MC-15311: [Sec] PageBuilder XSS Injection Possible Through Block on HTML Code Content Type For CSS Classes Attribute & in TinyMCE

danmooney2 · danmooney2 · commit b0e565196270 · 2019-03-08T10:02:49.000-06:00
Pass argument off to $proceed in both cases
diff --git a/app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php b/app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php
@@ -123,7 +123,7 @@ public function aroundCustomvarDirective(
         $shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === 0;
 
         if (!$shouldEscape) {
-            return $proceed();
+            return $proceed($construction);
         }
 
         $result = $proceed($construction);

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ public function aroundCustomvarDirective(`
`123`	`123`	`$shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === 0;`
`124`	`124`
`125`	`125`	`if (!$shouldEscape) {`
`126`		`- return $proceed();`
	`126`	`+ return $proceed($construction);`
`127`	`127`	`}`
`128`	`128`
`129`	`129`	`$result = $proceed($construction);`