Skip to content

Magento_Backend: avoid using deprecated escape* methods from Abstract… #31668

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,13 @@ public function render(\Magento\Framework\DataObject $row)
{
$value = $row->getData($this->getColumn()->getIndex());
if ($this->stringHelper->strlen($value) > 30) {
$value = '<span title="' . $this->escapeHtml(
$value = '<span title="' . $this->_escaper->escapeHtml(
$value
) . '">' . $this->escapeHtml(
) . '">' . $this->_escaper->escapeHtml(
$this->filterManager->truncate($value, ['length' => 30])
) . '</span>';
} else {
$value = $this->escapeHtml($value);
$value = $this->_escaper->escapeHtml($value);
}
return $value;
}
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/Backend/Block/Menu.php
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ protected function _construct()
*/
protected function _getAnchorLabel($menuItem)
{
return $this->escapeHtml(__($menuItem->getTitle()));
return $this->_escaper->escapeHtml(__($menuItem->getTitle()));
}

/**
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/Backend/Block/Store/Switcher.php
Original file line number Diff line number Diff line change
Expand Up @@ -586,7 +586,7 @@ public function getHintHtml()
$html = '';
$url = $this->getHintUrl();
if ($url) {
$html = '<div class="admin__field-tooltip tooltip">' . '<a' . ' href="' . $this->escapeUrl(
$html = '<div class="admin__field-tooltip tooltip">' . '<a' . ' href="' . $this->_escaper->escapeUrl(
$url
) . '"' . ' onclick="this.target=\'_blank\'"' . ' title="' . __(
'What is this?'
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/Backend/Block/System/Store/Delete.php
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ public function getHeaderText()
return __(
"Delete %1 '%2'",
$this->getStoreTypeTitle(),
$this->escapeHtml($this->getChildBlock('form')->getDataObject()->getName())
$this->_escaper->escapeHtml($this->getChildBlock('form')->getDataObject()->getName())
);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public function render(\Magento\Framework\DataObject $row)
href="' .
$this->getUrl('adminhtml/*/editGroup', ['group_id' => $row->getGroupId()]) .
'">' .
$this->escapeHtml($row->getData($this->getColumn()->getIndex())) .
$this->_escaper->escapeHtml($row->getData($this->getColumn()->getIndex())) .
'</a><br />'
. '(' . __('Code') . ': ' . $row->getGroupCode() . ')';
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ public function render(\Magento\Framework\DataObject $row)
href="' .
$this->getUrl('adminhtml/*/editStore', ['store_id' => $row->getStoreId()]) .
'">' .
$this->escapeHtml($row->getData($this->getColumn()->getIndex())) .
$this->_escaper->escapeHtml($row->getData($this->getColumn()->getIndex())) .
'</a><br />' .
'(' . __('Code') . ': ' . $row->getStoreCode() . ')';
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ public function render(\Magento\Framework\DataObject $row)
href="' .
$this->getUrl('adminhtml/*/editWebsite', ['website_id' => $row->getWebsiteId()]) .
'">' .
$this->escapeHtml($row->getData($this->getColumn()->getIndex())) .
$this->_escaper->escapeHtml($row->getData($this->getColumn()->getIndex())) .
'</a><br />' .
'(' . __('Code') . ': ' . $row->getCode() . ')';
}
Expand Down
2 changes: 1 addition & 1 deletion app/code/Magento/Backend/Block/Widget/Button.php
Original file line number Diff line number Diff line change
Expand Up @@ -152,7 +152,7 @@ protected function _attributesToHtml($attributes)
if ($attributeValue === null || $attributeValue == '') {
continue;
}
$html .= $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '" ';
$html .= $attributeKey . '="' . $this->_escaper->escapeHtmlAttr($attributeValue, false) . '" ';
}

return $html;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -285,7 +285,7 @@ protected function _getAttributesString($attributes)
if ($attributeValue === null || $attributeValue == '') {
continue;
}
$html[] = $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '"';
$html[] = $attributeKey . '="' . $this->_escaper->escapeHtmlAttr($attributeValue, false) . '"';
}
return join(' ', $html);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@ public function getColumn()
*/
protected function _getHtmlName()
{
return $this->escapeHtml($this->getColumn()->getId());
return $this->_escaper->escapeHtml($this->getColumn()->getId());
}

