Merge pull request #8088 from magento-gl/Hammer_Regression_Blocker_Encoding_decodings_19jan22

ishakhsuvarov · web-flow · commit 03c2d71f4646 · 2023-01-19T13:34:59.000-06:00
Hammer regression blocker encoding decodings 19jan22
diff --git a/app/code/Magento/GraphQl/composer.json b/app/code/Magento/GraphQl/composer.json
@@ -9,7 +9,7 @@
         "magento/module-webapi": "*",
         "magento/module-new-relic-reporting": "*",
         "magento/module-authorization": "*",
-        "webonyx/graphql-php": "^14.11"
+        "webonyx/graphql-php": "^15.0"
     },
     "suggest": {
         "magento/module-graph-ql-cache": "*"
diff --git a/app/code/Magento/Sales/Helper/Admin.php b/app/code/Magento/Sales/Helper/Admin.php
@@ -166,7 +166,13 @@ public function escapeHtmlWithLinks($data, $allowedTags = null)
 
             $internalErrors = libxml_use_internal_errors(true);
 
-            $data = mb_convert_encoding($data, 'HTML-ENTITIES', 'UTF-8');
+            $convmap = [0x80, 0x10FFFF, 0, 0x1FFFFF];
+            $data = mb_encode_numericentity(
+                $data,
+                $convmap,
+                'UTF-8'
+            );
+
             $domDocument->loadHTML(
                 '<html><body id="' . $wrapperElementId . '">' . $data . '</body></html>'
             );
@@ -192,7 +198,17 @@ public function escapeHtmlWithLinks($data, $allowedTags = null)
                 }
             }
 
-            $result = mb_convert_encoding($domDocument->saveHTML(), 'UTF-8', 'HTML-ENTITIES');
+            $result = mb_decode_numericentity(
+                // phpcs:ignore Magento2.Functions.DiscouragedFunction
+                html_entity_decode(
+                    $domDocument->saveHTML(),
+                    ENT_QUOTES|ENT_SUBSTITUTE,
+                    'UTF-8'
+                ),
+                $convmap,
+                'UTF-8'
+            );
+
             preg_match('/<body id="' . $wrapperElementId . '">(.+)<\/body><\/html>$/si', $result, $matches);
             $data = !empty($matches) ? $matches[1] : '';
         }
diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php
@@ -97,7 +97,12 @@ function ($errorNumber, $errorString) {
                     }
                 );
                 $data = $this->prepareUnescapedCharacters($data);
-                $string = mb_convert_encoding($data, 'HTML-ENTITIES', 'UTF-8');
+                $convmap = [0x80, 0x10FFFF, 0, 0x1FFFFF];
+                $string = mb_encode_numericentity(
+                    $data,
+                    $convmap,
+                    'UTF-8'
+                );
                 try {
                     $domDocument->loadHTML(
                         '<html><body id="' . $wrapperElementId . '">' . $string . '</body></html>'
@@ -114,7 +119,17 @@ function ($errorNumber, $errorString) {
                 $this->escapeText($domDocument);
                 $this->escapeAttributeValues($domDocument);
 
-                $result = mb_convert_encoding($domDocument->saveHTML(), 'UTF-8', 'HTML-ENTITIES');
+                $result = mb_decode_numericentity(
+                // phpcs:ignore Magento2.Functions.DiscouragedFunction
+                    html_entity_decode(
+                        $domDocument->saveHTML(),
+                        ENT_QUOTES|ENT_SUBSTITUTE,
+                        'UTF-8'
+                    ),
+                    $convmap,
+                    'UTF-8'
+                );
+
                 preg_match('/<body id="' . $wrapperElementId . '">(.+)<\/body><\/html>$/si', $result, $matches);
                 return !empty($matches) ? $matches[1] : '';
             } else {
@@ -347,6 +362,7 @@ public function escapeCss($string)
      * @param string $quote
      * @return string|array
      * @deprecated 101.0.0
+     * @see MAGETWO-54971
      */
     public function escapeJsQuote($data, $quote = '\'')
     {
@@ -367,6 +383,7 @@ public function escapeJsQuote($data, $quote = '\'')
      * @param string $data
      * @return string
      * @deprecated 101.0.0
+     * @see MAGETWO-54971
      */
     public function escapeXssInUrl($data)
     {
@@ -415,6 +432,7 @@ private function escapeScriptIdentifiers(string $data): string
      * @param bool $addSlashes
      * @return string
      * @deprecated 101.0.0
+     * @see MAGETWO-54971
      */
     public function escapeQuote($data, $addSlashes = false)
     {
@@ -429,6 +447,7 @@ public function escapeQuote($data, $addSlashes = false)
      *
      * @return \Magento\Framework\ZendEscaper
      * @deprecated 101.0.0
+     * @see MAGETWO-54971
      */
     private function getEscaper()
     {
@@ -444,6 +463,7 @@ private function getEscaper()
      *
      * @return \Psr\Log\LoggerInterface
      * @deprecated 101.0.0
+     * @see MAGETWO-54971
      */
     private function getLogger()
     {
diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php
@@ -328,6 +328,11 @@ public function escapeHtmlDataProvider()
                 'expected' => ' some text',
                 'allowedTags' => ['span'],
             ],
+            'text with japanese lang' => [
+                'data' => '<span>だ だ だ some text in tags<br /></span>',
+                'expected' => '<span>だ だ だ some text in tags</span>',
+                'allowedTags' => ['span'],
+            ],
         ];
     }
 
