ENGCOM-5539: fix: escapeUrl("0") should return "0", not "" #23988

sidolov · web-flow · commit 6b3f81be2432 · 2019-08-07T15:56:25.000-05:00
diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php
@@ -335,8 +335,16 @@ public function escapeXssInUrl($data)
      */
     private function escapeScriptIdentifiers(string $data): string
     {
-        $filteredData = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $data) ?: '';
-        $filteredData = preg_replace(self::$xssFiltrationPattern, ':', $filteredData) ?: '';
+        $filteredData = preg_replace('/[\x00-\x1F\x7F\xA0]/u', '', $data);
+        if ($filteredData === false || $filteredData === '') {
+            return '';
+        }
+
+        $filteredData = preg_replace(self::$xssFiltrationPattern, ':', $filteredData);
+        if ($filteredData === false) {
+            return '';
+        }
+
         if (preg_match(self::$xssFiltrationPattern, $filteredData)) {
             $filteredData = $this->escapeScriptIdentifiers($filteredData);
         }
diff --git a/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php b/lib/internal/Magento/Framework/Test/Unit/EscaperTest.php
@@ -343,6 +343,10 @@ public function testEscapeXssInUrl($input, $expected)
     public function escapeDataProvider()
     {
         return [
+            [
+                '0',
+                '0',
+            ],
             [
                 'javascript%3Aalert%28String.fromCharCode%280x78%29%2BString.'
                 . 'fromCharCode%280x73%29%2BString.fromCharCode%280x73%29%29',

Original file line number	Diff line number	Diff line change
`@@ -343,6 +343,10 @@ public function testEscapeXssInUrl($input, $expected)`
`343`	`343`	`public function escapeDataProvider()`
`344`	`344`	`{`
`345`	`345`	`return [`
	`346`	`+ [`
	`347`	`+ '0',`
	`348`	`+ '0',`
	`349`	`+ ],`
`346`	`350`	`[`
`347`	`351`	`'javascript%3Aalert%28String.fromCharCode%280x78%29%2BString.'`
`348`	`352`	`. 'fromCharCode%280x73%29%2BString.fromCharCode%280x73%29%29',`