CollectionView: Prevent URL escaping when listing pagination URLs (#154)

cnizzardini · web-flow · commit 25e980db28a4 · 2024-03-25T19:49:44.000-04:00
* Prevent URL escaping when listing pagination URLs

* Fix warnings / errors in pipeline
diff --git a/config/.env.example b/config/.env.example
@@ -18,7 +18,7 @@ export DEBUG="true"
 export APP_ENCODING="UTF-8"
 export APP_DEFAULT_LOCALE="en_US"
 export APP_DEFAULT_TIMEZONE="UTC"
-export SECURITY_SALT="__SALT__"
+export SECURITY_SALT="bBpSESU8O0gVTzr8Lk9LzJGcy1uHYhah"
 
 # Uncomment these to define cache configuration via environment variables.
 #export CACHE_DURATION="+2 minutes"
diff --git a/plugins/collection-view/src/View/Helper/PagninatorHelper.php b/plugins/collection-view/src/View/Helper/PagninatorHelper.php
@@ -0,0 +1,30 @@
+<?php
+declare(strict_types=1);
+
+namespace MixerApi\CollectionView\View\Helper;
+
+use Cake\View\Helper\PaginatorHelper;
+
+class PagninatorHelper extends PaginatorHelper
+{
+    /**
+     * Overwrite base method to never escape URLs.
+     *
+     * @param array<string, mixed> $options Pagination options.
+     * @param array $url URL.
+     * @param array<string, mixed> $urlOptions Array of options
+     * @return string By default, returns a full pagination URL string for use in non-standard contexts (i.e. JavaScript)
+     */
+    public function generateUrl(
+        array $options = [],
+        array $url = [],
+        array $urlOptions = []
+    ): string {
+        $urlOptions += [
+            'escape' => false,
+            'fullBase' => false,
+        ];
+
+        return $this->Url->build($this->generateUrlParams($options, $url), $urlOptions);
+    }
+}
diff --git a/plugins/collection-view/src/View/JsonCollectionView.php b/plugins/collection-view/src/View/JsonCollectionView.php
@@ -6,6 +6,7 @@
 use Cake\Core\Configure;
 use Cake\View\JsonView;
 use MixerApi\CollectionView\Serializer;
+use MixerApi\CollectionView\View\Helper\PagninatorHelper;
 
 class JsonCollectionView extends JsonView
 {
@@ -35,6 +36,7 @@ public function initialize(): void
         parent::initialize();
         $this->loadHelper('Paginator', [
             'templates' => 'MixerApi/CollectionView.paginator-template',
+            'className' => PagninatorHelper::class,
         ]);
     }
 
diff --git a/plugins/collection-view/src/View/XmlCollectionView.php b/plugins/collection-view/src/View/XmlCollectionView.php
@@ -6,6 +6,7 @@
 use Cake\Core\Configure;
 use Cake\View\SerializedView;
 use MixerApi\CollectionView\Serializer;
+use MixerApi\CollectionView\View\Helper\PagninatorHelper;
 
 class XmlCollectionView extends SerializedView
 {
@@ -65,6 +66,7 @@ public function initialize(): void
         parent::initialize();
         $this->loadHelper('Paginator', [
             'templates' => 'MixerApi/CollectionView.paginator-template',
+            'className' => PagninatorHelper::class,
         ]);
     }
 
diff --git a/plugins/collection-view/tests/TestCase/ControllerTest.php b/plugins/collection-view/tests/TestCase/ControllerTest.php
@@ -29,12 +29,13 @@ public function setUp(): void
 
     public function test_json(): void
     {
-        $this->get('/actors.json');
+        $this->get('/actors.json?limit=1');
         $body = (string)$this->_response->getBody();
         $object = json_decode($body);
 
         $this->assertResponseOk();
         $this->assertTrue(isset($object->collection->url));
+        $this->assertStringNotContainsString('&amp;', $object->collection->next);
         $this->assertNotEmpty($object->data);
     }
 

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`use Cake\Core\Configure;`
`7`	`7`	`use Cake\View\JsonView;`
`8`	`8`	`use MixerApi\CollectionView\Serializer;`
	`9`	`+use MixerApi\CollectionView\View\Helper\PagninatorHelper;`
`9`	`10`
`10`	`11`	`class JsonCollectionView extends JsonView`
`11`	`12`	`{`
`@@ -35,6 +36,7 @@ public function initialize(): void`
`35`	`36`	`parent::initialize();`
`36`	`37`	`$this->loadHelper('Paginator', [`
`37`	`38`	`'templates' => 'MixerApi/CollectionView.paginator-template',`
	`39`	`+ 'className' => PagninatorHelper::class,`
`38`	`40`	`]);`
`39`	`41`	`}`
`40`	`42`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@`
`6`	`6`	`use Cake\Core\Configure;`
`7`	`7`	`use Cake\View\SerializedView;`
`8`	`8`	`use MixerApi\CollectionView\Serializer;`
	`9`	`+use MixerApi\CollectionView\View\Helper\PagninatorHelper;`
`9`	`10`
`10`	`11`	`class XmlCollectionView extends SerializedView`
`11`	`12`	`{`
`@@ -65,6 +66,7 @@ public function initialize(): void`
`65`	`66`	`parent::initialize();`
`66`	`67`	`$this->loadHelper('Paginator', [`
`67`	`68`	`'templates' => 'MixerApi/CollectionView.paginator-template',`
	`69`	`+ 'className' => PagninatorHelper::class,`
`68`	`70`	`]);`
`69`	`71`	`}`
`70`	`72`
Original file line number	Diff line number	Diff line change
`@@ -29,12 +29,13 @@ public function setUp(): void`
`29`	`29`
`30`	`30`	`public function test_json(): void`
`31`	`31`	`{`
`32`		`- $this->get('/actors.json');`
	`32`	`+ $this->get('/actors.json?limit=1');`
`33`	`33`	`$body = (string)$this->_response->getBody();`
`34`	`34`	`$object = json_decode($body);`
`35`	`35`
`36`	`36`	`$this->assertResponseOk();`
`37`	`37`	`$this->assertTrue(isset($object->collection->url));`
	`38`	`+ $this->assertStringNotContainsString('&', $object->collection->next);`
`38`	`39`	`$this->assertNotEmpty($object->data);`
`39`	`40`	`}`
`40`	`41`