Skip to content

Commit e8b599f

Browse files
pykettkpykettk
committed
Refactor Admin Header Template
+ Escape unescaped outputs + Adhere to line length limit + Consistent formatting
1 parent feb5fce commit e8b599f

File tree

1 file changed

+61
-49
lines changed
  • app/code/Magento/Backend/view/adminhtml/templates/page

1 file changed

+61
-49
lines changed

app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml

Lines changed: 61 additions & 49 deletions
Original file line numberDiff line numberDiff line change
@@ -3,62 +3,74 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6+
declare(strict_types=1);
67

7-
/** @var $block \Magento\Backend\Block\Page\Header */
8+
use Magento\Backend\Block\Page\Header;
9+
use Magento\Framework\Escaper;
10+
11+
/** @var Escaper $escaper */
12+
/** @var Header $block */
813
$part = $block->getShowPart();
914
?>
1015
<?php if ($part === 'logo') : ?>
11-
<?php $edition = $block->hasEdition() ? 'data-edition="' . $block->escapeHtml($block->getEdition()) . '"' : ''; ?>
12-
<?php $logoSrc = ($block->hasLogoImageSrc()) ? $block->escapeHtml($block->getLogoImageSrc()) : 'images/magento-logo.svg' ?>
13-
<a
14-
href="<?= $block->escapeUrl($block->getHomeLink()) ?>"
15-
<?= /* @noEscape */ $edition ?>
16-
class="logo">
17-
<img class="logo-img" src="<?= /* @noEscape */ $block->getViewFileUrl($logoSrc) ?>"
18-
alt="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>" title="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>"/>
19-
</a>
20-
<?php elseif ($part === 'user') : ?>
21-
<div class="admin-user admin__action-dropdown-wrap">
22-
<a
23-
href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
24-
class="admin__action-dropdown"
25-
title="<?= $block->escapeHtml(__('My Account')) ?>"
26-
data-mage-init='{"dropdown":{}}'
27-
data-toggle="dropdown">
28-
<span class="admin__action-dropdown-text">
29-
<span class="admin-user-account-text"><?= $block->escapeHtml($block->getUser()->getUserName()) ?></span>
16+
<?php $edition = $block->hasEdition()
17+
? 'data-edition="' . $escaper->escapeHtml($block->getEdition()) . '"'
18+
: ''; ?>
19+
<?php $logoSrc = $block->hasLogoImageSrc()
20+
? $escaper->escapeHtml($block->getLogoImageSrc())
21+
: 'images/magento-logo.svg'; ?>
22+
<a href="<?= $escaper->escapeUrl($block->getHomeLink()); ?>"
23+
<?= /* @noEscape */ $edition; ?>
24+
class="logo">
25+
<img class="logo-img"
26+
src="<?= $escaper->escapeUrl($block->getViewFileUrl($logoSrc)); ?>"
27+
alt="<?= $escaper->escapeHtml(__('Magento Admin Panel')); ?>"
28+
title="<?= $escaper->escapeHtml(__('Magento Admin Panel')); ?>"/>
29+
</a>
30+
<?php elseif ($part === 'user'): ?>
31+
<div class="admin-user admin__action-dropdown-wrap">
32+
<a href="<?= $escaper->escapeUrl($block->getUrl('adminhtml/system_account/index')); ?>"
33+
class="admin__action-dropdown"
34+
title="<?= $escaper->escapeHtmlAttr(__('My Account')); ?>"
35+
data-mage-init='{"dropdown":{}}'
36+
data-toggle="dropdown">
37+
<span class="admin__action-dropdown-text">
38+
<span class="admin-user-account-text">
39+
<?= $escaper->escapeHtml($block->getUser()->getUserName()); ?>
3040
</span>
31-
</a>
32-
<ul class="admin__action-dropdown-menu">
33-
<?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')) : ?>
34-
<li>
35-
<a
36-
href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
37-
<?= /* @noEscape */ $block->getUiId('user', 'account', 'settings') ?>
38-
title="<?= $block->escapeHtml(__('Account Setting')) ?>">
39-
<?= $block->escapeHtml(__('Account Setting')) ?> (<span class="admin-user-name"><?= $block->escapeHtml($block->getUser()->getUserName()) ?></span>)
40-
</a>
41-
</li>
42-
<?php endif; ?>
43-
<li>
44-
<a
45-
href="<?= /* @noEscape */ $block->getBaseUrl() ?>"
46-
title="<?= $block->escapeHtml(__('Customer View')) ?>"
47-
target="_blank" class="store-front">
48-
<?= $block->escapeHtml(__('Customer View')) ?>
49-
</a>
50-
</li>
41+
</span>
42+
</a>
43+
<ul class="admin__action-dropdown-menu">
44+
<?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')): ?>
5145
<li>
52-
<a
53-
href="<?= /* @noEscape */ $block->getLogoutLink() ?>"
54-
class="account-signout"
55-
title="<?= $block->escapeHtml(__('Sign Out')) ?>">
56-
<?= $block->escapeHtml(__('Sign Out')) ?>
46+
<a href="<?= $escaper->escapeUrl($block->getUrl('adminhtml/system_account/index')); ?>"
47+
<?= /* @noEscape */ $block->getUiId('user', 'account', 'settings'); ?>
48+
title="<?= $escaper->escapeHtml(__('Account Setting')); ?>">
49+
<?= $escaper->escapeHtml(__('Account Setting')); ?>
50+
(<span class="admin-user-name">
51+
<?= $escaper->escapeHtml($block->getUser()->getUserName()); ?>
52+
</span>)
5753
</a>
5854
</li>
59-
</ul>
60-
</div>
55+
<?php endif; ?>
6156

62-
<?php elseif ($part === 'other') : ?>
63-
<?= $block->getChildHtml() ?>
57+
<li>
58+
<a href="<?= $escaper->escapeUrl($block->getBaseUrl()); ?>"
59+
title="<?= $escaper->escapeHtml(__('Customer View')); ?>"
60+
target="_blank"
61+
class="store-front">
62+
<?= $escaper->escapeHtml(__('Customer View')); ?>
63+
</a>
64+
</li>
65+
<li>
66+
<a href="<?= $escaper->escapeUrl($block->getLogoutLink()); ?>"
67+
class="account-signout"
68+
title="<?= $escaper->escapeHtml(__('Sign Out')); ?>">
69+
<?= $escaper->escapeHtml(__('Sign Out')); ?>
70+
</a>
71+
</li>
72+
</ul>
73+
</div>
74+
<?php elseif ($part === 'other'): ?>
75+
<?= $block->getChildHtml(); ?>
6476
<?php endif; ?>

0 commit comments

Comments
 (0)