/**
Expand All @@ -81,7 +81,7 @@ protected function _getHtmlName()
*/
protected function _getHtmlId()
{
return $this->escapeHtml($this->getColumn()->getHtmlId());
return $this->_escaper->escapeHtml($this->getColumn()->getHtmlId());
}

/**
Expand All @@ -92,7 +92,7 @@ protected function _getHtmlId()
*/
public function getEscapedValue($index = null)
{
return $this->escapeHtml((string)$this->getValue($index));
return $this->_escaper->escapeHtml((string)$this->getValue($index));
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public function getHtml()
dateFormat: "' .
$format .
'",
buttonText: "' . $this->escapeHtml(__('Date selector')) .
buttonText: "' . $this->_escaper->escapeHtml(__('Date selector')) .
'",
from: {
id: "' .
Expand Down Expand Up @@ -153,7 +153,7 @@ public function getEscapedValue($index = null)
}

if (is_string($value)) {
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}

return $value;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ public function getHtml()
dateFormat: "' . $format . '",
timeFormat: "' . $timeFormat . '",
showsTime: ' . ($this->getColumn()->getFilterTime() ? 'true' : 'false') . ',
buttonText: "' . $this->escapeHtml(__('Date selector')) . '",
buttonText: "' . $this->_escaper->escapeHtml(__('Date selector')) . '",
from: {
id: "' . $htmlId . '_from"
},
Expand Down Expand Up @@ -151,7 +151,7 @@ public function getEscapedValue($index = null)
}

if (is_string($value)) {
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}

return $value;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -53,9 +53,9 @@ protected function _getOptions()
protected function _renderOption($option, $value)
{
$selected = $option['value'] == $value && $value !== null ? ' selected="selected"' : '';
return '<option value="' . $this->escapeHtml(
return '<option value="' . $this->_escaper->escapeHtml(
$option['value']
) . '"' . $selected . '>' . $this->escapeHtml(
) . '"' . $selected . '>' . $this->_escaper->escapeHtml(
$option['label']
) . '</option>';
}
Expand All @@ -72,7 +72,7 @@ public function getHtml()
$value = $this->getValue();
foreach ($this->_getOptions() as $option) {
if (is_array($option['value'])) {
$html .= '<optgroup label="' . $this->escapeHtml($option['label']) . '">';
$html .= '<optgroup label="' . $this->_escaper->escapeHtml($option['label']) . '">';
foreach ($option['value'] as $subOption) {
$html .= $this->_renderOption($subOption, $value);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public function getHtml()

$allShow = $this->getColumn()->getStoreAll();

$html = '<select class="admin__control-select" name="' . $this->escapeHtml(
$html = '<select class="admin__control-select" name="' . $this->_escaper->escapeHtml(
$this->_getHtmlName()
) . '" ' . $this->getColumn()->getValidateClass() . $this->getUiId(
'filter',
Expand All @@ -76,11 +76,12 @@ public function getHtml()
}
if (!$websiteShow) {
$websiteShow = true;
$html .= '<optgroup label="' . $this->escapeHtml($website->getName()) . '"></optgroup>';
$websiteName = $this->_escaper->escapeHtml($website->getName());
$html .= '<optgroup label="' . $websiteName . '"></optgroup>';
}
if (!$groupShow) {
$groupShow = true;
$html .= '<optgroup label="&nbsp;&nbsp;&nbsp;&nbsp;' . $this->escapeHtml(
$html .= '<optgroup label="&nbsp;&nbsp;&nbsp;&nbsp;' . $this->_escaper->escapeHtml(
$group->getName()
) . '">';
}
Expand All @@ -91,7 +92,7 @@ public function getHtml()
'"' .
$selected .
'>&nbsp;&nbsp;&nbsp;&nbsp;' .
$this->escapeHtml(
$this->_escaper->escapeHtml(
$store->getName()
) . '</option>';
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -103,7 +103,7 @@ protected function _toOptionHtml($action, \Magento\Framework\DataObject $row)
$this->_transformActionData($action, $actionCaption, $row);

