Merge pull request #4622 from magento-tsg/2.2.10-develop-pr109

[TSG] Fixes for 2.2 (pr109) (2.2.10-develop)

Author: zakdma

lib/internal/Magento/Framework/Escaper.php

@@ -28,6 +28,11 @@ class Escaper
      */
     private $logger;
 
+    /**
+     * @var \Magento\Framework\Translate\InlineInterface
+     */
+    private $translateInline;
+
     /**
      * @var string[]
      */
@@ -335,8 +340,11 @@ public function escapeJsQuote($data, $quote = '\'')
      */
     public function escapeXssInUrl($data)
     {
+        $data = html_entity_decode((string)$data);
+        $this->getTranslateInline()->processResponseBody($data);
+
         return htmlspecialchars(
-            $this->escapeScriptIdentifiers(html_entity_decode((string)$data)),
+            $this->escapeScriptIdentifiers($data),
             $this->htmlSpecialCharsFlag | ENT_HTML5 | ENT_HTML401,
             'UTF-8',
             false
@@ -430,4 +438,19 @@ private function filterProhibitedTags(array $allowedTags): array
 
         return $allowedTags;
     }
+
+    /**
+     * Resolve inline translator.
+     *
+     * @return \Magento\Framework\Translate\InlineInterface
+     */
+    private function getTranslateInline()
+    {
+        if ($this->translateInline === null) {
+            $this->translateInline = \Magento\Framework\App\ObjectManager::getInstance()
+                ->get(\Magento\Framework\Translate\InlineInterface::class);
+        }
+
+        return $this->translateInline;
+    }
 }

lib/internal/Magento/Framework/Test/Unit/EscaperTest.php

@@ -7,6 +7,7 @@
 
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Framework\Escaper;
+use Magento\Framework\Translate\Inline;
 
 /**
  * \Magento\Framework\Escaper test case
@@ -16,26 +17,40 @@ class EscaperTest extends \PHPUnit\Framework\TestCase
     /**
      * @var \Magento\Framework\Escaper
      */
-    protected $escaper = null;
+    protected $escaper;
 
     /**
      * @var \Magento\Framework\ZendEscaper
      */
     private $zendEscaper;
 
+    /**
+     * @var Inline
+     */
+    private $translateInline;
+
     /**
      * @var \Psr\Log\LoggerInterface
      */
     private $loggerMock;
 
+    /**
+     * @inheritdoc
+     */
     protected function setUp()
     {
+        $objectManagerHelper = new ObjectManager($this);
         $this->escaper = new Escaper();
         $this->zendEscaper = new \Magento\Framework\ZendEscaper();
+        $this->translateInline = $objectManagerHelper->getObject(Inline::class);
         $this->loggerMock = $this->getMockForAbstractClass(\Psr\Log\LoggerInterface::class);
-        $objectManagerHelper = new ObjectManager($this);
         $objectManagerHelper->setBackwardCompatibleProperty($this->escaper, 'escaper', $this->zendEscaper);
         $objectManagerHelper->setBackwardCompatibleProperty($this->escaper, 'logger', $this->loggerMock);
+        $objectManagerHelper->setBackwardCompatibleProperty(
+            $this->escaper,
+            'translateInline',
+            $this->translateInline
+        );
     }
 
     /**
@@ -393,6 +408,10 @@ public function escapeDataProvider()
                 'http://test.com/?redirect=\x64\x61\x74\x61\x3a\x74\x65\x78\x74x2cCPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg',
                 'http://test.com/?redirect=:\x74\x65\x78\x74x2cCPHNjcmlwdD5hbGVydCgxKTwvc2NyaXB0Pg',
             ],
+            [
+                'http://test.com/?{{{test}}{{test_translated}}{{tes_origin}}{{theme}}}',
+                'http://test.com/?test',
+            ],
         ];
     }
 }