From 5108de24da00b2db847ec5abdaf689e5923c241d Mon Sep 17 00:00:00 2001 From: ilya Date: Mon, 24 Feb 2025 21:42:24 +0200 Subject: [PATCH 1/5] Fix #20322: Correct escaping of hex ranges in Html::escapeJsRegularExpression --- framework/helpers/BaseHtml.php | 2 +- tests/framework/helpers/HtmlTest.php | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/framework/helpers/BaseHtml.php b/framework/helpers/BaseHtml.php index 3d7bc17d772..68a79f0e9cd 100644 --- a/framework/helpers/BaseHtml.php +++ b/framework/helpers/BaseHtml.php @@ -2392,7 +2392,7 @@ public static function getInputId($model, $attribute) */ public static function escapeJsRegularExpression($regexp) { - $pattern = preg_replace('/\\\\x\{?([0-9a-fA-F]+)\}?/', '\u$1', $regexp); + $pattern = preg_replace('/\\\\x([0-9a-fA-F]{2})/', '\\x{$1}', $regexp); $deliminator = substr($pattern, 0, 1); $pos = strrpos($pattern, $deliminator, 1); $flag = substr($pattern, $pos + 1); diff --git a/tests/framework/helpers/HtmlTest.php b/tests/framework/helpers/HtmlTest.php index 5913cd55f03..f5a899c68db 100644 --- a/tests/framework/helpers/HtmlTest.php +++ b/tests/framework/helpers/HtmlTest.php @@ -38,6 +38,15 @@ protected function setUp(): void ]); } + public function testEscapeJsRegularExpressionHexRange() + { + $original = '/^[\x00-\xFF]{8,72}$/'; + $expected = '/^[\x{00}-\x{FF}]{8,72}$/'; + $escaped = Html::escapeJsRegularExpression($original); + + $this->assertSame($expected, $escaped, "Hex range \x00-\xFF should be correctly converted."); + } + public function testEncode() { $this->assertEquals('a<>&"'�', Html::encode("a<>&\"'\x80")); From eea809608a7a098affbae6f94bffeb2e24584ae0 Mon Sep 17 00:00:00 2001 From: ilya Date: Mon, 24 Feb 2025 21:54:55 +0200 Subject: [PATCH 2/5] Add missing test for Fix #20322: Cover hex range escaping --- tests/framework/helpers/HtmlTest.php | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/tests/framework/helpers/HtmlTest.php b/tests/framework/helpers/HtmlTest.php index f5a899c68db..d53661b9e6c 100644 --- a/tests/framework/helpers/HtmlTest.php +++ b/tests/framework/helpers/HtmlTest.php @@ -40,11 +40,22 @@ protected function setUp(): void public function testEscapeJsRegularExpressionHexRange() { - $original = '/^[\x00-\xFF]{8,72}$/'; - $expected = '/^[\x{00}-\x{FF}]{8,72}$/'; - $escaped = Html::escapeJsRegularExpression($original); + $testCases = [ + '/^[\x00-\xFF]{8,72}$/', + '/^[\xA1-\xFE]{2}$/', + '/^\xFF\x00$/', + ]; + + $expectedResults = [ + '/^[\x{00}-\x{FF}]{8,72}$/', + '/^[\x{A1}-\x{FE}]{2}$/', + '/^\x{FF}\x{00}$/', + ]; - $this->assertSame($expected, $escaped, "Hex range \x00-\xFF should be correctly converted."); + foreach ($testCases as $index => $original) { + $escaped = Html::escapeJsRegularExpression($original); + $this->assertSame($expectedResults[$index], $escaped, "Test case #$index failed."); + } } public function testEncode() From 82b36a8dd2e881fafdc0ddf118250f2b1148db18 Mon Sep 17 00:00:00 2001 From: ilya Date: Mon, 24 Feb 2025 22:00:38 +0200 Subject: [PATCH 3/5] Add missing test for Fix #20322: Cover hex range escaping --- tests/framework/helpers/HtmlTest.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/framework/helpers/HtmlTest.php b/tests/framework/helpers/HtmlTest.php index d53661b9e6c..08cad560a20 100644 --- a/tests/framework/helpers/HtmlTest.php +++ b/tests/framework/helpers/HtmlTest.php @@ -38,6 +38,9 @@ protected function setUp(): void ]); } + /** + * @covers \yii\helpers\Html::escapeJsRegularExpression + */ public function testEscapeJsRegularExpressionHexRange() { $testCases = [ From f65e633b2151f48856d5eb64fec2fefde97e4a70 Mon Sep 17 00:00:00 2001 From: Ilyah <0637047453t@gmail.com> Date: Wed, 26 Feb 2025 14:23:50 +0200 Subject: [PATCH 4/5] Update CHANGELOG.md --- framework/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 4869591ce6f..d4436d3df4a 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -5,6 +5,7 @@ Yii Framework 2 Change Log ------------------------ - Enh #20309: Add custom attributes support to style tags (nzwz) +- Bug #20322: Correct escaping of hex ranges in Html::escapeJsRegularExpression 2.0.52 February 13, 2025 From 3bfda4e2f2824039b2672d4bf801daf1ba6d577f Mon Sep 17 00:00:00 2001 From: Ilyah <0637047453t@gmail.com> Date: Wed, 26 Feb 2025 14:24:18 +0200 Subject: [PATCH 5/5] Update CHANGELOG.md --- framework/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index d4436d3df4a..2cea02497bd 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -5,7 +5,7 @@ Yii Framework 2 Change Log ------------------------ - Enh #20309: Add custom attributes support to style tags (nzwz) -- Bug #20322: Correct escaping of hex ranges in Html::escapeJsRegularExpression +- Bug #20322: Correct escaping of hex ranges in Html::escapeJsRegularExpression (kowap) 2.0.52 February 13, 2025