Skip to content

Magento_Reports: avoid using deprecated escape* methods from Abstract… #31689

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/code/Magento/Reports/Block/Adminhtml/Grid.php
Original file line number Diff line number Diff line change
Expand Up @@ -370,7 +370,7 @@ public function getFilter($name)
if (isset($this->_filters[$name])) {
return $this->_filters[$name];
} else {
return $this->getRequest()->getParam($name) ? $this->escapeHtml($this->getRequest()->getParam($name)) : '';
return $this->getRequest()->getParam($name) ? $this->_escaper->escapeHtml($this->getRequest()->getParam($name)) : '';
}
}

Expand Down
78 changes: 40 additions & 38 deletions app/code/Magento/Reports/view/adminhtml/templates/grid.phtml
Original file line number Diff line number Diff line change
Expand Up @@ -8,11 +8,13 @@
/**
* @var $block \Magento\Reports\Block\Adminhtml\Grid
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
* @var \Magento\Framework\Escaper $escaper

*/
?>
<?php if ($block->getCollection()): ?>
<?php if ($block->canDisplayContainer()): ?>
<div id="<?= $block->escapeHtmlAttr($block->getId()) ?>">
<div id="<?= $escaper->escapeHtmlAttr($block->getId()) ?>">
<?php else: ?>
<?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
<?php endif; ?>
Expand All @@ -21,47 +23,47 @@
<div class="admin__data-grid-header-row">
<?php if ($block->getDateFilterVisibility()): ?>
<div class="admin__filter-actions" data-role="filter-form"
id="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_range')) ?>">
id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_range')) ?>">
<span class="field-row">
<label for="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_from')) ?>"
<label for="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_from')) ?>"
class="admin__control-support-text">
<span><?= $block->escapeHtml(__('From')) ?>:</span>
<span><?= $escaper->escapeHtml(__('From')) ?>:</span>
</label>
<input class="input-text no-changes required-entry admin__control-text"
type="text"
id="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_from')) ?>"
id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_from')) ?>"
name="report_from"
value="<?= $block->escapeHtmlAttr($block->getFilter('report_from')) ?>">
<span id="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_from_advice'))?>">
value="<?= $escaper->escapeHtmlAttr($block->getFilter('report_from')) ?>">
<span id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_from_advice'))?>">
</span>
</span>

<span class="field-row">
<label for="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_to')) ?>"
<label for="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_to')) ?>"
class="admin__control-support-text">
<span><?= $block->escapeHtml(__('To')) ?>:</span>
<span><?= $escaper->escapeHtml(__('To')) ?>:</span>
</label>
<input class="input-text no-changes required-entry admin__control-text"
type="text"
id="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_to')) ?>"
id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_to')) ?>"
name="report_to"
value="<?= $block->escapeHtmlAttr($block->getFilter('report_to')) ?>"/>
<span id="<?= $block->escapeHtmlAttr($block->getSuffixId('period_date_to_advice')) ?>">
value="<?= $escaper->escapeHtmlAttr($block->getFilter('report_to')) ?>"/>
<span id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('period_date_to_advice')) ?>">
</span>
</span>

<span class="field-row admin__control-filter">
<label for="<?= $block->escapeHtmlAttr($block->getSuffixId('report_period')) ?>"
<label for="<?= $escaper->escapeHtmlAttr($block->getSuffixId('report_period')) ?>"
class="admin__control-support-text">
<span><?= $block->escapeHtml(__('Show By')) ?>:</span>
<span><?= $escaper->escapeHtml(__('Show By')) ?>:</span>
</label>
<select name="report_period"
id="<?= $block->escapeHtmlAttr($block->getSuffixId('report_period')) ?>"
id="<?= $escaper->escapeHtmlAttr($block->getSuffixId('report_period')) ?>"
class="admin__control-select">
<?php foreach ($block->getPeriods() as $_value => $_label): ?>
<option value="<?= $block->escapeHtmlAttr($_value) ?>"
<option value="<?= $escaper->escapeHtmlAttr($_value) ?>"
<?php if ($block->getFilter('report_period') == $_value):
?> selected<?php endif; ?>><?= $block->escapeHtml($_label) ?>
?> selected<?php endif; ?>><?= $escaper->escapeHtml($_label) ?>
</option>
<?php endforeach; ?>
</select>
Expand All @@ -74,14 +76,14 @@
"mage/calendar"
], function($){

