MC-34385: Filter fields allowing HTML

ogorkun · ogorkun · commit 10bcde3d6a9f · 2020-09-16T14:53:38.000-05:00
diff --git a/app/code/Magento/Cms/Model/Wysiwyg/Validator.php b/app/code/Magento/Cms/Model/Wysiwyg/Validator.php
@@ -10,9 +10,11 @@
 
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\Message\ManagerInterface;
+use Magento\Framework\Message\MessageInterface;
 use Magento\Framework\Validation\ValidationException;
 use Magento\Framework\Validator\HTML\WYSIWYGValidatorInterface;
 use Psr\Log\LoggerInterface;
+use Magento\Framework\Message\Factory as MessageFactory;
 
 /**
  * Processes backend validator results.
@@ -41,22 +43,30 @@ class Validator implements WYSIWYGValidatorInterface
      */
     private $logger;
 
+    /**
+     * @var MessageFactory
+     */
+    private $messageFactory;
+
     /**
      * @param WYSIWYGValidatorInterface $validator
      * @param ManagerInterface $messages
      * @param ScopeConfigInterface $config
      * @param LoggerInterface $logger
+     * @param MessageFactory $messageFactory
      */
     public function __construct(
         WYSIWYGValidatorInterface $validator,
         ManagerInterface $messages,
         ScopeConfigInterface $config,
-        LoggerInterface $logger
+        LoggerInterface $logger,
+        MessageFactory $messageFactory
     ) {
         $this->validator = $validator;
         $this->messages = $messages;
         $this->config = $config;
         $this->logger = $logger;
+        $this->messageFactory = $messageFactory;
     }
 
     /**
@@ -71,18 +81,30 @@ public function validate(string $content): void
             if ($throwException) {
                 throw $exception;
             } else {
-                $this->messages->addWarningMessage(
-                    __(
-                        'Temporarily allowed to save HTML value that contains restricted elements. %1',
-                        $exception->getMessage()
-                    )
+                $this->messages->addUniqueMessages(
+                    [
+                        $this->messageFactory->create(
+                            MessageInterface::TYPE_WARNING,
+                            (string)__(
+                                'Temporarily allowed to save HTML value that contains restricted elements. %1',
+                                $exception->getMessage()
+                            )
+                        )
+                    ]
                 );
             }
         } catch (\Throwable $exception) {
             if ($throwException) {
                 throw $exception;
             } else {
-                $this->messages->addWarningMessage(__('Invalid HTML provided')->render());
+                $this->messages->addUniqueMessages(
+                    [
+                        $this->messageFactory->create(
+                            MessageInterface::TYPE_WARNING,
+                            (string)__('Invalid HTML provided')
+                        )
+                    ]
+                );
                 $this->logger->error($exception);
             }
         }
diff --git a/app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/ValidatorTest.php b/app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/ValidatorTest.php
@@ -11,10 +11,12 @@
 use Magento\Cms\Model\Wysiwyg\Validator;
 use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\Message\ManagerInterface;
+use Magento\Framework\Message\MessageInterface;
 use Magento\Framework\Validation\ValidationException;
 use Magento\Framework\Validator\HTML\WYSIWYGValidatorInterface;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
+use Magento\Framework\Message\Factory as MessageFactory;
 
 class ValidatorTest extends TestCase
 {
@@ -45,6 +47,13 @@ public function testValidate(bool $isFlagSet, ?\Throwable $thrown, bool $excepti
     {
         $actuallyWarned = false;
 
+        $messageFactoryMock = $this->createMock(MessageFactory::class);
+        $messageFactoryMock->method('create')
+            ->willReturnCallback(
+                function () {
+                    return $this->getMockForAbstractClass(MessageInterface::class);
+                }
+            );
         $configMock = $this->getMockForAbstractClass(ScopeConfigInterface::class);
         $configMock->method('isSetFlag')
             ->with(Validator::CONFIG_PATH_THROW_EXCEPTION)
@@ -56,7 +65,7 @@ public function testValidate(bool $isFlagSet, ?\Throwable $thrown, bool $excepti
         }
 
         $messagesMock = $this->getMockForAbstractClass(ManagerInterface::class);
-        $messagesMock->method('addWarningMessage')
+        $messagesMock->method('addUniqueMessages')
             ->willReturnCallback(
                 function () use (&$actuallyWarned): void {
                     $actuallyWarned = true;
@@ -65,7 +74,7 @@ function () use (&$actuallyWarned): void {
 
         $loggerMock = $this->getMockForAbstractClass(LoggerInterface::class);
 
-        $validator = new Validator($backendMock, $messagesMock, $configMock, $loggerMock);
+        $validator = new Validator($backendMock, $messagesMock, $configMock, $loggerMock, $messageFactoryMock);
         try {
             $validator->validate('content');
             $actuallyThrown = false;
