Skip to content

Magento_Sales: avoid using deprecated escape* methods from AbstractBlock #31716

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,6 @@ public function getHeaderText()
*/
public function getCommentNote()
{
return $this->escapeHtml($this->getQuote()->getCustomerNote());
return $this->_escaper->escapeHtml($this->getQuote()->getCustomerNote());
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -387,7 +387,7 @@ public function getAddressAsString(\Magento\Customer\Api\Data\AddressInterface $
$result = $formatTypeRenderer->renderArray($this->addressMapper->toFlatArray($address));
}

return $this->escapeHtml($result);
return $this->_escaper->escapeHtml($result);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ protected function _toHtml()
return __('Edit Order #%1', $this->_getSession()->getOrder()->getIncrementId());
}
$out = $this->_getCreateOrderTitle();
return $this->escapeHtml($out);
return $this->_escaper->escapeHtml($out);
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ public function getIncludeTaxLabel()
{
return __(
'Shipping Incl. Tax (%1)',
$this->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
$this->_escaper->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
);
}

Expand All @@ -115,7 +115,7 @@ public function getExcludeTaxLabel()
{
return __(
'Shipping Excl. Tax (%1)',
$this->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
$this->_escaper->escapeHtml($this->getQuote()->getShippingAddress()->getShippingDescription())
);
}
}
4 changes: 2 additions & 2 deletions app/code/Magento/Sales/Block/Adminhtml/Order/View/Info.php
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ public function getCustomerAccountData()
$sortOrder = $this->_prepareAccountDataSortOrder($accountData, $sortOrder);
$accountData[$sortOrder] = [
'label' => $attribute->getFrontendLabel(),
'value' => $this->escapeHtml($value, ['br']),
'value' => $this->_escaper->escapeHtml($value, ['br']),
];
}
}
Expand All @@ -225,7 +225,7 @@ public function getAddressEditLink($address, $label = '')
$label = __('Edit');
}
$url = $this->getUrl('sales/order/address', ['address_id' => $address->getId()]);
return '<a href="' . $this->escapeUrl($url) . '">' . $this->escapeHtml($label) . '</a>';
return '<a href="' . $this->escapeUrl($url) . '">' . $this->_escaper->escapeHtml($label) . '</a>';
}

return '';
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ public function getItemCreatedAt(array $item, $dateType = 'date', $format = \Int
*/
public function getItemTitle(array $item)
{
return isset($item['title']) ? $this->escapeHtml($item['title']) : '';
return isset($item['title']) ? $this->_escaper->escapeHtml($item['title']) : '';
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ public function render(\Magento\Framework\DataObject $row)
protected function _getEscapedValue($value)
{
// phpcs:ignore Magento2.Functions.DiscouragedFunction
return addcslashes($this->escapeHtml($value), '\\\'');
return addcslashes($this->_escaper->escapeHtml($value), '\\\'');
}

/**
Expand Down
12 changes: 6 additions & 6 deletions app/code/Magento/Sales/Block/Adminhtml/Transactions/Detail.php
Original file line number Diff line number Diff line change
Expand Up @@ -126,17 +126,17 @@ protected function _toHtml()
));

$this->setParentTxnIdUrlHtml(
$this->escapeHtml($this->getUrl('sales/transactions/view', ['txn_id' => $this->_txn->getParentId()]))
$this->_escaper->escapeHtml($this->getUrl('sales/transactions/view', ['txn_id' => $this->_txn->getParentId()]))
);

$this->setParentTxnIdHtml($this->escapeHtml($this->_txn->getParentTxnId()));
$this->setParentTxnIdHtml($this->_escaper->escapeHtml($this->_txn->getParentTxnId()));

$this->setOrderIncrementIdHtml($this->escapeHtml($this->_txn->getOrder()->getIncrementId()));
$this->setOrderIncrementIdHtml($this->_escaper->escapeHtml($this->_txn->getOrder()->getIncrementId()));

$this->setTxnTypeHtml($this->escapeHtml(__($this->_txn->getTxnType())));
$this->setTxnTypeHtml($this->_escaper->escapeHtml(__($this->_txn->getTxnType())));

