Skip to content

Magento_Customer: avoid using deprecated escape* methods from Abstrac… #31672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public function getJsLayout()
public function getConfig()
{
return [
'autocomplete' => $this->escapeHtml($this->isAutocompleteEnabled()),
'autocomplete' => $this->_escaper->escapeHtml($this->isAutocompleteEnabled()),
'customerRegisterUrl' => $this->escapeUrl($this->getCustomerRegisterUrlUrl()),
'customerForgotPasswordUrl' => $this->escapeUrl($this->getCustomerForgotPasswordUrl()),
'baseUrl' => $this->escapeUrl($this->getBaseUrl())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -194,7 +194,7 @@ public function renderArray($addressAttributes, $format = null)
}
if ($this->getType()->getEscapeHtml()) {
foreach ($data as $key => $value) {
$data[$key] = $this->escapeHtml($value);
$data[$key] = $this->_escaper->escapeHtml($value);
}
}
$format = $format !== null ? $format : $this->getFormatArray($addressAttributes);
Expand Down
4 changes: 2 additions & 2 deletions app/code/Magento/Customer/Block/Adminhtml/Edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ protected function _construct()
'invalidate_token',
[
'label' => __('Force Sign-In'),
'onclick' => 'deleteConfirm(\'' . $this->escapeJs($this->escapeHtml($deleteConfirmMsg)) .
'onclick' => 'deleteConfirm(\'' . $this->_escaper->escapeJs($this->_escaper->escapeHtml($deleteConfirmMsg)) .
'\', \'' . $url . '\')',
'class' => 'invalidate-token'
],
Expand Down Expand Up @@ -161,7 +161,7 @@ public function getHeaderText()
$customerId = $this->getCustomerId();
if ($customerId) {
$customerData = $this->customerRepository->getById($customerId);
return $this->escapeHtml($this->_viewHelper->getCustomerName($customerData));
return $this->_escaper->escapeHtml($this->_viewHelper->getCustomerName($customerData));
} else {
return __('New Customer');
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ public function render(\Magento\Framework\DataObject $item)
$this->setItem($item);
$product = $this->getProduct();
$options = $this->getOptionList();
return $options ? $this->_renderItemOptions($product, $options) : $this->escapeHtml($product->getName());
return $options ? $this->_renderItemOptions($product, $options) : $this->_escaper->escapeHtml($product->getName());
}

/**
Expand All @@ -135,12 +135,12 @@ public function render(\Magento\Framework\DataObject $item)
*/
protected function _renderItemOptions(Product $product, array $options)
{
$html = '<div class="product-title">' . $this->escapeHtml(
$html = '<div class="product-title">' . $this->_escaper->escapeHtml(
$product->getName()
) . '</div>' . '<dl class="item-options">';
foreach ($options as $option) {
$formattedOption = $this->getFormattedOptionValue($option);
$html .= '<dt>' . $this->escapeHtml($option['label']) . '</dt>';
$html .= '<dt>' . $this->_escaper->escapeHtml($option['label']) . '</dt>';
$html .= '<dd>' . $formattedOption['value'] . '</dd>';
}
$html .= '</dl>';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,6 @@ class Description extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Abs
*/
public function render(\Magento\Framework\DataObject $row)
{
return nl2br($this->escapeHtml($row->getData($this->getColumn()->getIndex())));
return nl2br($this->_escaper->escapeHtml($row->getData($this->getColumn()->getIndex())));
}
}
2 changes: 1 addition & 1 deletion app/code/Magento/Customer/Block/Adminhtml/Group/Edit.php
Original file line number Diff line number Diff line change
Expand Up @@ -87,7 +87,7 @@ public function getHeaderText()
return __('New Customer Group');
} else {
$group = $this->groupRepository->getById($groupId);
return __('Edit Customer Group "%1"', $this->escapeHtml($group->getCode()));
return __('Edit Customer Group "%1"', $this->_escaper->escapeHtml($group->getCode()));
}
}

