Merge remote-tracking branch 'origin/MAGETWO-36289' into develop

Joan He · Joan He · commit faa3f709d49c · 2015-04-29T14:50:38.000-05:00
diff --git a/app/code/Magento/Cms/Block/Adminhtml/Block/Widget/Chooser.php b/app/code/Magento/Cms/Block/Adminhtml/Block/Widget/Chooser.php
@@ -81,7 +81,7 @@ public function prepareElementHtml(\Magento\Framework\Data\Form\Element\Abstract
         if ($element->getValue()) {
             $block = $this->_blockFactory->create()->load($element->getValue());
             if ($block->getId()) {
-                $chooser->setLabel($block->getTitle());
+                $chooser->setLabel($this->escapeHtml($block->getTitle()));
             }
         }
 
diff --git a/app/code/Magento/Cms/Block/Adminhtml/Page/Widget/Chooser.php b/app/code/Magento/Cms/Block/Adminhtml/Page/Widget/Chooser.php
@@ -98,7 +98,7 @@ public function prepareElementHtml(\Magento\Framework\Data\Form\Element\Abstract
         if ($element->getValue()) {
             $page = $this->_pageFactory->create()->load((int)$element->getValue());
             if ($page->getId()) {
-                $chooser->setLabel($page->getTitle());
+                $chooser->setLabel($this->escapeHtml($page->getTitle()));
             }
         }
 
diff --git a/app/code/Magento/Cms/Test/Unit/Block/Adminhtml/Block/Widget/ChooserTest.php b/app/code/Magento/Cms/Test/Unit/Block/Adminhtml/Block/Widget/ChooserTest.php
@@ -35,6 +35,11 @@ class ChooserTest extends \PHPUnit_Framework_TestCase
      */
     protected $urlBuilderMock;
 
+    /**
+     * @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $escaper;
+
     /**
      * @var \Magento\Cms\Model\BlockFactory|\PHPUnit_Framework_MockObject_MockObject
      */
@@ -66,6 +71,14 @@ protected function setUp()
         $this->urlBuilderMock = $this->getMockBuilder('Magento\Framework\UrlInterface')
             ->disableOriginalConstructor()
             ->getMock();
+        $this->escaper = $this->getMockBuilder('Magento\Framework\Escaper')
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'escapeHtml',
+                ]
+            )
+            ->getMock();
         $this->blockFactoryMock = $this->getMockBuilder('Magento\Cms\Model\BlockFactory')
             ->setMethods(
                 [
@@ -90,6 +103,7 @@ protected function setUp()
                 [
                     'getTitle',
                     'load',
+                    'getId',
                 ]
             )
             ->getMock();
@@ -112,15 +126,16 @@ protected function setUp()
         $this->context = $objectManager->getObject(
             'Magento\Backend\Block\Template\Context',
             [
-                'layout' => $this->layoutMock,
+                'layout'     => $this->layoutMock,
                 'mathRandom' => $this->mathRandomMock,
-                'urlBuilder' => $this->urlBuilderMock
+                'urlBuilder' => $this->urlBuilderMock,
+                'escaper'    => $this->escaper,
             ]
         );
         $this->this = $objectManager->getObject(
             'Magento\Cms\Block\Adminhtml\Block\Widget\Chooser',
             [
-                'context' => $this->context,
+                'context'      => $this->context,
                 'blockFactory' => $this->blockFactoryMock
             ]
         );
@@ -135,13 +150,14 @@ protected function setUp()
      */
     public function testPrepareElementHtml($elementValue, $modelBlockId)
     {
-        $elementId = 1;
-        $uniqId = '126hj4h3j73hk7b347jhkl37gb34';
-        $sourceUrl = 'cms/block_widget/chooser/126hj4h3j73hk7b347jhkl37gb34';
-        $config = ['key1' => 'value1'];
-        $fieldsetId = 2;
-        $html = 'some html';
-        $title = 'some title';
+        $elementId    = 1;
+        $uniqId       = '126hj4h3j73hk7b347jhkl37gb34';
+        $sourceUrl    = 'cms/block_widget/chooser/126hj4h3j73hk7b347jhkl37gb34';
+        $config       = ['key1' => 'value1'];
+        $fieldsetId   = 2;
+        $html         = 'some html';
+        $title        = 'some "><img src=y onerror=prompt(document.domain)>; title';
+        $titleEscaped = 'some &quot;&gt;&lt;img src=y onerror=prompt(document.domain)&gt;; title';
 
