From 6aeb5a1b2fc1deff49a2c7b73425b82068d69f82 Mon Sep 17 00:00:00 2001
From: "Marco A. Nina Mena" <marco.antonio.nina@processmaker.com>
Date: Wed, 21 Feb 2024 13:00:27 -0400
Subject: [PATCH 1/5] Review component FormHtmlViewer for variable mustache

---
 ProcessMaker/SanitizeHelper.php | 34 +++++++++++++++++++--------------
 1 file changed, 20 insertions(+), 14 deletions(-)

diff --git a/ProcessMaker/SanitizeHelper.php b/ProcessMaker/SanitizeHelper.php
index 78127b2a9a..3aa072cb80 100644
--- a/ProcessMaker/SanitizeHelper.php
+++ b/ProcessMaker/SanitizeHelper.php
@@ -197,34 +197,40 @@ private static function getRichTextElements($items, $parent = null)
                 // Inside loop ..
                 if ($item['component'] == 'FormLoop') {
                     $elements = array_merge($elements, self::getRichTextElements($item['items'], ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name'])));
-                } elseif (isset($item['component']) && $item['component'] === 'FormTextArea' && isset($item['config']['richtext']) && $item['config']['richtext'] === true) {
-                    $elements[] = ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']);
-                    // Inside a table ..
                 } elseif ($item['component'] == 'FormMultiColumn') {
                     foreach ($item['items'] as $cell) {
-                        if (
-                            isset($cell['component']) &&
-                            $cell['component'] === 'FormTextArea' &&
-                            isset($cell['config']['richtext']) &&
-                            $cell['config']['richtext'] === true
-                        ) {
-                            $elements[] = $cell['config']['name'];
-                        }
+                        self::getVariableExceptions($cell, null, $elements);
                         if (is_array($cell)) {
                             $elements = array_merge($elements, self::getRichTextElements($cell));
                         }
                     }
+                } else {
+                    self::getVariableExceptions($item, $parent, $elements);
                 }
             } else {
-                if (isset($item['component']) && $item['component'] === 'FormTextArea' && isset($item['config']['richtext']) && $item['config']['richtext'] === true) {
-                    $elements[] = ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']);
-                }
+                self::getVariableExceptions($item, $parent, $elements);
             }
         }
 
         return $elements;
     }
 
+    private static function getVariableExceptions($item, $parent, &$elements)
+    {
+        if (isset($item['component'])) {
+            if ($item['component'] === 'FormTextArea' && isset($item['config']['richtext']) && $item['config']['richtext'] === true) {
+                $elements[] = ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']);
+            } elseif ($item['component'] === 'FormHtmlViewer' && isset($item['config']['renderVarHtml']) && $item['config']['renderVarHtml'] === true) {
+                preg_match_all("/{{([^{}]*)}}/", $item['config']['content'], $matches);
+                if ($matches && $matches[1]) {
+                    foreach ($matches[1] as $variable) {
+                        $elements[] = ($parent ? $parent . '.' . $variable : $variable);
+                    }
+                }
+            }
+        }
+    }
+
     public static function sanitizeEmail($email)
     {
         $validator = Validator::make(['email' => $email], [

From c55dae1247e1c20dd4be63eb71e42a58f29e6c71 Mon Sep 17 00:00:00 2001
From: "Marco A. Nina Mena" <marco.antonio.nina@processmaker.com>
Date: Wed, 21 Feb 2024 17:29:03 -0400
Subject: [PATCH 2/5] fix sonarQube

---
 ProcessMaker/SanitizeHelper.php | 47 ++++++++++++++++++++-------------
 1 file changed, 28 insertions(+), 19 deletions(-)

diff --git a/ProcessMaker/SanitizeHelper.php b/ProcessMaker/SanitizeHelper.php
index 3aa072cb80..5169fad761 100644
--- a/ProcessMaker/SanitizeHelper.php
+++ b/ProcessMaker/SanitizeHelper.php
@@ -188,22 +188,15 @@ private static function getExceptions($screen)
         return $except;
     }
 
-    private static function getRichTextElements($items, $parent = null)
+    private static function getRichTextElements($items, $parent = null, &$elements = [])
     {
-        $elements = [];
-
         foreach ($items as $item) {
             if (isset($item['items']) && is_array($item['items'])) {
                 // Inside loop ..
                 if ($item['component'] == 'FormLoop') {
-                    $elements = array_merge($elements, self::getRichTextElements($item['items'], ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name'])));
+                    self::getRichTextElements($item['items'], $parent . '.' . $item['config']['name'], $elements);
                 } elseif ($item['component'] == 'FormMultiColumn') {
-                    foreach ($item['items'] as $cell) {
-                        self::getVariableExceptions($cell, null, $elements);
-                        if (is_array($cell)) {
-                            $elements = array_merge($elements, self::getRichTextElements($cell));
-                        }
-                    }
+                    self::getVariableMultiColumn($item, $parent, $elements);
                 } else {
                     self::getVariableExceptions($item, $parent, $elements);
                 }
@@ -215,22 +208,38 @@ private static function getRichTextElements($items, $parent = null)
         return $elements;
     }
 
