Skip to content

Magento_Shipping: avoid using deprecated escape* methods from Abstrac… #31725

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
Expand Up @@ -6,44 +6,45 @@

/**
* @var \Magento\Shipping\Block\Adminhtml\Create\Form $block
* @var \Magento\Framework\Escaper $escaper
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
*/

/** @var \Magento\Tax\Helper\Data $taxHelper */
$taxHelper = $block->getData('taxHelper');
?>
<form id="edit_form" method="post" action="<?= $block->escapeUrl($block->getSaveUrl()) ?>">
<form id="edit_form" method="post" action="<?= $escaper->escapeUrl($block->getSaveUrl()) ?>">
<?= $block->getBlockHtml('formkey') ?>
<?php $_order = $block->getShipment()->getOrder() ?>
<?= $block->getChildHtml('order_info') ?>
<div class="admin__page-section">
<div class="admin__page-section-title">
<span class="title"><?= $block->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Payment &amp; Shipping Method')) ?></span>
</div>
<div class="admin__page-section-content">
<div class="admin__page-section-item order-payment-method">
<?php /* Billing Address */ ?>
<div class="admin__page-section-item-title">
<span class="title"><?=$block->escapeHtml(__('Payment Information')) ?></span>
<span class="title"><?=$escaper->escapeHtml(__('Payment Information')) ?></span>
</div>
<div class="admin__page-section-item-content">
<div><?= $block->getPaymentHtml() ?></div>
<div class="order-payment-currency">
<?= $block->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?>
<?= $escaper->escapeHtml(__('The order was placed using %1.', $_order->getOrderCurrencyCode())) ?>
</div>
</div>
</div>
<div class="admin__page-section-item order-shipping-address">
<?php /* Shipping Address */ ?>
<div class="admin__page-section-item-title">
<span class="title"><?= $block->escapeHtml(__('Shipping Information')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Shipping Information')) ?></span>
</div>
<div class="admin__page-section-item-content shipping-description-wrapper">
<div class="shipping-description-title">
<?= $block->escapeHtml($_order->getShippingDescription()) ?>
<?= $escaper->escapeHtml($_order->getShippingDescription()) ?>
</div>
<div class="shipping-description-content">
<?= $block->escapeHtml(__('Total Shipping Charges')) ?>:
<?= $escaper->escapeHtml(__('Total Shipping Charges')) ?>:

<?php if ($taxHelper->displayShippingPriceIncludingTax()): ?>
<?php $_excl = $block->displayShippingPriceInclTax($_order); ?>
Expand All @@ -54,7 +55,7 @@ $taxHelper = $block->getData('taxHelper');
<?= /** @noEscape */ $_excl ?>
<?php if ($taxHelper->displayShippingBothPrices()
&& $_incl != $_excl): ?>
(<?= $block->escapeHtml(__('Incl. Tax')) ?> <?= /** @noEscape */ $_incl ?>)
(<?= $escaper->escapeHtml(__('Incl. Tax')) ?> <?= /** @noEscape */ $_incl ?>)
<?php endif; ?>
</div>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,24 +4,27 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
/**
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
* @var \Magento\Framework\Escaper $escaper
*/
?>

<section class="admin__page-section">
<div class="admin__page-section-title">
<span class="title"><?= $block->escapeHtml(__('Items to Ship')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Items to Ship')) ?></span>
</div>
<div class="admin__table-wrapper">
<table class="data-table admin__table-primary order-shipment-table">
<thead>
<tr class="headings">
<th class="col-product"><span><?= $block->escapeHtml(__('Product')) ?></span></th>
<th class="col-ordered-qty"><span><?= $block->escapeHtml(__('Qty')) ?></span></th>
<th class="col-product"><span><?= $escaper->escapeHtml(__('Product')) ?></span></th>
<th class="col-ordered-qty"><span><?= $escaper->escapeHtml(__('Qty')) ?></span></th>
<th class="col-qty<?php if ($block->isShipmentRegular()): ?> last<?php endif; ?>">
<span><?= $block->escapeHtml(__('Qty to Ship')) ?></span>
<span><?= $escaper->escapeHtml(__('Qty to Ship')) ?></span>
</th>
<?php if (!$block->canShipPartiallyItem()): ?>
<th class="col-ship last"><span><?= $block->escapeHtml(__('Ship')) ?></span></th>
<th class="col-ship last"><span><?= $escaper->escapeHtml(__('Ship')) ?></span></th>
<?php endif; ?>
</tr>
</thead>
Expand All @@ -42,32 +45,32 @@

