Fix #2342 incorrectly placed context switch markers inside raw PHP code block

common/framework/parsers/template/TemplateParser_v2.php

@@ -179,18 +179,33 @@ class TemplateParser_v2
 	 */
 	protected function _addContextSwitches(string $content): string
 	{
-		return preg_replace_callback('#(<script(\s[^>]*)?|</script)#i', function($match) {
+		return preg_replace_callback('#(<script\b([^>]*)|</script)#i', function($match) {
 			if (substr($match[1], 1, 1) === '/')
 			{
 				return '<?php $this->config->context = "HTML"; ?>' . $match[1];
 			}
-			else
+			elseif (!str_contains($match[2] ?? '', 'src="'))
 			{
 				return $match[1] . '<?php $this->config->context = "JS"; ?>';
 			}
+			else
+			{
+				return $match[0];
+			}
 		}, $content);
 	}
 
+	/**
+	 * Remove context switch points.
+	 *
+	 * @param string $content
+	 * @return string
+	 */
+	protected static function _removeContextSwitches(string $content): string
+	{
+		return preg_replace('#<\?php \$this->config->context = "[A-Z]+"; \?>#', '', $content);
+	}
+
 	/**
 	 * Remove comments that should not be visible in the output.
 	 *
@@ -266,7 +281,7 @@ class TemplateParser_v2
 				$open = '<?php' . (preg_match('#^\s#', $match[2]) ? '' : ' ');
 			}
 			$close = (preg_match('#\s$#', $match[2]) ? '' : ' ') . '?>';
-			return $open . self::_convertVariableScope($match[2]) . $close;
+			return $open . self::_convertVariableScope(self::_removeContextSwitches($match[2])) . $close;
 		};
 
 		$content = preg_replace_callback('#(<\?php|<\?=?)(.+?)(\?>)#s', $callback, $content);

tests/unit/framework/parsers/TemplateParserV2Test.php

@@ -366,6 +366,11 @@ class TemplateParserV2Test extends \Codeception\Test\Unit
 		$target = "<?php echo escape_js(\$__Context->foo ?? ''); ?>";
 		$this->assertEquals($target, $this->_parse($source));
 
+		// Context-aware escape
+		$source = '<script type="text/javascript"> foobar(); </script>';
+		$target = '<script type="text/javascript"<?php $this->config->context = "JS"; ?>> foobar(); <?php $this->config->context = "HTML"; ?></script>';
+		$this->assertEquals($target, $this->_parse($source));
+
 		// JSON using context-aware escape
 		$source = '{{ $foo|json }}';
 		$target = implode('', [
@@ -563,12 +568,12 @@ class TemplateParserV2Test extends \Codeception\Test\Unit
 
 		// Script tag with local path
 		$source = '<script src="assets/foo.js" async>';
-		$target = '<script src="' . $this->baseurl . 'tests/_data/template/assets/foo.js" async<?php $this->config->context = "JS"; ?>>';
+		$target = '<script src="' . $this->baseurl . 'tests/_data/template/assets/foo.js" async>';
 		$this->assertEquals($target, $this->_parse($source));
 
 		// Script tag with external path
 		$source = '<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.0/js/bootstrap.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"></script>';
-		$target = '<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.0/js/bootstrap.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"<?php $this->config->context = "JS"; ?>><?php $this->config->context = "HTML"; ?></script>';
+		$target = '<script src="https://cdnjs.cloudflare.com/ajax/libs/bootstrap/5.0.0/js/bootstrap.min.js" crossorigin="anonymous" referrerpolicy="no-referrer"><?php $this->config->context = "HTML"; ?></script>';
 		$this->assertEquals($target, $this->_parse($source));
 
 		// Absolute URL
@@ -1057,6 +1062,11 @@ class TemplateParserV2Test extends \Codeception\Test\Unit
 		$source = '@php $foo = 42; @endphp';
 		$target = '<?php $__Context->foo = 42; ?>';
 		$this->assertEquals($target, $this->_parse($source));
+
+		// Turn off context-aware escape within raw PHP blocks
+		$source = "@php Context::addHtmlFooter('<script></script>'); @endphp";
+		$target = "<?php Context::addHtmlFooter('<script></script>'); ?>";
+		$this->assertEquals($target, $this->_parse($source));
 	}
 
 	public function testDeprecationMessages()