MDL-52136 mod_forum: Correctly quote get_string vars in mustache

mod/forum/classes/output/forum_post.php

@@ -134,9 +134,65 @@ public function __construct($course, $cm, $forum, $discussion, $post, $author, $
      * Export this data so it can be used as the context for a mustache template.
      *
      * @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
+     * @param bool $plaintext Whethe the target is a plaintext target
      * @return stdClass Data ready for use in a mustache template
      */
-    public function export_for_template(\mod_forum_renderer $renderer) {
+    public function export_for_template(\mod_forum_renderer $renderer, $plaintext = false) {
+        if ($plaintext) {
+            return $this->export_for_template_text($renderer);
+        } else {
+            return $this->export_for_template_html($renderer);
+        }
+    }
+
+    /**
+     * Export this data so it can be used as the context for a mustache template.
+     *
+     * @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
+     * @return stdClass Data ready for use in a mustache template
+     */
+    protected function export_for_template_text(\mod_forum_renderer $renderer) {
+        return array(
+            'id'                            => html_entity_decode($this->post->id),
+            'coursename'                    => html_entity_decode($this->get_coursename()),
+            'courselink'                    => html_entity_decode($this->get_courselink()),
+            'forumname'                     => html_entity_decode($this->get_forumname()),
+            'showdiscussionname'            => html_entity_decode($this->get_showdiscussionname()),
+            'discussionname'                => html_entity_decode($this->get_discussionname()),
+            'subject'                       => html_entity_decode($this->get_subject()),
+            'authorfullname'                => html_entity_decode($this->get_author_fullname()),
+            'postdate'                      => html_entity_decode($this->get_postdate()),
+
+            // Format some components according to the renderer.
+            'message'                       => html_entity_decode($renderer->format_message_text($this->cm, $this->post)),
+            'attachments'                   => html_entity_decode($renderer->format_message_attachments($this->cm, $this->post)),
+
+            'canreply'                      => $this->canreply,
+            'permalink'                     => $this->get_permalink(),
+            'firstpost'                     => $this->get_is_firstpost(),
+            'replylink'                     => $this->get_replylink(),
+            'unsubscribediscussionlink'     => $this->get_unsubscribediscussionlink(),
+            'unsubscribeforumlink'          => $this->get_unsubscribeforumlink(),
+            'parentpostlink'                => $this->get_parentpostlink(),
+
+            'forumindexlink'                => $this->get_forumindexlink(),
+            'forumviewlink'                 => $this->get_forumviewlink(),
+            'discussionlink'                => $this->get_discussionlink(),
+
+            'authorlink'                    => $this->get_authorlink(),
+            'authorpicture'                 => $this->get_author_picture(),
+
+            'grouppicture'                  => $this->get_group_picture(),
+        );
+    }
+
+    /**
+     * Export this data so it can be used as the context for a mustache template.
+     *
+     * @param \mod_forum_renderer $renderer The render to be used for formatting the message and attachments
+     * @return stdClass Data ready for use in a mustache template
+     */
+    protected function export_for_template_html(\mod_forum_renderer $renderer) {
         return array(
             'id'                            => $this->post->id,
             'coursename'                    => $this->get_coursename(),

mod/forum/renderer.php

@@ -191,7 +191,7 @@ public function timed_discussion_tooltip($discussion, $visiblenow) {
      * @return string
      */
     public function render_forum_post_email(\mod_forum\output\forum_post_email $post) {
-        $data = $post->export_for_template($this);
+        $data = $post->export_for_template($this, $this->target === RENDERER_TARGET_TEXTEMAIL);
         return $this->render_from_template('mod_forum/' . $this->forum_post_template(), $data);
     }
 

mod/forum/templates/forum_post_email_htmlemail_body.mustache

@@ -87,7 +87,10 @@
                 {{{ subject }}}
             </div>
             <div class="author">
-                {{# str }} bynameondate, forum, { "name": "<a target='_blank' href='{{{ authorlink }}}'>{{ authorfullname }}</a>", "date": "{{ postdate }}" } {{/ str }}
+                {{# str }} bynameondate, forum, {
+                        "name": {{# quote }}<a target='_blank' href='{{{ authorlink }}}'>{{ authorfullname }}</a>{{/ quote }},
+                        "date": {{# quote }}{{ postdate }}{{/ quote }}
+                    } {{/ str }}
             </div>
         </td>
     </tr>

mod/forum/templates/forum_post_email_textemail.mustache

@@ -45,14 +45,20 @@
 {{{ coursename }}} -> {{# str }} forums, forum {{/ str }} -> {{{ forumname }}}{{# showdiscussionname }} -> {{{ discussionname }}} {{/ showdiscussionname }}
 {{ permalink }}
 {{{ subject }}}
-{{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
+{{# str }} bynameondate, forum, {
+        "name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
+        "date": {{# quote}}{{ postdate }}{{/ quote }}
+    } {{/ str }}
 ---------------------------------------------------------------------
 {{{ message }}}
 
