Merge pull request #5053 from magento-qwerty/MAGETWO-55858

[CIA] Output escaping methods shouldn't be part of AbstractBlock

Author: dvoskoboinikov

app/code/Magento/Catalog/view/frontend/templates/product/list.phtml

@@ -13,14 +13,16 @@ use Magento\Framework\App\Action\Action;
  * Product list template
  *
  * @var $block \Magento\Catalog\Block\Product\ListProduct
+ * @var \Magento\Framework\Escaper $escaper
  */
 ?>
 <?php
 $_productCollection = $block->getLoadedProductCollection();
+/** @var \Magento\Catalog\Helper\Output $_helper */
 $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
 ?>
 <?php if (!$_productCollection->count()) :?>
-    <div class="message info empty"><div><?= $block->escapeHtml(__('We can\'t find products matching the selection.')) ?></div></div>
+    <div class="message info empty"><div><?= $escaper->escapeHtml(__('We can\'t find products matching the selection.')) ?></div></div>
 <?php else :?>
     <?= $block->getToolbarHtml() ?>
     <?= $block->getAdditionalHtml() ?>
@@ -55,7 +57,7 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                     }
                     ?>
                     <?php // Product Image ?>
-                    <a href="<?= $block->escapeUrl($_product->getProductUrl()) ?>"
+                    <a href="<?= $escaper->escapeUrl($_product->getProductUrl()) ?>"
                        class="product photo product-item-photo"
                        tabindex="-1">
                         <?= $productImage->toHtml() ?>
@@ -66,7 +68,7 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                         ?>
                         <strong class="product name product-item-name">
                             <a class="product-item-link"
-                               href="<?= $block->escapeUrl($_product->getProductUrl()) ?>">
+                               href="<?= $escaper->escapeUrl($_product->getProductUrl()) ?>">
                                 <?= /* @noEscape */ $_helper->productAttribute($_product, $_product->getName(), 'name') ?>
                             </a>
                         </strong>
@@ -77,13 +79,13 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                         <?php endif; ?>
 
                         <div class="product-item-inner">
-                            <div class="product actions product-item-actions"<?= strpos($pos, $viewMode . '-actions') ? $block->escapeHtmlAttr($position) : '' ?>>
-                                <div class="actions-primary"<?= strpos($pos, $viewMode . '-primary') ? $block->escapeHtmlAttr($position) : '' ?>>
+                            <div class="product actions product-item-actions"<?= strpos($pos, $viewMode . '-actions') ? $escaper->escapeHtmlAttr($position) : '' ?>>
+                                <div class="actions-primary"<?= strpos($pos, $viewMode . '-primary') ? $escaper->escapeHtmlAttr($position) : '' ?>>
                                     <?php if ($_product->isSaleable()) :?>
                                         <?php $postParams = $block->getAddToCartPostParams($_product); ?>
                                         <form data-role="tocart-form"
-                                              data-product-sku="<?= $block->escapeHtml($_product->getSku()) ?>"
-                                              action="<?= $block->escapeUrl($postParams['action']) ?>"
+                                              data-product-sku="<?= $escaper->escapeHtml($_product->getSku()) ?>"
+                                              action="<?= $escaper->escapeUrl($postParams['action']) ?>"
                                               method="post">
                                             <input type="hidden"
                                                    name="product"
@@ -92,20 +94,20 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                                                    value="<?= /* @noEscape */ $postParams['data'][Action::PARAM_NAME_URL_ENCODED] ?>">
                                             <?= $block->getBlockHtml('formkey') ?>
                                             <button type="submit"
-                                                    title="<?= $block->escapeHtmlAttr(__('Add to Cart')) ?>"
+                                                    title="<?= $escaper->escapeHtmlAttr(__('Add to Cart')) ?>"
                                                     class="action tocart primary">
-                                                <span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
+                                                <span><?= $escaper->escapeHtml(__('Add to Cart')) ?></span>
                                             </button>
                                         </form>
                                     <?php else :?>
                                         <?php if ($_product->isAvailable()) :?>
-                                            <div class="stock available"><span><?= $block->escapeHtml(__('In stock')) ?></span></div>
+                                            <div class="stock available"><span><?= $escaper->escapeHtml(__('In stock')) ?></span></div>
                                         <?php else :?>
-                                            <div class="stock unavailable"><span><?= $block->escapeHtml(__('Out of stock')) ?></span></div>
+                                            <div class="stock unavailable"><span><?= $escaper->escapeHtml(__('Out of stock')) ?></span></div>
                                         <?php endif; ?>
                                     <?php endif; ?>
                                 </div>
-                                <div data-role="add-to-links" class="actions-secondary"<?= strpos($pos, $viewMode . '-secondary') ? $block->escapeHtmlAttr($position) : '' ?>>
+                                <div data-role="add-to-links" class="actions-secondary"<?= strpos($pos, $viewMode . '-secondary') ? $escaper->escapeHtmlAttr($position) : '' ?>>
                                     <?php if ($addToBlock = $block->getChildBlock('addto')) :?>
                                         <?= $addToBlock->setProduct($_product)->getChildHtml() ?>
                                     <?php endif; ?>
@@ -114,9 +116,9 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
                             <?php if ($showDescription) :?>
                                 <div class="product description product-item-description">
                                     <?= /* @noEscape */ $_helper->productAttribute($_product, $_product->getShortDescription(), 'short_description') ?>
-                                    <a href="<?= $block->escapeUrl($_product->getProductUrl()) ?>"
+                                    <a href="<?= $escaper->escapeUrl($_product->getProductUrl()) ?>"
                                        title="<?= /* @noEscape */ $_productNameStripped ?>"
-                                       class="action more"><?= $block->escapeHtml(__('Learn More')) ?></a>
+                                       class="action more"><?= $escaper->escapeHtml(__('Learn More')) ?></a>
                                 </div>
                             <?php endif; ?>
                         </div>
@@ -132,7 +134,7 @@ $_helper = $this->helper(Magento\Catalog\Helper\Output::class);
         {
             "[data-role=tocart-form], .form.map.checkout": {
                 "catalogAddToCart": {
-                    "product_sku": "<?= $block->escapeJs($_product->getSku()) ?>"
+                    "product_sku": "<?= $escaper->escapeJs($_product->getSku()) ?>"
                 }
             }
         }

