Updates for 20.10.1 release

app/code/core/Mage/Adminhtml/Block/Sales/Order/Comments/View.php

@@ -77,9 +77,9 @@ public function canSendCommentEmail()
     /**
      * Replace links in string
      *
-     * @param array|string $data
-     * @param null|array $allowedTags
-     * @return string
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
      */
     public function escapeHtml($data, $allowedTags = null)
     {

app/code/core/Mage/Adminhtml/Block/Sales/Order/View/History.php

@@ -80,9 +80,9 @@ public function isCustomerNotificationNotApplicable(Mage_Sales_Model_Order_Statu
     /**
      * Replace links in string
      *
-     * @param array|string $data
-     * @param null|array $allowedTags
-     * @return string
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
      */
     public function escapeHtml($data, $allowedTags = null)
     {

app/code/core/Mage/Adminhtml/Helper/Sales.php

@@ -109,9 +109,9 @@ public function applySalableProductTypesFilter($collection)
     /**
      * Escape string preserving links
      *
-     * @param array|string $data
-     * @param null|array $allowedTags
-     * @return string
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
      */
     public function escapeHtmlWithLinks($data, $allowedTags = null)
     {

app/code/core/Mage/Core/Block/Abstract.php

@@ -1185,9 +1185,9 @@ public function htmlEscape($data, $allowedTags = null)
     /**
      * Escape html entities
      *
-     * @param   string|array $data
-     * @param   array $allowedTags
-     * @return  string
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
      */
     public function escapeHtml($data, $allowedTags = null)
     {

app/code/core/Mage/Core/Helper/Abstract.php

@@ -178,9 +178,10 @@ public function __()
     }
 
     /**
-     * @param array $data
-     * @param array $allowedTags
-     * @return mixed
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
+     *
      * @see self::escapeHtml()
      * @deprecated after 1.4.0.0-rc1
      */
@@ -192,9 +193,9 @@ public function htmlEscape($data, $allowedTags = null)
     /**
      * Escape html entities
      *
-     * @param   string|array $data
-     * @param   array $allowedTags
-     * @return  mixed
+     * @param string|string[] $data
+     * @param array|null $allowedTags
+     * @return null|string|string[]
      */
     public function escapeHtml($data, $allowedTags = null)
     {
@@ -244,7 +245,7 @@ function ($matches) {
      * Wrapper for standard strip_tags() function with extra functionality for html entities
      *
      * @param string $data
-     * @param string $allowableTags
+     * @param null|string|string[] $allowableTags
      * @param bool $escape
      * @return string
      */
@@ -320,9 +321,9 @@ public function escapeScriptIdentifiers($data)
     /**
      * Escape quotes in java script
      *
-     * @param mixed $data
+     * @param string|string[] $data
      * @param string $quote
-     * @return mixed
+     * @return string|string[]
      */
     public function jsQuoteEscape($data, $quote = '\'')
     {

app/code/core/Mage/Core/Model/Security/HtmlEscapedString.php

@@ -3,12 +3,35 @@
 declare(strict_types=1);
 
 /**
+ * OpenMage
  *
+ * This source file is subject to the Open Software License (OSL 3.0)
+ * that is bundled with this package in the file LICENSE.txt.
+ * It is also available at https://opensource.org/license/osl-3-0-php
+ *
+ * @category   Mage
+ * @package    Mage_Core
+ * @copyright  Copyright (c) 2024 The OpenMage Contributors (https://www.openmage.org)
+ * @license    https://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
+ */
+
+/**
+ * Wrapper to escape value und keep the original value
+ *
+ * @category   Mage
+ * @package    Mage_Core
  */
 class Mage_Core_Model_Security_HtmlEscapedString implements Stringable
 {
-    protected $originalValue;
-    protected $allowedTags;
+    /**
+     * @var string
+     */
+    protected string $originalValue;
+
+    /**
+     * @var string[]|null
+     */
+    protected ?array $allowedTags;
 
     /**
      * @param string $originalValue
@@ -20,6 +43,9 @@ public function __construct(string $originalValue, ?array $allowedTags = null)
         $this->allowedTags = $allowedTags;
     }
 
+    /**
+     * @return string
+     */
     public function __toString(): string
     {
         return (string) Mage::helper('core')->escapeHtml(
@@ -28,6 +54,9 @@ public function __toString(): string
         );
     }
 
+    /**
+     * @return string
+     */
     public function getUnescapedValue(): string
     {
         return $this->originalValue;

app/code/core/Mage/Page/Block/Html/Header.php

@@ -57,9 +57,7 @@ public function setLogo($logo_src, $logo_alt)
     public function getLogoSrc()
     {
         if (empty($this->_data['logo_src'])) {
-            $this->_data['logo_src'] =  new Mage_Core_Model_Security_HtmlEscapedString(
-                (string) Mage::getStoreConfig('design/header/logo_src')
-            );
+            $this->_data['logo_src'] = $this->escapeHtml((string) Mage::getStoreConfig('design/header/logo_src'));
         }
         return $this->getSkinUrl($this->_data['logo_src']);
     }
@@ -70,9 +68,7 @@ public function getLogoSrc()
     public function getLogoSrcSmall()
     {
         if (empty($this->_data['logo_src_small'])) {
-            $this->_data['logo_src_small'] =  new Mage_Core_Model_Security_HtmlEscapedString(
-                (string) Mage::getStoreConfig('design/header/logo_src_small')
-            );
+            $this->_data['logo_src_small'] = $this->escapeHtml((string) Mage::getStoreConfig('design/header/logo_src_small'));
         }
         return $this->getSkinUrl($this->_data['logo_src_small']);
     }
@@ -83,9 +79,7 @@ public function getLogoSrcSmall()
     public function getLogoAlt()
     {
         if (empty($this->_data['logo_alt'])) {
-            $this->_data['logo_alt'] = new Mage_Core_Model_Security_HtmlEscapedString(
-                (string) Mage::getStoreConfig('design/header/logo_alt')
-            );
+            $this->_data['logo_alt'] = $this->escapeHtml((string) Mage::getStoreConfig('design/header/logo_alt'));
         }
         return $this->_data['logo_alt'];
     }
@@ -103,9 +97,7 @@ public function getWelcome()
             if (Mage::isInstalled() && Mage::getSingleton('customer/session')->isLoggedIn()) {
                 $this->_data['welcome'] = $this->__('Welcome, %s!', $this->escapeHtml(Mage::getSingleton('customer/session')->getCustomer()->getName()));
             } else {
-                $this->_data['welcome'] = new Mage_Core_Model_Security_HtmlEscapedString(
-                    (string) Mage::getStoreConfig('design/header/welcome')
-                );
+                $this->_data['welcome'] = $this->escapeHtml((string) Mage::getStoreConfig('design/header/welcome'));
             }
         }
 

app/code/core/Mage/Page/Block/Html/Welcome.php

@@ -44,9 +44,7 @@ protected function _toHtml()
             if (Mage::isInstalled() && $this->_getSession()->isLoggedIn()) {
                 $this->_data['welcome'] = $this->__('Welcome, %s!', $this->escapeHtml($this->_getSession()->getCustomer()->getName()));
             } else {
-                $this->_data['welcome'] = new Mage_Core_Model_Security_HtmlEscapedString(
-                    (string) Mage::getStoreConfig('design/header/welcome')
-                );
+                $this->_data['welcome'] = $this->escapeHtml((string) Mage::getStoreConfig('design/header/welcome'));
             }
         }