From cc74da5b07e3a95ab6889c9035bee3a31af2c504 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustaf=20J=C3=A4rgren?= Date: Tue, 27 Aug 2024 16:19:49 +0200 Subject: [PATCH] Fix salesagility#274 - Views Incorrectly Encode UTF Characters as HTML Entities --- public/legacy/include/utils.php | 4 +-- public/legacy/include/utils/db_utils.php | 33 ++----------------- .../modules/AOR_Reports/AOR_ReportTest.php | 1 - 3 files changed, 4 insertions(+), 34 deletions(-) diff --git a/public/legacy/include/utils.php b/public/legacy/include/utils.php index f2299bca60..e9fb5fecd4 100755 --- a/public/legacy/include/utils.php +++ b/public/legacy/include/utils.php @@ -2806,7 +2806,7 @@ function purify_html(?string $value, array $extraOptions = []): string { $sanitizer = new SuiteCRM\HtmlSanitizer($extraOptions); - $cleanedValue = htmlentities($sanitizer->clean($value, true)); + $cleanedValue = htmlspecialchars($sanitizer->clean($value, true)); $decoded = html_entity_decode($cleanedValue); $doubleDecoded = html_entity_decode($decoded); @@ -2814,7 +2814,7 @@ function purify_html(?string $value, array $extraOptions = []): string { $doubleDecoded = ''; } - $doubleCleanedValue = htmlentities($sanitizer->clean($doubleDecoded, true)); + $doubleCleanedValue = htmlspecialchars($sanitizer->clean($doubleDecoded, true)); return $doubleCleanedValue; } diff --git a/public/legacy/include/utils/db_utils.php b/public/legacy/include/utils/db_utils.php index 984edcf2cb..9a3b9b7cf4 100755 --- a/public/legacy/include/utils/db_utils.php +++ b/public/legacy/include/utils/db_utils.php @@ -66,15 +66,6 @@ function from_db_convert($string, $type) return DBManagerFactory::getInstance()->fromConvert($string, $type); } -$toHTML = array( - '"' => '"', - '<' => '<', - '>' => '>', - "'" => ''', -); -$GLOBALS['toHTML_keys'] = array_keys($toHTML); -$GLOBALS['toHTML_values'] = array_values($toHTML); -$GLOBALS['toHTML_keys_set'] = implode("", $GLOBALS['toHTML_keys']); /** * Replaces specific characters with their HTML entity values * @param string $string String to check/replace @@ -93,14 +84,8 @@ function to_html($string, $encode=true) return $string; } - global $toHTML; - if ($encode && is_string($string)) { - if (is_array($toHTML)) { - $string = str_ireplace($GLOBALS['toHTML_keys'], $GLOBALS['toHTML_values'] ?? [], $string); - } else { - $string = htmlentities($string, ENT_HTML401|ENT_QUOTES, 'UTF-8'); - } + $string = htmlspecialchars($string, ENT_HTML401|ENT_QUOTES, 'UTF-8'); } return $string; @@ -123,22 +108,8 @@ function from_html($string, $encode=true) return $string; } - global $toHTML; - static $toHTML_values = null; - static $toHTML_keys = null; - static $cache = array(); - if (!empty($toHTML) && is_array($toHTML) && (!isset($toHTML_values) || !empty($GLOBALS['from_html_cache_clear']))) { - $toHTML_values = array_values($toHTML); - $toHTML_keys = array_keys($toHTML); - } - // Bug 36261 - Decode & so we can handle double encoded entities - $string = html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? ''; - - if (!isset($cache[$string])) { - $cache[$string] = str_ireplace($toHTML_values ?? '', $toHTML_keys ?? '', $string); - } - return $cache[$string] ?? ''; + return html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? ''; } /* diff --git a/public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php b/public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php index cc9ecf60b4..58f2b260ad 100644 --- a/public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php +++ b/public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php @@ -108,7 +108,6 @@ public function testbuild_report_chart(): void unset($GLOBALS['_SESSION']); unset($GLOBALS['objectList']); unset($GLOBALS['mod_strings']); - unset($GLOBALS['toHTML']); unset($GLOBALS['module']); unset($GLOBALS['action']); unset($GLOBALS['disable_date_format']);