MDVA-31006 for 2.3.1 version, MDVA-25602 for 2.3.0 (#14)

- Added MDVA-31006 for 2.3.1 version
- Added MDVA-25602 for 2.3.0 version
- Version bumped

composer.json

@@ -2,7 +2,7 @@
     "name": "magento/quality-patches",
     "description": "Provides quality patches for Magento 2",
     "type": "magento2-component",
-    "version": "1.0.10",
+    "version": "1.0.11",
     "license": "proprietary",
     "repositories": {
         "repo": {

patches.json

@@ -2,9 +2,12 @@
   "MDVA-25602": {
     "magento/magento2-base": {
       "Fixes issue with PayPal Payflow Pro payment method and treating cookies as SameSite=Lax by default in the Chrome 80 browser and API response redirect to customer login page": {
-        ">=2.3.1 <2.3.2": {
+        "2.3.0": {
           "file": "os/MDVA-25602__PayflowPro_checkout_broken_with_SameSite_Cookie__2.3.0.patch"
         },
+        ">=2.3.1 <2.3.2": {
+          "file": "os/MDVA-25602__PayflowPro_checkout_broken_with_SameSite_Cookie__2.3.1.patch"
+        },
         ">=2.3.2 <2.3.3": {
           "file": "os/MDVA-25602__PayflowPro_checkout_broken_with_SameSite_Cookie__2.3.2.patch"
         },
@@ -15,7 +18,7 @@
     },
     "magento/magento2-ee-base": {
       "Fixes issue with PayPal Payflow Pro payment method and treating cookies as SameSite=Lax by default in the Chrome 80 browser and API response redirect to customer login page": {
-        ">=2.3.1 <2.3.5": {
+        ">=2.3.0 <2.3.5": {
           "file": "commerce/MDVA-25602__PayflowPro_API_response_302_redirect_to_login_page__2.3.4.patch"
         }
       }
@@ -496,6 +499,9 @@
   "MDVA-31006": {
     "magento/magento2-base": {
       "Fixes the issue where duplicated orders appear after placing an order using Paypal Express payment.": {
+        "2.3.0 || 2.3.1": {
+          "file": "os/MDVA-31006__fixes_issue_with_duplicated_orders_when_using_paypal_express_payment__2.3.1.patch"
+        },
         ">=2.3.2 <2.3.3": {
           "file": "os/MDVA-30730__fixes_issue_with_duplicated_orders_when_using_paypal_express_payment__2.3.2-p2.patch"
         },

patches/os/MDVA-25602__PayflowPro_checkout_broken_with_SameSite_Cookie__2.3.0.patch