$htmlAttributes = [
'value' => $this->escapeHtmlAttr($this->_jsonEncoder->encode($action), false)
'value' => $this->_escaper->escapeHtmlAttr($this->_jsonEncoder->encode($action), false)
];
$actionAttributes->setData($htmlAttributes);
return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>';
Expand All @@ -126,7 +126,7 @@ protected function _toLinkHtml($action, \Magento\Framework\DataObject $row)
if (isset($action['confirm'])) {
// phpcs:ignore Magento2.Functions.DiscouragedFunction
$action['onclick'] = 'return window.confirm(\'' . addslashes(
$this->escapeHtml($action['confirm'])
$this->_escaper->escapeHtml($action['confirm'])
) . '\')';
unset($action['confirm']);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -141,16 +141,16 @@ public function render(\Magento\Framework\DataObject $row)
protected function _getCheckboxHtml($value, $checked)
{
$html = '<label class="data-grid-checkbox-cell-inner" ';
$html .= ' for="id_' . $this->escapeHtml($value) . '">';
$html .= ' for="id_' . $this->_escaper->escapeHtml($value) . '">';
$html .= '<input type="checkbox" ';
$html .= 'name="' . $this->getColumn()->getFieldName() . '" ';
$html .= 'value="' . $this->escapeHtml($value) . '" ';
$html .= 'id="id_' . $this->escapeHtml($value) . '" ';
$html .= 'value="' . $this->_escaper->escapeHtml($value) . '" ';
$html .= 'id="id_' . $this->_escaper->escapeHtml($value) . '" ';
$html .= 'class="' .
($this->getColumn()->getInlineCss() ? $this->getColumn()->getInlineCss() : 'checkbox') .
' admin__control-checkbox' . '"';
$html .= $checked . $this->getDisabled() . '/>';
$html .= '<label for="id_' . $this->escapeHtml($value) . '"></label>';
$html .= '<label for="id_' . $this->_escaper->escapeHtml($value) . '"></label>';
$html .= '</label>';
/* ToDo UI: add class="admin__field-label" after some refactoring _fields.less */
return $html;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,7 @@ public function render(\Magento\Framework\DataObject $row)
if ($data = $row->getData($this->getColumn()->getIndex())) {
$name = $this->localeLists->getCountryTranslation($data);
if (empty($name)) {
$name = $this->escapeHtml($data);
$name = $this->_escaper->escapeHtml($data);
}
return $name;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ public function render(\Magento\Framework\DataObject $row)
}
$text = $this->filterManager->truncate(parent::_getValue($row), ['length' => $truncateLength]);
if (!$this->getColumn()->hasEscape() || $this->getColumn()->getEscape()) {
$text = $this->escapeHtml($text);
$text = $this->_escaper->escapeHtml($text);
}
if ($this->getColumn()->getNl2br()) {
$text = nl2br($text);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@ protected function _getCheckboxHtml($value, $checked)
$html = '<label class="data-grid-checkbox-cell-inner" for="'. $id .'">';
$html .= '<input type="checkbox" name="' . $this->getColumn()->getName() . '" ';
$html .= 'id="' . $id . '" data-role="select-row"';
$html .= 'value="' . $this->escapeHtml($value) . '" class="admin__control-checkbox"' . $checked . '/>';
$html .= 'value="' . $this->_escaper->escapeHtml($value) . '" class="admin__control-checkbox"' . $checked . '/>';
$html .= '<label for="'. $id .'"></label></label>';
return $html;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -48,16 +48,16 @@ public function render(\Magento\Framework\DataObject $row)
$res = [];
foreach ($value as $item) {
if (isset($output[$item])) {
$res[] = $this->escapeHtml($output[$item]);
$res[] = $this->_escaper->escapeHtml($output[$item]);
} elseif ($showMissingOptionValues) {
$res[] = $this->escapeHtml($item);
$res[] = $this->_escaper->escapeHtml($item);
}
}
return implode(', ', $res);
} elseif (isset($output[$value])) {
return $this->escapeHtml($output[$value]);
return $this->_escaper->escapeHtml($output[$value]);
} elseif (in_array($value, $output)) {
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,12 +51,13 @@ protected function _getOptions()
public function render(\Magento\Framework\DataObject $row)
{
$name = $this->getColumn()->getName() ? $this->getColumn()->getName() : $this->getColumn()->getId();
$html = '<select name="' . $this->escapeHtml($name) . '" ' . $this->getColumn()->getValidateClass() . '>';
$validateClass = $this->getColumn()->getValidateClass();
$html = '<select name="' . $this->_escaper->escapeHtml($name) . '" ' . $validateClass . '>';
$value = $row->getData($this->getColumn()->getIndex());
foreach ($this->_getOptions() as $val => $label) {
$selected = $val == $value && $value !== null ? ' selected="selected"' : '';
$html .= '<option value="' . $this->escapeHtml($val) . '"' . $selected . '>';
$html .= $this->escapeHtml($label) . '</option>';
$html .= '<option value="' . $this->_escaper->escapeHtml($val) . '"' . $selected . '>';
$html .= $this->_escaper->escapeHtml($label) . '</option>';
}
$html .= '</select>';
return $html;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ private function getSimpleValue(DataObject $row)
if (true === $this->getColumn()->getTranslate()) {
$value = __($value);
}
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}

