Magento 2.2 patch for PRODSECBUG-2198 in composer.patches.json format for magento/framework, using `cweagans/composer-patches`

readme.md

1. Require composer-patches: composer require cweagans/composer-patches

2. Add the patches section to your composer.json extra field.

3. Remove existing packages: rm -rf vendor/magento/module-catalog vendor/magento/framework

4. Run composer install to re-install and apply patches.

See https://magento.com/security/patches/magento-2.3.1-2.2.8-and-2.1.17-security-update and https://www.ambionics.io/blog/magento-sqli for more information.

composer.json

{
  "require": {
    "cweagans/composer-patches": "^1"
  },
  "extra": {
    "patches": {
      "magento/framework": {
        "PRODSECBUG-2198": "https://gist.githubusercontent.com/barryvdh/8bf1ba88e4a7bfe3ad007de8dbf2600c/raw/e8d7e0072990cafbcba0e847b20fce62d8793938/PRODSECBUG-2198-2.2-CE-2019-03-25-08-43-16-framework.patch"
      },
      "magento/module-catalog": {
        "PRODSECBUG-2198": "https://gist.githubusercontent.com/barryvdh/8bf1ba88e4a7bfe3ad007de8dbf2600c/raw/e8d7e0072990cafbcba0e847b20fce62d8793938/PRODSECBUG-2198-2.2-CE-2019-03-25-08-43-16-module-catalog.patch"
      }
    }
  }
}

PRODSECBUG-2198-2.2-CE-2019-03-25-08-43-16-framework.patch

diff --git a/DB/Adapter/Pdo/Mysql.php b/DB/Adapter/Pdo/Mysql.php
index 1449d6d..38085a3 100644
--- a/DB/Adapter/Pdo/Mysql.php
+++ b/DB/Adapter/Pdo/Mysql.php
@@ -2904,7 +2904,7 @@ class Mysql extends \Zend_Db_Adapter_Pdo_Mysql implements AdapterInterface
                 if (isset($condition['to'])) {
                     $query .= empty($query) ? '' : ' AND ';
                     $to     = $this->_prepareSqlDateCondition($condition, 'to');
-                    $query = $this->_prepareQuotedSqlCondition($query . $conditionKeyMap['to'], $to, $fieldName);
+                    $query = $query . $this->_prepareQuotedSqlCondition($conditionKeyMap['to'], $to, $fieldName);
                 }
             } elseif (array_key_exists($key, $conditionKeyMap)) {
                 $value = $condition[$key];
-- 
2.7.4

PRODSECBUG-2198-2.2-CE-2019-03-25-08-43-16-module-catalog.patch

diff --git a/Model/Product/ProductFrontendAction/Synchronizer.php b/Model/Product/ProductFrontendAction/Synchronizer.php
index 7a1926c..331c667 100644
--- a/Model/Product/ProductFrontendAction/Synchronizer.php
+++ b/Model/Product/ProductFrontendAction/Synchronizer.php
@@ -138,7 +138,9 @@ class Synchronizer
         $productIds = [];
 
         foreach ($actions as $action) {
-            $productIds[] = $action['product_id'];
+            if (isset($action['product_id']) && is_int($action['product_id'])) {
+                $productIds[] = $action['product_id'];
+            }
         }
 
         return $productIds;
@@ -159,33 +161,37 @@ class Synchronizer
         $customerId = $this->session->getCustomerId();
         $visitorId = $this->visitor->getId();
         $collection = $this->getActionsByType($typeId);
-        $collection->addFieldToFilter('product_id', $this->getProductIdsByActions($productsData));
-
-        /**
-         * Note that collection is also filtered by visitor id and customer id
-         * This collection shouldnt be flushed when visitor has products and then login
-         * It can remove only products for visitor, or only products for customer
-         *
-         * ['product_id' => 'added_at']
-         * @var ProductFrontendActionInterface $item
-         */
-        foreach ($collection as $item) {
-            $this->entityManager->delete($item);
-        }
-
-        foreach ($productsData as $productId => $productData) {
-            /** @var ProductFrontendActionInterface $action */
-            $action = $this->productFrontendActionFactory->create([
-                'data' => [
-                    'visitor_id' => $customerId ? null : $visitorId,
-                    'customer_id' => $this->session->getCustomerId(),
-                    'added_at' => $productData['added_at'],
-                    'product_id' => $productId,
-                    'type_id' => $typeId
-                ]
-            ]);
-
-            $this->entityManager->save($action);
+        $productIds = $this->getProductIdsByActions($productsData);
+
+        if ($productIds) {
+            $collection->addFieldToFilter('product_id', $productIds);
+
+            /**
+             * Note that collection is also filtered by visitor id and customer id
+             * This collection shouldn't be flushed when visitor has products and then login
+             * It can remove only products for visitor, or only products for customer
+             *
+             * ['product_id' => 'added_at']
+             * @var ProductFrontendActionInterface $item
+             */
+            foreach ($collection as $item) {
+                $this->entityManager->delete($item);
+            }
+
+            foreach ($productsData as $productId => $productData) {
+                /** @var ProductFrontendActionInterface $action */
+                $action = $this->productFrontendActionFactory->create([
+                    'data' => [
+                        'visitor_id' => $customerId ? null : $visitorId,
+                        'customer_id' => $this->session->getCustomerId(),
+                        'added_at' => $productData['added_at'],
+                        'product_id' => $productId,
+                        'type_id' => $typeId
+                    ]
+                ]);
+
+                $this->entityManager->save($action);
+            }
         }
     }