Merge pull request #9823 from magento-cia/cia-2.4.9-alpha1-develop-bugfix-05262025

Cia Bugfix 2.4.9-alpha1-develop 05262025

Author: glo71317

app/code/Magento/Catalog/Helper/Category.php

@@ -10,8 +10,10 @@
 use Magento\Catalog\Model\CategoryFactory;
 use Magento\Framework\App\Helper\AbstractHelper;
 use Magento\Framework\App\Helper\Context;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Data\CollectionFactory;
 use Magento\Framework\Data\Tree\Node\Collection;
+use Magento\Framework\Escaper;
 use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\ObjectManager\ResetAfterRequestInterface;
 use Magento\Store\Model\ScopeInterface;
@@ -63,24 +65,33 @@ class Category extends AbstractHelper implements ResetAfterRequestInterface
      */
     protected $categoryRepository;
 
+    /**
+     * @var Escaper|null
+     */
+    private ?Escaper $escaper;
+
     /**
      * @param Context $context
      * @param CategoryFactory $categoryFactory
      * @param StoreManagerInterface $storeManager
      * @param CollectionFactory $dataCollectionFactory
      * @param CategoryRepositoryInterface $categoryRepository
+     * @param Escaper|null $escaper
      */
     public function __construct(
         Context $context,
         CategoryFactory $categoryFactory,
         StoreManagerInterface $storeManager,
         CollectionFactory $dataCollectionFactory,
-        CategoryRepositoryInterface $categoryRepository
+        CategoryRepositoryInterface $categoryRepository,
+        ?Escaper $escaper = null
     ) {
         $this->_categoryFactory = $categoryFactory;
         $this->_storeManager = $storeManager;
         $this->_dataCollectionFactory = $dataCollectionFactory;
         $this->categoryRepository = $categoryRepository;
+        $this->escaper = $escaper ?: ObjectManager::getInstance()->get(Escaper::class);
+
         parent::__construct($context);
     }
 
@@ -204,6 +215,7 @@ public function getCanonicalUrl(string $categoryUrl): string
         if ($params && isset($params['p'])) {
             $categoryUrl = $categoryUrl . '?p=' . $params['p'];
         }
-        return $categoryUrl;
+
+        return $this->escaper->escapeUrl($categoryUrl);
     }
 }

app/code/Magento/Catalog/Test/Unit/Helper/CategoryTest.php

@@ -14,6 +14,7 @@
 use Magento\Framework\App\Helper\Context;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\Data\CollectionFactory;
+use Magento\Framework\Escaper;
 use Magento\Store\Model\StoreManagerInterface;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
@@ -63,6 +64,11 @@ class CategoryTest extends TestCase
      */
     private $requestMock;
 
+    /**
+     * @var Escaper|MockObject
+     */
+    private $escaper;
+
     protected function setUp(): void
     {
         $this->mockContext();
@@ -78,12 +84,16 @@ protected function setUp(): void
         $this->categoryRepository = $this->getMockBuilder(CategoryRepositoryInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
+        $this->escaper = $this->getMockBuilder(Escaper::class)
+            ->disableOriginalConstructor()
+            ->getMock();
         $this->categoryHelper = new Category(
             $this->context,
             $this->categoryFactory,
             $this->storeManager,
             $this->collectionFactory,
-            $this->categoryRepository
+            $this->categoryRepository,
+            $this->escaper
         );
     }
 
@@ -101,6 +111,9 @@ public function testGetCanonicalUrl(mixed $params, string $categoryUrl, string $
         $this->requestMock->expects($this->any())
             ->method('getParams')
             ->willReturn($params);
+        $this->escaper->expects($this->any())
+            ->method('escapeUrl')
+            ->willReturn($expectedCategoryUrl);
         $actualCategoryUrl = $this->categoryHelper->getCanonicalUrl($categoryUrl);
         $this->assertEquals($actualCategoryUrl, $expectedCategoryUrl);
     }