@@ -407,3 +407,234 @@ index 00000000000..01acf03c0d0
 +        </block>
 +    </container>
 +</layout>
+diff --git a/vendor/magento/module-payment/view/adminhtml/web/transparent.js b/vendor/magento/module-payment/view/adminhtml/web/js/transparent.js
+similarity index 100%
+rename from vendor/magento/module-payment/view/adminhtml/web/transparent.js
+rename to vendor/magento/module-payment/view/adminhtml/web/js/transparent.js
+diff --git a/vendor/magento/framework/Session/SessionManager.php b/vendor/magento/framework/Session/SessionManager.php
+index b53c83acb48..ba3a09c64b8 100644
+--- a/vendor/magento/framework/Session/SessionManager.php
++++ b/vendor/magento/framework/Session/SessionManager.php
+@@ -36,7 +36,7 @@ class SessionManager implements SessionManagerInterface
+     /**
+      * Validator
+      *
+-     * @var \Magento\Framework\Session\ValidatorInterface
++     * @var ValidatorInterface
+      */
+     protected $validator;
+
+@@ -50,28 +50,28 @@ class SessionManager implements SessionManagerInterface
+     /**
+      * SID resolver
+      *
+-     * @var \Magento\Framework\Session\SidResolverInterface
++     * @var SidResolverInterface
+      */
+     protected $sidResolver;
+
+     /**
+      * Session config
+      *
+-     * @var \Magento\Framework\Session\Config\ConfigInterface
++     * @var Config\ConfigInterface
+      */
+     protected $sessionConfig;
+
+     /**
+      * Save handler
+      *
+-     * @var \Magento\Framework\Session\SaveHandlerInterface
++     * @var SaveHandlerInterface
+      */
+     protected $saveHandler;
+
+     /**
+      * Storage
+      *
+-     * @var \Magento\Framework\Session\StorageInterface
++     * @var StorageInterface
+      */
+     protected $storage;
+
+@@ -91,6 +91,11 @@ class SessionManager implements SessionManagerInterface
+      * @var \Magento\Framework\App\State
+      */
+     private $appState;
++
++    /**
++     * @var SessionStartChecker
++     */
++    private $sessionStartChecker;
+
+     /**
+      * @param \Magento\Framework\App\Request\Http $request
+@@ -102,7 +107,10 @@ class SessionManager implements SessionManagerInterface
+      * @param \Magento\Framework\Stdlib\CookieManagerInterface $cookieManager
+      * @param \Magento\Framework\Stdlib\Cookie\CookieMetadataFactory $cookieMetadataFactory
+      * @param \Magento\Framework\App\State $appState
++     * @param SessionStartChecker|null $sessionStartChecker
+      * @throws \Magento\Framework\Exception\SessionException
++     *
++     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
+      */
+     public function __construct(
+         \Magento\Framework\App\Request\Http $request,
+@@ -113,7 +121,8 @@ class SessionManager implements SessionManagerInterface
+         StorageInterface $storage,
+         \Magento\Framework\Stdlib\CookieManagerInterface $cookieManager,
+         \Magento\Framework\Stdlib\Cookie\CookieMetadataFactory $cookieMetadataFactory,
+-        \Magento\Framework\App\State $appState
++        \Magento\Framework\App\State $appState,
++        SessionStartChecker $sessionStartChecker = null
+     ) {
+         $this->request = $request;
+         $this->sidResolver = $sidResolver;
+@@ -124,11 +133,15 @@ class SessionManager implements SessionManagerInterface
+         $this->cookieManager = $cookieManager;
+         $this->cookieMetadataFactory = $cookieMetadataFactory;
+         $this->appState = $appState;
++        $this->sessionStartChecker = $sessionStartChecker ?: \Magento\Framework\App\ObjectManager::getInstance()->get(
++            SessionStartChecker::class
++        );
+         $this->start();
+     }
+
+     /**
+-     * This method needs to support sessions with APC enabled
++     * This method needs to support sessions with APC enabled.
++     *
+      * @return void
+      */
+     public function writeClose()
+@@ -163,47 +176,49 @@ class SessionManager implements SessionManagerInterface
+      */
+     public function start()
+     {
+-        if (!$this->isSessionExists()) {
+-            \Magento\Framework\Profiler::start('session_start');
+-
+-            try {
+-                $this->appState->getAreaCode();
+-            } catch (\Magento\Framework\Exception\LocalizedException $e) {
+-                throw new \Magento\Framework\Exception\SessionException(
+-                    new \Magento\Framework\Phrase(
+-                        'Area code not set: Area code must be set before starting a session.'
+-                    ),
+-                    $e
+-                );
+-            }
++        if ($this->sessionStartChecker->check()) {
++            if (!$this->isSessionExists()) {
++                \Magento\Framework\Profiler::start('session_start');
++
++                try {
++                    $this->appState->getAreaCode();
++                } catch (\Magento\Framework\Exception\LocalizedException $e) {
++                    throw new \Magento\Framework\Exception\SessionException(
++                        new \Magento\Framework\Phrase(
++                            'Area code not set: Area code must be set before starting a session.'
++                        ),
++                        $e
++                    );
++                }
+
+-            // Need to apply the config options so they can be ready by session_start
+-            $this->initIniOptions();
+-            $this->registerSaveHandler();
+-            if (isset($_SESSION['new_session_id'])) {
+-                // Not fully expired yet. Could be lost cookie by unstable network.
+-                session_commit();
+-                session_id($_SESSION['new_session_id']);
+-            }
+-            $sid = $this->sidResolver->getSid($this);
+-            // potential custom logic for session id (ex. switching between hosts)
+-            $this->setSessionId($sid);
+-            session_start();
+-            if (isset($_SESSION['destroyed'])
+-                && $_SESSION['destroyed'] < time() - $this->sessionConfig->getCookieLifetime()
+-            ) {
+-                $this->destroy(['clear_storage' => true]);
+-            }
++                // Need to apply the config options so they can be ready by session_start
++                $this->initIniOptions();
++                $this->registerSaveHandler();
++                if (isset($_SESSION['new_session_id'])) {
++                    // Not fully expired yet. Could be lost cookie by unstable network.
++                    session_commit();
++                    session_id($_SESSION['new_session_id']);
++                }
++                $sid = $this->sidResolver->getSid($this);
++                // potential custom logic for session id (ex. switching between hosts)
++                $this->setSessionId($sid);
++                session_start();
++                if (isset($_SESSION['destroyed'])
++                    && $_SESSION['destroyed'] < time() - $this->sessionConfig->getCookieLifetime()
++                ) {
++                    $this->destroy(['clear_storage' => true]);
++                }
+
+-            $this->validator->validate($this);
+-            $this->renewCookie($sid);
++                $this->validator->validate($this);
++                $this->renewCookie($sid);
+
+-            register_shutdown_function([$this, 'writeClose']);
++                register_shutdown_function([$this, 'writeClose']);
+
+-            $this->_addHost();
+-            \Magento\Framework\Profiler::stop('session_start');
++                $this->_addHost();
++                \Magento\Framework\Profiler::stop('session_start');
++            }
++            $this->storage->init(isset($_SESSION) ? $_SESSION : []);
+         }
+-        $this->storage->init(isset($_SESSION) ? $_SESSION : []);
+         return $this;
+     }
+
+diff --git a/vendor/magento/framework/Session/SessionStartChecker.php b/vendor/magento/framework/Session/SessionStartChecker.php
+new file mode 100644
+index 00000000000..62ca7c4e43a
+--- /dev/null
++++ b/vendor/magento/framework/Session/SessionStartChecker.php
+@@ -0,0 +1,38 @@
++<?php
++/**
++ * Copyright © Magento, Inc. All rights reserved.
++ * See COPYING.txt for license details.
++ */
++
++declare(strict_types=1);
++
++namespace Magento\Framework\Session;
++
++/**
++ * Class to check if session can be started or not.
++ */
++class SessionStartChecker
++{
++    /**
++     * @var bool
++     */
++    private $checkSapi;
++
++    /**
++     * @param bool $checkSapi
++     */
++    public function __construct(bool $checkSapi = true)
++    {
++        $this->checkSapi = $checkSapi;
++    }
++
++    /**
++     * Can session be started or not.
++     *
++     * @return bool
++     */
++    public function check() : bool
++    {
++        return !($this->checkSapi && PHP_SAPI === 'cli');
++    }
++}
+\ No newline at end of file