Merge pull request #567 from creative-commoners/pulls/1.13/shortcods-…

…multi-html-entities-2 FIX Double encoding image shortcode attributes
silverstripe · Aug 14, 2023 · dcdb6a1 · dcdb6a1
2 parents 19c0bc6 + 16ab3fa
commit dcdb6a1
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 1 deletion.
diff --git a/src/Shortcodes/ImageShortcodeProvider.php b/src/Shortcodes/ImageShortcodeProvider.php
@@ -117,7 +117,7 @@ public static function handle_shortcode($args, $content, $parser, $shortcode, $e
             return in_array($k, $whitelist) && (strlen(trim($v ?? '')) || $k === 'alt');
         }, ARRAY_FILTER_USE_BOTH);
 
-        $markup = HTML::createTag('img', $attrs);
+        $markup = self::createImageTag($attrs);
 
         // cache it for future reference
         if ($fileFound) {
@@ -131,6 +131,25 @@ public static function handle_shortcode($args, $content, $parser, $shortcode, $e
         return $markup;
     }
 
+    /**
+     * Construct and return HTML image tag.
+     */
+    public static function createImageTag(array $attributes) : string
+    {
+        $preparedAttributes = '';
+        foreach ($attributes as $attributeKey => $attributeValue) {
+            if (strlen($attributeValue ?? '') > 0 || $attributeKey === 'alt') {
+                $preparedAttributes .= sprintf(
+                    ' %s="%s"',
+                    $attributeKey,
+                    htmlspecialchars($attributeValue ?? '', ENT_QUOTES, 'UTF-8', false)
+                );
+            }
+        }
+
+        return "<img{$preparedAttributes} />";
+    }
+
     /**
      * Regenerates "[image id=n]" shortcode with new src attribute prior to being edited within the CMS.
      *

diff --git a/tests/php/Shortcodes/ImageShortcodeProviderTest.php b/tests/php/Shortcodes/ImageShortcodeProviderTest.php
@@ -338,4 +338,40 @@ public function testWhiteIsConfigurable()
             ))
         );
     }
+
+    public function gettersAndSettersProvider(): array
+    {
+        return [
+                    'image without special characters' => [
+                        '<img src="http://example.com/image.jpg" alt="My alt text" title="My Title" width="300" height="200" class="leftAlone ss-htmleditorfield-file image" />',
+                        [
+                            'src' => 'http://example.com/image.jpg',
+                            'alt' => 'My alt text',
+                            'title' => 'My Title',
+                            'width' => '300',
+                            'height' => '200',
+                            'class' => 'leftAlone ss-htmleditorfield-file image',
+                        ],
+                    ],
+                    'image with special characters' => [
+                        '<img src="http://example.com/image.jpg" alt="My alt text &amp; special character" title="My Title &amp; special character" width="300" height="200" class="leftAlone ss-htmleditorfield-file image" />',
+                        [
+                            'src' => 'http://example.com/image.jpg',
+                            'alt' => 'My alt text &amp; special character',
+                            'title' => 'My Title & special character',
+                            'width' => '300',
+                            'height' => '200',
+                            'class' => 'leftAlone ss-htmleditorfield-file image',
+                        ]
+                    ]
+                ];
+    }
+
+    /**
+     * @dataProvider gettersAndSettersProvider
+     */
+    public function testCreateImageTag(string $expected, array $attributes)
+    {
+        $this->assertEquals($expected, ImageShortcodeProvider::createImageTag($attributes));
+    }
 }