Added double encoding for already existing HTMl entities

Added encoding into HTML-ENTITIES
Added revert back into UTF-8
Changed version to 3.2.5

Author: tomolimo

front/processmaker.helpdesk.form.php

@@ -583,7 +583,17 @@ function processMakerShowCase( $ID, $from_helpdesk ) {
 
       // to change this HTML code
       $dom = new DOMDocument();
-      $dom->loadHTML($buffer, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD | LIBXML_NOXMLDECL);
+
+      // will convert '&' to '&amp;', '<' to '&lt;' and '>' to '&gt;'
+      $buffer = htmlspecialchars($buffer, ENT_NOQUOTES);
+      // will restore '&lt;' to '<' and '&gt;' to '>'
+      // so that only the already escaped entites will get the double encoding
+      $buffer = str_replace(['&lt;', '&gt;'], ['<', '>'], $buffer);
+
+      // will convert any UTF-8 char that can't be expressed in ASCII into an HTML entity
+      $buffer = mb_convert_encoding($buffer, 'HTML-ENTITIES');
+
+      $dom->loadHTML($buffer, LIBXML_HTML_NOIMPLIED | LIBXML_HTML_NODEFDTD );
       $xpath = new DOMXPath($dom);
 
       // hide some fields
@@ -606,8 +616,8 @@ function processMakerShowCase( $ID, $from_helpdesk ) {
          $elt->setAttribute( 'colspan', '2');
       }
 
-      //$res = $xpath->query('//*[@name="content"]/ancestor::tr[1]');
-      $res = $xpath->query('//*[@name="add"]/ancestor::tr[@class="tab_bg_1"]/preceding-sibling::tr[1]');
+      $res = $xpath->query('//*[@name="content"]/ancestor::tr[1]');
+      //$res = $xpath->query('//*[@name="add"]/ancestor::tr[@class="tab_bg_1"]/preceding-sibling::tr[1]');
       $table = $xpath->query('//*[@name="add"]/ancestor::table[1]');
 
       $tr = $table->item(0)->insertBefore(new DOMElement('tr'), $res->item(0));
@@ -634,8 +644,9 @@ function processMakerShowCase( $ID, $from_helpdesk ) {
 
       $buffer = $dom->saveHTML();
 
+      // will revert back any char converted above
+      $buffer = mb_convert_encoding($buffer, 'UTF-8', 'HTML-ENTITIES');
       echo $buffer;
-      //showFormHelpdesk($ID, $pmItem, $caseInfo);
    }
 
 }

inc/processmaker.class.php

@@ -2704,4 +2704,22 @@ static private function displayMessage($html_message, $title='',$msgtype='info_m
 
       echo Html::scriptBlock($scriptblock);
    }
+
+   //static protected $saved_ob_level;
+
+   //static function pre_item_form_processmakerticket($item) {
+   //   self::$saved_ob_level = ob_get_level();
+   //   ob_start();
+
+   //}
+
+   //static function post_item_form_processmakerticket($item) {
+   //   $buffer = ob_get_clean();
+   //   // 9.1 only: hack to fix an issue with the initEditorSystem which calls scriptStart without calling scriptEnd
+   //   if (ob_get_level() > self::$saved_ob_level) {
+   //      $buffer = ob_get_clean().$buffer;
+   //   }
+   //   echo $buffer;
+   //}
+
 }

js/cases.helpdesk.js

@@ -14,6 +14,7 @@ function onClickContinue(obj) {
    }
 
    // call old handler if any
+   //debugger;
    if (obj != undefined && oldHandler) {
       oldHandler(obj.target);
    }
@@ -65,15 +66,10 @@ function onLoadFrame( evt, caseId, delIndex, caseNumber, processName ) {
             //debugger;
 
             bGLPIHideElement(linkList, 'href', 'cases_Step?TYPE=ASSIGN_TASK&UID=-1&POSITION=10000&ACTION=ASSIGN');
-
-            //buttonContinue.form.action = null; //'';
-            //if (buttonContinue.addEventListener)
-            //    buttonContinue.addEventListener("click", onClickContinue, false);
-            //else
-            //    buttonContinue.attachEvent("onclick", onClickContinue);
+            
             oldHandler = buttonContinue.onclick;
             buttonContinue.onclick = onClickContinue;
-
+            
             submitButton = $("input[name='add'][type=submit]")[0];
             submitButton.insertAdjacentHTML('beforebegin', "<input type='hidden' name='processmaker_action' value='routecase'/>");
             submitButton.insertAdjacentHTML('beforebegin', "<input type='hidden' name='processmaker_caseid' value='" + caseId + "'/>");

processmaker.xml

@@ -23,11 +23,11 @@
    </authors>
    <versions>
       <version>
-         <num>3.2.4</num>
+         <num>3.2.5</num>
          <compatibility>9.2</compatibility>
       </version>
       <version>
-          <num>3.2.4</num>
+          <num>3.2.5</num>
           <compatibility>9.1</compatibility>
       </version>
    </versions>

setup.php

@@ -119,7 +119,7 @@ function plugin_version_processmaker() {
    global $LANG;
 
    return array ('name'           => 'Process Maker',
-                'version'        => '3.2.4',
+                'version'        => '3.2.5',
                 'author'         => 'Olivier Moron',
                 'homepage'       => 'https://github.com/tomolimo/processmaker',
                 'minGlpiVersion' => '9.1');