$this->setOrderIdUrlHtml(
$this->escapeHtml($this->getUrl('sales/order/view', ['order_id' => $this->_txn->getOrderId()]))
$this->_escaper->escapeHtml($this->getUrl('sales/order/view', ['order_id' => $this->_txn->getOrderId()]))
);

$this->setIsClosedHtml($this->_txn->getIsClosed() ? __('Yes') : __('No'));
Expand All @@ -150,7 +150,7 @@ protected function _toHtml()
) : __(
'N/A'
);
$this->setCreatedAtHtml($this->escapeHtml($createdAt));
$this->setCreatedAtHtml($this->_escaper->escapeHtml($createdAt));

return parent::_toHtml();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,13 +67,13 @@ public function getValueHtml($value)
return sprintf(
'%d',
$value['qty']
) . ' x ' . $this->escapeHtml(
) . ' x ' . $this->_escaper->escapeHtml(
$value['title']
) . " " . $this->getItem()->getOrder()->formatPrice(
$value['price']
);
} else {
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,10 @@ public function getValueHtml($value)
{
if (is_array($value)) {
return sprintf('%d', $value['qty'])
. ' x ' . $this->escapeHtml($value['title'])
. ' x ' . $this->_escaper->escapeHtml($value['title'])
. " " . $this->getItem()->getOrder()->formatPrice($value['price']);
} else {
return $this->escapeHtml($value);
return $this->_escaper->escapeHtml($value);
}
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -223,7 +223,7 @@ public function getProductAdditionalInformationBlock()
*/
public function prepareSku($sku)
{
return $this->escapeHtml($this->string->splitInjection($sku));
return $this->_escaper->escapeHtml($this->string->splitInjection($sku));
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public function decorateAction($value, $row, $column, $isExport)
$url = $this->getUrl('*/*/unassign');
$label = __('Unassign');
$cell = '<a href="#" data-post="'
.$this->escapeHtmlAttr(
.$this->_escaper->escapeHtmlAttr(
$this->json->serialize([
'action' => $url,
'data' => ['status' => $row->getStatus(), 'state' => $row->getState()]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
<?php
/**
* @var $block \Magento\Sales\Block\Adminhtml\Items\Column\Name
* @var \Magento\Framework\Escaper $escaper
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
*/
?>
Expand All @@ -19,29 +20,29 @@ $catalogHelper = $block->getData('catalogHelper');
<?php if ($_item = $block->getItem()): ?>
<div id="order_item_<?= (int) $_item->getId() ?>_title"
class="product-title">
<?= $block->escapeHtml($_item->getName()) ?>
<?= $escaper->escapeHtml($_item->getName()) ?>
</div>
<div class="product-sku-block">
<span><?= $block->escapeHtml(__('SKU'))?>:</span>
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($block->escapeHtml($block->getSku()))) ?>
<span><?= $escaper->escapeHtml(__('SKU'))?>:</span>
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($escaper->escapeHtml($block->getSku()))) ?>
</div>

<?php if ($block->getOrderOptions()): ?>
<dl class="item-options">
<?php foreach ($block->getOrderOptions() as $_option): ?>
<dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
<dt><?= $escaper->escapeHtml($_option['label']) ?>:</dt>
<dd>
<?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
<?= /* @noEscape */ $block->getCustomizedOptionValue($_option) ?>
<?php else: ?>
<?php $_option = $block->getFormattedOption($_option['value']); ?>
<?php $dots = 'dots' . uniqid(); ?>
<?php $id = 'id' . uniqid(); ?>
<?= $block->escapeHtml($_option['value'], ['a', 'br']) ?>
<?= $escaper->escapeHtml($_option['value'], ['a', 'br']) ?>
<?php if (isset($_option['remainder']) && $_option['remainder']): ?>
<span id="<?= /* @noEscape */ $dots; ?>"> ...</span>
<span id="<?= /* @noEscape */ $id; ?>">
<?= $block->escapeHtml($_option['remainder'], ['a']) ?>
<?= $escaper->escapeHtml($_option['remainder'], ['a']) ?>
</span>
<?php $scriptString = <<<script
require(['prototype'], function() {
Expand All @@ -68,5 +69,5 @@ script;
<?php endforeach; ?>
</dl>
<?php endif; ?>
<?= $block->escapeHtml($_item->getDescription()) ?>
<?= $escaper->escapeHtml($_item->getDescription()) ?>
<?php endif; ?>
Original file line number Diff line number Diff line change
Expand Up @@ -3,38 +3,41 @@
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
/**
* @var \Magento\Framework\Escaper $escaper
*/
?>
<?php if ($item = $block->getItem()) : ?>
<table class="qty-table">
<tr>
<th><?= $block->escapeHtml(__('Ordered')); ?></th>
<th><?= $escaper->escapeHtml(__('Ordered')); ?></th>
<td><?= (float) $item->getQtyOrdered() ?></td>
</tr>

