Merge branch 'QA_5_2'

MauricioFauth · MauricioFauth · commit 86ea50336b7b · 2023-05-07T18:13:26.000-03:00
Signed-off-by: Maurício Meneghini Fauth &lt;mauricio@fauth.dev&gt;
diff --git a/ChangeLog b/ChangeLog
@@ -44,6 +44,7 @@ phpMyAdmin - ChangeLog
 - issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block
 - issue        Keep the criteria box collapsed by the user when un-checking the criteria checkbox
 - issue        Fix colspan for actions column on database table list
+- issue        Fix double encoding on User Groups pages
 
 5.2.1 (2023-02-07)
 - issue #17522 Fix case where the routes cache file is invalid
diff --git a/js/src/server/user_groups.ts b/js/src/server/user_groups.ts
@@ -1,6 +1,5 @@
 import $ from 'jquery';
 import { AJAX } from '../modules/ajax.ts';
-import { escapeHtml } from '../modules/functions/escape.ts';
 
 /**
  * @fileoverview    Javascript functions used in server user groups page
@@ -26,7 +25,7 @@ AJAX.registerOnload('server/user_groups.js', function () {
         const userGroupName = $(event.relatedTarget).data('user-group');
         (this.querySelector('.modal-body') as HTMLDivElement).innerText = window.sprintf(
             window.Messages.strDropUserGroupWarning,
-            escapeHtml(userGroupName)
+            userGroupName
         );
     });
 
diff --git a/libraries/classes/ConfigStorage/UserGroups.php b/libraries/classes/ConfigStorage/UserGroups.php
@@ -93,7 +93,7 @@ public static function getHtmlForUserGroupsTable(ConfigurableMenusFeature $confi
 
             foreach ($userGroups as $groupName => $tabs) {
                 $userGroupVal = [];
-                $userGroupVal['name'] = htmlspecialchars((string) $groupName);
+                $userGroupVal['name'] = $groupName;
                 $userGroupVal['serverTab'] = self::getAllowedTabNames($tabs, 'server');
                 $userGroupVal['dbTab'] = self::getAllowedTabNames($tabs, 'db');
                 $userGroupVal['tableTab'] = self::getAllowedTabNames($tabs, 'table');
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -862,9 +862,6 @@
       <code>$tabs</code>
       <code>$tabs</code>
     </PossiblyNullIterator>
-    <RedundantCastGivenDocblockType>
-      <code>(string) $groupName</code>
-    </RedundantCastGivenDocblockType>
   </file>
   <file src="libraries/classes/Controllers/AbstractController.php">
     <InvalidArrayOffset>
diff --git a/templates/server/user_groups/edit_user_groups.twig b/templates/server/user_groups/edit_user_groups.twig
@@ -2,7 +2,7 @@
   {% if user_group == null %}
     <h2>{{ 'Add user group'|trans }}</h2>
   {% else %}
-    <h2>{{ 'Edit user group: \'%s\''|trans|format(edit_user_group_special_chars) }}</h2>
+    <h2>{{ 'Edit user group: \'%s\''|trans|format(edit_user_group_special_chars)|raw }}</h2>
   {% endif %}
 
   <form action="{{ user_group_url|raw }}" method="post" class="card disableAjax">
diff --git a/templates/server/user_groups/user_listings.twig b/templates/server/user_groups/user_listings.twig
@@ -1,4 +1,4 @@
-<h2>{{ 'Users of \'%s\' user group'|trans|format(user_group_special_chars) }}</h2>
+<h2>{{ 'Users of \'%s\' user group'|trans|format(user_group_special_chars)|raw }}</h2>
 {% if num_rows == 0 %}
     <p>{% trans 'No users were found belonging to this user group.' %}</p>
 {% else %}
diff --git a/test/classes/ConfigStorage/UserGroupsTest.php b/test/classes/ConfigStorage/UserGroupsTest.php
@@ -12,11 +12,10 @@
 use PhpMyAdmin\Dbal\ResultInterface;
 use PhpMyAdmin\Dbal\TableName;
 use PhpMyAdmin\Tests\AbstractTestCase;
+use PhpMyAdmin\Tests\Stubs\DbiDummy;
 use PhpMyAdmin\Tests\Stubs\DummyResult;
 use PhpMyAdmin\Url;
 
-use function htmlspecialchars;
-
 /** @covers \PhpMyAdmin\ConfigStorage\UserGroups */
 class UserGroupsTest extends AbstractTestCase
 {
@@ -75,16 +74,16 @@ public function testGetHtmlForUserGroupsTableWithNoUserGroups(): void
     public function testGetHtmlForUserGroupsTableWithUserGroups(): void
     {
         $html = UserGroups::getHtmlForUserGroupsTable($this->configurableMenusFeature);
-        $this->assertStringContainsString('<td>usergroup</td>', $html);
+        $this->assertStringContainsString('<td>user&lt;br&gt;group</td>', $html);
         $urlTag = '<a class="" href="' . Url::getFromRoute('/server/user-groups') . '" data-post="'
-            . Url::getCommon(['viewUsers' => 1, 'userGroup' => htmlspecialchars('usergroup')], '');
+            . Url::getCommon(['viewUsers' => 1, 'userGroup' => 'user<br>group'], '');
         $this->assertStringContainsString($urlTag, $html);
         $urlTag = '<a class="" href="' . Url::getFromRoute('/server/user-groups') . '" data-post="'
-            . Url::getCommon(['editUserGroup' => 1, 'userGroup' => htmlspecialchars('usergroup')], '');
+            . Url::getCommon(['editUserGroup' => 1, 'userGroup' => 'user<br>group'], '');
         $this->assertStringContainsString($urlTag, $html);
         $this->assertStringContainsString(
             '<button type="button" class="btn btn-link" data-bs-toggle="modal"'
-            . ' data-bs-target="#deleteUserGroupModal" data-user-group="usergroup">',
+            . ' data-bs-target="#deleteUserGroupModal" data-user-group="user&lt;br&gt;group">',
             $html,
         );
     }
@@ -121,7 +120,7 @@ public function testGetHtmlToEditUserGroup(): void
 