<section class="admin__page-section">
<div class="admin__page-section-title">
<span class="title"><?= $block->escapeHtml(__('Shipment Total')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Shipment Total')) ?></span>
</div>
<div class="admin__page-section-content order-comments-history">
<div class="admin__page-section-item">
<div class="admin__page-section-item-title">
<span class="title"><?= $block->escapeHtml(__('Shipment Comments')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Shipment Comments')) ?></span>
</div>
<div class="admin__page-section-item-content">
<div id="order-history_form" class="admin__field">
<label class="admin__field-label"
for="shipment_comment_text">
<span><?= $block->escapeHtml(__('Comment Text')) ?></span></label>
<span><?= $escaper->escapeHtml(__('Comment Text')) ?></span></label>
<div class="admin__field-control">
<textarea id="shipment_comment_text"
class="admin__control-textarea"
name="shipment[comment_text]"
rows="3"
cols="5"><?= $block->escapeHtml($block->getShipment()->getCommentText()) ?></textarea>
cols="5"><?= $escaper->escapeHtml($block->getShipment()->getCommentText()) ?></textarea>
</div>
</div>
</div>
</div>
</div>
<div class="admin__page-section-item order-totals order-totals-actions">
<div class="admin__page-section-item-title">
<span class="title"><?= $block->escapeHtml(__('Shipment Options')) ?></span>
<span class="title"><?= $escaper->escapeHtml(__('Shipment Options')) ?></span>
</div>
<div class="admin__page-section-item-content">
<?php if ($block->canCreateShippingLabel()): ?>
Expand All @@ -79,7 +82,7 @@
type="checkbox"/>
<label class="admin__field-label"
for="create_shipping_label">
<span><?= $block->escapeHtml(__('Create Shipping Label')) ?></span></label>
<span><?= $escaper->escapeHtml(__('Create Shipping Label')) ?></span></label>
<?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
'onclick',
'toggleCreateLabelCheckbox();',
Expand All @@ -96,7 +99,7 @@
type="checkbox"/>
<label class="admin__field-label"
for="notify_customer">
<span><?=$block->escapeHtml(__('Append Comments')) ?></span></label>
<span><?=$escaper->escapeHtml(__('Append Comments')) ?></span></label>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
<span><?=$escaper->escapeHtml(__('Append Comments')) ?></span></label>
<span><?= $escaper->escapeHtml(__('Append Comments')) ?></span></label>

