From 3807fa182d29a030fd34584d826ad04dde2b5295 Mon Sep 17 00:00:00 2001
From: Coleman Watts <coleman@civicrm.org>
Date: Thu, 12 Sep 2019 21:58:23 -0400
Subject: [PATCH] CRM_Utils_JS - Fix backslash handling

---
 CRM/Utils/JS.php                   | 6 ++++--
 tests/phpunit/CRM/Utils/JSTest.php | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/CRM/Utils/JS.php b/CRM/Utils/JS.php
index d7854bcb58..5110ac188f 100644
--- a/CRM/Utils/JS.php
+++ b/CRM/Utils/JS.php
@@ -147,7 +147,8 @@ class CRM_Utils_JS {
     $last = substr($js, -1);
     if ($last === $first && ($first === "'" || $first === '"')) {
       // Use a temp placeholder for escaped backslashes
-      return str_replace(['\\\\', "\\'", '\\"', '\\&', '\\/', '**backslash**'], ['**backslash**', "'", '"', '&', '/', '\\'], substr($js, 1, -1));
+      $backslash = chr(0) . 'backslash' . chr(0);
+      return str_replace(['\\\\', "\\'", '\\"', '\\&', '\\/', $backslash], [$backslash, "'", '"', '&', '/', '\\'], substr($js, 1, -1));
     }
     if (($first === '{' && $last === '}') || ($first === '[' && $last === ']')) {
       $obj = self::getRawProps($js);
@@ -182,7 +183,8 @@ class CRM_Utils_JS {
     $result = json_encode($value, JSON_UNESCAPED_SLASHES);
     // Convert double-quotes around string to single quotes
     if (is_string($value) && substr($result, 0, 1) === '"' && substr($result, -1) === '"') {
-      return "'" . str_replace(['\\\\', '\\"', "'", '**backslash**'], ['**backslash**', '"', "\\'", '\\'], substr($result, 1, -1)) . "'";
+      $backslash = chr(0) . 'backslash' . chr(0);
+      return "'" . str_replace(['\\\\', '\\"', "'", $backslash], [$backslash, '"', "\\'", '\\\\'], substr($result, 1, -1)) . "'";
     }
     return $result;
   }
diff --git a/tests/phpunit/CRM/Utils/JSTest.php b/tests/phpunit/CRM/Utils/JSTest.php
index 42ca9e20e9..b1f064c4e3 100644
--- a/tests/phpunit/CRM/Utils/JSTest.php
+++ b/tests/phpunit/CRM/Utils/JSTest.php
@@ -244,8 +244,8 @@ class CRM_Utils_JSTest extends CiviUnitTestCase {
         "{a: 'Apple', b: 'Banana', c: [0, -2, 3.15]}",
       ],
       [
-        ['a' => ['foo', 'bar'], 'b' => ["'a'" => ['foo/bar&', 'bar(foo)'], 'b' => ['a' => ["fo'oo", '"bar"'], 'b' => []]]],
-        "{a: ['foo', 'bar'], b: {\"'a'\": ['foo/bar&', 'bar(foo)'], b: {a: ['fo\\'oo', '\"bar\"'], b: {}}}}",
+        ['a' => ['foo', 'bar'], 'b' => ["'a'" => ['foo/bar&', 'bar(foo)'], 'b' => ['a' => ["fo\\\\'oo", '"bar"'], 'b' => []]]],
+        "{a: ['foo', 'bar'], b: {\"'a'\": ['foo/bar&', 'bar(foo)'], b: {a: ['fo\\\\\\\\\\'oo', '\"bar\"'], b: {}}}}",
       ],
       [TRUE, 'true'],
       [' ', "' '"],
-- 
2.25.1