From 78ca4fd309e2254771a01ade75197d46e149c5f3 Mon Sep 17 00:00:00 2001
From: Nikita Kiselev <kiselev2008@gmail.com>
Date: Fri, 24 Oct 2025 14:25:01 +0300
Subject: [PATCH] fix(products): encode html for title on products page

---
 .../src/Handlers/CategoriesHandler.php          |  5 +++--
 .../src/Services/ProductsService.php            | 17 ++++++++---------
 .../oc_telegram_shop/src/Support/Utils.php      | 11 +++++++++++
 3 files changed, 22 insertions(+), 11 deletions(-)
 create mode 100644 module/oc_telegram_shop/upload/oc_telegram_shop/src/Support/Utils.php

diff --git a/module/oc_telegram_shop/upload/oc_telegram_shop/src/Handlers/CategoriesHandler.php b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Handlers/CategoriesHandler.php
index ce372d5..b3c0c4c 100755
--- a/module/oc_telegram_shop/upload/oc_telegram_shop/src/Handlers/CategoriesHandler.php
+++ b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Handlers/CategoriesHandler.php
@@ -4,6 +4,7 @@ declare(strict_types=1);
 
 namespace App\Handlers;
 
+use App\Support\Utils;
 use Openguru\OpenCartFramework\Config\Settings;
 use Openguru\OpenCartFramework\Http\JsonResponse;
 use Openguru\OpenCartFramework\Http\Request;
@@ -79,7 +80,7 @@ class CategoriesHandler
                 return [
                     'id' => (int)$category['id'],
                     'image' => $category['image'] ?? '',
-                    'name' => html_entity_decode($category['name'], ENT_QUOTES | ENT_HTML5, 'UTF-8'),
+                    'name' => Utils::htmlEntityEncode($category['name']),
                     'description' => $category['description'],
                     'children' => $category['children'],
                 ];
@@ -102,7 +103,7 @@ class CategoriesHandler
                 $branch[] = [
                     'id' => (int)$category['id'],
                     'image' => $image,
-                    'name' => html_entity_decode($category['name'], ENT_QUOTES | ENT_HTML5, 'UTF-8'),
+                    'name' => Utils::htmlEntityEncode($category['name']),
                     'description' => $category['description'],
                     'children' => $category['children'] ?? [],
                 ];
diff --git a/module/oc_telegram_shop/upload/oc_telegram_shop/src/Services/ProductsService.php b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Services/ProductsService.php
index 6450c34..f38ef5c 100755
--- a/module/oc_telegram_shop/upload/oc_telegram_shop/src/Services/ProductsService.php
+++ b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Services/ProductsService.php
@@ -2,6 +2,7 @@
 
 namespace App\Services;
 
+use App\Support\Utils;
 use Cart\Currency;
 use Cart\Tax;
 use Exception;
@@ -147,7 +148,7 @@ class ProductsService
 
                 $allImages[] = [
                     'url' => $image,
-                    'alt' => html_entity_decode($product['product_name'], ENT_QUOTES | ENT_HTML5, 'UTF-8'),
+                    'alt' => Utils::htmlEntityEncode($product['product_name']),
                 ];
 
                 $price = $this->currency->format(
@@ -178,7 +179,7 @@ class ProductsService
                 return [
                     'id' => (int) $product['product_id'],
                     'product_quantity' => (int) $product['product_quantity'],
-                    'name' => html_entity_decode($product['product_name'], ENT_QUOTES | ENT_HTML5, 'UTF-8'),
+                    'name' => Utils::htmlEntityEncode($product['product_name']),
                     'price' => $price,
                     'special' => $special,
                     'images' => $allImages,
@@ -224,16 +225,14 @@ class ProductsService
         $data['tab_review'] = sprintf($this->oc->language->get('tab_review'), $product_info['reviews']);
 
         $data['product_id'] = $productId;
-        $data['name'] = $product_info['name'];
+        $data['name'] = Utils::htmlEntityEncode($product_info['name']);
         $data['manufacturer'] = $product_info['manufacturer'];
         $data['model'] = $product_info['model'];
         $data['reward'] = $product_info['reward'];
         $data['points'] = (int) $product_info['points'];
-        $data['description'] = html_entity_decode($product_info['description'], ENT_QUOTES, 'UTF-8');
-        $data['share'] = html_entity_decode(
-            $this->oc->url->link('product/product', 'product_id=' . $productId),
-            ENT_QUOTES | ENT_HTML5,
-            'UTF-8'
+        $data['description'] = Utils::htmlEntityEncode($product_info['description']);
+        $data['share'] = Utils::htmlEntityEncode(
+            $this->oc->url->link('product/product', 'product_id=' . $productId)
         );
 
         if ($product_info['quantity'] <= 0) {
@@ -272,7 +271,7 @@ class ProductsService
                     ),
                     'width' => $width,
                     'height' => $height,
-                    'alt' => html_entity_decode($product_info['name'], ENT_QUOTES | ENT_HTML5, 'UTF-8'),
+                    'alt' => Utils::htmlEntityEncode($product_info['name']),
                 ];
             } catch (Exception $e) {
                 $this->logger->logException($e);
diff --git a/module/oc_telegram_shop/upload/oc_telegram_shop/src/Support/Utils.php b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Support/Utils.php
new file mode 100644
index 0000000..b0b4529
--- /dev/null
+++ b/module/oc_telegram_shop/upload/oc_telegram_shop/src/Support/Utils.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace App\Support;
+
+final class Utils
+{
+    public static function htmlEntityEncode(string $string): string
+    {
+        return html_entity_decode($string, ENT_QUOTES | ENT_HTML5, 'UTF-8');
+    }
+}