Merge branch 'MAGETWO-90177-Image-Broken-on-Storefront-with-Secure-Key' into team3-delivery

Robert He · Robert He · commit a12ce500562c · 2018-05-07T19:40:19.000-05:00
diff --git a/app/code/Magento/Tinymce3/view/base/web/tinymce3Adapter.js b/app/code/Magento/Tinymce3/view/base/web/tinymce3Adapter.js
@@ -480,7 +480,9 @@ define([
          * @param {String} directive
          */
         makeDirectiveUrl: function (directive) {
-            return this.config['directives_url'].replace(/directive.*/, 'directive/___directive/' + directive);
+            return this.config['directives_url']
+                .replace(/directive/, 'directive/___directive/' + directive)
+                .replace(/\/$/, '');
         },
 
         /**
@@ -537,12 +539,18 @@ define([
          * @return {*}
          */
         decodeDirectives: function (content) {
-            // escape special chars in directives url to use it in regular expression
-            var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
-                reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9%,_-]+)\/?'));
-
-            return content.gsub(reg, function (match) { //eslint-disable-line no-extra-bind
-                return Base64.mageDecode(decodeURIComponent(match[1])).replace(/"/g, '&quot;');
+            var directiveUrl = this.makeDirectiveUrl('%directive%').split('?')[0], // remove query string from directive
+                // escape special chars in directives url to use in regular expression
+                regexEscapedDirectiveUrl = directiveUrl.replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
+                regexDirectiveUrl = regexEscapedDirectiveUrl
+                    .replace(
+                        '%directive%',
+                        '([a-zA-Z0-9,_-]+(?:%2[A-Z]|)+\/?)(?:(?!").)*'
+                    ) + '/?(\\\\?[^"]*)?', // allow optional query string
+                reg = new RegExp(regexDirectiveUrl);
+
+            return content.gsub(reg, function (match) {
+                return Base64.mageDecode(decodeURIComponent(match[1]).replace(/\/$/, '')).replace(/"/g, '&quot;');
             });
         },
 
diff --git a/dev/tests/js/jasmine/tests/lib/mage/wysiwygAdapter.test.js b/dev/tests/js/jasmine/tests/lib/mage/wysiwygAdapter.test.js
@@ -22,41 +22,119 @@ define([
         Constr.prototype = wysiwygAdapter;
 
         obj = new Constr();
-        obj.initialize('id', {
-            'directives_url': 'http://example.com/admin/cms/wysiwyg/directive/'
-        });
     });
 
     describe('wysiwygAdapter', function () {
-        var decodedHtml = '<p>' +
-            '<img src="{{media url=&quot;wysiwyg/banana.jpg&quot;}}" alt="" width="612" height="459"></p>',
-            encodedHtml = '<p>' +
-            '<img src="http://example.com/admin/cms/wysiwyg/directive/' +
-            '___directive/e3ttZWRpYSB1cmw9Ind5c2l3eWcvYmFuYW5hLmpwZyJ9fQ%2C%2C" alt="" width="612" height="459">' +
-            '</p>',
-            encodedHtmlWithForwardSlashInImgSrc = encodedHtml.replace('%2C%2C', '%2C%2C/');
-
-        describe('"encodeDirectives" method', function () {
-            it('converts media directive img src to directive URL', function () {
-                expect(obj.encodeDirectives(decodedHtml)).toEqual(encodedHtml);
+        describe('encoding and decoding directives', function () {
+            function runTests(decodedHtml, encodedHtml) {
+                var encodedHtmlWithForwardSlashInImgSrc = encodedHtml.replace(/src="((?:(?!"|\\\?).)*)/, 'src="$1/');
+
+                describe('"encodeDirectives" method', function () {
+                    it('converts media directive img src to directive URL', function () {
+                        expect(obj.encodeDirectives(decodedHtml)).toEqual(encodedHtml);
+                    });
+                });
+
+                describe('"decodeDirectives" method', function () {
+                    it(
+                        'converts directive URL img src without a trailing forward slash ' +
+                        'to media url without a trailing forward slash',
+                        function () {
+                            expect(obj.decodeDirectives(encodedHtml)).toEqual(decodedHtml);
+                        }
+                    );
+
+                    it('converts directive URL img src with a trailing forward slash ' +
+                        'to media url without a trailing forward slash',
+                        function () {
+                            expect(encodedHtmlWithForwardSlashInImgSrc).not.toEqual(encodedHtml);
+                            expect(obj.decodeDirectives(encodedHtmlWithForwardSlashInImgSrc)).toEqual(decodedHtml);
+                        }
+                    );
+                });
+            }
+
+            describe('without SID in directive query string', function () {
+                describe('without secret key', function () {
+                    var decodedHtml = '<p>' +
+                        '<img src="{{media url=&quot;wysiwyg/banana.jpg&quot;}}" alt="" width="612" height="459"></p>',
+                        encodedHtml = '<p>' +
+                        '<img src="http://example.com/admin/cms/wysiwyg/directive/___directive' +
+                        '/e3ttZWRpYSB1cmw9Ind5c2l3eWcvYmFuYW5hLmpwZyJ9fQ%2C%2C" alt="" width="612" height="459">' +
+                        '</p>';
+
+                    beforeEach(function () {
+                        obj.initialize('id', {
+                            'directives_url': 'http://example.com/admin/cms/wysiwyg/directive/'
+                        });
+                    });
+
+                    runTests(decodedHtml, encodedHtml);
+                });
+
+                describe('with secret key', function () {
+                    var decodedHtml = '<p>' +
+                        '<img src="{{media url=&quot;wysiwyg/banana.jpg&quot;}}" alt="" width="612" height="459"></p>',
+                        encodedHtml = '<p>' +
+                        '<img src="http://example.com/admin/cms/wysiwyg/directive/___directive' +
+                        '/e3ttZWRpYSB1cmw9Ind5c2l3eWcvYmFuYW5hLmpwZyJ9fQ%2C%2C/key/' +
+                        '5552655d13a141099d27f5d5b0c58869423fd265687167da12cad2bb39aa9a58" ' +
+                        'alt="" width="612" height="459">' +
+                        '</p>',
+                        directiveUrl = 'http://example.com/admin/cms/wysiwyg/directive/key/' +
+                        '5552655d13a141099d27f5d5b0c58869423fd265687167da12cad2bb39aa9a58/';
+
+                    beforeEach(function () {
+                        obj.initialize('id', {
+                            'directives_url': directiveUrl
+                        });
+                    });
+
+                    runTests(decodedHtml, encodedHtml);
+                });
             });
-        });
 
