MAGETWO-67164: Syntax Errors in Widget encode/decode

Joan He · Igor Melnikov · commit ac0763d3a892 · 2017-04-24T10:34:20.000-05:00
- adding handling htmlspecialchars encoded cases
diff --git a/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php b/app/code/Magento/Widget/Setup/LayoutUpdateConverter.php
@@ -75,6 +75,7 @@ protected function isValidJsonValue($value)
      */
     protected function unserializeValue($value)
     {
+        $value = htmlspecialchars_decode($value);
         $value = $this->restoreReservedCharactersInSerializedContent($value);
         return parent::unserializeValue($value);
     }
@@ -84,7 +85,9 @@ protected function unserializeValue($value)
      */
     protected function encodeJson($value)
     {
-        return $this->normalizer->replaceReservedCharacters(parent::encodeJson($value));
+        return htmlspecialchars(
+            $this->normalizer->replaceReservedCharacters(parent::encodeJson($value))
+        );
     }
 
     /**
diff --git a/dev/tests/integration/testsuite/Magento/Widget/Setup/LayoutUpdateConverterTest.php b/dev/tests/integration/testsuite/Magento/Widget/Setup/LayoutUpdateConverterTest.php
@@ -31,8 +31,8 @@ public function convertDataProvider()
     {
         // @codingStandardsIgnoreStart
         $beginning = '<body><referenceContainer name="content"><block class="Magento\CatalogWidget\Block\Product\ProductsList" name="23e38bbfa7cc6474454570e51aeffcc3" template="product/widget/content/grid.phtml"><action method="setData"><argument name="name" xsi:type="string">show_pager</argument><argument name="value" xsi:type="string">0</argument></action><action method="setData"><argument name="name" xsi:type="string">products_count</argument><argument name="value" xsi:type="string">10</argument></action><action method="setData">';
-        $serializedWidgetXml = '<argument name="name" xsi:type="string">conditions_encoded</argument><argument name="value" xsi:type="string">a:2:[i:1;a:4:[s:4:`type`;s:50:`Magento|CatalogWidget|Model|Rule|Condition|Combine`;s:10:`aggregator`;s:3:`all`;s:5:`value`;s:1:`1`;s:9:`new_child`;s:0:``;]s:4:`1--1`;a:4:[s:4:`type`;s:50:`Magento|CatalogWidget|Model|Rule|Condition|Product`;s:9:`attribute`;s:3:`sku`;s:8:`operator`;s:2:`==`;s:5:`value`;a:8:[i:0;s:4:`WS12`;i:1;s:4:`WT09`;i:2;s:4:`MT07`;i:3;s:4:`MH07`;i:4;s:7:`24-MB02`;i:5;s:7:`24-WB04`;i:6;s:8:`241-MB08`;i:7;s:8:`240-LV05`;]]]</argument>';
-        $jsonEncodedWidgetXml = '<argument name="name" xsi:type="string">conditions_encoded</argument><argument name="value" xsi:type="string">^[`1`:^[`type`:`Magento||CatalogWidget||Model||Rule||Condition||Combine`,`aggregator`:`all`,`value`:`1`,`new_child`:``^],`1--1`:^[`type`:`Magento||CatalogWidget||Model||Rule||Condition||Product`,`attribute`:`sku`,`operator`:`==`,`value`:[`WS12`,`WT09`,`MT07`,`MH07`,`24-MB02`,`24-WB04`,`241-MB08`,`240-LV05`]^]^]</argument>';
+        $serializedWidgetXml = '<argument name="name" xsi:type="string">conditions_encoded</argument><argument name="value" xsi:type="string">a:3:[i:1;a:4:[s:4:`type`;s:50:`Magento|CatalogWidget|Model|Rule|Condition|Combine`;s:10:`aggregator`;s:3:`all`;s:5:`value`;s:1:`1`;s:9:`new_child`;s:0:``;]s:4:`1--1`;a:4:[s:4:`type`;s:50:`Magento|CatalogWidget|Model|Rule|Condition|Product`;s:9:`attribute`;s:3:`sku`;s:8:`operator`;s:2:`()`;s:5:`value`;s:15:`simple, simple1`;]s:4:`1--2`;a:4:[s:4:`type`;s:50:`Magento|CatalogWidget|Model|Rule|Condition|Product`;s:9:`attribute`;s:5:`price`;s:8:`operator`;s:2:`&lt;=`;s:5:`value`;s:2:`10`;]]</argument>';
+        $jsonEncodedWidgetXml = '<argument name="name" xsi:type="string">conditions_encoded</argument><argument name="value" xsi:type="string">^[`1`:^[`type`:`Magento||CatalogWidget||Model||Rule||Condition||Combine`,`aggregator`:`all`,`value`:`1`,`new_child`:``^],`1--1`:^[`type`:`Magento||CatalogWidget||Model||Rule||Condition||Product`,`attribute`:`sku`,`operator`:`()`,`value`:`simple, simple1`^],`1--2`:^[`type`:`Magento||CatalogWidget||Model||Rule||Condition||Product`,`attribute`:`price`,`operator`:`&lt;=`,`value`:`10`^]^]</argument>';
         $ending = '</action><action method="setData"><argument name="name" xsi:type="string">page_var_name</argument><argument name="value" xsi:type="string">pobqks</argument></action></block></referenceContainer></body>';
         // @codingStandardsIgnoreEnd
         return [

Original file line number	Diff line number	Diff line change
`@@ -75,6 +75,7 @@ protected function isValidJsonValue($value)`
`75`	`75`	`*/`
`76`	`76`	`protected function unserializeValue($value)`
`77`	`77`	`{`
	`78`	`+ $value = htmlspecialchars_decode($value);`
`78`	`79`	`$value = $this->restoreReservedCharactersInSerializedContent($value);`
`79`	`80`	`return parent::unserializeValue($value);`
`80`	`81`	`}`
`@@ -84,7 +85,9 @@ protected function unserializeValue($value)`
`84`	`85`	`*/`
`85`	`86`	`protected function encodeJson($value)`
`86`	`87`	`{`
`87`		`- return $this->normalizer->replaceReservedCharacters(parent::encodeJson($value));`
	`88`	`+ return htmlspecialchars(`
	`89`	`+ $this->normalizer->replaceReservedCharacters(parent::encodeJson($value))`
	`90`	`+ );`
`88`	`91`	`}`
`89`	`92`
`90`	`93`	`/**`