From 14305d247c4f86932fda061d93d6b9ccc57ee48d Mon Sep 17 00:00:00 2001
From: Igor Melnikov <imelnikov@ebay.com>
Date: Wed, 13 Jul 2016 18:35:43 -0500
Subject: [PATCH] MAGETWO-54652: Replace usages of deprecated escaper functions

Fixing tests
---
 app/code/Magento/Backend/Block/Widget/Button.php            | 2 +-
 .../Magento/Backend/Block/Widget/Button/SplitButton.php     | 2 +-
 .../Backend/Block/Widget/Grid/Column/Renderer/Action.php    | 4 +++-
 .../Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php  | 5 ++++-
 .../Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php    | 2 +-
 lib/internal/Magento/Framework/Url/RouteParamsResolver.php  | 6 +++++-
 6 files changed, 15 insertions(+), 6 deletions(-)

diff --git a/app/code/Magento/Backend/Block/Widget/Button.php b/app/code/Magento/Backend/Block/Widget/Button.php
index 5929df1411b..bc9deb2fd8b 100644
--- a/app/code/Magento/Backend/Block/Widget/Button.php
+++ b/app/code/Magento/Backend/Block/Widget/Button.php
@@ -113,7 +113,7 @@ class Button extends \Magento\Backend\Block\Widget
             if ($attributeValue === null || $attributeValue == '') {
                 continue;
             }
-            $html .= $attributeKey . '="' . $this->escapeHtml($attributeValue) . '" ';
+            $html .= $attributeKey . '="' . htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false) . '" ';
         }
 
         return $html;
diff --git a/app/code/Magento/Backend/Block/Widget/Button/SplitButton.php b/app/code/Magento/Backend/Block/Widget/Button/SplitButton.php
index c8c739bad37..e2e83457a57 100644
--- a/app/code/Magento/Backend/Block/Widget/Button/SplitButton.php
+++ b/app/code/Magento/Backend/Block/Widget/Button/SplitButton.php
@@ -229,7 +229,7 @@ class SplitButton extends \Magento\Backend\Block\Widget
             if ($attributeValue === null || $attributeValue == '') {
                 continue;
             }
-            $html[] = $attributeKey . '="' . $this->escapeHtml($attributeValue) . '"';
+            $html[] = $attributeKey . '="' . htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false) . '"';
         }
         return join(' ', $html);
     }
diff --git a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
index 4da88af83ca..312a4601186 100644
--- a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
+++ b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
@@ -82,7 +82,9 @@ class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Text
         $actionCaption = '';
         $this->_transformActionData($action, $actionCaption, $row);
 
-        $htmlAttributes = ['value' => $this->escapeHtml($this->_jsonEncoder->encode($action))];
+        $htmlAttributes = [
+            'value' => htmlspecialchars($this->_jsonEncoder->encode($action), ENT_COMPAT, 'UTF-8', false)
+        ];
         $actionAttributes->setData($htmlAttributes);
         return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>';
     }
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
index db4fa94630d..200bf08f37a 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
@@ -85,7 +85,10 @@ class Button extends AbstractRenderer
             ) : $this->getColumn()->{$rowMethodName}();
 
             if ($attributeValue) {
-                $attributes[] = sprintf('%s="%s"', $attributeName, $this->escapeHtml($attributeValue));
+                $attributes[] = sprintf(
+                    '%s="%s"',
+                    $attributeName, htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false)
+                );
             }
         }
         return $attributes;
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
index 1289d837469..b7613f54f90 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
@@ -118,7 +118,7 @@ class Link extends AbstractRenderer
             if ($value === null || $value == '') {
                 continue;
             }
-            $html[] = sprintf('%s="%s"', $key, $this->escapeHtml($value));
+            $html[] = sprintf('%s="%s"', $key, htmlspecialchars($value, ENT_COMPAT, 'UTF-8', false));
         }
 
         return join(' ', $html);
diff --git a/lib/internal/Magento/Framework/Url/RouteParamsResolver.php b/lib/internal/Magento/Framework/Url/RouteParamsResolver.php
index 61dec6f4a18..9d84307d281 100644
--- a/lib/internal/Magento/Framework/Url/RouteParamsResolver.php
+++ b/lib/internal/Magento/Framework/Url/RouteParamsResolver.php
@@ -110,7 +110,11 @@ class RouteParamsResolver extends \Magento\Framework\DataObject implements Route
             if ($key == 'key') {
                 $this->setRouteParam($key, $value);
             } else {
-                $this->setRouteParam($this->getEscaper()->escapeUrl($key), $this->getEscaper()->escapeUrl($value));
+                if (is_object($value)) {
+                    $this->setRouteParam($this->getEscaper()->escapeUrl($key), $value);
+                } else {
+                    $this->setRouteParam($this->getEscaper()->escapeUrl($key), $this->getEscaper()->escapeUrl($value));
+                }
             }
         }
 
-- 
GitLab