diff --git a/framework/CHANGELOG.md b/framework/CHANGELOG.md index 4869591ce6f..2cea02497bd 100644 --- a/framework/CHANGELOG.md +++ b/framework/CHANGELOG.md @@ -5,6 +5,7 @@ Yii Framework 2 Change Log ------------------------ - Enh #20309: Add custom attributes support to style tags (nzwz) +- Bug #20322: Correct escaping of hex ranges in Html::escapeJsRegularExpression (kowap) 2.0.52 February 13, 2025 diff --git a/framework/helpers/BaseHtml.php b/framework/helpers/BaseHtml.php index 3d7bc17d772..68a79f0e9cd 100644 --- a/framework/helpers/BaseHtml.php +++ b/framework/helpers/BaseHtml.php @@ -2392,7 +2392,7 @@ public static function getInputId($model, $attribute) */ public static function escapeJsRegularExpression($regexp) { - $pattern = preg_replace('/\\\\x\{?([0-9a-fA-F]+)\}?/', '\u$1', $regexp); + $pattern = preg_replace('/\\\\x([0-9a-fA-F]{2})/', '\\x{$1}', $regexp); $deliminator = substr($pattern, 0, 1); $pos = strrpos($pattern, $deliminator, 1); $flag = substr($pattern, $pos + 1); diff --git a/tests/framework/helpers/HtmlTest.php b/tests/framework/helpers/HtmlTest.php index 5913cd55f03..08cad560a20 100644 --- a/tests/framework/helpers/HtmlTest.php +++ b/tests/framework/helpers/HtmlTest.php @@ -38,6 +38,29 @@ protected function setUp(): void ]); } + /** + * @covers \yii\helpers\Html::escapeJsRegularExpression + */ + public function testEscapeJsRegularExpressionHexRange() + { + $testCases = [ + '/^[\x00-\xFF]{8,72}$/', + '/^[\xA1-\xFE]{2}$/', + '/^\xFF\x00$/', + ]; + + $expectedResults = [ + '/^[\x{00}-\x{FF}]{8,72}$/', + '/^[\x{A1}-\x{FE}]{2}$/', + '/^\x{FF}\x{00}$/', + ]; + + foreach ($testCases as $index => $original) { + $escaped = Html::escapeJsRegularExpression($original); + $this->assertSame($expectedResults[$index], $escaped, "Test case #$index failed."); + } + } + public function testEncode() { $this->assertEquals('a<>&"'�', Html::encode("a<>&\"'\x80"));