<?php if ((float)$item->getQtyInvoiced()) : ?>
<tr>
<th><?= $block->escapeHtml(__('Invoiced')); ?></th>
<th><?= $escaper->escapeHtml(__('Invoiced')); ?></th>
<td><?= (float) $item->getQtyInvoiced() ?></td>
</tr>
<?php endif; ?>

<?php if ((float)$item->getQtyShipped()) : ?>
<tr>
<th><?= $block->escapeHtml(__('Shipped')); ?></th>
<th><?= $escaper->escapeHtml(__('Shipped')); ?></th>
<td><?= (float) $item->getQtyShipped() ?></td>
</tr>
<?php endif; ?>

<?php if ((float)$item->getQtyRefunded()) : ?>
<tr>
<th><?= $block->escapeHtml(__('Refunded')); ?></th>
<th><?= $escaper->escapeHtml(__('Refunded')); ?></th>
<td><?= (float) $item->getQtyRefunded() ?></td>
</tr>
<?php endif; ?>

<?php if ((float)$item->getQtyCanceled()) : ?>
<tr>
<th><?= $block->escapeHtml(__('Canceled')); ?></th>
<th><?= $escaper->escapeHtml(__('Canceled')); ?></th>
<td><?= (float) $item->getQtyCanceled() ?></td>
</tr>
<?php endif; ?>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,22 +5,25 @@
*/

// phpcs:disable Magento2.Templates.ThisInTemplate
/**
* @var \Magento\Framework\Escaper $escaper
*/
?>
<?= $block->escapeHtml($block->getItem()->getName()) ?>
<div><strong><?= $block->escapeHtml(__('SKU')) ?>:</strong> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($block->escapeHtml($block->getItem()->getSku()))) ?></div>
<?= $escaper->escapeHtml($block->getItem()->getName()) ?>
<div><strong><?= $escaper->escapeHtml(__('SKU')) ?>:</strong> <?= /* @noEscape */ implode('<br />', $this->helper(\Magento\Catalog\Helper\Data::class)->splitSku($escaper->escapeHtml($block->getItem()->getSku()))) ?></div>
<?php if ($block->getOrderOptions()) : ?>
<ul class="item-options">
<?php foreach ($block->getOrderOptions() as $option) : ?>
<li><strong><?= $block->escapeHtml($option['label']) ?>:</strong><br />
<li><strong><?= $escaper->escapeHtml($option['label']) ?>:</strong><br />
<?php if (is_array($option['value'])) : ?>
<?php foreach ($option['value'] as $item) : ?>
<?= $block->getValueHtml($item) ?><br />
<?php endforeach; ?>
<?php else : ?>
<?= $block->escapeHtml($option['value']) ?>
<?= $escaper->escapeHtml($option['value']) ?>
<?php endif; ?>
</li>
<?php endforeach; ?>
</ul>
<?php endif; ?>
<?= $block->escapeHtml($block->getItem()->getDescription()) ?>
<?= $escaper->escapeHtml($block->getItem()->getDescription()) ?>
Original file line number Diff line number Diff line change
Expand Up @@ -3,12 +3,16 @@
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