         $this->this->setConfig($config);
         $this->this->setFieldsetId($fieldsetId);
@@ -197,13 +213,18 @@ public function testPrepareElementHtml($elementValue, $modelBlockId)
         $this->modelBlockMock->expects($this->any())
             ->method('getTitle')
             ->willReturn($title);
-        $this->chooserMock->expects($this->any())
-            ->method('setLabel')
-            ->with($title)
-            ->willReturnSelf();
         $this->chooserMock->expects($this->atLeastOnce())
             ->method('toHtml')
             ->willReturn($html);
+        if (!empty($elementValue) && !empty($modelBlockId)) {
+            $this->escaper->expects(($this->atLeastOnce()))
+                ->method('escapeHtml')
+                ->willReturn($titleEscaped);
+            $this->chooserMock->expects($this->atLeastOnce())
+                ->method('setLabel')
+                ->with($titleEscaped)
+                ->willReturnSelf();
+        }
         $this->elementMock->expects($this->atLeastOnce())
             ->method('setData')
             ->with('after_element_html', $html)
diff --git a/app/code/Magento/Cms/Test/Unit/Block/Adminhtml/Page/Widget/ChooserTest.php b/app/code/Magento/Cms/Test/Unit/Block/Adminhtml/Page/Widget/ChooserTest.php
@@ -0,0 +1,271 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Cms\Test\Unit\Block\Adminhtml\Page\Widget;
+
+/**
+ * @covers \Magento\Cms\Block\Adminhtml\Page\Widget\Chooser
+ */
+class ChooserTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var \Magento\Cms\Block\Adminhtml\Page\Widget\Chooser
+     */
+    protected $this;
+
+    /**
+     * @var \Magento\Backend\Block\Template\Context
+     */
+    protected $context;
+
+    /**
+     * @var \Magento\Framework\Math\Random|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $mathRandomMock;
+
+    /**
+     * @var \Magento\Framework\UrlInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $urlBuilderMock;
+
+    /**
+     * @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $escaper;
+
+    /**
+     * @var \Magento\Cms\Model\Page|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $cmsPageMock;
+
+    /**
+     * @var \Magento\Framework\View\LayoutInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $layoutMock;
+
+    /**
+     * @var \Magento\Cms\Model\PageFactory|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $pageFactoryMock;
+
+    /**
+     * @var \Magento\Framework\Data\Form\Element\AbstractElement|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $elementMock;
+
+    /**
+     * @var \Magento\Framework\View\Element\BlockInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $chooserMock;
+
+    protected function setUp()
+    {
+        $this->layoutMock = $this->getMockBuilder('Magento\Framework\View\LayoutInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->mathRandomMock = $this->getMockBuilder('Magento\Framework\Math\Random')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->urlBuilderMock = $this->getMockBuilder('Magento\Framework\UrlInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->escaper = $this->getMockBuilder('Magento\Framework\Escaper')
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'escapeHtml',
+                ]
+            )
+            ->getMock();
+        $this->pageFactoryMock = $this->getMockBuilder('Magento\Cms\Model\PageFactory')
+            ->setMethods(
+                [
+                    'create',
+                ]
+            )
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->elementMock = $this->getMockBuilder('Magento\Framework\Data\Form\Element\AbstractElement')
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'getId',
+                    'getValue',
+                    'setData',
+                ]
+            )
+            ->getMock();
+        $this->cmsPageMock = $this->getMockBuilder('Magento\Cms\Model\Page')
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'getTitle',
+                    'load',
+                    'getId',
+                ]
+            )
+            ->getMock();
+        $this->chooserMock = $this->getMockBuilder('Magento\Framework\View\Element\BlockInterface')
+            ->disableOriginalConstructor()
+            ->setMethods(
+                [
+                    'setElement',
+                    'setConfig',
+                    'setFieldsetId',
+                    'setSourceUrl',
+                    'setUniqId',
+                    'setLabel',
+                    'toHtml',
+                ]
+            )
+            ->getMock();
+
+        $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $this->context = $objectManager->getObject(
+            'Magento\Backend\Block\Template\Context',
+            [
+                'layout'     => $this->layoutMock,
+                'mathRandom' => $this->mathRandomMock,
+                'urlBuilder' => $this->urlBuilderMock,
+                'escaper'    => $this->escaper,
+            ]
+        );
+        $this->this = $objectManager->getObject(
+            'Magento\Cms\Block\Adminhtml\Page\Widget\Chooser',
+            [
+                'context'     => $this->context,
+                'pageFactory' => $this->pageFactoryMock
+            ]
+        );
+    }
+
+    /**
+     * @covers \Magento\Cms\Block\Adminhtml\Block\Widget\Chooser::prepareElementHtml
+     *
+     * @param string $elementValue
+     * @param integer|null $cmsPageId
+     *
+     * @dataProvider prepareElementHtmlDataProvider