 {{{ attachments }}}
 ---------------------------------------------------------------------
 {{# canreply }}
-{{# str }} postmailinfolink, forum, { "coursename": "{{{ coursename }}}", "replylink": "{{ replylink }}" } {{/ str }}
+{{# str }} postmailinfolink, forum, {
+        "coursename": {{# quote }}{{{ coursename }}}{{/ quote }},
+        "replylink": {{# quote }}{{ replylink }}{{/ quote }}
+    } {{/ str }}
 {{/ canreply }}
 {{# unsubscribeforumlink }}
 {{# str }} unsubscribelink, forum, {{{ unsubscribeforumlink }}} {{/ str }}

mod/forum/templates/forum_post_emaildigestbasic_htmlemail.mustache

@@ -44,7 +44,7 @@
 <div>
   <a target="_blank" href="{{{ permalink }}}">{{{ subject }}}</a>
   {{# str }} bynameondate, forum, {
-      "name": "<a target=\"_blank\" href=\"{{{ authorlink }}}\">{{ authorfullname }}</a>",
-      "date": "{{ postdate }}"
-  } {{/ str }}
+          "name": {{# quote }}<a target=\"_blank\" href=\"{{{ authorlink }}}\">{{ authorfullname }}</a>{{/ quote }},
+          "date": {{# quote }}{{ postdate }}{{/ quote }}
+      } {{/ str }}
 </div>

mod/forum/templates/forum_post_emaildigestbasic_textemail.mustache

@@ -33,5 +33,8 @@
 }}
 
 {{ discussionlink }}
-{{{ subject }}} {{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
+{{{ subject }}} {{# str }} bynameondate, forum, {
+        "name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
+        "date": {{# quote }}{{ postdate }}{{/ quote }}
+    } {{/ str }}
 ---------------------------------------------------------------------

mod/forum/templates/forum_post_emaildigestfull_textemail.mustache

@@ -38,7 +38,10 @@
 
 {{ discussionlink }}
 {{{ subject }}} ({{{ permalink }}})
-{{# str }} bynameondate, forum, { "name": "{{{ authorfullname }}}", "date": "{{ postdate }}" } {{/ str }}
+{{# str }} bynameondate, forum, {
+        "name": {{# quote }}{{{ authorfullname }}}{{/ quote }},
+        "date": {{# quote }}{{ postdate }}{{/ quote }}
+    } {{/ str }}
 ---------------------------------------------------------------------
 {{{ message }}}
 

mod/forum/tests/mail_test.php

@@ -879,10 +879,8 @@ public function forum_post_email_templates_provider() {
 
         // Single and double quotes everywhere.
         $newcase = $base;
-        $newcase['user']['lastname'] = 'Moodle\'';
-        // $newcase['user']['lastname'] = 'Moodle\'"'; // TODO: This breaks badly. See MDL-52136.
-        $newcase['course']['shortname'] = '101\'';
-        // $newcase['course']['shortname'] = '101\'"'; // TODO: This breaks badly. See MDL-52136.
+        $newcase['user']['lastname'] = 'Moodle\'"';
+        $newcase['course']['shortname'] = '101\'"';
         $newcase['forums'][0]['name'] = 'Moodle Forum\'"';
         $newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle\'"';
         $newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle\'"';
@@ -901,8 +899,8 @@ public function forum_post_email_templates_provider() {
         $newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle>';
         $newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle>';
         $newcase['expectations'][0]['contents'] = array(
-            'Attachment example.txt:', '~{\$a', '~>', 'Love Moodle>', '101>', 'Moodle Forum>',
-            'Hello Moodle>', 'Welcome to Moodle>');
+            'Attachment example.txt:', '~{\$a', '~>', 'Love Moodle>', '101>', 'Moodle Forum>',
+            'Hello Moodle>', 'Welcome to Moodle>');
         $textcases['Text mail with gt and lt everywhere'] = array('data' => $newcase);
 
