Fix #274 - Views Incorrectly Encode UTF Characters as HTML Entities

public/legacy/include/portability/ApiBeanMapper/TypeMappers/TextMapper.php

@@ -62,7 +62,8 @@ public function toApi(SugarBean $bean, array &$container, string $name, string $
             $value = html_entity_decode($value);
         }
 
-        $container[$newName] = $this->purify($bean, $name, $value);
+        // Some characters get double encoded when purifying, so need double decoding to get correct output
+        $container[$newName] = html_entity_decode(html_entity_decode($this->purify($bean, $name, $value)));
     }
 
     /**

public/legacy/include/utils.php

@@ -2806,15 +2806,15 @@ function purify_html(?string $value, array $extraOptions = []): string {
 
     $sanitizer = new SuiteCRM\HtmlSanitizer($extraOptions);
 
-    $cleanedValue = htmlentities($sanitizer->clean($value, true));
+    $cleanedValue = htmlspecialchars($sanitizer->clean($value, true));
     $decoded = html_entity_decode($cleanedValue);
     $doubleDecoded = html_entity_decode($decoded);
 
     if (stripos($decoded, '<script>') !== false || stripos($doubleDecoded, '<script>') !== false){
         $doubleDecoded = '';
     }
 
-    $doubleCleanedValue = htmlentities($sanitizer->clean($doubleDecoded, true));
+    $doubleCleanedValue = htmlspecialchars($sanitizer->clean($doubleDecoded, true));
 
     return $doubleCleanedValue;
 }

public/legacy/include/utils/db_utils.php

@@ -66,15 +66,6 @@ function from_db_convert($string, $type)
     return DBManagerFactory::getInstance()->fromConvert($string, $type);
 }
 
-$toHTML = array(
-    '"' => '"',
-    '<' => '&lt;',
-    '>' => '&gt;',
-    "'" => '&#039;',
-);
-$GLOBALS['toHTML_keys'] = array_keys($toHTML);
-$GLOBALS['toHTML_values'] = array_values($toHTML);
-$GLOBALS['toHTML_keys_set'] = implode("", $GLOBALS['toHTML_keys']);
 /**
  * Replaces specific characters with their HTML entity values
  * @param string $string String to check/replace
@@ -93,14 +84,8 @@ function to_html($string, $encode=true)
         return $string;
     }
 
-    global $toHTML;
-
     if ($encode && is_string($string)) {
-        if (is_array($toHTML)) {
-            $string = str_ireplace($GLOBALS['toHTML_keys'], $GLOBALS['toHTML_values'] ?? [], $string);
-        } else {
-            $string = htmlentities($string, ENT_HTML401|ENT_QUOTES, 'UTF-8');
-        }
+        $string = htmlspecialchars($string, ENT_HTML401|ENT_QUOTES, 'UTF-8');
     }
 
     return $string;
@@ -123,22 +108,8 @@ function from_html($string, $encode=true)
         return $string;
     }
 
-    global $toHTML;
-    static $toHTML_values = null;
-    static $toHTML_keys = null;
-    static $cache = array();
-    if (!empty($toHTML) && is_array($toHTML) && (!isset($toHTML_values) || !empty($GLOBALS['from_html_cache_clear']))) {
-        $toHTML_values = array_values($toHTML);
-        $toHTML_keys = array_keys($toHTML);
-    }
-
     // Bug 36261 - Decode &amp; so we can handle double encoded entities
-    $string = html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? '';
-
-    if (!isset($cache[$string])) {
-        $cache[$string] = str_ireplace($toHTML_values ?? '', $toHTML_keys ?? '', $string);
-    }
-    return $cache[$string] ?? '';
+    return html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? '';
 }
 
 /*

public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php

@@ -108,7 +108,6 @@ public function testbuild_report_chart(): void
         unset($GLOBALS['_SESSION']);
         unset($GLOBALS['objectList']);
         unset($GLOBALS['mod_strings']);
-        unset($GLOBALS['toHTML']);
         unset($GLOBALS['module']);
         unset($GLOBALS['action']);
         unset($GLOBALS['disable_date_format']);