Fix #274 - Views Incorrectly Encode UTF Characters as HTML Entities

public/legacy/include/portability/ApiBeanMapper/TypeMappers/TextMapper.php

@@ -62,7 +62,8 @@ public function toApi(SugarBean $bean, array &$container, string $name, string $
  $value = html_entity_decode($value);
  }
 
- $container[$newName] = $this->purify($bean, $name, $value);
+ // Some characters get double encoded when purifying, so need double decoding to get correct output
+ $container[$newName] = html_entity_decode(html_entity_decode($this->purify($bean, $name, $value)));
  }
 
  /**

public/legacy/include/utils.php

@@ -2806,15 +2806,15 @@ function purify_html(?string $value, array $extraOptions = []): string {
 
  $sanitizer = new SuiteCRM\HtmlSanitizer($extraOptions);
 
- $cleanedValue = htmlentities($sanitizer->clean($value, true));
+ $cleanedValue = htmlspecialchars($sanitizer->clean($value, true));
  $decoded = html_entity_decode($cleanedValue);
  $doubleDecoded = html_entity_decode($decoded);
 
  if (stripos($decoded, '<script>') !== false || stripos($doubleDecoded, '<script>') !== false){
  $doubleDecoded = '';
  }
 
- $doubleCleanedValue = htmlentities($sanitizer->clean($doubleDecoded, true));
+ $doubleCleanedValue = htmlspecialchars($sanitizer->clean($doubleDecoded, true));
 
  return $doubleCleanedValue;
 }

public/legacy/include/utils/db_utils.php

@@ -66,15 +66,6 @@ function from_db_convert($string, $type)
  return DBManagerFactory::getInstance()->fromConvert($string, $type);
 }
 
-$toHTML = array(
- '"' => '"',
- '<' => '&lt;',
- '>' => '&gt;',
- "'" => '&#039;',
-);
-$GLOBALS['toHTML_keys'] = array_keys($toHTML);
-$GLOBALS['toHTML_values'] = array_values($toHTML);
-$GLOBALS['toHTML_keys_set'] = implode("", $GLOBALS['toHTML_keys']);
 /**
  * Replaces specific characters with their HTML entity values
  * @param string $string String to check/replace
@@ -93,14 +84,8 @@ function to_html($string, $encode=true)
  return $string;
  }
 
- global $toHTML;
-
  if ($encode && is_string($string)) {
- if (is_array($toHTML)) {
- $string = str_ireplace($GLOBALS['toHTML_keys'], $GLOBALS['toHTML_values'] ?? [], $string);
- } else {
- $string = htmlentities($string, ENT_HTML401|ENT_QUOTES, 'UTF-8');
- }
+ $string = htmlspecialchars($string, ENT_HTML401|ENT_QUOTES, 'UTF-8');
  }
 
  return $string;
@@ -123,22 +108,8 @@ function from_html($string, $encode=true)
  return $string;
  }
 
- global $toHTML;
- static $toHTML_values = null;
- static $toHTML_keys = null;
- static $cache = array();
- if (!empty($toHTML) && is_array($toHTML) && (!isset($toHTML_values) || !empty($GLOBALS['from_html_cache_clear']))) {
- $toHTML_values = array_values($toHTML);
- $toHTML_keys = array_keys($toHTML);
- }
-
  // Bug 36261 - Decode &amp; so we can handle double encoded entities
- $string = html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? '';
-
- if (!isset($cache[$string])) {
- $cache[$string] = str_ireplace($toHTML_values ?? '', $toHTML_keys ?? '', $string);
- }
- return $cache[$string] ?? '';
+ return html_entity_decode($string, ENT_HTML401|ENT_QUOTES, 'UTF-8') ?? '';
 }
 
 /*

public/legacy/tests/unit/phpunit/modules/AOR_Reports/AOR_ReportTest.php

@@ -108,7 +108,6 @@ public function testbuild_report_chart(): void
  unset($GLOBALS['_SESSION']);
  unset($GLOBALS['objectList']);
  unset($GLOBALS['mod_strings']);
- unset($GLOBALS['toHTML']);
  unset($GLOBALS['module']);
  unset($GLOBALS['action']);
  unset($GLOBALS['disable_date_format']);