-        describe('"decodeDirectives" method', function () {
-            it(
-                'converts directive URL img src without a trailing forward slash ' +
-                'to media url without a trailing forward slash',
-                function () {
-                    expect(obj.decodeDirectives(encodedHtml)).toEqual(decodedHtml);
-                }
-            );
-
-            it('converts directive URL img src with a trailing forward slash ' +
-                'to media url without a trailing forward slash',
-                function () {
-                    expect(obj.decodeDirectives(encodedHtmlWithForwardSlashInImgSrc)).toEqual(decodedHtml);
-                }
-            );
+            describe('with SID in directive query string', function () {
+                describe('without secret key', function () {
+                    var decodedHtml = '<p>' +
+                        '<img src="{{media url=&quot;wysiwyg/banana.jpg&quot;}}" alt="" width="612" height="459"></p>',
+                        encodedHtml = '<p>' +
+                        '<img src="http://example.com/admin/cms/wysiwyg/directive/___directive' +
+                        '/e3ttZWRpYSB1cmw9Ind5c2l3eWcvYmFuYW5hLmpwZyJ9fQ%2C%2C?SID=something" ' +
+                        'alt="" width="612" height="459">' +
+                        '</p>',
+                        directiveUrl = 'http://example.com/admin/cms/wysiwyg/directive?SID=something';
+
+                    beforeEach(function () {
+                        obj.initialize('id', {
+                            'directives_url': directiveUrl
+                        });
+                    });
+
+                    runTests(decodedHtml, encodedHtml);
+                });
+
+                describe('with secret key', function () {
+                    var decodedHtml = '<p>' +
+                        '<img src="{{media url=&quot;wysiwyg/banana.jpg&quot;}}" alt="" width="612" height="459"></p>',
+                        encodedHtml = '<p>' +
+                        '<img src="http://example.com/admin/cms/wysiwyg/directive/___directive' +
+                        '/e3ttZWRpYSB1cmw9Ind5c2l3eWcvYmFuYW5hLmpwZyJ9fQ%2C%2C/key/' +
+                        '5552655d13a141099d27f5d5b0c58869423fd265687167da12cad2bb39aa9a58?SID=something" ' +
+                        'alt="" width="612" height="459">' +
+                        '</p>',
+                        directiveUrl = 'http://example.com/admin/cms/wysiwyg/directive/key/' +
+                        '5552655d13a141099d27f5d5b0c58869423fd265687167da12cad2bb39aa9a58?SID=something';
+
+                    beforeEach(function () {
+                        obj.initialize('id', {
+                            'directives_url': directiveUrl
+                        });
+                    });
+
+                    runTests(decodedHtml, encodedHtml);
+                });
+            });
         });
     });
 });
diff --git a/lib/web/mage/adminhtml/wysiwyg/tiny_mce/tinymce4Adapter.js b/lib/web/mage/adminhtml/wysiwyg/tiny_mce/tinymce4Adapter.js
@@ -575,7 +575,9 @@ define([
          * @param {String} directive
          */
         makeDirectiveUrl: function (directive) {
-            return this.config['directives_url'].replace(/directive.*/, 'directive/___directive/' + directive);
+            return this.config['directives_url']
+                .replace(/directive/, 'directive/___directive/' + directive)
+                .replace(/\/$/, '');
         },
 
         /**
@@ -606,11 +608,17 @@ define([
          * @return {*}
          */
         decodeDirectives: function (content) {
-            // escape special chars in directives url to use it in regular expression
-            var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
-                reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9,_-]+(?:%2[A-Z]|)+\/?)'));
-
-            return content.gsub(reg, function (match) { //eslint-disable-line no-extra-bind
+            var directiveUrl = this.makeDirectiveUrl('%directive%').split('?')[0], // remove query string from directive
+                // escape special chars in directives url to use in regular expression
+                regexEscapedDirectiveUrl = directiveUrl.replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
+                regexDirectiveUrl = regexEscapedDirectiveUrl
+                    .replace(
+                        '%directive%',
+                        '([a-zA-Z0-9,_-]+(?:%2[A-Z]|)+\/?)(?:(?!").)*'
+                    ) + '/?(\\\\?[^"]*)?', // allow optional query string
+                reg = new RegExp(regexDirectiveUrl);
+
+            return content.gsub(reg, function (match) {
                 return Base64.mageDecode(decodeURIComponent(match[1]).replace(/\/$/, '')).replace(/"/g, '&quot;');
             });
         },
