From 6425e3daab94fab769a92e4b533ab0b14630d752 Mon Sep 17 00:00:00 2001
From: rizwankhan <glo52257@adobe.com>
Date: Tue, 9 Nov 2021 16:15:40 +0530
Subject: [PATCH 1/2] AC-1065: Added validations on choosing image name with
 Adobe Stock

---
 AdobeStockImage/Model/SaveImage.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/AdobeStockImage/Model/SaveImage.php b/AdobeStockImage/Model/SaveImage.php
index 2824a6acf0c4..ee2e5bfcdcf4 100644
--- a/AdobeStockImage/Model/SaveImage.php
+++ b/AdobeStockImage/Model/SaveImage.php
@@ -72,6 +72,9 @@ public function __construct(
     public function execute(Document $document, string $url, string $destinationPath): void
     {
         try {
+            if (!preg_match('/^[a-zA-Z0-9\.\-\_\/\s]+$/i', $destinationPath)) {
+                throw new LocalizedException(__('Image File has invalid characters.'));
+            }
             $this->saveFile->execute($document, $url, $destinationPath);
             $mediaAssetId = $this->saveMediaGalleryAsset->execute($document, $destinationPath);
 

From e62c38a4d06c7c272b3d78d3d2f649d561c20ebb Mon Sep 17 00:00:00 2001
From: rizwankhan <glo52257@adobe.com>
Date: Fri, 12 Nov 2021 19:54:49 +0530
Subject: [PATCH 2/2] AC-1065: Added validations on choosing image name with
 Adobe Stock 	* Updated unit test case coverage

---
 .../Test/Unit/Model/SaveImageTest.php         | 39 +++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/AdobeStockImage/Test/Unit/Model/SaveImageTest.php b/AdobeStockImage/Test/Unit/Model/SaveImageTest.php
index 503e4b7bb33b..cbb9a0291f43 100644
--- a/AdobeStockImage/Test/Unit/Model/SaveImageTest.php
+++ b/AdobeStockImage/Test/Unit/Model/SaveImageTest.php
@@ -120,4 +120,43 @@ public function imageDataProvider(): array
             ]
         ];
     }
+
+    /**
+     * @return array
+     */
+    public function getInvalidPathValues(): array
+    {
+        return [
+            [
+                $this->createMock(Document::class),
+                'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg',
+                '\\invalid chars\\'
+            ],
+            [
+                $this->createMock(Document::class),
+                'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg',
+                '{*invalid_path/\'chars}'
+            ],
+            [
+                $this->createMock(Document::class),
+                'https://as2.ftcdn.net/jpg/500_FemVonDcttCeKiOXFk.jpg',
+                '<img src=\"\" onerror=\"alert(0)\">'
+            ]
+        ];
+    }
+
+    /**
+     * Verify that path validation works if invalid characters are passed.
+     *
+     * @dataProvider getInvalidPathValues
+     * @param Document $document
+     * @param string $url
+     * @param string $destinationPath
+     * @throws LocalizedException
+     */
+    public function testExecuteInvalidPath(Document $document, string $url, string $destinationPath): void
+    {
+        $this->expectException('Magento\Framework\Exception\LocalizedException');
+        $this->saveImage->execute($document, $url, $destinationPath);
+    }
 }