APIv4 - Fix html encoding of rich-text fields

In ece8de2 this was fixed but only for APIv3, and with no unit test. The previous fix also did not cover fields using "TextArea" as their input type, even though they are allowed to store HTML. This fixes for APIv4 and v3 and adds a test. and adds a test.
civicrm · May 17, 2023 · b3d7df5 · b3d7df5
1 parent b1bd2b1
commit b3d7df5
Show file tree

Hide file tree

Showing 4 changed files with 80 additions and 9 deletions.
diff --git a/CRM/Core/BAO/CustomField.php b/CRM/Core/BAO/CustomField.php
@@ -155,6 +155,7 @@ public static function create($params) {
     CRM_Utils_Hook::post(($op === 'add' ? 'create' : 'edit'), 'CustomField', $customField->id, $customField);
 
     CRM_Utils_System::flushCache();
+    CRM_Utils_API_HTMLInputCoder::singleton()->flushCache();
     // Flush caches is not aggressive about clearing the specific cache we know we want to clear
     // so do it manually. Ideally we wouldn't need to clear others...
     Civi::cache('metadata')->clear();
@@ -232,6 +233,7 @@ public static function writeRecords(array $records): array {
     }
 
     CRM_Utils_System::flushCache();
+    CRM_Utils_API_HTMLInputCoder::singleton()->flushCache();
     Civi::cache('metadata')->clear();
 
     foreach ($customFields as $index => $customField) {
@@ -2060,6 +2062,7 @@ public static function moveField($fieldID, $newGroupID) {
     $add->save();
 
     CRM_Utils_System::flushCache();
+    CRM_Utils_API_HTMLInputCoder::singleton()->flushCache();
   }
 
   /**

diff --git a/CRM/Utils/API/AbstractFieldCoder.php b/CRM/Utils/API/AbstractFieldCoder.php
@@ -27,7 +27,7 @@ abstract class CRM_Utils_API_AbstractFieldCoder implements API_Wrapper {
   /**
    * Get skipped fields.
    *
-   * @return array<string>
+   * @return string[]
    *   List of field names
    */
   public function getSkipFields() {

diff --git a/CRM/Utils/API/HTMLInputCoder.php b/CRM/Utils/API/HTMLInputCoder.php
@@ -22,6 +22,9 @@
  * @copyright CiviCRM LLC https://civicrm.org/licensing
  */
 class CRM_Utils_API_HTMLInputCoder extends CRM_Utils_API_AbstractFieldCoder {
+  /**
+   * @var string[]
+   */
   private $skipFields = NULL;
 
   /**
@@ -39,14 +42,21 @@ public static function singleton() {
     return self::$_singleton;
   }
 
+  /**
+   * @return void
+   */
+  public function flushCache(): void {
+    $this->skipFields = NULL;
+  }
+
   /**
    * Get skipped fields.
    *
-   * @return array<string>
+   * @return string[]
    *   list of field names
    */
   public function getSkipFields() {
-    if ($this->skipFields === NULL) {
+    if (!isset($this->skipFields)) {
       $this->skipFields = [
         'widget_code',
         'html_message',
@@ -118,9 +128,13 @@ public function getSkipFields() {
         // Survey entity
         'instructions',
       ];
-      $custom = CRM_Core_DAO::executeQuery('SELECT id FROM civicrm_custom_field WHERE html_type = "RichTextEditor"');
+      $custom = CRM_Core_DAO::executeQuery('
+        SELECT cf.id, cf.name AS field_name, cg.name AS group_name
+        FROM civicrm_custom_field cf, civicrm_custom_group cg
+        WHERE cf.custom_group_id = cg.id AND cf.data_type = "Memo"');
       while ($custom->fetch()) {
         $this->skipFields[] = 'custom_' . $custom->id;
+        $this->skipFields[] = $custom->group_name . '.' . $custom->field_name;
       }
     }
     return $this->skipFields;

diff --git a/tests/phpunit/api/v4/Custom/BasicCustomFieldTest.php b/tests/phpunit/api/v4/Custom/BasicCustomFieldTest.php
@@ -58,22 +58,22 @@ public function testWithSingleField(): void {
       'first_name' => 'Johann',
       'last_name' => 'Tester',
       'contact_type' => 'Individual',
-      'MyIndividualFields.FavColor' => 'Red',
+      'MyIndividualFields.FavColor' => '<Red>',
     ])['id'];
 
