Merge remote-tracking branch 'origin/MAGETWO-85083' into 2.3-develop-pr5

zakdma · zakdma · commit 42c9c1109c64 · 2018-03-16T18:29:37.000+02:00
diff --git a/app/code/Magento/Tax/Block/Grid/Renderer/Codes.php b/app/code/Magento/Tax/Block/Grid/Renderer/Codes.php
@@ -20,6 +20,6 @@ public function render(\Magento\Framework\DataObject $row)
     {
         $ratesCodes = $row->getTaxRatesCodes();
 
-        return is_array($ratesCodes) ? implode(', ', $ratesCodes) : '';
+        return $ratesCodes && is_array($ratesCodes) ? $this->escapeHtml(implode(', ', $ratesCodes)) : '';
     }
 }
diff --git a/app/code/Magento/Tax/Test/Unit/Block/Grid/Renderer/CodesTest.php b/app/code/Magento/Tax/Test/Unit/Block/Grid/Renderer/CodesTest.php
@@ -5,7 +5,9 @@
  */
 namespace Magento\Tax\Test\Unit\Block\Grid\Renderer;
 
+use Magento\Backend\Block\Context;
 use Magento\Framework\DataObject;
+use Magento\Framework\Escaper;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Tax\Block\Grid\Renderer\Codes;
 
@@ -24,7 +26,26 @@ class CodesTest extends \PHPUnit\Framework\TestCase
     protected function setUp()
     {
         $objectManager = new ObjectManager($this);
-        $this->codes = $objectManager->getObject(Codes::class);
+        $escaper = $this->getMockBuilder(Escaper::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $escaper->expects($this->any())
+            ->method('escapeHtml')
+            ->willReturnCallback(
+                function ($str) {
+                    return 'ESCAPED:' .$str;
+                }
+            );
+        $context = $this->getMockBuilder(Context::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $context->expects($this->any())
+            ->method('getEscaper')
+            ->willReturn($escaper);
+        $this->codes = $objectManager->getObject(
+            Codes::class,
+            ['context' => $context]
+        );
     }
 
     /**
@@ -50,10 +71,10 @@ public function testRenderCodes($ratesCodes, $expected)
     public function ratesCodesDataProvider()
     {
         return [
-            [['some_code'], 'some_code'],
-            [['some_code', 'some_code2'], 'some_code, some_code2'],
+            [['some_code'], 'ESCAPED:some_code'],
+            [['some_code', 'some_code2'], 'ESCAPED:some_code, some_code2'],
             [[], ''],
-            [null, '']
+            [null, ''],
         ];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,6 @@ public function render(\Magento\Framework\DataObject $row)`
`20`	`20`	`{`
`21`	`21`	`$ratesCodes = $row->getTaxRatesCodes();`
`22`	`22`
`23`		`- return is_array($ratesCodes) ? implode(', ', $ratesCodes) : '';`
	`23`	`+ return $ratesCodes && is_array($ratesCodes) ? $this->escapeHtml(implode(', ', $ratesCodes)) : '';`
`24`	`24`	`}`
`25`	`25`	`}`