/**
Expand All @@ -71,6 +71,6 @@ private function getFormattedValue(DataObject $row)
$value = str_replace($match, $replacement, $value);
}
}
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ protected function _construct()
{
parent::_construct();

$this->setErrorText($this->escapeHtml(__('An item needs to be selected. Select and try again.')));
$this->setErrorText($this->_escaper->escapeHtml(__('An item needs to be selected. Select and try again.')));

if (null !== $this->getOptions()) {
foreach ($this->getOptions() as $optionId => $option) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,7 @@ public function __construct(
public function _construct()
{
parent::_construct();
$this->setErrorText($this->escapeHtml(__('An item needs to be selected. Select and try again.')));
$this->setErrorText($this->_escaper->escapeHtml(__('An item needs to be selected. Select and try again.')));
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,23 +9,27 @@
* @see \Magento\Backend\Block\Denied
*/

/**
* @var \Magento\Framework\Escaper $escaper
*/

// phpcs:disable Magento2.Security.Superglobal
?>
<hr class="access-denied-hr"/>
<div class="access-denied-page">
<h2 class="page-heading"><?= $block->escapeHtml(__('Sorry, you need permissions to view this content.')) ?></h2>
<strong><?= $block->escapeHtml(__('Next steps')) ?></strong>
<h2 class="page-heading"><?= $escaper->escapeHtml(__('Sorry, you need permissions to view this content.')) ?></h2>
<strong><?= $escaper->escapeHtml(__('Next steps')) ?></strong>
<ul>
<li><span><?= $block->escapeHtml(__('If you think this is an error, try signing out and signing in again.')) ?></span></li>
<li><span><?= $block->escapeHtml(__('Contact a system administrator or store owner to gain permissions.')) ?></span></li>
<li><span><?= $escaper->escapeHtml(__('If you think this is an error, try signing out and signing in again.')) ?></span></li>
<li><span><?= $escaper->escapeHtml(__('Contact a system administrator or store owner to gain permissions.')) ?></span></li>
<li>
<span><?= $block->escapeHtml(__('Return to ')) ?>
<span><?= $escaper->escapeHtml(__('Return to ')) ?>
<?php if (isset($_SERVER['HTTP_REFERER'])) : ?>
<a href="<?= $block->escapeUrl($_SERVER['HTTP_REFERER']) ?>">
<?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
<a href="<?= $escaper->escapeUrl($_SERVER['HTTP_REFERER']) ?>">
<?= $escaper->escapeHtml(__('previous page')) ?></a><?= $escaper->escapeHtml(__('.')) ?>
<?php else : ?>
<a href="<?= $block->escapeHtmlAttr('javascript:history.back()') ?>">
<?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
<a href="<?= $escaper->escapeHtmlAttr('javascript:history.back()') ?>">
<?= $escaper->escapeHtml(__('previous page')) ?></a><?= $escaper->escapeHtml(__('.')) ?>
<?php endif ?>
</span>
</li>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,9 @@
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

/**
* @var \Magento\Framework\Escaper $escaper
*/
?>
<div><input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" /></div>
<div><input name="form_key" type="hidden" value="<?= $escaper->escapeHtmlAttr($block->getFormKey()) ?>" /></div>
Loading