+    private static function getVariableMultiColumn($item, $parent, &$elements)
+    {
+        foreach ($item['items'] as $cell) {
+            self::getVariableExceptions($cell, $parent, $elements);
+            if (is_array($cell)) {
+                self::getRichTextElements($cell, $parent, $elements);
+            }
+        }
+    }
+
     private static function getVariableExceptions($item, $parent, &$elements)
     {
-        if (isset($item['component'])) {
-            if ($item['component'] === 'FormTextArea' && isset($item['config']['richtext']) && $item['config']['richtext'] === true) {
-                $elements[] = ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']);
-            } elseif ($item['component'] === 'FormHtmlViewer' && isset($item['config']['renderVarHtml']) && $item['config']['renderVarHtml'] === true) {
-                preg_match_all("/{{([^{}]*)}}/", $item['config']['content'], $matches);
-                if ($matches && $matches[1]) {
-                    foreach ($matches[1] as $variable) {
-                        $elements[] = ($parent ? $parent . '.' . $variable : $variable);
-                    }
+        if (!isset($item['component'])) {
+            return;
+        }
+        if (self::renderHtmlIsEnabled($item, 'FormTextArea', 'richtext')) {
+            $elements[] = ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']);
+        } elseif (self::renderHtmlIsEnabled($item, 'FormHtmlViewer', 'renderVarHtml')) {
+            preg_match_all("/{{([^{}]*)}}/", $item['config']['content'], $matches);
+            if ($matches && $matches[1]) {
+                foreach ($matches[1] as $variable) {
+                    $elements[] = ($parent ? $parent . '.' . $variable : $variable);
                 }
             }
         }
     }
 
+    private static function renderHtmlIsEnabled($item, $type, $field)
+    {
+        return $item['component'] === 'FormTextArea' && isset($item['config'][$type]) && $item['config'][$field] === true;
+    }
+
     public static function sanitizeEmail($email)
     {
         $validator = Validator::make(['email' => $email], [

From e1b432acedfc347b9b85ffdb6889989109697975 Mon Sep 17 00:00:00 2001
From: "Marco A. Nina Mena" <marco.antonio.nina@processmaker.com>
Date: Wed, 21 Feb 2024 17:49:04 -0400
Subject: [PATCH 3/5] Change condition

---
 ProcessMaker/SanitizeHelper.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ProcessMaker/SanitizeHelper.php b/ProcessMaker/SanitizeHelper.php
index 5169fad761..861e111ae1 100644
--- a/ProcessMaker/SanitizeHelper.php
+++ b/ProcessMaker/SanitizeHelper.php
@@ -237,7 +237,7 @@ private static function getVariableExceptions($item, $parent, &$elements)
 
     private static function renderHtmlIsEnabled($item, $type, $field)
     {
-        return $item['component'] === 'FormTextArea' && isset($item['config'][$type]) && $item['config'][$field] === true;
+        return isset($item['config']) && $item['component'] === $type && isset($item['config'][$field]) && $item['config'][$field] === true;
     }
 
     public static function sanitizeEmail($email)

From e1feae089d02b5b098604099f90161466d717816 Mon Sep 17 00:00:00 2001
From: "Marco A. Nina Mena" <marco.antonio.nina@processmaker.com>
Date: Wed, 21 Feb 2024 17:56:27 -0400
Subject: [PATCH 4/5] fix sonarqube

---
 ProcessMaker/SanitizeHelper.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ProcessMaker/SanitizeHelper.php b/ProcessMaker/SanitizeHelper.php
index 861e111ae1..46f6526800 100644
--- a/ProcessMaker/SanitizeHelper.php
+++ b/ProcessMaker/SanitizeHelper.php
@@ -237,7 +237,10 @@ private static function getVariableExceptions($item, $parent, &$elements)
 
     private static function renderHtmlIsEnabled($item, $type, $field)
     {
-        return isset($item['config']) && $item['component'] === $type && isset($item['config'][$field]) && $item['config'][$field] === true;
+        return isset($item['config'])
+            && $item['component'] === $type
+            && isset($item['config'][$field])
+            && $item['config'][$field] === true;
     }
 
     public static function sanitizeEmail($email)

From 1cf8d1a92ca4c548ae1e1fc4327492d7b6b69665 Mon Sep 17 00:00:00 2001
From: "Marco A. Nina Mena" <marco.antonio.nina@processmaker.com>
Date: Thu, 22 Feb 2024 07:51:20 -0400
Subject: [PATCH 5/5] Fix parent in loop

---
 ProcessMaker/SanitizeHelper.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/ProcessMaker/SanitizeHelper.php b/ProcessMaker/SanitizeHelper.php
index 46f6526800..6ea22df67f 100644
--- a/ProcessMaker/SanitizeHelper.php
+++ b/ProcessMaker/SanitizeHelper.php
@@ -194,7 +194,11 @@ private static function getRichTextElements($items, $parent = null, &$elements =
             if (isset($item['items']) && is_array($item['items'])) {
                 // Inside loop ..
                 if ($item['component'] == 'FormLoop') {
-                    self::getRichTextElements($item['items'], $parent . '.' . $item['config']['name'], $elements);
+                    self::getRichTextElements(
+                        $item['items'],
+                        ($parent ? $parent . '.' . $item['config']['name'] : $item['config']['name']),
+                        $elements
+                    );
                 } elseif ($item['component'] == 'FormMultiColumn') {
                     self::getVariableMultiColumn($item, $parent, $elements);
                 } else {