+     */
+    public function testPrepareElementHtml($elementValue, $cmsPageId)
+    {
+        //$elementValue = 12345;
+        //$cmsPageId    = 1;
+        $elementId    = 1;
+        $uniqId       = '126hj4h3j73hk7b347jhkl37gb34';
+        $sourceUrl    = 'cms/page_widget/chooser/126hj4h3j73hk7b347jhkl37gb34';
+        $config       = ['key1' => 'value1'];
+        $fieldsetId   = 2;
+        $html         = 'some html';
+        $title        = 'some "><img src=y onerror=prompt(document.domain)>; title';
+        $titleEscaped = 'some &quot;&gt;&lt;img src=y onerror=prompt(document.domain)&gt;; title';
+
+        $this->this->setConfig($config);
+        $this->this->setFieldsetId($fieldsetId);
+
+        $this->elementMock->expects($this->atLeastOnce())
+            ->method('getId')
+            ->willReturn($elementId);
+        $this->mathRandomMock->expects($this->atLeastOnce())
+            ->method('getUniqueHash')
+            ->with($elementId)
+            ->willReturn($uniqId);
+        $this->urlBuilderMock->expects($this->atLeastOnce())
+            ->method('getUrl')
+            ->with('cms/page_widget/chooser', ['uniq_id' => $uniqId])
+            ->willReturn($sourceUrl);
+        $this->layoutMock->expects($this->atLeastOnce())
+            ->method('createBlock')
+            ->with('Magento\Widget\Block\Adminhtml\Widget\Chooser')
+            ->willReturn($this->chooserMock);
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('setElement')
+            ->with($this->elementMock)
+            ->willReturnSelf();
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('setConfig')
+            ->with($config)
+            ->willReturnSelf();
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('setFieldsetId')
+            ->with($fieldsetId)
+            ->willReturnSelf();
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('setSourceUrl')
+            ->with($sourceUrl)
+            ->willReturnSelf();
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('setUniqId')
+            ->with($uniqId)
+            ->willReturnSelf();
+        $this->elementMock->expects($this->atLeastOnce())
+            ->method('getValue')
+            ->willReturn($elementValue);
+        $this->pageFactoryMock->expects($this->any())
+            ->method('create')
+            ->willReturn($this->cmsPageMock);
+        $this->cmsPageMock->expects($this->any())
+            ->method('load')
+            ->with((int)$elementValue)
+            ->willReturnSelf();
+        $this->cmsPageMock->expects($this->any())
+            ->method('getId')
+            ->willReturn($cmsPageId);
+        $this->cmsPageMock->expects($this->any())
+            ->method('getTitle')
+            ->willReturn($title);
+        $this->chooserMock->expects($this->atLeastOnce())
+            ->method('toHtml')
+            ->willReturn($html);
+        if (!empty($elementValue) && !empty($cmsPageId)) {
+            $this->escaper->expects(($this->atLeastOnce()))
+                ->method('escapeHtml')
+                ->willReturn($titleEscaped);
+            $this->chooserMock->expects($this->atLeastOnce())
+                ->method('setLabel')
+                ->with($titleEscaped)
+                ->willReturnSelf();
+        }
+        $this->elementMock->expects($this->atLeastOnce())
+            ->method('setData')
+            ->with('after_element_html', $html)
+            ->willReturnSelf();
+
+        $this->assertEquals($this->elementMock, $this->this->prepareElementHtml($this->elementMock));
+    }
+
+    public function prepareElementHtmlDataProvider()
+    {
+        return [
+            'elementValue NOT EMPTY, modelBlockId NOT EMPTY' => [
+                'elementValue' => 'some value',
+                'cmsPageId' => 1,
+            ],
+            'elementValue NOT EMPTY, modelBlockId IS EMPTY' => [
+                'elementValue' => 'some value',
+                'cmsPageId' => null,
+            ],
+            'elementValue IS EMPTY, modelBlockId NEVER REACHED' => [
+                'elementValue' => '',
+                'cmsPageId' => 1,
+            ]
+        ];
+    }
+
+    /**
+     * @covers \Magento\Cms\Block\Adminhtml\Page\Widget\Chooser::getGridUrl
+     */
+    public function testGetGridUrl()
+    {
+        $url = 'some url';
+
+        $this->urlBuilderMock->expects($this->atLeastOnce())
+            ->method('getUrl')
+            ->with('cms/page_widget/chooser', ['_current' => true])
+            ->willReturn($url);
+
+        $this->assertEquals($url, $this->this->getGridUrl());
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,7 @@ public function prepareElementHtml(\Magento\Framework\Data\Form\Element\Abstract`
`81`	`81`	`if ($element->getValue()) {`
`82`	`82`	`$block = $this->_blockFactory->create()->load($element->getValue());`
`83`	`83`	`if ($block->getId()) {`
`84`		`- $chooser->setLabel($block->getTitle());`
	`84`	`+ $chooser->setLabel($this->escapeHtml($block->getTitle()));`
`85`	`85`	`}`
`86`	`86`	`}`
`87`	`87`
Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,7 @@ public function prepareElementHtml(\Magento\Framework\Data\Form\Element\Abstract`
`98`	`98`	`if ($element->getValue()) {`
`99`	`99`	`$page = $this->_pageFactory->create()->load((int)$element->getValue());`
`100`	`100`	`if ($page->getId()) {`
`101`		`- $chooser->setLabel($page->getTitle());`
	`101`	`+ $chooser->setLabel($this->escapeHtml($page->getTitle()));`
`102`	`102`	`}`
`103`	`103`	`}`
`104`	`104`