From d731bd4ccb31db1dd9419271eacebf4603951872 Mon Sep 17 00:00:00 2001 From: Pieter Hoste Date: Mon, 4 Aug 2025 13:41:58 +0200 Subject: [PATCH 1/3] Fix accepted types for escaper methods, more then only strict string types are allowed. --- .../Magento/Sales/Block/Adminhtml/Order/Comments/View.php | 2 +- .../Magento/Sales/Block/Adminhtml/Order/View/History.php | 2 +- app/code/Magento/Sales/Helper/Admin.php | 2 +- lib/internal/Magento/Framework/Escaper.php | 6 +++--- .../Magento/Framework/View/Element/AbstractBlock.php | 6 +++--- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php b/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php index 68ba7c51bba6b..b9965c874ead7 100644 --- a/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php +++ b/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php @@ -109,7 +109,7 @@ public function canSendCommentEmail() /** * Replace links in string * - * @param array|string $data + * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags * @return string */ diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php index 48278a8babc40..a4a1b5ad6d2a0 100644 --- a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php +++ b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php @@ -132,7 +132,7 @@ public function isCustomerNotificationNotApplicable(\Magento\Sales\Model\Order\S /** * Replace links in string * - * @param array|string $data + * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags * @return string */ diff --git a/app/code/Magento/Sales/Helper/Admin.php b/app/code/Magento/Sales/Helper/Admin.php index b21e6757cbefb..0c6f224c9ce1f 100644 --- a/app/code/Magento/Sales/Helper/Admin.php +++ b/app/code/Magento/Sales/Helper/Admin.php @@ -154,7 +154,7 @@ public function applySalableProductTypesFilter($collection) /** * Escape string preserving links * - * @param string $data + * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags * @return string */ diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index 9c249923197fb..f7f621aa5d4ac 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -70,7 +70,7 @@ class Escaper * AllowedTags will not be escaped, except the following: script, img, embed, * iframe, video, source, object, audio * - * @param string|array $data + * @param string|int|float|\Stringable|array $data * @param array|null $allowedTags * @return string|array */ @@ -267,7 +267,7 @@ private function escapeAttributeValue($name, $value) /** * Escape a string for the HTML attribute context * - * @param string $string + * @param string|int|float|\Stringable $string * @param boolean $escapeSingleQuote * @return string * @since 101.0.0 @@ -313,7 +313,7 @@ public function encodeUrlParam($string) /** * Escape string for the JavaScript context * - * @param string $string + * @param string|int|float|\Stringable $string * @return string * @since 101.0.0 */ diff --git a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php index 3b02619286b59..82a7eb0e19b4e 100644 --- a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php +++ b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php @@ -892,7 +892,7 @@ public static function extractModuleName($className) /** * Escape HTML entities * - * @param string|array $data + * @param string|int|float|\Stringable|array $data * @param array|null $allowedTags * @return string * @deprecated 103.0.0 Use $escaper directly in templates and in blocks. @@ -906,7 +906,7 @@ public function escapeHtml($data, $allowedTags = null) /** * Escape string for the JavaScript context * - * @param string $string + * @param string|int|float|\Stringable $string * @return string * @since 101.0.0 * @deprecated 103.0.0 Use $escaper directly in templates and in blocks. @@ -920,7 +920,7 @@ public function escapeJs($string) /** * Escape a string for the HTML attribute context * - * @param string $string + * @param string|int|float|\Stringable $string * @param boolean $escapeSingleQuote * @return string * @since 101.0.0 From f7c7a81532e2d62d64f6072adbecddc240b4919a Mon Sep 17 00:00:00 2001 From: Pieter Hoste Date: Mon, 4 Aug 2025 13:54:44 +0200 Subject: [PATCH 2/3] Changed return type of escapeHtml method to a conditional, so phpstan knows it'll be a string or an array depending on the type of the input. --- app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php | 2 +- app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php | 2 +- app/code/Magento/Sales/Helper/Admin.php | 2 +- lib/internal/Magento/Framework/Escaper.php | 2 +- lib/internal/Magento/Framework/View/Element/AbstractBlock.php | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php b/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php index b9965c874ead7..ea3de37ed5b98 100644 --- a/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php +++ b/app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php @@ -111,7 +111,7 @@ public function canSendCommentEmail() * * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags - * @return string + * @return ($data is array ? string[] : string) */ public function escapeHtml($data, $allowedTags = null) { diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php index a4a1b5ad6d2a0..a0667bda02519 100644 --- a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php +++ b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php @@ -134,7 +134,7 @@ public function isCustomerNotificationNotApplicable(\Magento\Sales\Model\Order\S * * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags - * @return string + * @return ($data is array ? string[] : string) */ public function escapeHtml($data, $allowedTags = null) { diff --git a/app/code/Magento/Sales/Helper/Admin.php b/app/code/Magento/Sales/Helper/Admin.php index 0c6f224c9ce1f..5b66e4cbfe71f 100644 --- a/app/code/Magento/Sales/Helper/Admin.php +++ b/app/code/Magento/Sales/Helper/Admin.php @@ -156,7 +156,7 @@ public function applySalableProductTypesFilter($collection) * * @param string|int|float|\Stringable|array $data * @param null|array $allowedTags - * @return string + * @return ($data is array ? string[] : string) */ public function escapeHtmlWithLinks($data, $allowedTags = null) { diff --git a/lib/internal/Magento/Framework/Escaper.php b/lib/internal/Magento/Framework/Escaper.php index f7f621aa5d4ac..ba3cb1b992cb2 100644 --- a/lib/internal/Magento/Framework/Escaper.php +++ b/lib/internal/Magento/Framework/Escaper.php @@ -72,7 +72,7 @@ class Escaper * * @param string|int|float|\Stringable|array $data * @param array|null $allowedTags - * @return string|array + * @return ($data is array ? string[] : string) */ public function escapeHtml($data, $allowedTags = null) { diff --git a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php index 82a7eb0e19b4e..16f1f65815da5 100644 --- a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php +++ b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php @@ -894,7 +894,7 @@ public static function extractModuleName($className) * * @param string|int|float|\Stringable|array $data * @param array|null $allowedTags - * @return string + * @return ($data is array ? string[] : string) * @deprecated 103.0.0 Use $escaper directly in templates and in blocks. * @see Escaper Usage */ From 47aa3b3a076c765cab24b61f4249f119e5961ca8 Mon Sep 17 00:00:00 2001 From: Pieter Hoste Date: Mon, 4 Aug 2025 14:08:14 +0200 Subject: [PATCH 3/3] Fixes static tests. --- app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php | 4 ++-- app/code/Magento/Sales/Helper/Admin.php | 4 ++-- lib/internal/Magento/Framework/Escaper.php | 4 ++-- lib/internal/Magento/Framework/View/Element/AbstractBlock.php | 4 ++-- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php index a0667bda02519..06d9a68b365c0 100644 --- a/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php +++ b/app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php @@ -1,7 +1,7 @@