From 6fe5c2b0b311d19a8d626d6373d04f16b097515f Mon Sep 17 00:00:00 2001 From: Anton Date: Fri, 6 May 2022 02:30:00 +0300 Subject: [PATCH 1/7] Fix BaseArrayHelper::htmlDecode() Add missed second argument on recursive calling. --- framework/helpers/BaseArrayHelper.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/framework/helpers/BaseArrayHelper.php b/framework/helpers/BaseArrayHelper.php index 6ebc830b2ad..1ce21bc107c 100644 --- a/framework/helpers/BaseArrayHelper.php +++ b/framework/helpers/BaseArrayHelper.php @@ -726,9 +726,11 @@ public static function htmlEncode($data, $valuesOnly = true, $charset = null) /** * Decodes HTML entities into the corresponding characters in an array of strings. + * * Only array values will be decoded by default. * If a value is an array, this method will also decode it recursively. * Only string values will be decoded. + * * @param array $data data to be decoded * @param bool $valuesOnly whether to decode array values only. If false, * both the array keys and array values will be decoded. @@ -745,7 +747,7 @@ public static function htmlDecode($data, $valuesOnly = true) if (is_string($value)) { $d[$key] = htmlspecialchars_decode($value, ENT_QUOTES); } elseif (is_array($value)) { - $d[$key] = static::htmlDecode($value); + $d[$key] = static::htmlDecode($value, $valuesOnly); } else { $d[$key] = $value; } From 41053787f021e62393c8ab110f5f90d9d2e28882 Mon Sep 17 00:00:00 2001 From: Anton Date: Mon, 9 May 2022 18:36:25 +0300 Subject: [PATCH 2/7] Fix BaseArrayHelper::htmlDecode() `htmlspecialchars_decode()` flags must be same to `htmlspecialchars()` in `BaseArrayHelper::htmlEncode()` --- framework/helpers/BaseArrayHelper.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/framework/helpers/BaseArrayHelper.php b/framework/helpers/BaseArrayHelper.php index 1ce21bc107c..ea1246d1063 100644 --- a/framework/helpers/BaseArrayHelper.php +++ b/framework/helpers/BaseArrayHelper.php @@ -732,7 +732,7 @@ public static function htmlEncode($data, $valuesOnly = true, $charset = null) * Only string values will be decoded. * * @param array $data data to be decoded - * @param bool $valuesOnly whether to decode array values only. If false, + * @param bool $valuesOnly whether to decode array values only. If `false`, * both the array keys and array values will be decoded. * @return array the decoded data * @see https://www.php.net/manual/en/function.htmlspecialchars-decode.php @@ -742,10 +742,10 @@ public static function htmlDecode($data, $valuesOnly = true) $d = []; foreach ($data as $key => $value) { if (!$valuesOnly && is_string($key)) { - $key = htmlspecialchars_decode($key, ENT_QUOTES); + $key = htmlspecialchars_decode($key, ENT_QUOTES | ENT_SUBSTITUTE); } if (is_string($value)) { - $d[$key] = htmlspecialchars_decode($value, ENT_QUOTES); + $d[$key] = htmlspecialchars_decode($value, ENT_QUOTES | ENT_SUBSTITUTE); } elseif (is_array($value)) { $d[$key] = static::htmlDecode($value, $valuesOnly); } else { From 85f261e4087f715da8392db74c86496f55dd00bd Mon Sep 17 00:00:00 2001 From: Anton Date: Mon, 9 May 2022 18:41:49 +0300 Subject: [PATCH 3/7] Update ArrayHelperTest.php --- tests/framework/helpers/ArrayHelperTest.