Skip to content

Backport #4958 to 2.1 #12611

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 19, 2017
Merged

Backport #4958 to 2.1 #12611

merged 1 commit into from
Dec 19, 2017

Conversation

slackerzz
Copy link
Member

Backport of #4958 to 2.1

Description

Fixed Issues (if relevant)

  1. magento/magento2#<issue_number>: Issue title
  2. ...

Manual testing scenarios

  1. ...
  2. ...

Contribution checklist

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds on Travis CI are green)

@mzeis mzeis self-assigned this Dec 10, 2017
@mzeis mzeis added this to the December 2017 milestone Dec 10, 2017
mzeis
mzeis suggested changes Dec 11, 2017
View reviewed changes
app/code/Magento/Newsletter/view/frontend/templates/subscribe.phtml Outdated
@@ -8,7 +8,7 @@

?>
<div class="block newsletter">
<div class="title"><strong>Newsletter</strong></div>
<div class="title"><strong><?php /* @escapeNotVerified */ echo __('Newsletter') ?></strong></div>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I reached out to the core team regarding using @escapeNotVerified in backports because it wasn't defined how to handle this.

They asked us to not use @escapeNotVerified for new code, even in 2.1-develop abd when other strings in the same template use the same technique because we know by now that this potentially unsecure.

If you adjust your PR to escape the string (like in 2.2-develop) though, I can approve your PR!

@mzeis
Copy link
Contributor

mzeis commented Dec 11, 2017

Hi @slackerzz,

thank you for your contribution! There is one small change we need you to do (please see my code review) and then I'm happy to accept your PR.

@slackerzz
block newsletter title
5158a78 
The title string is hardcoded!
@slackerzz
Copy link
Member Author

Hi @mzeis, I've just pushed the correction

@mzeis
Copy link
Contributor

mzeis commented Dec 14, 2017

Hi @slackerzz,

thanks again! Your contribution will be merged into the mainline.

@magento-team magento-team merged commit 5158a78 into magento:2.1-develop Dec 19, 2017
magento-team pushed a commit that referenced this pull request Dec 19, 2017
MAGETWO-85264: Backport #4958 to 2.1 #12611
2bcb688
@slackerzz slackerzz deleted the backport-pr4958 branch December 20, 2017 08:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mzeis mzeis mzeis approved these changes

Assignees

@mzeis mzeis

Labels
bugfix Progress: accept Release Line: 2.1
Projects
None yet
Milestone
December 2017
Development

Successfully merging this pull request may close these issues.
3 participants
@slackerzz @mzeis @magento-team