         $resultStub = $this->createMock(DummyResult::class);
 
-        $expectedQuery = 'SELECT * FROM `pmadb`.`usergroups` WHERE `usergroup`=\'ug\'';
+        $expectedQuery = 'SELECT * FROM `pmadb`.`usergroups` WHERE `usergroup`=\'user<br>group\'';
         $dbi = $this->getMockBuilder(DatabaseInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
@@ -132,16 +131,17 @@ public function testGetHtmlToEditUserGroup(): void
         $resultStub->expects($this->exactly(1))
             ->method('getIterator')
             ->will($this->returnCallback(static function (): Generator {
-                yield from [['usergroup' => 'ug', 'tab' => 'server_sql', 'allowed' => 'Y']];
+                yield from [['usergroup' => 'user<br>group', 'tab' => 'server_sql', 'allowed' => 'Y']];
             }));
         $dbi->expects($this->any())->method('quoteString')
             ->will($this->returnCallback(static fn (string $string): string => "'" . $string . "'"));
 
         $GLOBALS['dbi'] = $dbi;
 
         // editing a user group
-        $html = UserGroups::getHtmlToEditUserGroup($this->configurableMenusFeature, 'ug');
-        $this->assertStringContainsString('<input type="hidden" name="userGroup" value="ug"', $html);
+        $html = UserGroups::getHtmlToEditUserGroup($this->configurableMenusFeature, 'user<br>group');
+        $this->assertStringContainsString('Edit user group: \'user&lt;br&gt;group\'', $html);
+        $this->assertStringContainsString('<input type="hidden" name="userGroup" value="user&lt;br&gt;group"', $html);
         $this->assertStringContainsString('<input type="hidden" name="editUserGroupSubmit" value="1"', $html);
         $this->assertStringContainsString('<input type="hidden" name="editUserGroupSubmit" value="1"', $html);
         $this->assertStringContainsString(
@@ -155,4 +155,17 @@ public function testGetHtmlToEditUserGroup(): void
             $html,
         );
     }
+
+    public function testGetHtmlForListingUsersOfAGroupWithNoUsers(): void
+    {
+        $dummyDbi = new DbiDummy();
+        $dbi = DatabaseInterface::load($dummyDbi);
+        $GLOBALS['dbi'] = $dbi;
+
+        $dummyDbi->addResult('SELECT `username` FROM `pmadb`.`users` WHERE `usergroup`=\'user<br>group\'', []);
+
+        $output = UserGroups::getHtmlForListingUsersofAGroup($this->configurableMenusFeature, 'user<br>group');
+        $this->assertStringContainsString('Users of \'user&lt;br&gt;group\' user group', $output);
+        $this->assertStringContainsString('No users were found belonging to this user group.', $output);
+    }
 }
diff --git a/test/classes/Stubs/DbiDummy.php b/test/classes/Stubs/DbiDummy.php
@@ -1793,7 +1793,7 @@ private function init(): void
             [
                 'query' => 'SELECT * FROM `pmadb`.`usergroups` ORDER BY `usergroup` ASC',
                 'columns' => ['usergroup', 'tab', 'allowed'],
-                'result' => [['usergroup', 'server_sql', 'Y']],
+                'result' => [['user<br>group', 'server_sql', 'Y']],
             ],
             [
                 'query' => 'DESCRIBE `test_table`',

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<h2>{{ 'Users of \'%s\' user group'\|trans\|format(user_group_special_chars) }}</h2>`
	`1`	`+<h2>{{ 'Users of \'%s\' user group'\|trans\|format(user_group_special_chars)\|raw }}</h2>`
`2`	`2`	`{% if num_rows == 0 %}`
`3`	`3`	`<p>{% trans 'No users were found belonging to this user group.' %}</p>`
`4`	`4`	`{% else %}`
Original file line number	Diff line number	Diff line change
`@@ -1793,7 +1793,7 @@ private function init(): void`
`1793`	`1793`	`[`
`1794`	`1794`	'query' => 'SELECT * FROM `pmadb`.`usergroups` ORDER BY `usergroup` ASC',
`1795`	`1795`	`'columns' => ['usergroup', 'tab', 'allowed'],`
`1796`		`- 'result' => [['usergroup', 'server_sql', 'Y']],`
	`1796`	`+ 'result' => [['user<br>group', 'server_sql', 'Y']],`
`1797`	`1797`	`],`
`1798`	`1798`	`[`
`1799`	`1799`	'query' => 'DESCRIBE `test_table`',