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/tests/framework/helpers/ArrayHelperTest.php b/tests/framework/helpers/ArrayHelperTest.php index 57ab1bf0fa1..49eefa17c3c 100644 --- a/tests/framework/helpers/ArrayHelperTest.php +++ b/tests/framework/helpers/ArrayHelperTest.php @@ -1184,30 +1184,33 @@ public function testHtmlDecode() 'cde' => false, 3 => 'blank', [ - '<>' => 'a<>b', + '<a>' => '<a href="index.php?a=1&b=2">link</a>', '23' => true, ], ]; - $this->assertEquals([ + + $expected = [ 'abc' => '123', '<' => '>', 'cde' => false, 3 => 'blank', [ - '<>' => 'a<>b', + '<a>' => 'link', '23' => true, ], - ], ArrayHelper::htmlDecode($array)); - $this->assertEquals([ + ]; + $this->assertEquals($expected, ArrayHelper::htmlDecode($array)); + $expected = [ 'abc' => '123', '<' => '>', 'cde' => false, 3 => 'blank', [ - '<>' => 'a<>b', + '' => 'link', '23' => true, ], - ], ArrayHelper::htmlDecode($array, false)); + ]; + $this->assertEquals($expected, ArrayHelper::htmlDecode($array, false)); } public function testIsIn() From ba134440f885cb8ac8e7d8e362ea6e5ca2f83947 Mon Sep 17 00:00:00 2001 From: Anton Date: Tue, 17 May 2022 10:28:04 +0300 Subject: [PATCH 4/7] Update ArrayHelperTest.php --- tests/framework/helpers/ArrayHelperTest.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/framework/helpers/ArrayHelperTest.php b/tests/framework/helpers/ArrayHelperTest.php index 49eefa17c3c..bdcfb1e3f57 100644 --- a/tests/framework/helpers/ArrayHelperTest.php +++ b/tests/framework/helpers/ArrayHelperTest.php @@ -1184,6 +1184,7 @@ public function testHtmlDecode() 'cde' => false, 3 => 'blank', [ + '<>' => 'a<>b', '<a>' => '<a href="index.php?a=1&b=2">link</a>', '23' => true, ], @@ -1195,6 +1196,7 @@ public function testHtmlDecode() 'cde' => false, 3 => 'blank', [ + '<>' => 'a<>b', '<a>' => 'link', '23' => true, ], From 775cc70476a29f297eed3d3163bd6bc2e5739060 Mon Sep 17 00:00:00 2001 From: Anton Date: Tue, 17 May 2022 11:25:13 +0300 Subject: [PATCH 5/7] Update ArrayHelperTest.php --- tests/framework/helpers/ArrayHelperTest.php | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/framework/helpers/ArrayHelperTest.php b/tests/framework/helpers/ArrayHelperTest.php index bdcfb1e3f57..89a047e4408 100644 --- a/tests/framework/helpers/ArrayHelperTest.php +++ b/tests/framework/helpers/ArrayHelperTest.php @@ -1208,6 +1208,7 @@ public function testHtmlDecode() 'cde' => false, 3 => 'blank', [ + '<>' => 'a<>b', '' => 'link', '23' => true, ], From 317fe525e1e872f868da40bdf89370706047ddff Mon Sep 17 00:00:00 2001 From: Anton Date: Wed, 18 May 2022 20:51:00 +0300 Subject: [PATCH 6/7] Update CHANGELOG.md --- framework/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 52caf70fc38..adf431a61de 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -26,6 +26,7 @@ Yii Framework 2 Change Log - Bug #19237: Fix OCI PHP 8.1 passing `null` to trim() (longthanhtran) - Bug #19312: Fix PHP 8.1 error when passing null to `yii\helpers\BaseInflector` (WinterSilence) - Bug #19368: Fix PHP 8.1 error when `$fileMimeType` is `null` in `yii\validators\FileValidator::validateMimeType()` (bizley) +- Bug #19386: Fix recursive calling `yii\helpers\BaseArrayHelper::htmlDecode()` (WinterSilence) 2.0.45 February 11, 2022 From c08017470e0088ebfa08b55264cfba5e3f032150 Mon Sep 17 00:00:00 2001 From: Anton Date: Sun, 22 May 2022 02:55:10 +0300 Subject: [PATCH 7/7] test workflow fix --- framework/helpers/BaseArrayHelper.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/helpers/BaseArrayHelper.php b/framework/helpers/BaseArrayHelper.php index 9f1a716c419..84e67f43b5d 100644 --- a/framework/helpers/BaseArrayHelper.php +++ b/framework/helpers/BaseArrayHelper.php @@ -733,7 +733,7 @@ public static function htmlEncode($data, $valuesOnly = true, $charset = null) * * @param array $data data to be decoded * @param bool $valuesOnly whether to decode array values only. If `false`, - * both the array keys and array values will be decoded. + * then both the array keys and array values will be decoded. * @return array the decoded data * @see https://www.php.net/manual/en/function.htmlspecialchars-decode.php */