/**
* @var \Magento\Framework\Escaper $escaper
*/
?>
<div class="messages">
<div class="message message-notice">
<div class="message-inner">
<div class="message-content">
<?= $block->escapeHtml(
<?= $escaper->escapeHtml(
__('Changing address information will not recalculate shipping, tax or other order amount.')
) ?>
</div>
Expand All @@ -18,7 +22,7 @@

<div class="fieldset admin__fieldset-wrapper">
<legend class="legend admin__legend">
<span><?= $block->escapeHtml($block->getHeaderText()) ?></span>
<span><?= $escaper->escapeHtml($block->getHeaderText()) ?></span>
</legend>
<br>
<div class="form-inline" data-mage-init='{"Magento_Sales/order/edit/address/form":{}}'>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,17 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
/**
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
* @var \Magento\Framework\Escaper $escaper
*/
?>
<?php if ($_entity = $block->getEntity()): ?>
<div id="comments_block" class="edit-order-comments">
<div class="order-history-block">
<div class="admin__field field-row">
<label class="admin__field-label"
for="history_comment"><?= $block->escapeHtml(__('Comment Text')) ?></label>
for="history_comment"><?= $escaper->escapeHtml(__('Comment Text')) ?></label>
<div class="admin__field-control">
<textarea name="comment[comment]"
class="admin__control-textarea"
Expand All @@ -30,7 +33,7 @@
id="history_notify"
value="1" />
<label class="admin__field-label"
for="history_notify"><?= $block->escapeHtml(__('Notify Customer by Email')) ?></label>
for="history_notify"><?= $escaper->escapeHtml(__('Notify Customer by Email')) ?></label>
</div>
<?php endif; ?>
<div class="admin__field admin__field-option">
Expand All @@ -40,7 +43,7 @@
class="admin__control-checkbox"
value="1" />
<label class="admin__field-label"
for="history_visible"> <?= $block->escapeHtml(__('Visible on Storefront')) ?></label>
for="history_visible"> <?= $escaper->escapeHtml(__('Visible on Storefront')) ?></label>
</div>
</div>
<div class="order-history-comments-actions">
Expand All @@ -59,17 +62,17 @@
<?= /* @noEscape */ $block->formatTime($_comment->getCreatedAt(), \IntlDateFormatter::MEDIUM) ?>
</span>
<span class="note-list-customer">
<?= $block->escapeHtml(__('Customer')) ?>
<?= $escaper->escapeHtml(__('Customer')) ?>
<?php if ($_comment->getIsCustomerNotified()): ?>
<span class="note-list-customer-notified"><?= $block->escapeHtml(__('Notified')) ?></span>
<span class="note-list-customer-notified"><?= $escaper->escapeHtml(__('Notified')) ?></span>
<?php else: ?>
<span class="note-list-customer-not-notified">
<?= $block->escapeHtml(__('Not Notified')) ?>
<?= $escaper->escapeHtml(__('Not Notified')) ?>
</span>
<?php endif; ?>
</span>
<div class="note-list-comment">
<?= $block->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?>
<?= $escaper->escapeHtml($_comment->getComment(), ['b', 'br', 'strong', 'i', 'u', 'a']) ?>
</div>
</li>
<?php endforeach; ?>
Expand All @@ -78,7 +81,7 @@
<?php $scriptString = <<<script
require(['prototype'], function(){
submitComment = function() {
submitAndReloadArea($('comments_block').parentNode, '{$block->escapeJs($block->getSubmitUrl())}')
submitAndReloadArea($('comments_block').parentNode, '{$escaper->escapeJs($block->getSubmitUrl())}')
};
if ($('submit_comment_button')) {
$('submit_comment_button').observe('click', submitComment);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,14 @@
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

/**
* @var \Magento\Framework\Escaper $escaper
*/
?>

<div class="admin__page-section-title">
<span class="title"><?= $block->escapeHtml($block->getHeaderText()) ?></span>
<span class="title"><?= $escaper->escapeHtml($block->getHeaderText()) ?></span>
<?php if ($block->getButtonsHtml()) : ?>
<div class="actions"><?= $block->getButtonsHtml() ?></div>
<?php endif; ?>
Expand Down
Loading