From 64e67317b796724aa335850ca3939564226085ff Mon Sep 17 00:00:00 2001 From: tufa Date: Fri, 25 Jun 2021 13:35:08 +0200 Subject: [PATCH 1/5] cast incoming untyped parameters to string type --- lib/internal/Magento/Framework/Escaper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index dae830dd889dc..dae5d99960f0f 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -291,7 +291,7 @@ public function escapeUrl($string) */ public function encodeUrlParam($string) { - return $this->getEscaper()->escapeUrl($string); + return $this->getEscaper()->escapeUrl((string)$string); } /** @@ -330,7 +330,7 @@ function ($matches) { */ public function escapeCss($string) { - return $this->getEscaper()->escapeCss($string); + return $this->getEscaper()->escapeCss((string)$string); } /** From 94e140fc16ba280f80580ec8eba02e38cd11d98a Mon Sep 17 00:00:00 2001 From: tufa Date: Fri, 25 Jun 2021 16:10:46 +0200 Subject: [PATCH 2/5] add unit tests for encodeUrlParam and escapeCss methods --- .../Framework/Test/Unit/EscaperTest.php | 70 +++++++++++++++++++ 1 file changed, 70 insertions(+) diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php index 67dac40863ad4..91cc99d09c6a3 100644 --- a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php +++ b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php @@ -364,6 +364,76 @@ public function testEscapeUrl(string $data, string $expected): void $this->assertEquals($expected, $this->escaper->escapeUrl($expected)); } + /** + * @covers \Magento\Framework\Escaper::escapeCss + * + * @param string $data + * @param string $expected + * @return void + * + * @dataProvider escapeCssDataProvider + */ + public function testEscapeCss($data, string $expected): void + { + $this->assertEquals($expected, $this->escaper->escapeCss($data)); + } + + /** + * @return array + */ + public function escapeCssDataProvider(): array + { + return [ + [ + 'data' => 1, + 'expected' => '1', + ], + [ + 'data' => '*%string{foo}%::', + 'expected' => '\2A \25 string\7B foo\7D \25 \3A \3A ', + ] + ]; + } + + /** + * @covers \Magento\Framework\Escaper::encodeUrlParam + * + * @param string $data + * @param string $expected + * @return void + * + * @dataProvider encodeUrlParamDataProvider + */ + public function testEncodeUrlParam($data, string $expected): void + { + $this->assertEquals($expected, $this->escaper->encodeUrlParam($data)); + } + + /** + * @return array + */ + public function encodeUrlParamDataProvider(): array + { + return [ + [ + 'data' => "a3==", + 'expected' => "a3%3D%3D", + ], + [ + 'data' => "example string", + 'expected' => "example%20string", + ], + [ + 'data' => 1, + 'expected' => "1", + ], + [ + 'data' => null, + 'expected' => "", + ] + ]; + } + /** * @return array */ From a8c323c924a12e6d3bb4e76e1ba59d9c79e2e71e Mon Sep 17 00:00:00 2001 From: tufa Date: Mon, 28 Jun 2021 14:16:12 +0200 Subject: [PATCH 3/5] move type cast from Escaper to RouteParamsResolver and add type hints --- lib/internal/Magento/Framework/Escaper.php | 8 ++++---- .../Magento/Framework/Test/Unit/EscaperTest.php | 12 ------------ .../Magento/Framework/Url/RouteParamsResolver.php | 2 +- 3 files changed, 5 insertions(+), 17 deletions(-) diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index dae5d99960f0f..f2de683cc6a2f 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -289,9 +289,9 @@ public function escapeUrl($string) * @return string * @since 101.0.0 */ - public function encodeUrlParam($string) + public function encodeUrlParam(string $string): string { - return $this->getEscaper()->escapeUrl((string)$string); + return $this->getEscaper()->escapeUrl($string); } /** @@ -328,9 +328,9 @@ function ($matches) { * @return string * @since 101.0.0 */ - public function escapeCss($string) + public function escapeCss(string $string): string { - return $this->getEscaper()->escapeCss((string)$string); + return $this->getEscaper()->escapeCss($string); } /** diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php index 