         // Ampersands everywhere. This case is completely borked because format_string()
@@ -914,8 +912,8 @@ public function forum_post_email_templates_provider() {
         $newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle&';
         $newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle&';
         $newcase['expectations'][0]['contents'] = array(
-            'Attachment example.txt:', '~{\$a', '~&', 'Love Moodle&', '101&', 'Moodle Forum&',
-            'Hello Moodle&', 'Welcome to Moodle&');
+            'Attachment example.txt:', '~{\$a', '~&', 'Love Moodle&', '101&', 'Moodle Forum&',
+            'Hello Moodle&', 'Welcome to Moodle&');
         $textcases['Text mail with ampersands everywhere'] = array('data' => $newcase);
 
         // Now the html cases.
@@ -927,25 +925,23 @@ public function forum_post_email_templates_provider() {
         $htmlbase['expectations'][0]['contents'] = array(
             '~{\$a',
             '~&(amp|lt|gt|quot|\#039);(?!course)',
-            '<div class=3D"attachments">( *\n *)?<a href',
-            '<div class=3D"subject">\n.*Hello Moodle', '>Moodle Forum', '>Welcome.*Moodle', '>Love Moodle', '>1\d1');
+            '<div class="attachments">( *\n *)?<a href',
+            '<div class="subject">\n.*Hello Moodle', '>Moodle Forum', '>Welcome.*Moodle', '>Love Moodle', '>1\d1');
         $htmlcases['HTML mail without ampersands, quotes or lt/gt'] = array('data' => $htmlbase);
 
         // Single and double quotes, lt and gt, ampersands everywhere.
         $newcase = $htmlbase;
-        $newcase['user']['lastname'] = 'Moodle\'>&';
-        // $newcase['user']['lastname'] = 'Moodle\'">&'; // TODO: This breaks badly. See MDL-52136.
-        $newcase['course']['shortname'] = '101\'>&';
-        // $newcase['course']['shortname'] = '101\'">&'; // TODO: This breaks badly. See MDL-52136.
+        $newcase['user']['lastname'] = 'Moodle\'">&';
+        $newcase['course']['shortname'] = '101\'">&';
         $newcase['forums'][0]['name'] = 'Moodle Forum\'">&';
         $newcase['forums'][0]['forumposts'][0]['name'] = 'Hello Moodle\'">&';
         $newcase['forums'][0]['forumposts'][0]['message'] = 'Welcome to Moodle\'">&';
         $newcase['expectations'][0]['contents'] = array(
             '~{\$a',
             '~&amp;(amp|lt|gt|quot|\#039);',
-            '<div class=3D"attachments">( *\n *)?<a href',
-            '<div class=3D"subject">\n.*Hello Moodle\'"&gt;&amp;', '>Moodle Forum\'"&gt;&amp;',
-            '>Welcome.*Moodle\'"&gt;&amp;', '>Love Moodle&\#039;&gt;&amp;', '>1\d1\'&gt;&amp');
+            '<div class="attachments">( *\n *)?<a href',
+            '<div class="subject">\n.*Hello Moodle\'"&gt;&amp;', '>Moodle Forum\'"&gt;&amp;',
+            '>Welcome.*Moodle\'"&gt;&amp;', '>Love Moodle&\#039;&quot;&gt;&amp;', '>101\'"&gt;&amp');
         $htmlcases['HTML mail with quotes, gt, lt and ampersand  everywhere'] = array('data' => $newcase);
 
         return $textcases + $htmlcases;
@@ -1062,13 +1058,15 @@ public function test_forum_post_email_templates($data) {
 
             // If we have found the expectation and have contents to match, let's do it.
             if (isset($foundexpectation) and isset($foundexpectation['contents'])) {
+                $mail->body = quoted_printable_decode($mail->body);
                 if (!is_array($foundexpectation['contents'])) { // Accept both string and array.
                     $foundexpectation['contents'] = array($foundexpectation['contents']);
                 }
                 foreach ($foundexpectation['contents'] as $content) {
                     if (strpos($content, '~') !== 0) {
                         $this->assertRegexp('#' . $content . '#m', $mail->body);
                     } else {
+                        preg_match('#' . substr($content, 1) . '#m', $mail->body, $matches);
                         $this->assertNotRegexp('#' . substr($content, 1) . '#m', $mail->body);
                     }
                 }