Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Fix ErrorHandler::htmlEncode() #18749

Merged
merged 6 commits into from
Jul 6, 2021
Merged

Fix ErrorHandler::htmlEncode() #18749

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
69b06c1
Fix ErrorHandler::htmlEncode()
vjik Jul 6, 2021
6b083aa
Add changelog
vjik Jul 6, 2021
8be065e
Fix changelog
vjik Jul 6, 2021
56d1472
Add test
vjik Jul 6, 2021
fb3a5f1
fix
vjik Jul 6, 2021
7ea6b9b
more fix
vjik Jul 6, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions framework/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ Yii Framework 2 Change Log
------------------------

- Bug #18650: Refactor `framework/assets/yii.activeForm.js` arrow function into traditional function for IE11 compatibility (marcovtwout)
- Bug #18749: Fix `yii\web\ErrorHandler::encodeHtml()` to support strings with invalid UTF symbols (vjik)
- Enh #18724: Allow jQuery 3.6 to be installed (marcovtwout)
- Enh #18628: Added strings "software", and "hardware" to `$specials` array in `yii\helpers\BaseInflector` (kjusupov)
- Enh #18653: Added method `yii\helpers\BaseHtml::getInputIdByName()` (WinterSilence)
Expand Down
2 changes: 1 addition & 1 deletion framework/web/ErrorHandler.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,7 @@ protected function convertExceptionToArray($exception)
*/
public function htmlEncode($text)
{
return htmlspecialchars($text, ENT_QUOTES, 'UTF-8');
return htmlspecialchars($text, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
}

/**
Expand Down
55 changes: 55 additions & 0 deletions tests/framework/web/ErrorHandlerTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,6 +79,61 @@ public function testRenderCallStackItem()

$this->assertContains('<a href="netbeans://open?file=' . $file . '&line=63">', $out);
}

public function dataHtmlEncode()
{
return [
[
"a \t=<>&\"'\x80`\n",
"a \t=&lt;&gt;&amp;\"'�`\n",
],
[
'<b>test</b>',
'&lt;b&gt;test&lt;/b&gt;',
],
[
'"hello"',
'"hello"',
],
[
"'hello world'",
"'hello world'",
],
[
'Chip&amp;Dale',
'Chip&amp;amp;Dale',
],
[
"\t\$x=24;",
"\t\$x=24;",
],
];
}

/**
* @dataProvider dataHtmlEncode
*/
public function testHtmlEncode($text, $expected)
{
$handler = Yii::$app->getErrorHandler();

$this->assertSame($expected, $handler->htmlEncode($text));
}

public function testHtmlEncodeWithUnicodeSequence()
{
if (PHP_VERSION_ID < 70000) {
$this->markTestSkipped('Can not be tested on PHP < 7.0');
return;
}

$handler = Yii::$app->getErrorHandler();

$text = "a \t=<>&\"'\x80\u{20bd}`\u{000a}\u{000c}\u{0000}";
$expected = "a \t=&lt;&gt;&amp;\"'�₽`\n\u{000c}\u{0000}";

$this->assertSame($expected, $handler->htmlEncode($text));
}
}

class ErrorHandler extends \yii\web\ErrorHandler
Expand Down