91cc99d09c6a3..5bb03fcad0a9f 100644 --- a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php +++ b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php @@ -384,10 +384,6 @@ public function testEscapeCss($data, string $expected): void public function escapeCssDataProvider(): array { return [ - [ - 'data' => 1, - 'expected' => '1', - ], [ 'data' => '*%string{foo}%::', 'expected' => '\2A \25 string\7B foo\7D \25 \3A \3A ', @@ -422,14 +418,6 @@ public function encodeUrlParamDataProvider(): array [ 'data' => "example string", 'expected' => "example%20string", - ], - [ - 'data' => 1, - 'expected' => "1", - ], - [ - 'data' => null, - 'expected' => "", ] ]; } diff --git a/lib/internal/Magento/Framework/Url/RouteParamsResolver.php b/lib/internal/Magento/Framework/Url/RouteParamsResolver.php index eac9005e68548..3d5b559e97843 100644 --- a/lib/internal/Magento/Framework/Url/RouteParamsResolver.php +++ b/lib/internal/Magento/Framework/Url/RouteParamsResolver.php @@ -112,7 +112,7 @@ public function setRouteParams(array $data, $unsetOldParams = true) } else { $this->setRouteParam( $this->getEscaper()->encodeUrlParam($key), - $this->getEscaper()->encodeUrlParam($value) + $this->getEscaper()->encodeUrlParam((string)$value) ); } } From 9f2af737c86147d0bba79b02ecc539c493a45404 Mon Sep 17 00:00:00 2001 From: Milan Osztromok Date: Tue, 6 Jul 2021 09:52:41 +0200 Subject: [PATCH 4/5] Apply suggestions from code review Remove return types due to backward compatibility Co-authored-by: Ihor Sviziev --- lib/internal/Magento/Framework/Escaper.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index f2de683cc6a2f..cb23deb0be4a5 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -289,7 +289,7 @@ public function escapeUrl($string) * @return string * @since 101.0.0 */ - public function encodeUrlParam(string $string): string + public function encodeUrlParam(string $string) { return $this->getEscaper()->escapeUrl($string); } @@ -328,7 +328,7 @@ function ($matches) { * @return string * @since 101.0.0 */ - public function escapeCss(string $string): string + public function escapeCss(string $string) { return $this->getEscaper()->escapeCss($string); } From 733dec5ed942f6ef302c33fbd065d0797e88ab12 Mon Sep 17 00:00:00 2001 From: Ihor Sviziev Date: Fri, 30 Jul 2021 12:00:43 +0300 Subject: [PATCH 5/5] Fix incompatibility with laminas-escaper (2.7.1) Apply suggestions from code review --- lib/internal/Magento/Framework/Escaper.php | 8 ++++---- .../Magento/Framework/Test/Unit/EscaperTest.php | 12 ++++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index cb23deb0be4a5..dae5d99960f0f 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -289,9 +289,9 @@ public function escapeUrl($string) * @return string * @since 101.0.0 */ - public function encodeUrlParam(string $string) + public function encodeUrlParam($string) { - return $this->getEscaper()->escapeUrl($string); + return $this->getEscaper()->escapeUrl((string)$string); } /** @@ -328,9 +328,9 @@ function ($matches) { * @return string * @since 101.0.0 */ - public function escapeCss(string $string) + public function escapeCss($string) { - return $this->getEscaper()->escapeCss($string); + return $this->getEscaper()->escapeCss((string)$string); } /** diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php index 5bb03fcad0a9f..91cc99d09c6a3 100644 --- a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php +++ b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php @@ -384,6 +384,10 @@ public function testEscapeCss($data, string $expected): void public function escapeCssDataProvider(): array { return [ + [ + 'data' => 1, + 'expected' => '1', + ], [ 'data' => '*%string{foo}%::', 'expected' => '\2A \25 string\7B foo\7D \25 \3A \3A ', @@ -418,6 +422,14 @@ public function encodeUrlParamDataProvider(): array [ 'data' => "example string", 'expected' => "example%20string", + ], + [ + 'data' => 1, + 'expected' => "1", + ], + [ + 'data' => null, + 'expected' => "", ] ]; }