Merge remote-tracking branch 'origin/AC-14829' into cia-2.4.9-alpha2-develop-bugfix-07022025

Author: nishant04412

app/code/Magento/Newsletter/Block/Adminhtml/Template/Preview.php

@@ -1,17 +1,28 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2013 Adobe
+ * All Rights Reserved.
  */
+declare(strict_types=1);
+
 namespace Magento\Newsletter\Block\Adminhtml\Template;
 
+use Magento\Backend\Block\Template\Context;
+use Magento\Backend\Block\Widget;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Filter\Input\MaliciousCode;
+use Magento\Framework\Profiler;
+use Magento\Newsletter\Model\TemplateFactory;
+use Magento\Newsletter\Model\Template;
+use Magento\Newsletter\Model\SubscriberFactory;
+
 /**
  * Newsletter template preview block
  *
  * @api
  * @since 100.0.2
  */
-class Preview extends \Magento\Backend\Block\Widget
+class Preview extends Widget
 {
     /**
      * Name for profiler
@@ -21,30 +32,39 @@ class Preview extends \Magento\Backend\Block\Widget
     protected $profilerName = "newsletter_template_proccessing";
 
     /**
-     * @var \Magento\Newsletter\Model\TemplateFactory
+     * @var TemplateFactory
      */
     protected $_templateFactory;
 
     /**
-     * @var \Magento\Newsletter\Model\SubscriberFactory
+     * @var SubscriberFactory
      */
     protected $_subscriberFactory;
 
     /**
-     * @param \Magento\Backend\Block\Template\Context $context
-     * @param \Magento\Newsletter\Model\TemplateFactory $templateFactory
-     * @param \Magento\Newsletter\Model\SubscriberFactory $subscriberFactory
+     * @var MaliciousCode
+     */
+    protected $maliciousCode;
+
+    /**
+     * @param Context $context
+     * @param TemplateFactory $templateFactory
+     * @param SubscriberFactory $subscriberFactory
      * @param array $data
+     * @param ?MaliciousCode $maliciousCode
      */
     public function __construct(
-        \Magento\Backend\Block\Template\Context $context,
-        \Magento\Newsletter\Model\TemplateFactory $templateFactory,
-        \Magento\Newsletter\Model\SubscriberFactory $subscriberFactory,
-        array $data = []
+        Context $context,
+        TemplateFactory $templateFactory,
+        SubscriberFactory $subscriberFactory,
+        array $data = [],
+        ?MaliciousCode $maliciousCode = null
     ) {
         $this->_templateFactory = $templateFactory;
         $this->_subscriberFactory = $subscriberFactory;
         parent::__construct($context, $data);
+        $this->maliciousCode = $maliciousCode ?:
+            ObjectManager::getInstance()->get(MaliciousCode::class);
     }
 
     /**
@@ -61,13 +81,12 @@ protected function _toHtml()
             $this->loadTemplate($template, $id);
         } else {
             $previewData = $this->getPreviewData();
-
             $template->setTemplateType($previewData['type']);
             $template->setTemplateText($previewData['text']);
             $template->setTemplateStyles($previewData['styles']);
         }
 
-        \Magento\Framework\Profiler::start($this->profilerName);
+        Profiler::start($this->profilerName);
         $vars = [];
 
         $vars['subscriber'] = $this->_subscriberFactory->create();
@@ -77,20 +96,19 @@ protected function _toHtml()
         $vars['subscriber_data']['unsubscription_link'] = $vars['subscriber'] ?
             $vars['subscriber']->getUnsubscriptionLink() :
             null;
-
         $template->emulateDesign($this->getStoreId());
         $templateProcessed = $this->_appState->emulateAreaCode(
-            \Magento\Newsletter\Model\Template::DEFAULT_DESIGN_AREA,
+            Template::DEFAULT_DESIGN_AREA,
             [$template, 'getProcessedTemplate'],
             [$vars]
         );
         $template->revertDesign();
-
+        $templateProcessed = $this->maliciousCode->filter($templateProcessed);
         if ($template->isPlain()) {
             $templateProcessed = "<pre>" . $this->escapeHtml($templateProcessed) . "</pre>";
         }
 
-        \Magento\Framework\Profiler::stop($this->profilerName);
+        Profiler::stop($this->profilerName);
 
         return $templateProcessed;
     }
@@ -147,11 +165,11 @@ protected function getStoreId()
     /**
      * Return template
      *
-     * @param \Magento\Newsletter\Model\Template $template
+     * @param Template $template
      * @param string $id
      * @return $this
      */
-    protected function loadTemplate(\Magento\Newsletter\Model\Template $template, $id)
+    protected function loadTemplate(Template $template, $id)
     {
         $template->load($id);
         return $this;

app/code/Magento/Newsletter/Test/Unit/Block/Adminhtml/Queue/PreviewTest.php

@@ -1,7 +1,7 @@
 <?php
 /**
- * Copyright © Magento, Inc. All rights reserved.
- * See COPYING.txt for license details.
+ * Copyright 2015 Adobe
+ * All Rights Reserved.
  */
 declare(strict_types=1);
 
@@ -15,6 +15,7 @@
 use Magento\Framework\App\State;
 use Magento\Framework\Escaper;
 use Magento\Framework\Event\ManagerInterface;
+use Magento\Framework\Filter\Input\MaliciousCode;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Newsletter\Block\Adminhtml\Queue\Preview as QueuePreview;
 use Magento\Newsletter\Model\Queue;
@@ -69,6 +70,11 @@ class PreviewTest extends TestCase
      */
     private $preview;
 
+    /**
+     * @var MaliciousCode|MockObject
+     */
+    protected $maliciousCode;
+
     protected function setUp(): void
     {
         $context = $this->createMock(Context::class);
@@ -147,21 +153,23 @@ protected function setUp(): void
         $queueFactory->expects($this->any())
             ->method('create')
             ->willReturn($this->queueMock);
-
+        $this->maliciousCode = $this->createPartialMock(MaliciousCode::class, ['filter']);
         $this->objectManager = new ObjectManager($this);
 
         $escaper = $this->objectManager->getObject(Escaper::class);
         $context->expects($this->once())
             ->method('getEscaper')
             ->willReturn($escaper);
 
+        $this->objectManager->prepareObjectManager();
         $this->preview = $this->objectManager->getObject(
             QueuePreview::class,
             [
                 'context' => $context,
                 'templateFactory' => $templateFactory,
                 'subscriberFactory' => $subscriberFactory,
                 'queueFactory' => $queueFactory,
+                'maliciousCode' => $this->maliciousCode,
             ]
         );
     }
@@ -173,6 +181,9 @@ public function testToHtmlEmpty()
         $this->storeManagerMock->expects($this->once())
             ->method('getDefaultStoreView')
             ->willReturn($store);
+        $this->maliciousCode->expects($this->once())
+            ->method('filter')
+            ->willReturn('');
         $result = $this->preview->toHtml();
         $this->assertEquals('', $result);
     }
@@ -210,7 +221,10 @@ public function testToHtmlWithId()
         $this->storeManagerMock->expects($this->once())
             ->method('getStores')
             ->willReturn([0 => $store]);
+        $this->maliciousCode->expects($this->once())
+            ->method('filter')
+            ->willReturn($newsletterText);
         $result = $this->preview->toHtml();
-        $this->assertEquals('<pre></pre>', $result);
+        $this->assertEquals('<pre>'. $newsletterText .'</pre>', $result);
     }
 }