$("#{$block->escapeJs($block->getSuffixId('period_date_range'))}").dateRange({
dateFormat:"{$block->escapeJs($block->getDateFormat())}",
buttonText:"{$block->escapeJs(__('Select Date'))}",
$("#{$escaper->escapeJs($block->getSuffixId('period_date_range'))}").dateRange({
dateFormat:"{$escaper->escapeJs($block->getDateFormat())}",
buttonText:"{$escaper->escapeJs(__('Select Date'))}",
from:{
id:"{$block->escapeJs($block->getSuffixId('period_date_from'))}"
id:"{$escaper->escapeJs($block->getSuffixId('period_date_from'))}"
},
to:{
id:"{$block->escapeJs($block->getSuffixId('period_date_to'))}"
id:"{$escaper->escapeJs($block->getSuffixId('period_date_to'))}"
}
});
});
Expand All @@ -98,15 +100,15 @@ script;
</div>
<?php endif; ?>
<div class="admin__data-grid-wrap admin__data-grid-wrap-static">
<table class="data-grid" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_table">
<table class="data-grid" id="<?= $escaper->escapeHtmlAttr($block->getId()) ?>_table">
<?= $block->getChildHtml('grid.columnSet') ?>
</table>
</div>
</div>
<?php if ($block->canDisplayContainer()): ?>
<?php $useAjax = '';
if ($block->getUseAjax()):
$useAjax = $block->escapeJs($block->getUseAjax());
$useAjax = $escaper->escapeJs($block->getUseAjax());
endif;
$scriptString = <<<script

Expand All @@ -118,24 +120,24 @@ script;
], function(jQuery){

//<![CDATA[
{$block->escapeJs($block->getJsObjectName())} = new varienGrid('{$block->escapeJs($block->getId())}',
'{$block->escapeJs($block->getGridUrl())}', '{$block->escapeJs($block->getVarNamePage())}',
'{$block->escapeJs($block->getVarNameSort())}', '{$block->escapeJs($block->getVarNameDir())}',
'{$block->escapeJs($block->getVarNameFilter())}');
{$block->escapeJs($block->getJsObjectName())}.useAjax = '{$useAjax}';
{$escaper->escapeJs($block->getJsObjectName())} = new varienGrid('{$escaper->escapeJs($block->getId())}',
'{$escaper->escapeJs($block->getGridUrl())}', '{$escaper->escapeJs($block->getVarNamePage())}',
'{$escaper->escapeJs($block->getVarNameSort())}', '{$escaper->escapeJs($block->getVarNameDir())}',
'{$escaper->escapeJs($block->getVarNameFilter())}');
{$escaper->escapeJs($block->getJsObjectName())}.useAjax = '{$useAjax}';

script;
?>
<?php if ($block->getDateFilterVisibility()): ?>
<?php $scriptString .= <<<script

{$block->escapeJs($block->getJsObjectName())}.doFilterCallback = validateFilterDate;
var period_date_from = $('{$block->escapeJs($block->getSuffixId('period_date_from'))}');
var period_date_to = $('{$block->escapeJs($block->getSuffixId('period_date_to'))}');
{$escaper->escapeJs($block->getJsObjectName())}.doFilterCallback = validateFilterDate;
var period_date_from = $('{$escaper->escapeJs($block->getSuffixId('period_date_from'))}');
var period_date_to = $('{$escaper->escapeJs($block->getSuffixId('period_date_to'))}');
period_date_from.adviceContainer =
$('{$block->escapeJs($block->getSuffixId('period_date_from_advice'))}');
$('{$escaper->escapeJs($block->getSuffixId('period_date_from_advice'))}');
period_date_to.adviceContainer =
$('{$block->escapeJs($block->getSuffixId('period_date_to_advice'))}');
$('{$escaper->escapeJs($block->getSuffixId('period_date_to_advice'))}');

var validateFilterDate = function() {
if (period_date_from && period_date_to) {
Expand Down Expand Up @@ -169,11 +171,11 @@ script;
if (obj.switchParams) {
storeParam += obj.switchParams;
}
var formParam = new Array('{$block->escapeJs($block->getSuffixId('period_date_from'))}',
'{$block->escapeJs($block->getSuffixId('period_date_to'))}',
'{$block->escapeJs($block->getSuffixId('report_period'))}');
var formParam = new Array('{$escaper->escapeJs($block->getSuffixId('period_date_from'))}',
'{$escaper->escapeJs($block->getSuffixId('period_date_to'))}',
'{$escaper->escapeJs($block->getSuffixId('report_period'))}');
var paramURL = '';
var switchURL = '{$block->escapeJs($block->getAbsoluteGridUrl(['_current' => false]))}'
var switchURL = '{$escaper->escapeJs($block->getAbsoluteGridUrl(['_current' => false]))}'
.replace(/(store|group|website)\/\d+\//, '');

for (var i = 0; i < formParam.length; i++) {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,10 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
/**
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
* @var \Magento\Framework\Escaper $escaper
*/
?>

<div class="reports-content">
Expand Down Expand Up @@ -34,7 +37,7 @@ require([
}

if (jQuery('#filter_form').valid()) {
setLocation('{$block->escapeJs($block->getFilterUrl())}filter/'+
setLocation('{$escaper->escapeJs($block->getFilterUrl())}filter/'+
Base64.encode(Form.serializeElements(elements))+'/'
);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,17 +7,20 @@
/**
* @deprecated
*/
/**
* @var \Magento\Framework\Escaper $escaper
*/
?>
<?= $block->getChildHtml('grid') ?>

