From 67158d8b08309859572c795982ecc7c52484ab0e Mon Sep 17 00:00:00 2001
From: Dusan Vuckovic <dusan.vuckovic@otrs.com>
Date: Mon, 25 Mar 2019 15:24:23 +0100
Subject: [PATCH] Fixed variable output in templates.

---
 .../Standard/Statistics/PreviewWidget.tt      |  8 +--
 .../Standard/Statistics/RestrictionsWidget.tt |  4 +-
 .../Standard/Statistics/XAxisWidget.tt        |  2 +-
 .../Standard/Statistics/YAxisWidget.tt        |  4 +-
 .../test/Selenium/Agent/AgentStatistics/Add.t | 67 +++++++++++++++++--
 5 files changed, 69 insertions(+), 16 deletions(-)

--- a/Kernel/Output/HTML/Templates/Standard/Statistics/PreviewWidget.tt
+++ b/Kernel/Output/HTML/Templates/Standard/Statistics/PreviewWidget.tt
@@ -132,7 +132,7 @@
         <div class="PreviewSettings">
             [% Translate('Preview format:') | html %]
             [% FOREACH Format IN PreviewFormats.sort %]
-            <button class="CallForAction SwitchPreviewFormat" data-format="[% Format %]"><span>[% FormatConfig.item(Format) %]</span></button>
+            <button class="CallForAction SwitchPreviewFormat" data-format="[% Format %]"><span>[% Translate(FormatConfig.item(Format)) | html %]</span></button>
             [% END %]
             <span class="Warning">
                 [% Translate('Please note that the preview uses random data and does not consider data filters.') | html %]
@@ -147,12 +147,12 @@
             $(this).addClass('Active');
             $('.PreviewContent:visible').hide();
             $('svg.PreviewContent').empty();
-            $('#PreviewContent' + FormatCleaned).show();
+            $('#PreviewContent' + Core.App.EscapeSelector(FormatCleaned)).show();
             if (Format.match(/D3/)) {
                 Core.UI.AdvancedChart.Init(
                     Format,
                     [% JSON(Data.PreviewResult) %],
-                    'svg#PreviewContent' + FormatCleaned,
+                    'svg#PreviewContent' + Core.App.EscapeSelector(FormatCleaned),
                     {
                         HideLegend: true
                     }
@@ -191,7 +191,7 @@
             </table>
         </div>
             [% ELSE %]
-        <svg class="PreviewContent PreviewCanvas" id="PreviewContent[% Format.replace('::', '') %]" style="display: none;"></svg>
+        <svg class="PreviewContent PreviewCanvas" id="PreviewContent[% Format.replace('::', '') | html %]" style="display: none;"></svg>
             [% END %]
         [% END %]
     [% END %]
--- a/Kernel/Output/HTML/Templates/Standard/Statistics/RestrictionsWidget.tt
+++ b/Kernel/Output/HTML/Templates/Standard/Statistics/RestrictionsWidget.tt
@@ -10,7 +10,7 @@
 
 [% RenderBlockStart("Attribute") %]
     <fieldset class="TableLike Element Element[% Data.Element | html %] ElementBlock[% Data.Block | html %]" data-element="[% Data.Element | html %]">
-        <input type="hidden" name="Select[% Data.Element %]" value="1" />
+        <input type="hidden" name="Select[% Data.Element | html %]" value="1" />
         <legend>
         <span>[% Translate(Data.Name) | html %]</span>
         <a class="RemoveButton" href="#"><i class="fa fa-minus-square-o"></i><span class="InvisibleText">[% Translate("Delete") | html %]</span></a>
@@ -61,7 +61,7 @@
 [% RenderBlockEnd("Time") %]
         <label></label>
         <div class="Field">
-            <input type="checkbox" name="Fixed[% Data.Element %]" value="1" [% Data.Fixed %]/>
+            <input type="checkbox" name="Fixed[% Data.Element | html %]" value="1" [% Data.Fixed %]/>
             [% Translate("Do not allow changes to this element when the statistic is generated.") | html %]
         </label>
         <div class="Clear"></div>
--- a/Kernel/Output/HTML/Templates/Standard/Statistics/XAxisWidget.tt
+++ b/Kernel/Output/HTML/Templates/Standard/Statistics/XAxisWidget.tt
@@ -53,7 +53,7 @@
 [% RenderBlockEnd("Time") %]
         <label></label>
         <div class="Field">
-            <input type="checkbox" name="Fixed[% Data.Element %]" value="1" [% Data.Fixed %]/>
+            <input type="checkbox" name="Fixed[% Data.Element | html %]" value="1" [% Data.Fixed %]/>
             [% Translate("Do not allow changes to this element when the statistic is generated.") | html %]
         </div>
         <div class="Clear"></div>
--- a/Kernel/Output/HTML/Templates/Standard/Statistics/YAxisWidget.tt
+++ b/Kernel/Output/HTML/Templates/Standard/Statistics/YAxisWidget.tt
@@ -10,7 +10,7 @@
 