Expand Down
4 changes: 2 additions & 2 deletions app/code/Magento/Customer/Block/Widget/Name.php
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ public function getPrefixOptions()

if ($this->getObject() && !empty($prefixOptions)) {
$prefixOption = $this->getObject()->getPrefix();
$oldPrefix = $this->escapeHtml(trim($prefixOption));
$oldPrefix = $this->_escaper->escapeHtml(trim($prefixOption));
if ($prefixOption !== null && !isset($prefixOptions[$oldPrefix]) && !isset($prefixOptions[$prefixOption])) {
$prefixOptions[$oldPrefix] = $oldPrefix;
}
Expand Down Expand Up @@ -165,7 +165,7 @@ public function getSuffixOptions()
$suffixOptions = $this->options->getNameSuffixOptions();
if ($this->getObject() && !empty($suffixOptions)) {
$suffixOption = $this->getObject()->getSuffix();
$oldSuffix = $this->escapeHtml(trim($suffixOption));
$oldSuffix = $this->_escaper->escapeHtml(trim($suffixOption));
if ($suffixOption !== null && !isset($suffixOptions[$oldSuffix]) && !isset($suffixOptions[$suffixOption])) {
$suffixOptions[$oldSuffix] = $oldSuffix;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Customer\Block\Adminhtml\Sales\Order\Address\Form\Renderer\Vat $block */
/**
* @var \Magento\Customer\Block\Adminhtml\Sales\Order\Address\Form\Renderer\Vat $block
* @var \Magento\Framework\Escaper $escaper
*/

$_element = $block->getElement();
$_note = $_element->getNote();
Expand All @@ -17,11 +20,11 @@ $_validateButton = $block->getValidateButton();
<div class="hidden"><?= $_element->getElementHtml() ?></div>
<?php else : ?>
<?= $_element->getLabelHtml() ?>
<div class="admin__field-control <?= /* @noEscape */ $_element->hasValueClass() ? $block->escapeHtmlAttr($_element->getValueClass()) : 'value' ?><?= $_class ? $block->escapeHtmlAttr($_class) . '-value' : '' ?>">
<div class="admin__field-control <?= /* @noEscape */ $_element->hasValueClass() ? $escaper->escapeHtmlAttr($_element->getValueClass()) : 'value' ?><?= $_class ? $escaper->escapeHtmlAttr($_class) . '-value' : '' ?>">
<?= $_element->getElementHtml() ?>
<?php if ($_note) : ?>
<div class="admin__field-note<?= /* @noEscape */ $_class ? " {$block->escapeHtmlAttr($_class)}-note" : '' ?>" id="note_<?= $block->escapeHtmlAttr($_element->getId()) ?>">
<span><?= $block->escapeHtml($_note) ?></span>
<div class="admin__field-note<?= /* @noEscape */ $_class ? " {$escaper->escapeHtmlAttr($_class)}-note" : '' ?>" id="note_<?= $escaper->escapeHtmlAttr($_element->getId()) ?>">
<span><?= $escaper->escapeHtml($_note) ?></span>
</div>
<?php endif; ?>
<div class="actions">
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,16 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Customer\Block\Adminhtml\System\Config\Validatevat $block */
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
?>
/**
* @var \Magento\Customer\Block\Adminhtml\System\Config\Validatevat $block
* @var \Magento\Framework\Escaper $escaper
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
*/

<?php
$merchantCountryField = $block->escapeJs($block->getMerchantCountryField());
$merchantVatNumberField = $block->escapeJs($block->getMerchantVatNumberField());
$ajaxUrl = $block->escapeJs($block->getAjaxUrl());
$errorMessage = $block->escapeJs($block->escapeHtml(__('Error during VAT Number verification.')));
$merchantCountryField = $escaper->escapeJs($block->getMerchantCountryField());
$merchantVatNumberField = $escaper->escapeJs($block->getMerchantVatNumberField());
$ajaxUrl = $escaper->escapeJs($block->getAjaxUrl());
$errorMessage = $escaper->escapeJs($escaper->escapeHtml(__('Error during VAT Number verification.')));

$scriptString = <<<script
require(['prototype'], function(){
Expand Down Expand Up @@ -61,7 +62,7 @@ script;
<div class="actions actions-validate-vat">
<p class="admin__field-error hidden" id="validation_result"></p>
<button class="action-validate-vat" type="button" id="<?= /* @noEscape */ $block->getHtmlId() ?>">
<span><?= $block->escapeHtml($block->getButtonLabel()) ?></span>
<span><?= $escaper->escapeHtml($block->getButtonLabel()) ?></span>
</button>
</div>
<?= /* @noEscape */ $secureRenderer->renderTag('style', [], '#validation_result {margin-bottom: 10px;}', false); ?>
Expand Down
31 changes: 17 additions & 14 deletions app/code/Magento/Customer/view/adminhtml/templates/tab/cart.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
* See COPYING.txt for license details.
*/

