FearlessKiwis-MAGETWO-8436-Tax-class-name-corrupted-if-contain-char

Cristian Partica · Cristian Partica · commit 116d9c9ef4a9 · 2015-05-08T16:30:55.000-05:00
- all fixes for this bug into one squashed into 1 commit
diff --git a/app/code/Magento/Tax/Controller/Adminhtml/Tax.php b/app/code/Magento/Tax/Controller/Adminhtml/Tax.php
@@ -49,7 +49,7 @@ public function __construct(
      */
     protected function _processClassName($className)
     {
-        $className = trim($this->_objectManager->get('Magento\Framework\Escaper')->escapeHtml($className));
+        $className = trim($className);
         if ($className == '') {
             throw new InputException(__('Invalid name of tax class specified.'));
         }
diff --git a/app/code/Magento/Tax/Test/Unit/Model/TaxClass/Source/CustomerTest.php b/app/code/Magento/Tax/Test/Unit/Model/TaxClass/Source/CustomerTest.php
@@ -181,4 +181,115 @@ public function dataProviderGetAllOptions()
             ['isEmpty' => true, 'expected' => []]
         ];
     }
+
+    /**
+     * Run test getAllOptions method for names integrity
+     *
+     * @param array $value
+     * @dataProvider dataProviderGetAllOptionsNameIntegrity
+     */
+    public function testGetAllOptionsNameIntegrity(array $value)
+    {
+        $filterMock = $this->getMock(
+            'Magento\Framework\Api\Filter',
+            [],
+            [],
+            '',
+            false
+        );
+        $searchCriteriaMock = $this->getMock(
+            'Magento\Framework\Api\SearchCriteria',
+            [],
+            [],
+            '',
+            false
+        );
+        $searchResultsMock = $this->getMockForAbstractClass(
+            'Magento\Tax\Api\Data\TaxClassSearchResultsInterface',
+            [],
+            '',
+            false,
+            true,
+            true,
+            ['getItems']
+        );
+        $taxClassMock = $this->getMockForAbstractClass(
+            'Magento\Tax\Api\Data\TaxClassInterface',
+            ['getClassId', 'getClassName'],
+            '',
+            false,
+            true,
+            true
+        );
+
+        $this->filterBuilderMock->expects($this->once())
+            ->method('setField')
+            ->with(\Magento\Tax\Model\ClassModel::KEY_TYPE)
+            ->willReturnSelf();
+        $this->filterBuilderMock->expects($this->once())
+            ->method('setValue')
+            ->with(\Magento\Tax\Api\TaxClassManagementInterface::TYPE_CUSTOMER)
+            ->willReturnSelf();
+        $this->filterBuilderMock->expects($this->once())
+            ->method('create')
+            ->willReturn($filterMock);
+        $this->searchCriteriaBuilderMock->expects($this->once())
+            ->method('addFilter')
+            ->with([$filterMock])
+            ->willReturnSelf();
+        $this->searchCriteriaBuilderMock->expects($this->once())
+            ->method('create')
+            ->willReturn($searchCriteriaMock);
+        $this->taxClassRepositoryMock->expects($this->once())
+            ->method('getList')
+            ->with($searchCriteriaMock)
+            ->willReturn($searchResultsMock);
+
+
+        $taxClassMock->expects($this->once())
+            ->method('getClassId')
+            ->willReturn($value['value']);
+        $taxClassMock->expects($this->once())
+            ->method('getClassName')
+            ->willReturn($value['label']);
+
+        $items = [$taxClassMock];
+        $searchResultsMock->expects($this->once())
+            ->method('getItems')
+            ->willReturn($items);
+
+        $result=($this->customer->getAllOptions());
+        $expected=$value;
+        $this->assertEquals([$expected], $result);
+    }
+
+    /**
+     * Data provider for testGetAllOptionsNameIntegrity
+     *
+     * @return array
+     */
+    public function dataProviderGetAllOptionsNameIntegrity()
+    {
+        return [
+            [
+                'value' => ['value' => 1, 'label' => 'unescaped name'],
+            ],
+            [
+                'value' => ['value' => 2, 'label' => 'tax < 50%'],
+            ],
+            [
+                'value' => ['value' => 3, 'label' => 'rule for 1 & 2'],
+            ],
+            [
+                'value' => ['value' => 4, 'label' => 'html <tag>'],
+            ],
+            [
+                'value' => ['value' => 5, 'label' => 'comment <!-- comment -->'],
+            ],
+            [
+                'value' => ['value' => 6, 'label' => 'php tag <?php echo "2"; ?>'],
+            ],
+
+        ];
+    }
 }
diff --git a/app/code/Magento/Tax/Test/Unit/Model/TaxClass/Source/ProductTest.php b/app/code/Magento/Tax/Test/Unit/Model/TaxClass/Source/ProductTest.php
@@ -9,32 +9,84 @@
 