 [% RenderBlockStart("Attribute") %]
     <fieldset class="TableLike Element Element[% Data.Element | html %] ElementBlock[% Data.Block | html %]" data-element="[% Data.Element | html %]">
-        <input type="hidden" name="Select[% Data.Element %]" value="1" />
+        <input type="hidden" name="Select[% Data.Element | html %]" value="1" />
         <legend>
         <span>[% Translate(Data.Name) | html %]</span>
         <a class="RemoveButton" href="#"><i class="fa fa-minus-square-o"></i><span class="InvisibleText">[% Translate("Delete") | html %]</span></a>
@@ -35,7 +35,7 @@
 [% RenderBlockEnd("Time") %]
         <label></label>
         <div class="Field">
-            <input type="checkbox" name="Fixed[% Data.Element %]" value="1" [% Data.Fixed %]/>
+            <input type="checkbox" name="Fixed[% Data.Element | html %]" value="1" [% Data.Fixed %]/>
             [% Translate("Do not allow changes to this element when the statistic is generated.") | html %]
         </div>
         <div class="Clear"></div>
--- a/scripts/test/Selenium/Agent/AgentStatistics/Add.t
+++ b/scripts/test/Selenium/Agent/AgentStatistics/Add.t
@@ -172,13 +172,14 @@ $Selenium->RunTest(
                 Restrictionvalue => 'SolutionAverageAllOver',
             },
             {
-                Title            => 'Statistic - TicketList' . $Helper->GetRandomID(),
-                Object           => 'Kernel::System::Stats::Dynamic::TicketList',
-                Type             => 'DynamicList',
-                YAxis            => 'YAxisOrderBy',
-                OrderBy          => 'TicketNumber',
-                RestrictionID    => 'RestrictionsServiceIDs',
-                Restrictionvalue => $ServiceIDs[0],
+                Title              => 'Statistic - TicketList' . $Helper->GetRandomID(),
+                Object             => 'Kernel::System::Stats::Dynamic::TicketList',
+                Type               => 'DynamicList',
+                YAxis              => 'YAxisOrderBy',
+                OrderBy            => 'TicketNumber',
+                RestrictionID      => 'RestrictionsServiceIDs',
+                Restrictionvalue   => $ServiceIDs[0],
+                CheckInvalidFormat => 1,
             },
         );
 
@@ -351,6 +352,58 @@ JAVASCRIPT
                 "Test statistic is created - $StatsData->{Title} "
             );
 
+            # Check handling of invalid formats in the edit screen.
+            if ( $StatsData->{CheckInvalidFormat} ) {
+                my $Stat = $StatsObject->StatsGet(
+                    StatID => $StatsIDLast,
+                );
+
+                # Prepare stat data for an update.
+                my %Data = (
+                    Title                 => $Stat->{Title},
+                    Description           => $Stat->{Description},
+                    Valid                 => $Stat->{Valid},
+                    TimeZone              => $Stat->{TimeZone},
+                    SumRow                => $Stat->{SumRow},
+                    SumCol                => $Stat->{SumCol},
+                    Cache                 => $Stat->{Cache},
+                    ShowAsDashboardWidget => $Stat->{ShowAsDashboardWidget},
+                    Permission            => $Stat->{Permission},
+                    Format                => [
+
+                        # Invalid format.
+                        'D3::BarChart "><br />',
+                    ],
+                );
+
+                my $Success = $StatsObject->StatsUpdate(
+                    StatID => $StatsIDLast,
+                    Hash   => \%Data,
+                    UserID => 1,
+                );
+                $Self->True(
+                    $Success // 0,
+                    'StatsUpdate() - add invalid format'
+                );
+
+                # Go to the stat edit screen.
+                $Selenium->VerifiedGet(
+                    "${ScriptAlias}index.pl?Action=AgentStatistics;Subaction=Edit;StatID=$StatsIDLast"
+                );
+
+                # Check if the button contains expected format attribute value.
+                $Self->Is(
+                    $Selenium->execute_script('return $("button.SwitchPreviewFormat").data("format")') // '',
+                    'D3::BarChart "><br />',
+                    'Preview button format attribute'
+                );
+
+                # Go back to the stats overview screen.
+                $Selenium->VerifiedGet(
+                    "${ScriptAlias}index.pl?Action=AgentStatistics;Subaction=Overview;Direction=DESC;OrderBy=ID;StartHit=1"
+                );
+            }
+
             $Selenium->execute_script($CheckConfirmJS);
 
             # delete created test statistics