Merge remote-tracking branch 'troll/MAGETWO-48511' into troll-bugs

vzabaznov · vzabaznov · commit a49a6ec03ac2 · 2016-04-25T17:29:16.000+03:00
diff --git a/app/code/Magento/Catalog/view/frontend/templates/product/view/opengraph/general.phtml b/app/code/Magento/Catalog/view/frontend/templates/product/view/opengraph/general.phtml
@@ -10,10 +10,10 @@
 ?>
 
 <meta property="og:type" content="og:product" />
-<meta property="og:title" content="<?php /* @escapeNotVerified */ echo $block->stripTags($block->getProduct()->getName()); ?>" />
-<meta property="og:image" content="<?php /* @escapeNotVerified */ echo $block->stripTags($block->getImage($block->getProduct(), 'product_base_image')->getImageUrl()); ?>" />
-<meta property="og:description" content="<?php /* @escapeNotVerified */ echo $block->stripTags($block->getProduct()->getShortDescription()); ?>" />
-<meta property="og:url" content="<?php /* @escapeNotVerified */ echo $block->stripTags($block->getProduct()->getProductUrl()); ?>" />
+<meta property="og:title" content="<?php echo $block->escapeHtml($block->getProduct()->getName()); ?>" />
+<meta property="og:image" content="<?php echo $block->escapeHtml($block->getImage($block->getProduct(), 'product_base_image')->getImageUrl()); ?>" />
+<meta property="og:description" content="<?php echo $block->escapeHtml($block->getProduct()->getShortDescription()); ?>" />
+<meta property="og:url" content="<?php echo $block->escapeHtml($block->getProduct()->getProductUrl()); ?>" />
 <?php if ($priceAmount = $block->getProduct()->getFinalPrice()):?>
     <meta property="product:price:amount" content="<?php /* @escapeNotVerified */ echo $priceAmount; ?>"/>
     <?php echo $block->getChildHtml('meta.currency'); ?>
diff --git a/lib/internal/Magento/Framework/View/Page/Config.php b/lib/internal/Magento/Framework/View/Page/Config.php
@@ -216,7 +216,7 @@ public function getTitle()
     public function setMetadata($name, $content)
     {
         $this->build();
-        $this->metadata[$name] = $content;
+        $this->metadata[$name] = htmlentities($content);
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php b/lib/internal/Magento/Framework/View/Test/Unit/Page/ConfigTest.php
@@ -133,8 +133,10 @@ public function testMetadata()
             'keywords' => null,
             'robots' => null,
             'name' => 'test_value',
+            'html_encoded' => '&lt;title&gt;&lt;span class=&quot;test&quot;&gt;Test&lt;/span&gt;&lt;/title&gt;',
         ];
         $this->model->setMetadata('name', 'test_value');
+        $this->model->setMetadata('html_encoded', '<title><span class="test">Test</span></title>');
         $this->assertEquals($expectedMetadata, $this->model->getMetadata());
     }
 

Original file line number	Diff line number	Diff line change
`@@ -216,7 +216,7 @@ public function getTitle()`
`216`	`216`	`public function setMetadata($name, $content)`
`217`	`217`	`{`
`218`	`218`	`$this->build();`
`219`		`- $this->metadata[$name] = $content;`
	`219`	`+ $this->metadata[$name] = htmlentities($content);`
`220`	`220`	`}`
`221`	`221`
`222`	`222`	`/**`