 class ProductTest extends \PHPUnit_Framework_TestCase
 {
+    /**
+     * @var \Magento\Tax\Api\TaxClassRepositoryInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $taxClassRepositoryMock;
+
+    /**
+     * @var \Magento\Framework\Api\SearchCriteriaBuilder|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $searchCriteriaBuilderMock;
+
+    /**
+     * @var \Magento\Framework\Api\FilterBuilder|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $filterBuilderMock;
+
+    /**
+     * @var ObjectManager
+     */
+    protected $objectManager;
+
     /**
      * @var \Magento\Tax\Model\TaxClass\Source\Product
      */
-    protected $_model;
+    protected $product;
 
     public function setUp()
     {
-        $objectManager = new ObjectManager($this);
-        $this->_model = $objectManager->getObject('Magento\Tax\Model\TaxClass\Source\Product');
+        $this->objectManager = new ObjectManager($this);
+
+        $this->taxClassRepositoryMock = $this->getMockForAbstractClass(
+            'Magento\Tax\Api\TaxClassRepositoryInterface',
+            ['getList'],
+            '',
+            false,
+            true,
+            true,
+            []
+        );
+        $this->searchCriteriaBuilderMock = $this->getMock(
+            'Magento\Framework\Api\SearchCriteriaBuilder',
+            ['addFilter', 'create'],
+            [],
+            '',
+            false
+        );
+        $this->filterBuilderMock = $this->getMock(
+            'Magento\Framework\Api\FilterBuilder',
+            ['setField', 'setValue', 'create'],
+            [],
+            '',
+            false
+        );
+
+        $this->product = $this->objectManager->getObject(
+            'Magento\Tax\Model\TaxClass\Source\Product',
+            [
+                'taxClassRepository' => $this->taxClassRepositoryMock,
+                'searchCriteriaBuilder' => $this->searchCriteriaBuilderMock,
+                'filterBuilder' => $this->filterBuilderMock
+            ]
+        );
     }
 
     public function testGetFlatColumns()
     {
-        $abstractAttributeMock = $this->getMock(
+        $abstractAttrMock = $this->getMock(
             '\Magento\Eav\Model\Entity\Attribute\AbstractAttribute',
             ['getAttributeCode', '__wakeup'],
             [],
             '',
             false
         );
 
-        $abstractAttributeMock->expects($this->any())->method('getAttributeCode')->will($this->returnValue('code'));
+        $abstractAttrMock->expects($this->any())->method('getAttributeCode')->will($this->returnValue('code'));
 
-        $this->_model->setAttribute($abstractAttributeMock);
+        $this->product->setAttribute($abstractAttrMock);
 
-        $flatColumns = $this->_model->getFlatColumns();
+        $flatColumns = $this->product->getFlatColumns();
 