/* @var \Magento\Customer\Block\Adminhtml\Edit\Tab\Cart $block */
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
/**
* @var \Magento\Customer\Block\Adminhtml\Edit\Tab\Cart $block
* @var \Magento\Framework\Escaper $escaper
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
*/
?>
<?php if ($block->getCartHeader()): ?>
<div class="content-header skip-header">
<table>
<tr>
<td><h4><?= $block->escapeHtml($block->getCartHeader()) ?></h4></td>
<td><h4><?= $escaper->escapeHtml($block->getCartHeader()) ?></h4></td>
</tr>
</table>
<?= /* @noEscape */ $secureRenderer->renderStyleAsTag("width:50%;", 'div.content-header.skip-header table tr td') ?>
Expand All @@ -27,19 +30,19 @@
"Magento_Catalog/catalog/product/composite/configure"
], function(alert, confirm){

{$block->escapeJs($block->getJsObjectName())}cartControl = {
{$escaper->escapeJs($block->getJsObjectName())}cartControl = {
reload: function (params) {
if (!params) {
params = {};
}
{$block->escapeJs($block->getJsObjectName())}.reloadParams = params;
{$block->escapeJs($block->getJsObjectName())}.reload();
{$block->escapeJs($block->getJsObjectName())}.reloadParams = {};
{$escaper->escapeJs($block->getJsObjectName())}.reloadParams = params;
{$escaper->escapeJs($block->getJsObjectName())}.reload();
{$escaper->escapeJs($block->getJsObjectName())}.reloadParams = {};
},

configureItem: function (itemId) {
productConfigure.setOnLoadIFrameCallback('{$block->escapeJs($listType)}', this.cbOnLoadIframe.bind(this));
productConfigure.showItemConfiguration('{$block->escapeJs($listType)}', itemId);
productConfigure.setOnLoadIFrameCallback('{$escaper->escapeJs($listType)}', this.cbOnLoadIframe.bind(this));
productConfigure.showItemConfiguration('{$escaper->escapeJs($listType)}', itemId);
return false;
},

Expand All @@ -55,14 +58,14 @@

if (!itemId) {
alert({
content: '{$block->escapeJs(__('No item specified.'))}'
content: '{$escaper->escapeJs(__('No item specified.'))}'
});

return false;
}

confirm({
content: '{$block->escapeJs(__('Are you sure you want to remove this item?'))}',
content: '{$escaper->escapeJs(__('Are you sure you want to remove this item?'))}',
actions: {
confirm: function(){
self.reload({'delete':itemId});
Expand All @@ -80,10 +83,10 @@ script;
];
$scriptString .= <<<script
productConfigure.addListType(
'{$block->escapeJs($listType)}',
'{$escaper->escapeJs($listType)}',
{
urlFetch: '{$block->escapeJs($block->getUrl('customer/cart_product_composite_cart/configure', $params))}',
urlConfirm: '{$block->escapeJs($block->getUrl('customer/cart_product_composite_cart/update', $params))}'
urlFetch: '{$escaper->escapeJs($block->getUrl('customer/cart_product_composite_cart/configure', $params))}',
urlConfirm: '{$escaper->escapeJs($block->getUrl('customer/cart_product_composite_cart/update', $params))}'
}
);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Customer\Block\Adminhtml\Edit\Tab\View\PersonalInfo $block */
/**
* @var \Magento\Customer\Block\Adminhtml\Edit\Tab\View\PersonalInfo $block
* @var \Magento\Framework\Escaper $escaper
*/