app/code/Magento/Customer/Test/Unit/Block/Widget/DobTest.php

@@ -354,7 +354,15 @@ public function testGetDateFormat(string $locale, string $expectedFormat)
     public function getDateFormatDataProvider(): array
     {
         return [
-            ['ar_SA', 'd/M/y'],
+            [
+                'ar_SA',
+                preg_replace(
+                    '/[^MmDdYy\/\.\-]/',
+                    '',
+                    (new \IntlDateFormatter('ar_SA', \IntlDateFormatter::SHORT, \IntlDateFormatter::NONE))
+                        ->getPattern()
+                )
+            ],
             [Resolver::DEFAULT_LOCALE, self::DATE_FORMAT],
         ];
     }

dev/tests/integration/testsuite/Magento/Framework/View/TemplateEngine/PhpTest.php

@@ -0,0 +1,58 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Framework\View\TemplateEngine;
+
+use Magento\Framework\View\Element\BlockInterface;
+use Magento\TestFramework\Helper\Bootstrap;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Testing .phtml templating.
+ */
+class PhpTest extends TestCase
+{
+    /**
+     * @var Php
+     */
+    private $templateEngine;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp()
+    {
+        $objectManager = Bootstrap::getObjectManager();
+        $this->templateEngine = $objectManager->get(Php::class);
+    }
+
+    /**
+     * See that templates get access to certain variables.
+     *
+     * @return void
+     */
+    public function testVariablesAvailable(): void
+    {
+        $block = new class implements BlockInterface {
+            /**
+             * @inheritDoc
+             */
+            public function toHtml()
+            {
+                return '<b>BLOCK</b>';
+            }
+        };
+
+        $rendered = $this->templateEngine->render($block, __DIR__ .'/../_files/test_template.phtml');
+        $this->assertEquals(
+            '<p>This template has access to &lt;b&gt;$escaper&lt;/b&gt; and $block &quot;<b>BLOCK</b>&quot;</p>'
+            .PHP_EOL,
+            $rendered
+        );
+    }
+}

dev/tests/integration/testsuite/Magento/Framework/View/_files/test_template.phtml

@@ -0,0 +1,18 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+?>
+<?php
+// phpcs:disable
+?>
+<?php
+/**
+ * Template meant for testing.
+ *
+ * @var \Magento\Framework\View\Element\BlockInterface $block
+ * @var \Magento\Framework\Escaper $escaper
+ */
+?>
+<p>This template has access to <?= $escaper->escapeHtml('<b>$escaper</b>') ?> and $block &quot;<?= $block->toHtml() ?>&quot;</p>

lib/internal/Magento/Framework/Encryption/Test/Unit/EncryptorTest.php

@@ -135,8 +135,11 @@ public function testGetHashRandomSaltSpecifiedLength(): void
      *
      * @dataProvider validateHashDataProvider
      */
-    public function testValidateHash($password, $hash, $expected): void
+    public function testValidateHash($password, $hash, $expected, int $requiresVersion): void
     {
+        if ($requiresVersion > $this->encryptor->getLatestHashVersion()) {
+            $this->markTestSkipped('On current installation encryptor does not support algo #' .$requiresVersion);
+        }
         $actual = $this->encryptor->validateHash($password, $hash);
         $this->assertEquals($expected, $actual);
     }
@@ -149,10 +152,14 @@ public function testValidateHash($password, $hash, $expected): void
     public function validateHashDataProvider(): array
     {
         return [
-            ['password', 'hash:salt:1', false],
-            ['password', '67a1e09bb1f83f5007dc119c14d663aa:salt:0', true],
-            ['password', '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1', true],
-            ['password', 'c6aad9e058f6c4b06187c06d2b69bf506a786af030f81fb6d83778422a68205e:salt:1:2', true],
+            ['password', 'hash:salt:1', false, 1],
+            ['password', '67a1e09bb1f83f5007dc119c14d663aa:salt:0', true, 0],
+            ['password', '13601bda4ea78e55a07b98866d2be6be0744e3866f13c00c811cab608a28f322:salt:1', true, 1],
+            //Hashes after customer:hash:upgrade command issued
+            //Upgraded from version #1 to #2
+            ['password', 'c6aad9e058f6c4b06187c06d2b69bf506a786af030f81fb6d83778422a68205e:salt:1:2', true, 2],
+            //From #0 to #1
+            ['password', '3b68ca4706cbae291455e4340478076c1e1618e742b6144cfcc3e50f648903e4:salt:0:1', true, 1]
         ];
     }
 

