From 2dda69cec4ee1c2ed1f0dbebdab4f1390b8ae5d9 Mon Sep 17 00:00:00 2001
From: Rich Lott / Artful Robot <forums@artfulrobot.uk>
Date: Mon, 20 Sep 2021 14:52:21 +0100
Subject: [PATCH] Add test for API4 failing to decode strings stored as HTML

---
 tests/phpunit/api/v4/Action/ResultTest.php | 33 ++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/tests/phpunit/api/v4/Action/ResultTest.php b/tests/phpunit/api/v4/Action/ResultTest.php
index a6ecefae7396..d9153c07d3c1 100644
--- a/tests/phpunit/api/v4/Action/ResultTest.php
+++ b/tests/phpunit/api/v4/Action/ResultTest.php
@@ -34,4 +34,37 @@ public function testJsonSerialize() {
     $this->assertTrue(is_array(json_decode($json)));
   }
 
+  /**
+   * Knowing that the db layer HTML-encodes strings, we want to test
+   * that this ugliness is hidden from us as users of the API.
+   *
+   * @see https://issues.civicrm.org/jira/browse/CRM-11532
+   * @see https://lab.civicrm.org/dev/core/-/issues/1328
+   */
+  public function testNoDataCorruptionThroughEncoding() {
+
+    $original = 'hello < you';
+    $result = Contact::create(FALSE)
+      ->setValues(['display_name' => $original])
+      ->execute()->first();
+    $this->assertEquals($original, $result['display_name'],
+      "The value returned from Contact.create is different to the value sent."
+    );
+
+    $result = Contact::update(FALSE)
+      ->addWhere('id', '=', $result['id'])
+      ->setValues(['display_name' => $original])
+      ->execute()->first();
+    $this->assertEquals($original, $result['display_name'],
+      "The value returned from Contact.update is different to the value sent."
+    );
+
+    $result = Contact::get(FALSE)
+      ->addWhere('id', '=', $result['id'])
+      ->execute()->first();
+    $this->assertEquals($original, $result['display_name'],
+      "The value returned from Contact.get is different to the value sent."
+    );
+  }
+
 }