CollectionView: Prevent URL escaping when listing pagination URLs (#154)

* Prevent URL escaping when listing pagination URLs * Fix warnings / errors in pipeline
mixerapi · Mar 25, 2024 · 25e980d · 25e980d
1 parent e56742b
commit 25e980d
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 2 deletions.
diff --git a/config/.env.example b/config/.env.example
@@ -18,7 +18,7 @@ export DEBUG="true"
 export APP_ENCODING="UTF-8"
 export APP_DEFAULT_LOCALE="en_US"
 export APP_DEFAULT_TIMEZONE="UTC"
-export SECURITY_SALT="__SALT__"
+export SECURITY_SALT="bBpSESU8O0gVTzr8Lk9LzJGcy1uHYhah"
 
 # Uncomment these to define cache configuration via environment variables.
 #export CACHE_DURATION="+2 minutes"

diff --git a/plugins/collection-view/src/View/Helper/PagninatorHelper.php b/plugins/collection-view/src/View/Helper/PagninatorHelper.php
@@ -0,0 +1,30 @@
+<?php
+declare(strict_types=1);
+
+namespace MixerApi\CollectionView\View\Helper;
+
+use Cake\View\Helper\PaginatorHelper;
+
+class PagninatorHelper extends PaginatorHelper
+{
+    /**
+     * Overwrite base method to never escape URLs.
+     *
+     * @param array<string, mixed> $options Pagination options.
+     * @param array $url URL.
+     * @param array<string, mixed> $urlOptions Array of options
+     * @return string By default, returns a full pagination URL string for use in non-standard contexts (i.e. JavaScript)
+     */
+    public function generateUrl(
+        array $options = [],
+        array $url = [],
+        array $urlOptions = []
+    ): string {
+        $urlOptions += [
+            'escape' => false,
+            'fullBase' => false,
+        ];
+
+        return $this->Url->build($this->generateUrlParams($options, $url), $urlOptions);
+    }
+}
diff --git a/plugins/collection-view/src/View/JsonCollectionView.php b/plugins/collection-view/src/View/JsonCollectionView.php
@@ -6,6 +6,7 @@
 use Cake\Core\Configure;
 use Cake\View\JsonView;
 use MixerApi\CollectionView\Serializer;
+use MixerApi\CollectionView\View\Helper\PagninatorHelper;
 
 class JsonCollectionView extends JsonView
 {
@@ -35,6 +36,7 @@ public function initialize(): void
         parent::initialize();
         $this->loadHelper('Paginator', [
             'templates' => 'MixerApi/CollectionView.paginator-template',
+            'className' => PagninatorHelper::class,
         ]);
     }
 

diff --git a/plugins/collection-view/src/View/XmlCollectionView.php b/plugins/collection-view/src/View/XmlCollectionView.php
@@ -6,6 +6,7 @@
 use Cake\Core\Configure;
 use Cake\View\SerializedView;
 use MixerApi\CollectionView\Serializer;
+use MixerApi\CollectionView\View\Helper\PagninatorHelper;
 
 class XmlCollectionView extends SerializedView
 {
@@ -65,6 +66,7 @@ public function initialize(): void
         parent::initialize();
         $this->loadHelper('Paginator', [
             'templates' => 'MixerApi/CollectionView.paginator-template',
+            'className' => PagninatorHelper::class,
         ]);
     }
 

diff --git a/plugins/collection-view/tests/TestCase/ControllerTest.php b/plugins/collection-view/tests/TestCase/ControllerTest.php
@@ -29,12 +29,13 @@ public function setUp(): void
 
     public function test_json(): void
     {
-        $this->get('/actors.json');
+        $this->get('/actors.json?limit=1');
         $body = (string)$this->_response->getBody();
         $object = json_decode($body);
 
         $this->assertResponseOk();
         $this->assertTrue(isset($object->collection->url));
+        $this->assertStringNotContainsString('&amp;', $object->collection->next);
         $this->assertNotEmpty($object->data);
     }