-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Magento Framework Escaper - Critical log with special symbols #13269
Comments
@ihor-sviziev, thank you for your report. |
hi Have you fixed this issue in one the next releases? Thanks. |
have the same issue in 2.2.6 |
Any news on this one? As this error floods our logfile. |
I just did some testing and the problem seems to come from the \Magento\Framework\Escaper::escapeHtml. The line 74 should convert the data to htmlentities
Edit: I just found in the documentation of |
change: in 2.3:
in 2.2:
i think will cover most cases. if there you have codepoints that html_entity_decode doesn't handle, then i think you'll need your own lookup table to replace that. |
This ticket had been closed? It isn't the intention to fix this in 2.2? |
(From #19884 (comment)): Probably it will be included into release 2.2.8. |
not fixed. |
Also reproduced in 2.3.3 |
Hi @engcom-Alfa, |
Hi @engcom-Alfa. Thank you for working on this issue.
|
@ihor-sviziev Unfortunately, we are not able to reproduce this issue on fresh 2.3-develop and 2.3.3 instances. Manual testing scenario:
Actual Result: No exceptions in the log file. So, I have to close this issue. Thank you! |
Did you also check it with this instruction?: #13269 (comment) |
@engcom-Alfa It can be reproduced by adding an order comment with just: "&". Same exception will show up in the logfile. |
✅ Confirmed by @engcom-Alfa Issue Available: @engcom-Alfa, You will be automatically unassigned. Contributors/Maintainers can claim this issue to continue. To reclaim and continue work, reassign the ticket to yourself. |
I can confirm that issue is still happening on Magento 2.3.4 |
Hi @engcom-Alfa, |
@magento give me 2.4-develop instance |
Hi @ihor-sviziev. Thank you for your request. I'm working on Magento 2.4-develop instance for you |
Hi @ihor-sviziev, here is your Magento instance. |
Hi @ihor-sviziev. Thank you for working on this issue.
|
I can confirm - the issue was fixed in I'm closing this issue |
Preconditions
Steps to reproduce
Case 1
Expected result
Actual result
Case 2
Expected result
Actual result
Reason: On View order page in the admin we have "Purchased From" block.
This block uses
\Magento\Framework\Escaper::escapeHtml
with string that contains ampersand and allowed tags is "br". In this case it writes critical log. This issue appeared in Magento 2.2.0, it was introduced in 59c2c9e + df261e7 + 624ee86.For someone who will fix this issue:
I prepared tests for this fix in my branch that are currently fails (not only this case):
2.2-develop...ihor-sviziev:escaper-critical-log-when-ampersand-is-present
The text was updated successfully, but these errors were encountered: