames' => ['يناير', 'فبراير', 'مارس', 'أبريل', 'مايو', 'يونيو', 'يوليو', 'أغسطس', 'سبتمبر',
+                        'أكتوبر', 'نوفمبر', 'ديسمبر'],
+                    'monthNamesShort' => ['يناير', 'فبراير', 'مارس', 'أبريل', 'مايو', 'يونيو', 'يوليو', 'أغسطس',
+                        'سبتمبر', 'أكتوبر', 'نوفمبر', 'ديسمبر'],
+                    'dayNames' => ['الأحد', 'الاثنين', 'الثلاثاء', 'الأربعاء', 'الخميس', 'الجمعة', 'السبت'],
+                    'dayNamesShort' => ['الأحد', 'الاثنين', 'الثلاثاء', 'الأربعاء', 'الخميس', 'الجمعة', 'السبت'],
+                    'dayNamesMin' => ['أحد', 'إثنين', 'ثلاثاء', 'أربعاء', 'خميس', 'جمعة', 'سبت'],
+                ],
+                // phpcs:disable Generic.Files.LineLength.TooLong
+                'expectedJson' => '{"closeText":"Done","prevText":"Prev","nextText":"Next","currentText":"Today","monthNames":["\u064a\u0646\u0627\u064a\u0631","\u0641\u0628\u0631\u0627\u064a\u0631","\u0645\u0627\u0631\u0633","\u0623\u0628\u0631\u064a\u0644","\u0645\u0627\u064a\u0648","\u064a\u0648\u0646\u064a\u0648","\u064a\u0648\u0644\u064a\u0648","\u0623\u063a\u0633\u0637\u0633","\u0633\u0628\u062a\u0645\u0628\u0631","\u0623\u0643\u062a\u0648\u0628\u0631","\u0646\u0648\u0641\u0645\u0628\u0631","\u062f\u064a\u0633\u0645\u0628\u0631"],"monthNamesShort":["\u064a\u0646\u0627\u064a\u0631","\u0641\u0628\u0631\u0627\u064a\u0631","\u0645\u0627\u0631\u0633","\u0623\u0628\u0631\u064a\u0644","\u0645\u0627\u064a\u0648","\u064a\u0648\u0646\u064a\u0648","\u064a\u0648\u0644\u064a\u0648","\u0623\u063a\u0633\u0637\u0633","\u0633\u0628\u062a\u0645\u0628\u0631","\u0623\u0643\u062a\u0648\u0628\u0631","\u0646\u0648\u0641\u0645\u0628\u0631","\u062f\u064a\u0633\u0645\u0628\u0631"],"dayNames":["\u0627\u0644\u0623\u062d\u062f","\u0627\u0644\u0627\u062b\u0646\u064a\u0646","\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621","\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621","\u0627\u0644\u062e\u0645\u064a\u0633","\u0627\u0644\u062c\u0645\u0639\u0629","\u0627\u0644\u0633\u0628\u062a"],"dayNamesShort":["\u0627\u0644\u0623\u062d\u062f","\u0627\u0644\u0627\u062b\u0646\u064a\u0646","\u0627\u0644\u062b\u0644\u0627\u062b\u0627\u0621","\u0627\u0644\u0623\u0631\u0628\u0639\u0627\u0621","\u0627\u0644\u062e\u0645\u064a\u0633","\u0627\u0644\u062c\u0645\u0639\u0629","\u0627\u0644\u0633\u0628\u062a"],"dayNamesMin":["\u0623\u062d\u062f","\u0625\u062b\u0646\u064a\u0646","\u062b\u0644\u0627\u062b\u0627\u0621","\u0623\u0631\u0628\u0639\u0627\u0621","\u062e\u0645\u064a\u0633","\u062c\u0645\u0639\u0629","\u0633\u0628\u062a"]}'
+                // phpcs:enable Generic.Files.LineLength.TooLong
+            ],
         ];
     }
 }

app/code/Magento/Customer/Test/Unit/Plugin/ValidateDobOnSaveTest.php

@@ -17,6 +17,7 @@
 use Magento\Framework\Serialize\Serializer\Json as JsonSerializer;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
+use Magento\Framework\Locale\ResolverInterface;
 
 /**
  * Unit test for validate date of birth plugin
@@ -42,10 +43,13 @@ protected function setUp(): void
         $this->eavConfig = $this->createMock(EavConfig::class);
         $this->json = $this->createMock(JsonSerializer::class);
         $this->repo = $this->createMock(CustomerRepositoryInterface::class);
+        $localeResolver = $this->createMock(ResolverInterface::class);
+        $localeResolver->method('getLocale')->willReturn('en_US');
 
         $this->plugin = new ValidateDobOnSave(
             $this->eavConfig,
-            $this->json
+            $this->json,
+            $localeResolver
         );
     }
 