</div>

<?php if ($block->canSendShipmentEmail()): ?>
Expand All @@ -108,7 +111,7 @@
type="checkbox"/>
<label class="admin__field-label"
for="send_email">
<span><?= $block->escapeHtml(__('Email Copy of Shipment')) ?></span></label>
<span><?= $escaper->escapeHtml(__('Email Copy of Shipment')) ?></span></label>
</div>
<?php endif; ?>
<?= $block->getChildHtml('submit_before') ?>
Expand Down Expand Up @@ -155,7 +158,7 @@ window.toggleCreateLabelCheckbox = function() {
window.submitShipment = function(btn) {
if (!validQtyItems()) {
alert({
content: '{$block->escapeJs(__('Invalid value(s) for Qty to Ship'))}'
content: '{$escaper->escapeJs(__('Invalid value(s) for Qty to Ship'))}'
});
return;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
//phpcs:disable Squiz.PHP.NonExecutableCode.Unreachable
/**
* @var \Magento\Shipping\Block\Adminhtml\Order\Packaging $block
* @var \Magento\Framework\Escaper $escaper
* @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer
*/
?>
Expand All @@ -20,7 +21,7 @@
<input type="checkbox"
id="select-items-<?= /* @noEscape */ $randomId ?>"
class="checkbox admin__control-checkbox"
title="<?= $block->escapeHtmlAttr(__('Select All')) ?>">
title="<?= $escaper->escapeHtmlAttr(__('Select All')) ?>">
<?= /* @noEscape */ $secureRenderer->renderEventListenerAsTag(
'onchange',
'packaging.checkAllItems(this);',
Expand All @@ -29,19 +30,19 @@
<label for="select-items-<?= /* @noEscape */ $randomId ?>"></label>
</label>
</th>
<th class="data-grid-th"><?= $block->escapeHtml(__('Product Name')) ?></th>
<th class="data-grid-th"><?= $block->escapeHtml(__('Weight')) ?></th>
<th class="data-grid-th"><?= $escaper->escapeHtml(__('Product Name')) ?></th>
<th class="data-grid-th"><?= $escaper->escapeHtml(__('Weight')) ?></th>
<th class="data-grid-th custom-value">
<?= $block->escapeHtml(__('Customs Value')) ?>
<?= $escaper->escapeHtml(__('Customs Value')) ?>
</th>
<?php if (!$block->displayCustomsValue()): ?>
<?= /* @noEscape */ $secureRenderer->renderStyleAsTag(
'display:none',
'#packaging-data-grid-' . $randomId . ' th.custom-value'
) ?>
<?php endif ?>
<th class="data-grid-th"><?= $block->escapeHtml(__('Qty Ordered')) ?></th>
<th class="data-grid-th"><?= $block->escapeHtml(__('Qty')) ?></th>
<th class="data-grid-th"><?= $escaper->escapeHtml(__('Qty Ordered')) ?></th>
<th class="data-grid-th"><?= $escaper->escapeHtml(__('Qty')) ?></th>
</tr>
</thead>
<tbody>
Expand Down Expand Up @@ -71,10 +72,10 @@
</label>
</td>
<td>
<?= $block->escapeHtml($item->getName()) ?>
<?= $escaper->escapeHtml($item->getName()) ?>
</td>
<td data-role="item-weight">
<?= $block->escapeHtml($item->getWeight()) ?>
<?= $escaper->escapeHtml($item->getWeight()) ?>
</td>
<?php
if ($block->displayCustomsValue()) {
Expand All @@ -88,7 +89,7 @@
<input type="text"
name="customs_value"
class="input-text admin__control-text <?= /* @noEscape */ $customsValueValidation ?>"
value="<?= $block->escapeHtmlAttr($block->formatPrice($item->getPrice())) ?>"
value="<?= $escaper->escapeHtmlAttr($block->formatPrice($item->getPrice())) ?>"
size="10">
</td>
<?php if (!$block->displayCustomsValue()): ?>
Expand All @@ -101,7 +102,7 @@
<?= /* @noEscape */ $item->getOrderItem()->getQtyOrdered() * 1 ?>
</td>
<td>
<input type="hidden" name="price" value="<?= $block->escapeHtml($item->getPrice()) ?>">
<input type="hidden" name="price" value="<?= $escaper->escapeHtml($item->getPrice()) ?>">
<input type="text"
name="qty"
value="<?= /* @noEscape */ $item->getQty() * 1 ?>"
Expand All @@ -113,7 +114,7 @@
id="packaging-delete-item-<?= /* @noEscape */ $randomId . '-' . $id ?>"
class="action-delete"
data-action="package-delete-item">
<span><?= $block->escapeHtml(__('Delete')) ?></span>
<span><?= $escaper->escapeHtml(__('Delete')) ?></span>
</button>
<?= /* @noEscape */ $secureRenderer->renderStyleAsTag(
'display:none',
Expand Down
Loading