<div class="switcher f-left" style="margin: 10px 10px 10px 0px; padding:15px;">
<?= $block->escapeHtml(__('Customers that have Wish List: %1', $block->getCustomerWithWishlist())) ?>
<?= $escaper->escapeHtml(__('Customers that have Wish List: %1', $block->getCustomerWithWishlist())) ?>
</div>

<div class="switcher" style="float: right; margin: 10px 0px 10px 10px; padding:15px;">
<?= $block->escapeHtml(__('Number of Wish Lists: %1', $block->getWishlistsCount())) ?><br />
<?= $block->escapeHtml(__('Number of items bought from a Wish List: %1', $block->getItemsBought())) ?><br />
<?= $block->escapeHtml(__('Number of times Wish Lists have been shared (emailed): %1', $block->getSharedCount())) ?><br />
<?= $block->escapeHtml(__('Number of Wish List referrals: %1', $block->getReferralsCount())) ?><br />
<?= $block->escapeHtml(__('Number of Wish List conversions: %1', $block->getConversionsCount())) ?><br />
<?= $escaper->escapeHtml(__('Number of Wish Lists: %1', $block->getWishlistsCount())) ?><br />
<?= $escaper->escapeHtml(__('Number of items bought from a Wish List: %1', $block->getItemsBought())) ?><br />
<?= $escaper->escapeHtml(__('Number of times Wish Lists have been shared (emailed): %1', $block->getSharedCount())) ?><br />
<?= $escaper->escapeHtml(__('Number of Wish List referrals: %1', $block->getReferralsCount())) ?><br />
<?= $escaper->escapeHtml(__('Number of Wish List conversions: %1', $block->getConversionsCount())) ?><br />
</div>
Original file line number Diff line number Diff line change
Expand Up @@ -10,34 +10,35 @@

/**
* @see \Magento\Backend\Block\Store\Switcher
* @var \Magento\Framework\Escaper $escaper
*/
?>
<?php if ($block->isShow()) : ?>
<div class="field field-store-switcher">
<label class="label" for="store_switcher"><?= $block->escapeHtml(__('Show Report For:')) ?></label>
<label class="label" for="store_switcher"><?= $escaper->escapeHtml(__('Show Report For:')) ?></label>
<div class="control">
<select
<select
id="store_switcher"
class="admin__control-select"
name="store_switcher"
onchange="return switchStore(this);">
<option value=""><?= $block->escapeHtml(__('All Websites')) ?></option>
<option value=""><?= $escaper->escapeHtml(__('All Websites')) ?></option>
<?php foreach ($block->getWebsiteCollection() as $_website) : ?>
<?php $showWebsite = false; ?>
<?php foreach ($block->getGroupCollection($_website) as $_group) : ?>
<?php $showGroup = false; ?>
<?php foreach ($block->getStoreCollection($_group) as $_store) : ?>
<?php if ($showWebsite == false) : ?>
<?php $showWebsite = true; ?>
<option website="true" value="<?= $block->escapeHtmlAttr($_website->getId()) ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()) : ?> selected<?php endif; ?>>
<?= $block->escapeHtml($_website->getName()) ?>
<option website="true" value="<?= $escaper->escapeHtmlAttr($_website->getId()) ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()) : ?> selected<?php endif; ?>>
<?= $escaper->escapeHtml($_website->getName()) ?>
</option>
<?php endif; ?>
<?php if ($showGroup == false) : ?>
<?php $showGroup = true; ?>
<option group="true" value="<?= $block->escapeHtmlAttr($_group->getId()) ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()) : ?> selected<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_group->getName()) ?></option>
<option group="true" value="<?= $escaper->escapeHtmlAttr($_group->getId()) ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()) : ?> selected<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= $escaper->escapeHtml($_group->getName()) ?></option>
<?php endif; ?>
<option value="<?= $block->escapeHtmlAttr($_store->getId()) ?>"<?php if ($block->getStoreId() == $_store->getId()) : ?> selected<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_store->getName()) ?></option>
<option value="<?= $escaper->escapeHtmlAttr($_store->getId()) ?>"<?php if ($block->getStoreId() == $_store->getId()) : ?> selected<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= $escaper->escapeHtml($_store->getName()) ?></option>
<?php endforeach; ?>
<?php endforeach; ?>
<?php endforeach; ?>
Expand All @@ -60,7 +61,7 @@ require(['prototype'], function(){
if(obj.switchParams){
storeParam+= obj.switchParams;
}
setLocation('<?= $block->escapeUrl($block->getSwitchUrl()) ?>'+storeParam);
setLocation('<?= $escaper->escapeUrl($block->getSwitchUrl()) ?>'+storeParam);
}

});
Expand Down
Loading