$lastLoginDateAdmin = $block->getLastLoginDate();
$lastLoginDateStore = $block->getStoreLastLoginDate();
Expand All @@ -15,52 +18,52 @@ $allowedAddressHtmlTags = ['b', 'br', 'em', 'i', 'li', 'ol', 'p', 'strong', 'sub
?>
<div class="fieldset-wrapper customer-information">
<div class="fieldset-wrapper-title">
<span class="title"><?= $block->escapeHtml(__('Personal Information')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Personal Information')) ?></span>
</div>
<table class="admin__table-secondary">
<tbody>
<?= $block->getChildHtml() ?>
<tr>
<th><?= $block->escapeHtml(__('Last Logged In:')) ?></th>
<td><?= $block->escapeHtml($lastLoginDateAdmin) ?> (<?= $block->escapeHtml($block->getCurrentStatus()) ?>)</td>
<th><?= $escaper->escapeHtml(__('Last Logged In:')) ?></th>
<td><?= $escaper->escapeHtml($lastLoginDateAdmin) ?> (<?= $escaper->escapeHtml($block->getCurrentStatus()) ?>)</td>
</tr>
<?php if ($lastLoginDateAdmin != $lastLoginDateStore) : ?>
<tr>
<th><?= $block->escapeHtml(__('Last Logged In (%1):', $block->getStoreLastLoginDateTimezone())) ?></th>
<td><?= $block->escapeHtml($lastLoginDateStore) ?> (<?= $block->escapeHtml($block->getCurrentStatus()) ?>)</td>
<th><?= $escaper->escapeHtml(__('Last Logged In (%1):', $block->getStoreLastLoginDateTimezone())) ?></th>
<td><?= $escaper->escapeHtml($lastLoginDateStore) ?> (<?= $escaper->escapeHtml($block->getCurrentStatus()) ?>)</td>
</tr>
<?php endif; ?>
<tr>
<th><?= $block->escapeHtml(__('Account Lock:')) ?></th>
<td><?= $block->escapeHtml($block->getAccountLock()) ?></td>
<th><?= $escaper->escapeHtml(__('Account Lock:')) ?></th>
<td><?= $escaper->escapeHtml($block->getAccountLock()) ?></td>
</tr>
<tr>
<th><?= $block->escapeHtml(__('Confirmed email:')) ?></th>
<td><?= $block->escapeHtml($block->getIsConfirmedStatus()) ?></td>
<th><?= $escaper->escapeHtml(__('Confirmed email:')) ?></th>
<td><?= $escaper->escapeHtml($block->getIsConfirmedStatus()) ?></td>
</tr>
<tr>
<th><?= $block->escapeHtml(__('Account Created:')) ?></th>
<td><?= $block->escapeHtml($createDateAdmin) ?></td>
<th><?= $escaper->escapeHtml(__('Account Created:')) ?></th>
<td><?= $escaper->escapeHtml($createDateAdmin) ?></td>
</tr>
<?php if ($createDateAdmin != $createDateStore) : ?>
<tr>
<th><?= $block->escapeHtml(__('Account Created on (%1):', $block->getStoreCreateDateTimezone())) ?></th>
<td><?= $block->escapeHtml($createDateStore) ?></td>
<th><?= $escaper->escapeHtml(__('Account Created on (%1):', $block->getStoreCreateDateTimezone())) ?></th>
<td><?= $escaper->escapeHtml($createDateStore) ?></td>
</tr>
<?php endif; ?>
<tr>
<th><?= $block->escapeHtml(__('Account Created in:')) ?></th>
<td><?= $block->escapeHtml($block->getCreatedInStore()) ?></td>
<th><?= $escaper->escapeHtml(__('Account Created in:')) ?></th>
<td><?= $escaper->escapeHtml($block->getCreatedInStore()) ?></td>
</tr>
<tr>
<th><?= $block->escapeHtml(__('Customer Group:')) ?></th>
<td><?= $block->escapeHtml($block->getGroupName()) ?></td>
<th><?= $escaper->escapeHtml(__('Customer Group:')) ?></th>
<td><?= $escaper->escapeHtml($block->getGroupName()) ?></td>
</tr>
</tbody>
</table>
<address>
<strong><?= $block->escapeHtml(__('Default Billing Address')) ?></strong><br/>
<?= $block->escapeHtml($block->getBillingAddressHtml(), $allowedAddressHtmlTags) ?>
<strong><?= $escaper->escapeHtml(__('Default Billing Address')) ?></strong><br/>
<?= $escaper->escapeHtml($block->getBillingAddressHtml(), $allowedAddressHtmlTags) ?>
</address>

</div>
Loading