WYSIWYG editor fails to parse directives of files with special characters in URL (so random files)

[adammada]

Preconditions

1. 2.2.5

Steps to reproduce

1. Open WYSIWYG editor for a product select option to insert image and upload file which base64 encoded filename would use any of special allowed characters (like =), for example: regular_png_.png

2. Select uploaded image and insert it. In upload dialog in Image URL field you will see URL like:

http://magento2.local/admin/cms/wysiwyg/directive/___directive/e3ttZWRpYSB1cmw9Ind5c2l3eWcvcmVndWxhcl9wbmdfLnBuZyJ9fQ%2C%2C/key/3f5dc8b87aa830fa268477f1c1f8ac2e4ac2e435234c4b8d6affec1201033b3a/

Notice: "%2C%2C" part of URL.

3. Image will be correctly displayed in WYSIWYG editor.

4. Click "Show/Hide editor" to check result

Expected result

<img src="{{media url="wysiwyg/regular_png_.png"}}" />

Actual result

<img src="http://magento2.local/admin/cms/wysiwyg/directive/___directive/e3ttZWRpYSB1cmw9Ind5c2l3eWcvcmVndWxhcl9wbmdfLnBuZyJ9fQ%2C%2C/key/3f5dc8b87aa830fa268477f1c1f8ac2e4ac2e435234c4b8d6affec1201033b3a/" width="472" height="472" />

I was trying to track that bug down by myself. It all comes to the fact that directive url generated by "onInsert" action uses standard urlencoder, which uses standard PHP "rawurlencode" function.

That function turns base64 encoded (= is turned into "," after encoding)
"e3ttZWRpYSB1cmw9Ind5c2l3eWcvcmVndWxhcl9wbmdfLnBuZyJ9fQ,,"
into
"e3ttZWRpYSB1cmw9Ind5c2l3eWcvcmVndWxhcl9wbmdfLnBuZyJ9fQ%2C%2C"

WYSIWYG editor on the other hand expects decoded URL like: "e3ttZWRpYSB1cmw9Ind5c2l3eWcvcmVndWxhcl9wbmdfLnBuZyJ9fQ,,"

https://github.com/magento/magento2/blob/2.2/lib/web/mage/adminhtml/wysiwyg/tiny_mce/setup.js#L461

var url = this.makeDirectiveUrl('%directive%').replace(/([$^.?*!+:=()\[\]{}|\\])/g, '\\$1'),
reg = new RegExp(url.replace('%directive%', '([a-zA-Z0-9,_-]+)'));

So the rexexp part does not find URLS containing "%" at all.

[magento-engcom-team]

Hi @adammada. Thank you for your report.
To help us process this issue please make sure that you provided the following information:

• Summary of the issue
• Information on your environment
• Steps to reproduce
• Expected and actual results

Please make sure that the issue is reproducible on the vanilla Magento instance following Steps to reproduce. To deploy vanilla Magento instance on our environment, please, add a comment to the issue:

@magento-engcom-team give me $VERSION instance

where $VERSION is version tags (starting from 2.2.0+) or develop branches (for example: 2.3-develop).
For more details, please, review the Magento Contributor Assistant documentation.

@adammada do you confirm that you was able to reproduce the issue on vanilla Magento instance following steps to reproduce?

• yes
• no

[magento-engcom-team]

Hi @engcom-backlog-nazar. Thank you for working on this issue.
In order to make sure that issue has enough information and ready for development, please read and check the following instruction: 👇

• 1. Verify that issue has all the required information. (Preconditions, Steps to reproduce, Expected result, Actual result).

  Details

  If the issue has a valid description, the label G1 Passed will be added to the issue automatically. Please, edit issue description if needed, until label G1 Passed appears.

• 2. Verify that issue has a meaningful description and provides enough information to reproduce the issue. If the report is valid, add G2 Passed label to the issue by yourself.

• 3. Add Component: XXXXX label(s) to the ticket, indicating the components it may be related to.

• 4. Verify that the issue is reproducible on 2.3-develop branch

  Details

  - Add the comment @magento-engcom-team give me 2.3-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.3-develop branch, please, add the label Reproduced on 2.3.x.
  - If the issue is not reproducible, add your comment that issue is not reproducible and close the issue and stop verification process here!

• 5. Verify that the issue is reproducible on 2.2-develop branch.

  Details

  - Add the comment @magento-engcom-team give me 2.2-develop instance to deploy test instance on Magento infrastructure.
  - If the issue is reproducible on 2.2-develop branch, please add the label Reproduced on 2.2.x

• 6. Add label acknowledged once verification is complete.

• 7. Make sure that automatic system confirms that report is acknowledged.

[ghost]

Hi @adammada thank you for you report the fix for this issue has already available in 2.3-develop branch

[hostep]

@engcom-backlog-nazar : it's probably fixed in Magento 2.3 because the tinymce editor got upgraded from the super old v3 to the newer v4. This however does not fix the issue in Magento 2.2.x if it is actually there (unverified).

@adammada: feel free to create a PR with a proposition to fix this. I've seen multiple people reporting something similar, if you have a fix that would probably make a lot of people happy.

[ghost]

Hi @hostep I'm trying reproduce this on 2.2-dev branch, but have same result like in 2.3-branch.
I will try again, maybe i'm missed something

[adammada]

@hostep I've created pull request with my fix:

#18215

I see in history of that file that this bug was introduced recently by fixing other bug:

19a6485#diff-62ed4d20e8fceadb859c95aa08d73e4d

Previous solution decoded whole content so it was breaking some valid entries while decoding links. My solution decodes only single part of __directive link.

[magento-engcom-team]

Hi @adammada. Thank you for your report.
The issue has been fixed in #18215 by @adammada in 2.2-develop branch
Related commit(s):

• 4e62fe32bf6f27b583eeb8d5d2309c7abebd5535
• bf2efffff0da82f33796c82d643403545466911d

The fix will be available with the upcoming 2.2.8 release.

[manojpal29]

Hi @adammada
I have same issue on magento 2.3 with WYSIWYG editor with special characters in URL

[erikkubica]

@magento-engcom-team

I have the similar problem in 2.2.3, but it happens even if i don´t have any special character in file name.

#6088 (comment)

I have tried to add this to setup.js from the commit claiming to fix this and ensured in sources panel that the chnaged file is loaded.

   var uriReg = /___directive\/(.*)\/key\//g;
            content = content.replace(uriReg, function (match) {
                return decodeURIComponent(match);
            });