         $this->assertTrue(is_array($flatColumns), 'FlatColumns must be an array value');
         $this->assertTrue(!empty($flatColumns), 'FlatColumns must be not empty');
@@ -47,4 +99,115 @@ public function testGetFlatColumns()
             $this->assertArrayHasKey('comment', $result, 'FlatColumns must have "comment" column');
         }
     }
+
+    /**
+     * Run test getAllOptions method for names integrity
+     *
+     * @param array $value
+     * @dataProvider dataProviderGetAllOptionsNameIntegrity
+     */
+    public function testGetAllOptionsNameIntegrity(array $value)
+    {
+        $filterMock = $this->getMock(
+            'Magento\Framework\Api\Filter',
+            [],
+            [],
+            '',
+            false
+        );
+        $searchCriteriaMock = $this->getMock(
+            'Magento\Framework\Api\SearchCriteria',
+            [],
+            [],
+            '',
+            false
+        );
+        $searchResultsMock = $this->getMockForAbstractClass(
+            'Magento\Tax\Api\Data\TaxClassSearchResultsInterface',
+            [],
+            '',
+            false,
+            true,
+            true,
+            ['getItems']
+        );
+        $taxClassMock = $this->getMockForAbstractClass(
+            'Magento\Tax\Api\Data\TaxClassInterface',
+            ['getClassId', 'getClassName'],
+            '',
+            false,
+            true,
+            true
+        );
+
+        $this->filterBuilderMock->expects($this->once())
+            ->method('setField')
+            ->with(\Magento\Tax\Model\ClassModel::KEY_TYPE)
+            ->willReturnSelf();
+        $this->filterBuilderMock->expects($this->once())
+            ->method('setValue')
+            ->with(\Magento\Tax\Api\TaxClassManagementInterface::TYPE_PRODUCT)
+            ->willReturnSelf();
+        $this->filterBuilderMock->expects($this->once())
+            ->method('create')
+            ->willReturn($filterMock);
+        $this->searchCriteriaBuilderMock->expects($this->once())
+            ->method('addFilter')
+            ->with([$filterMock])
+            ->willReturnSelf();
+        $this->searchCriteriaBuilderMock->expects($this->once())
+            ->method('create')
+            ->willReturn($searchCriteriaMock);
+        $this->taxClassRepositoryMock->expects($this->once())
+            ->method('getList')
+            ->with($searchCriteriaMock)
+            ->willReturn($searchResultsMock);
+
+
+        $taxClassMock->expects($this->once())
+            ->method('getClassId')
+            ->willReturn($value['value']);
+        $taxClassMock->expects($this->once())
+            ->method('getClassName')
+            ->willReturn($value['label']);
+
+        $items = [$taxClassMock];
+        $searchResultsMock->expects($this->once())
+            ->method('getItems')
+            ->willReturn($items);
+
+        $result=($this->product->getAllOptions(false));
+        $expected=$value;
+        $this->assertEquals([$expected], $result);
+    }
+
+    /**
+     * Data provider for testGetAllOptionsNameIntegrity
+     *
+     * @return array
+     */
+    public function dataProviderGetAllOptionsNameIntegrity()
+    {
+        return [
+            [
+                'value' => ['value' => 1, 'label' => 'unescaped name'],
+            ],
+            [
+                'value' => ['value' => 2, 'label' => 'tax < 50%'],
+            ],
+            [
+                'value' => ['value' => 3, 'label' => 'rule for 1 & 2'],
+            ],
+            [
+                'value' => ['value' => 4, 'label' => 'html <tag>'],
+            ],
+            [
+                'value' => ['value' => 5, 'label' => 'comment <!-- comment -->'],
+            ],
+            [
+                'value' => ['value' => 6, 'label' => 'php tag <?php echo "2"; ?>'],
+            ],
+
+        ];
+    }
 }
diff --git a/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/TaxTest.php b/dev/tests/integration/testsuite/Magento/Tax/Controller/Adminhtml/TaxTest.php
@@ -94,11 +94,11 @@ public function ajaxActionDataProvider()
             ],
             [