@@ -322,6 +326,21 @@ public function testDobZeroEpochInvalidThrows(): void
         $this->assertFalse($called);
     }
 
+    public function testDobIsNormalized(): void
+    {
+        $dob = '2005-12-01';
+        $customer = $this->createMock(CustomerInterface::class);
+        $customer->method('getDob')->willReturn($dob);
+        $customer->expects($this->once())
+            ->method('setDob')
+            ->with('2005-12-01');
+        $this->mockAttributeRulesArray(['date_range_min' => '1980-01-01', 'date_range_max' => '2010-12-31']);
+        $called = false;
+        $proceed = $this->proceedPlugin($called, $customer);
+        $this->plugin->aroundSave($this->repo, $proceed, $customer);
+        $this->assertTrue($called);
+    }
+
     /**
      * Create a proceed closure that marks $called and returns either the given $result or the original $customer.
      *

app/code/Magento/PageCache/Model/App/Response/HttpPlugin.php

@@ -43,8 +43,7 @@ public function beforeSendResponse(HttpResponse $subject)
 
         $currentVary = $this->context->getVaryString();
         $varyCookie = $this->request->get(HttpResponse::COOKIE_VARY_STRING);
-        if ($currentVary !== $varyCookie) {
-            //prevent caching with the old vary cookie
+        if (isset($varyCookie) && ($currentVary !== $varyCookie)) {
             $subject->setNoCacheHeaders();
         }
         $subject->sendVary();

app/code/Magento/PageCache/Test/Unit/Model/App/Response/HttpPluginTest.php

@@ -92,4 +92,16 @@ public function testBeforeSendResponseVaryMismatch()
 
         $this->httpPlugin->beforeSendResponse($responseMock);
     }
+
+    public function testBeforeSendResponseVaryNotSet()
+    {
+        /** @var HttpResponse|MockObject $responseMock */
+        $this->context->expects($this->any())->method('getVaryString')->willReturn('currentVary');
+        $this->request->expects($this->any())->method('get')->willReturn(null);
+        /** @var HttpResponse|MockObject $responseMock */
+        $responseMock = $this->createMock(HttpResponse::class);
+        $responseMock->expects($this->never())->method('setNoCacheHeaders');
+        $responseMock->expects($this->once())->method('sendVary');
+        $this->httpPlugin->beforeSendResponse($responseMock);
+    }
 }

app/code/Magento/Ui/view/base/web/js/grid/columns/date.js

@@ -43,7 +43,7 @@ define([
             var date;
 
             if (this.storeLocale !== undefined) {
-                moment.locale(this.storeLocale, utils.extend({}, this.calendarConfig));
+                moment.updateLocale(this.storeLocale, utils.extend({}, this.calendarConfig));
             }
 
             date = moment.utc(this._super());

app/code/Magento/UrlRewrite/Model/Storage/DbStorage.php

@@ -112,6 +112,12 @@ protected function doFindOneByData(array $data)
             $result = null;
             $requestPath = $data[UrlRewrite::REQUEST_PATH];
             $decodedRequestPath = urldecode($requestPath);
+
+            // Validate UTF-8 encoding to prevent collation errors and reject malicious input
+            if (!$this->isValidRequestPath($decodedRequestPath)) {
+                return null;
+            }
+
             $data[UrlRewrite::REQUEST_PATH] = array_unique(
                 [
                 rtrim($requestPath, '/'),
@@ -130,6 +136,39 @@ protected function doFindOneByData(array $data)
         return $this->connection->fetchRow($this->prepareSelect($data));
     }
 
+    /**
+     * Validate request path for valid UTF-8 and prevent collation errors
+     *
+     * This method checks for:
+     * - Invalid UTF-8 sequences (e.g., overlong encodings like %c0%ae)
+     * - 4-byte UTF-8 characters (emojis) that may cause collation mismatches
+     * - Non-printable and control characters
+     *
+     * @param string $path
+     * @return bool
+     */
+    private function isValidRequestPath(string $path): bool
+    {
+        // Check for valid UTF-8 encoding
+        if (!mb_check_encoding($path, 'UTF-8')) {
+            return false;
+        }
+
+        // Check for 4-byte UTF-8 characters (emojis, etc.) that can cause collation issues
+        // 4-byte UTF-8 chars start with bytes 0xF0-0xF7 (11110xxx in binary)
+        if (preg_match('/[\x{10000}-\x{10FFFF}]/u', $path)) {
+            return false;
+        }
+
+        // Check for control characters and other problematic characters
+        // Allow: letters, numbers, hyphen, underscore, period, forward slash, and common URL-safe chars
+        if (preg_match('/[\x00-\x1F\x7F]/', $path)) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Extract most relevant url rewrite from url rewrites list
      *