Error202
/
yii2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Fix #18749: Fix `yii\web\ErrorHandler::encodeHtml()` to support strings with invalid UTF symbols

tags/2.0.43
Sergei Predvoditelev 3 years ago committed by GitHub
parent
17742cb146
commit
8cc9aeb2f0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 57 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      framework/CHANGELOG.md
  2. 2
      framework/web/ErrorHandler.php
  3. 55
      tests/framework/web/ErrorHandlerTest.php

1
framework/CHANGELOG.md
Unescape View File

@ -6,6 +6,7 @@ Yii Framework 2 Change Log
- Bug #14663: Do not convert int to string if database type of a column is numeric (egorrishe) - Bug #14663: Do not convert int to string if database type of a column is numeric (egorrishe)
- Bug #18650: Refactor `framework/assets/yii.activeForm.js` arrow function into traditional function for IE11 compatibility (marcovtwout) - Bug #18650: Refactor `framework/assets/yii.activeForm.js` arrow function into traditional function for IE11 compatibility (marcovtwout)
- Bug #18749: Fix `yii\web\ErrorHandler::encodeHtml()` to support strings with invalid UTF symbols (vjik)
- Enh #18724: Allow jQuery 3.6 to be installed (marcovtwout) - Enh #18724: Allow jQuery 3.6 to be installed (marcovtwout)
- Enh #18628: Added strings "software", and "hardware" to `$specials` array in `yii\helpers\BaseInflector` (kjusupov) - Enh #18628: Added strings "software", and "hardware" to `$specials` array in `yii\helpers\BaseInflector` (kjusupov)
- Enh #18653: Added method `yii\helpers\BaseHtml::getInputIdByName()` (WinterSilence) - Enh #18653: Added method `yii\helpers\BaseHtml::getInputIdByName()` (WinterSilence)

2
framework/web/ErrorHandler.php
Unescape View File

@ -180,7 +180,7 @@ class ErrorHandler extends \yii\base\ErrorHandler
*/ */
public function htmlEncode($text) public function htmlEncode($text)
{ {
return htmlspecialchars($text, ENT_QUOTES, 'UTF-8'); return htmlspecialchars($text, ENT_NOQUOTES | ENT_SUBSTITUTE | ENT_HTML5, 'UTF-8');
} }
/** /**

55
tests/framework/web/ErrorHandlerTest.php
Unescape View File

@ -79,6 +79,61 @@ Exception: yii\web\NotFoundHttpException', $out);
$this->assertContains('<a href="netbeans://open?file=' . $file . '&line=63">', $out); $this->assertContains('<a href="netbeans://open?file=' . $file . '&line=63">', $out);
} }
public function dataHtmlEncode()
{
return [
[
"a \t=<>&\"'\x80`\n",
"a \t=&lt;&gt;&amp;\"'<EFBFBD>`\n",
],
[
'<b>test</b>',
'&lt;b&gt;test&lt;/b&gt;',
],
[
'"hello"',
'"hello"',
],
[
"'hello world'",
"'hello world'",
],
[
'Chip&amp;Dale',
'Chip&amp;amp;Dale',
],
[
"\t\$x=24;",
"\t\$x=24;",
],
];
}
/**
* @dataProvider dataHtmlEncode
*/
public function testHtmlEncode($text, $expected)
{
$handler = Yii::$app->getErrorHandler();
$this->assertSame($expected, $handler->htmlEncode($text));
}
public function testHtmlEncodeWithUnicodeSequence()
{
if (PHP_VERSION_ID < 70000) {
$this->markTestSkipped('Can not be tested on PHP < 7.0');
return;
}
$handler = Yii::$app->getErrorHandler();
$text = "a \t=<>&\"'\x80\u{20bd}`\u{000a}\u{000c}\u{0000}";
$expected = "a \t=&lt;&gt;&amp;\"'<EFBFBD>₽`\n\u{000c}\u{0000}";
$this->assertSame($expected, $handler->htmlEncode($text));
}
} }
class ErrorHandler extends \yii\web\ErrorHandler class ErrorHandler extends \yii\web\ErrorHandler

Write Preview
Loading…
Cancel
Save