     $contact = Contact::get(FALSE)
       ->addSelect('first_name')
       ->addSelect('MyIndividualFields.FavColor')
       ->addWhere('id', '=', $contactId)
-      ->addWhere('MyIndividualFields.FavColor', '=', 'Red')
+      ->addWhere('MyIndividualFields.FavColor', '=', '<Red>')
       ->execute()
       ->first();
 
-    $this->assertEquals('Red', $contact['MyIndividualFields.FavColor']);
+    $this->assertEquals('<Red>', $contact['MyIndividualFields.FavColor']);
 
     Contact::update()
       ->addWhere('id', '=', $contactId)
-      ->addValue('MyIndividualFields.FavColor', 'Blue')
+      ->addValue('MyIndividualFields.FavColor', 'Blue&Pink')
       ->execute();
 
     $contact = Contact::get(FALSE)
@@ -82,7 +82,7 @@ public function testWithSingleField(): void {
       ->execute()
       ->first();
 
-    $this->assertEquals('Blue', $contact['MyIndividualFields.FavColor']);
+    $this->assertEquals('Blue&Pink', $contact['MyIndividualFields.FavColor']);
 
     // Try setting to null
     Contact::update()
@@ -680,4 +680,58 @@ public function testExtendsParticipantMetadata() {
     $this->assertContains('Attendee', $roleOptions);
   }
 
+  /**
+   * Ensure rich-text html fields store html correctly
+   */
+  public function testRichTextHTML(): void {
+    $cgName = uniqid('My');
+
+    $custom = CustomGroup::create(FALSE)
+      ->addValue('title', $cgName)
+      ->addValue('extends', 'Contact')
+      ->addChain('field1', CustomField::create()
+        ->addValue('label', 'RichText')
+        ->addValue('custom_group_id', '$id')
+        ->addValue('html_type', 'RichTextEditor')
+        ->addValue('data_type', 'Memo'),
+      0)
+      ->addChain('field2', CustomField::create()
+        ->addValue('label', 'TextArea')
+        ->addValue('custom_group_id', '$id')
+        ->addValue('html_type', 'TextArea')
+        ->addValue('data_type', 'Memo'),
+      0)
+      ->execute()->first();
+
+    $cid = $this->createTestRecord('Contact', [
+      'first_name' => 'One',
+      'last_name' => 'Tester',
+      "$cgName.RichText" => '<em>Hello</em><br />APIv4 & RichText!',
+      "$cgName.TextArea" => '<em>Hello</em><br />APIv4 & TextArea!',
+    ])['id'];
+    $contact = Contact::get(FALSE)
+      ->addSelect('custom.*')
+      ->addWhere('id', '=', $cid)
+      ->execute()->first();
+    $this->assertEquals('<em>Hello</em><br />APIv4 & RichText!', $contact["$cgName.RichText"]);
+    $this->assertEquals('<em>Hello</em><br />APIv4 & TextArea!', $contact["$cgName.TextArea"]);
+
+    // The html should have been stored unescaped
+    $dbVal = \CRM_Core_DAO::singleValueQuery("SELECT {$custom['field1']['column_name']} FROM {$custom['table_name']}");
+    $this->assertEquals('<em>Hello</em><br />APIv4 & RichText!', $dbVal);
+    $dbVal = \CRM_Core_DAO::singleValueQuery("SELECT {$custom['field2']['column_name']} FROM {$custom['table_name']}");
+    $this->assertEquals('<em>Hello</em><br />APIv4 & TextArea!', $dbVal);
+
+    // APIv3 should work the same way
+    civicrm_api3('Contact', 'create', [
+      'id' => $cid,
+      "custom_{$custom['field1']['id']}" => '<em>Hello</em><br />APIv3 & RichText!',
+      "custom_{$custom['field2']['id']}" => '<em>Hello</em><br />APIv3 & TextArea!',
+    ]);
+    $dbVal = \CRM_Core_DAO::singleValueQuery("SELECT {$custom['field1']['column_name']} FROM {$custom['table_name']}");
+    $this->assertEquals('<em>Hello</em><br />APIv3 & RichText!', $dbVal);
+    $dbVal = \CRM_Core_DAO::singleValueQuery("SELECT {$custom['field2']['column_name']} FROM {$custom['table_name']}");
+    $this->assertEquals('<em>Hello</em><br />APIv3 & TextArea!', $dbVal);
+  }
+
 }