                 ['class_type' => 'PRODUCT', 'class_name' => '11111<22222'],
-                ['class_name' => '11111&lt;22222']
+                ['class_name' => '11111<22222']
             ],
             [
                 ['class_type' => 'CUSTOMER', 'class_name' => '   12<>sa&df    '],
-                ['class_name' => '12&lt;&gt;sa&amp;df']
+                ['class_name' => '12<>sa&df']
             ]
         ];
     }
diff --git a/lib/web/mage/backend/editablemultiselect.js b/lib/web/mage/backend/editablemultiselect.js
@@ -129,6 +129,10 @@ define([
                 },
                 data: function(value, settings) {
                     settings.isChecked.apply(this, [settings]);
+                    if (typeof value === 'string') {
+                        var retval = value.unescapeHTML();
+                        return (retval);
+                    }
                     return value;
                 },
                 submitdata: this.submitData,
@@ -153,8 +157,10 @@ define([
                     var select = $(this).closest('.mselect-list').prev(),
                         current = $(this).closest('.mselect-list-item').index();
                     if (result.success) {
-                        select.find('option').eq(current).val(result[entityIdName]).text(result[entityValueName]);
-                        $(this).html(result[entityValueName]);
+                        if (typeof result[entityValueName] === 'string') {
+                            select.find('option').eq(current).val(result[entityIdName]).text(result[entityValueName]);
+                            $(this).html(result[entityValueName].escapeHTML());
+                        }
                     } else {
                         alert(result.error_message);
                     }
@@ -188,11 +194,18 @@ define([
                 url: this.newUrl,
                 success: function(result, status) {
                     if (result.success) {
+                        var resultEntityValueName="";
+                        if (typeof result[entityValueName] === 'string') {
+                            resultEntityValueName=result[entityValueName].escapeHTML();
+                        }
+                        else {
+                            resultEntityValueName=result[entityValueName];
+                        }
                         // Add item to initial select element
                         select.append('<option value="' + result[entityIdName] + '" selected="selected">' +
-                            result[entityValueName] + '</option>');
+                        resultEntityValueName + '</option>');
                         // Add editable multiselect item
-                        var mselectItemHtml = $(options.item.replace(/%value%|%label%/gi, result[entityValueName])
+                        var mselectItemHtml = $(options.item.replace(/%value%|%label%/gi, resultEntityValueName)
                                 .replace(/%mselectDisabledClass%|%iseditable%|%isremovable%/gi, '')
                                 .replace(/%mselectListItemClass%/gi, options.mselectListItemClass))
                                 .find('[type=checkbox]')

Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ public function __construct(`
`49`	`49`	`*/`
`50`	`50`	`protected function _processClassName($className)`
`51`	`51`	`{`
`52`		`- $className = trim($this->_objectManager->get('Magento\Framework\Escaper')->escapeHtml($className));`
	`52`	`+ $className = trim($className);`
`53`	`53`	`if ($className == '') {`
`54`	`54`	`throw new InputException(__('Invalid name of tax class specified.'));`
`55`	`55`	`}`
Original file line number	Diff line number	Diff line change
`@@ -94,11 +94,11 @@ public function ajaxActionDataProvider()`
`94`	`94`	`],`
`95`	`95`	`[`
`96`	`96`	`['class_type' => 'PRODUCT', 'class_name' => '11111<22222'],`
`97`		`- ['class_name' => '11111<22222']`
	`97`	`+ ['class_name' => '11111<22222']`
`98`	`98`	`],`
`99`	`99`	`[`
`100`	`100`	`['class_type' => 'CUSTOMER', 'class_name' => ' 12<>sa&df '],`
`101`		`- ['class_name' => '12<>sa&df']`
	`101`	`+ ['class_name' => '12<>sa&df']`
`102`	`102`	`]`
`103`	`103`	`];`
`104`	`104`	`}`