Fixes #6969: `yii\helpers\ArrayHelper::htmlEncode()` and `htmlDecode()` should…

Fixes #6969: `yii\helpers\ArrayHelper::htmlEncode()` and `htmlDecode()` should not remove non-string data

Fixes #6969: `yii\helpers\ArrayHelper::htmlEncode()` and `htmlDecode()` should…
fe19243d · Qiang Xue · 7c609ad8 · fe19243d · fe19243d · fe19243d
Commit fe19243d authored Jan 22, 2015 by Qiang Xue
Showing with 75 additions and 0 deletions

CHANGELOG.md framework/CHANGELOG.md +1 -0

BaseArrayHelper.php framework/helpers/BaseArrayHelper.php +6 -0

ArrayHelperTest.php tests/unit/framework/helpers/ArrayHelperTest.php +68 -0

No files found.
--- a/framework/CHANGELOG.md
+++ b/framework/CHANGELOG.md
@@ -5,6 +5,7 @@ Yii Framework 2 Change Log
 -----------------------
 - Bug #6919: Fixed wrong namespaces under advanced application's TestCase classes (ivokund)
+- Bug #6969: `yii\helpers\ArrayHelper::htmlEncode()` and `htmlDecode()` should not remove non-string data (qiangxue)
 - Enh #5663: Added support for using `data-params` to specify additional form data to be submitted via the `data-method` approach (usualdesigner, qiangxue)
 - Enh #6106: Added ability to specify `encode` for each item of `yii\widgets\Breadcrumbs` (samdark, aleksanderd)
 - Enh #6493: Added support for the `Access-Control-Expose-Headers` header by `yii\filters\Cors` (usualdesigner)

--- a/framework/helpers/BaseArrayHelper.php
+++ b/framework/helpers/BaseArrayHelper.php
@@ -441,6 +441,7 @@ class BaseArrayHelper
     * Encodes special characters in an array of strings into HTML entities.
     * Only array values will be encoded by default.
     * If a value is an array, this method will also encode it recursively.
+     * Only string values will be encoded.
     * @param array $data data to be encoded
     * @param boolean $valuesOnly whether to encode array values only. If false,
     * both the array keys and array values will be encoded.
@@ -463,6 +464,8 @@ class BaseArrayHelper
                $d[$key] = htmlspecialchars($value, ENT_QUOTES, $charset);
            } elseif (is_array($value)) {
                $d[$key] = static::htmlEncode($value, $valuesOnly, $charset);
+            } else {
+                $d[$key] = $value;
            }
        }
@@ -473,6 +476,7 @@ class BaseArrayHelper
     * Decodes HTML entities into the corresponding characters in an array of strings.
     * Only array values will be decoded by default.
     * If a value is an array, this method will also decode it recursively.
+     * Only string values will be decoded.
     * @param array $data data to be decoded
     * @param boolean $valuesOnly whether to decode array values only. If false,
     * both the array keys and array values will be decoded.
@@ -490,6 +494,8 @@ class BaseArrayHelper
                $d[$key] = htmlspecialchars_decode($value, ENT_QUOTES);
            } elseif (is_array($value)) {
                $d[$key] = static::htmlDecode($value);
+            } else {
+                $d[$key] = $value;
            }
        }

--- a/tests/unit/framework/helpers/ArrayHelperTest.php
+++ b/tests/unit/framework/helpers/ArrayHelperTest.php
@@ -396,4 +396,72 @@ class ArrayHelperTest extends TestCase
        $this->assertTrue(ArrayHelper::isIndexed([2 => 'a', 3 => 'b']));
        $this->assertFalse(ArrayHelper::isIndexed([2 => 'a', 3 => 'b'], true));
    }
+    public function testHtmlEncode()
+    {
+        $array = [
+            'abc' => '123',
+            '<' => '>',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '<>' => 'a<>b',
+                '23' => true,
+            ]
+        ];
+        $this->assertEquals([
+            'abc' => '123',
+            '<' => '&gt;',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '<>' => 'a&lt;&gt;b',
+                '23' => true,
+            ]
+        ], ArrayHelper::htmlEncode($array));
+        $this->assertEquals([
+            'abc' => '123',
+            '&lt;' => '&gt;',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '&lt;&gt;' => 'a&lt;&gt;b',
+                '23' => true,
+            ]
+        ], ArrayHelper::htmlEncode($array, false));
+    }
+    public function testHtmlDecode()
+    {
+        $array = [
+            'abc' => '123',
+            '&lt;' => '&gt;',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '<>' => 'a&lt;&gt;b',
+                '23' => true,
+            ]
+        ];
+        $this->assertEquals([
+            'abc' => '123',
+            '&lt;' => '>',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '<>' => 'a<>b',
+                '23' => true,
+            ]
+        ], ArrayHelper::htmlDecode($array));
+        $this->assertEquals([
+            'abc' => '123',
+            '<' => '>',
+            'cde' => false,
+            3 => 'blank',
+            [
+                '<>' => 'a<>b',
+                '23' => true,
+            ]
+        ], ArrayHelper::htmlDecode($array, false));
+    }
 }