lib/internal/Magento/Framework/Locale/Test/Unit/TranslatedListsTest.php

@@ -44,24 +44,36 @@ class TranslatedListsTest extends TestCase
      * @var array
      */
     private $expectedLocales = [
-        'en_US' => 'English (United States)',
-        'en_GB' => 'English (United Kingdom)',
-        'uk_UA' => 'Ukrainian (Ukraine)',
-        'de_DE' => 'German (Germany)',
-        'sr_Cyrl_RS' => 'Serbian (Cyrillic, Serbia)',
-        'sr_Latn_RS' => 'Serbian (Latin, Serbia)'
+        'en_US',
+        'en_GB',
+        'uk_UA',
+        'de_DE',
+        'sr_Cyrl_RS',
+        'sr_Latn_RS'
     ];
 
     /**
-     * @var array
+     * @var string[]
+     */
+    private $languages = [
+        'en_US' => 'English',
+        'en_GB' => 'English',
+        'uk_UA' => 'Ukrainian',
+        'de_DE' => 'German',
+        'sr_Cyrl_RS' => 'Serbian',
+        'sr_Latn_RS' => 'Serbian'
+    ];
+
+    /**
+     * @var string[]
      */
-    private $expectedTranslatedLocales = [
-        'en_US' => 'English (United States) / English (United States)',
-        'en_GB' => 'English (United Kingdom) / English (United Kingdom)',
-        'uk_UA' => 'українська (Україна) / Ukrainian (Ukraine)',
-        'de_DE' => 'Deutsch (Deutschland) / German (Germany)',
-        'sr_Cyrl_RS' => 'српски (ћирилица, Србија) / Serbian (Cyrillic, Serbia)',
-        'sr_Latn_RS' => 'Srpski (latinica, Srbija) / Serbian (Latin, Serbia)'
+    private $countries = [
+        'en_US' => 'United States',
+        'en_GB' => 'United Kingdom',
+        'uk_UA' => 'Ukraine',
+        'de_DE' => 'Germany',
+        'sr_Cyrl_RS' => 'Serbia',
+        'sr_Latn_RS' => 'Serbia'
     ];
 
     protected function setUp()
@@ -168,20 +180,22 @@ public function testGetOptionTimezones()
 
     public function testGetOptionLocales()
     {
+        $expected = $this->getExpectedLocales();
         $locales = array_intersect(
-            $this->expectedLocales,
+            $expected,
             $this->convertOptionLocales($this->listsModel->getOptionLocales())
         );
-        $this->assertEquals($this->expectedLocales, $locales);
+        $this->assertEquals($expected, $locales);
     }
 
     public function testGetTranslatedOptionLocales()
     {
+        $expected = $this->getExpectedTranslatedLocales();
         $locales = array_intersect(
-            $this->expectedTranslatedLocales,
+            $expected,
             $this->convertOptionLocales($this->listsModel->getTranslatedOptionLocales())
         );
-        $this->assertEquals($this->expectedTranslatedLocales, $locales);
+        $this->assertEquals($expected, $locales);
     }
 
     /**
@@ -198,4 +212,42 @@ private function convertOptionLocales($optionLocales): array
 
         return $result;
     }
+
+    /**
+     * Expected translated locales list.
+     *
+     * @return string[]
+     */
+    private function getExpectedTranslatedLocales(): array
+    {
+        $expected = [];
+        foreach ($this->expectedLocales as $locale) {
+            $script = \Locale::getDisplayScript($locale);
+            $scriptTranslated = $script ? \Locale::getDisplayScript($locale, $locale) .', ' : '';
+            $expected[$locale] = ucwords(\Locale::getDisplayLanguage($locale, $locale))
+                . ' (' . $scriptTranslated
+                . \Locale::getDisplayRegion($locale, $locale) . ') / '
+                . $this->languages[$locale]
+                . ' (' . ($script ? $script .', ' : '') . $this->countries[$locale] . ')';
+        }
+
+        return $expected;
+    }
+
+    /**
+     * Expected locales list.
+     *
+     * @return string[]
+     */
+    private function getExpectedLocales(): array
+    {
+        $expected = [];
+        foreach ($this->expectedLocales as $locale) {
+            $script = \Locale::getScript($locale);
+            $scriptDisplayed = $script ? \Locale::getDisplayScript($locale) . ', ' : '';
+            $expected[$locale] = $this->languages[$locale] .' (' .$scriptDisplayed .$this->countries[$locale] .')';
+        }
+
+        return $expected;
+    }
 }