Skip to content

Commit 91584fc

Browse files
subash-natarajansubash-natarajan
committed
Group save error message with escaped html
1 parent c22df93 commit 91584fc

File tree

2 files changed

+16
-3
lines changed
  • app/code/Magento/Customer

2 files changed

+16
-3
lines changed

app/code/Magento/Customer/Controller/Adminhtml/Group/Save.php

Lines changed: 10 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,11 @@ class Save extends \Magento\Customer\Controller\Adminhtml\Group implements HttpP
2020
*/
2121
protected $dataObjectProcessor;
2222

23+
/**
24+
* @var \Magento\Framework\Escaper
25+
*/
26+
protected $escaper;
27+
2328
/**
2429
*
2530
* @param \Magento\Backend\App\Action\Context $context
@@ -29,6 +34,7 @@ class Save extends \Magento\Customer\Controller\Adminhtml\Group implements HttpP
2934
* @param \Magento\Backend\Model\View\Result\ForwardFactory $resultForwardFactory
3035
* @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
3136
* @param \Magento\Framework\Reflection\DataObjectProcessor $dataObjectProcessor
37+
* @param \Magento\Framework\Escaper $escaper
3238
*/
3339
public function __construct(
3440
\Magento\Backend\App\Action\Context $context,
@@ -37,9 +43,11 @@ public function __construct(
3743
GroupInterfaceFactory $groupDataFactory,
3844
\Magento\Backend\Model\View\Result\ForwardFactory $resultForwardFactory,
3945
\Magento\Framework\View\Result\PageFactory $resultPageFactory,
40-
\Magento\Framework\Reflection\DataObjectProcessor $dataObjectProcessor
46+
\Magento\Framework\Reflection\DataObjectProcessor $dataObjectProcessor,
47+
\Magento\Framework\Escaper $escaper
4148
) {
4249
$this->dataObjectProcessor = $dataObjectProcessor;
50+
$this->escaper = $escaper;
4351
parent::__construct(
4452
$context,
4553
$coreRegistry,
@@ -96,7 +104,7 @@ public function execute()
96104
$this->messageManager->addSuccessMessage(__('You saved the customer group.'));
97105
$resultRedirect->setPath('customer/group');
98106
} catch (\Exception $e) {
99-
$this->messageManager->addErrorMessage($e->getMessage());
107+
$this->messageManager->addErrorMessage($this->escaper->escapeHtml($e->getMessage()));
100108
if ($customerGroup != null) {
101109
$this->storeCustomerGroupDataToSession(
102110
$this->dataObjectProcessor->buildOutputDataArray(

app/code/Magento/Customer/Test/Unit/Controller/Adminhtml/Group/SaveTest.php

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -87,6 +87,10 @@ protected function setUp()
8787
$this->dataObjectProcessorMock = $this->getMockBuilder(DataObjectProcessor::class)
8888
->disableOriginalConstructor()
8989
->getMock();
90+
$this->escaper = $this->getMockBuilder(\Magento\Framework\Escaper::class)
91+
->disableOriginalConstructor()
92+
->setMethods(['escapeHtml'])
93+
->getMock();
9094
$this->request = $this->getMockBuilder(\Magento\Framework\App\RequestInterface::class)
9195
->getMockForAbstractClass();
9296
$this->resultRedirectFactory = $this->getMockBuilder(RedirectFactory::class)
@@ -129,7 +133,8 @@ protected function setUp()
129133
$this->groupInterfaceFactoryMock,
130134
$this->forwardFactoryMock,
131135
$this->pageFactoryMock,
132-
$this->dataObjectProcessorMock
136+
$this->dataObjectProcessorMock,
137+
$this->escaper
133138
);
134139
}
135140

0 commit comments

Comments
 (0)