Skip to content

Commit 21d4316

Browse files
heyitsrobertheheyitsroberthe
authored
Merge pull request #340 from magento-jackalopes/pr
[Jackalopes] MAGETWO-56339, MAGETWO-57231, MAGETWO-55775
2 parents 2cee680 + 9e3fd37 commit 21d4316

File tree

117 files changed

+1064
-646
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

117 files changed

+1064
-646
lines changed

app/code/Magento/Bundle/view/frontend/templates/catalog/product/view/type/bundle/option/checkbox.phtml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,7 +29,7 @@
2929
<input class="bundle-option-<?php /* @escapeNotVerified */ echo $_option->getId() ?> checkbox product bundle option change-container-classname"
3030
id="bundle-option-<?php /* @escapeNotVerified */ echo $_option->getId() ?>-<?php /* @escapeNotVerified */ echo $_selection->getSelectionId() ?>"
3131
type="checkbox"
32-
<?php if ($_option->getRequired()) echo 'data-validate="{\'validate-one-required-by-name\':\'input[name^=&quot;bundle_option[' . $_option->getId() . ']&quot;]:checked\'}"'?>
32+
<?php if ($_option->getRequired()) /* @escapeNotVerified */ echo 'data-validate="{\'validate-one-required-by-name\':\'input[name^=&quot;bundle_option[' . $_option->getId() . ']&quot;]:checked\'}"'?>
3333
name="bundle_option[<?php /* @escapeNotVerified */ echo $_option->getId() ?>][<?php /* @escapeNotVerified */ echo $_selection->getId() ?>]"
3434
data-selector="bundle_option[<?php /* @escapeNotVerified */ echo $_option->getId() ?>][<?php /* @escapeNotVerified */ echo $_selection->getId() ?>]"
3535
<?php if ($block->isSelected($_selection)) echo ' checked="checked"' ?>

app/code/Magento/Captcha/view/adminhtml/templates/default.phtml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,13 +6,14 @@
66

77
// @codingStandardsIgnoreFile
88

9+
/** @var \Magento\Captcha\Block\Captcha\DefaultCaptcha $block */
10+
11+
/** @var \Magento\Captcha\Model\DefaultModel $captcha */
12+
$captcha = $block->getCaptchaModel();
913
?>
10-
<?php /* @var $captcha \Magento\Captcha\Model\DefaultModel */ ?>
11-
<?php /* @var $block \Magento\Captcha\Block\Captcha\DefaultCaptcha */ ?>
12-
<?php $captcha = $block->getCaptchaModel() ?>
1314
<div class="admin__field _required">
1415
<label for="captcha" class="admin__field-label">
15-
<span><?php /* @escapeNotVerified */ echo __('Please enter the letters from the image') ?></span>
16+
<span><?php echo $block->escapeHtml(__('Please enter the letters from the image')) ?></span>
1617
</label>
1718
<div class="admin__field-control">
1819
<input
@@ -23,7 +24,7 @@
2324
data-validate="{required:true}"/>
2425
<?php if ($captcha->isCaseSensitive()) :?>
2526
<div class="admin__field-note">
26-
<span><?php /* @escapeNotVerified */ echo __('<strong>Attention</strong>: Captcha is case sensitive.') ?></span>
27+
<span><?php echo $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?></span>
2728
</div>
2829
<?php endif; ?>
2930
</div>
@@ -33,7 +34,7 @@
3334
id="captcha-reload"
3435
class="captcha-reload"
3536
src="<?php echo $block->escapeUrl($block->getViewFileUrl('Magento_Captcha::reload.png')) ?>"
36-
alt="<?php /* @escapeNotVerified */ echo __('Reload captcha') ?>"/>
37+
alt="<?php echo $block->escapeHtmlAttr(__('Reload captcha')) ?>"/>
3738
<img
3839
id="<?php echo $block->escapeHtmlAttr($block->getFormId()) ?>"
3940
width="<?php /* @noEscape */ echo (float) $block->getImgWidth() ?>"
@@ -44,7 +45,7 @@
4445
require(["prototype", "mage/captcha"], function(){
4546

4647
//<![CDATA[
47-
var captcha = new Captcha('<?php echo $block->escapeUrl($block->getRefreshUrl()) ?>', '<?php echo $block->escapeJs($block->getFormId()) ?>');
48+
var captcha = new Captcha('<?php echo $block->escapeJs($block->escapeUrl($block->getRefreshUrl())) ?>', '<?php echo $block->escapeJs($block->escapeHtml($block->getFormId())) ?>');
4849

4950
$('captcha-reload').observe('click', function () {
5051
captcha.refresh(this);

app/code/Magento/Captcha/view/frontend/templates/default.phtml

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -6,12 +6,13 @@
66

77
// @codingStandardsIgnoreFile
88

9+
/** @var \Magento\Captcha\Block\Captcha\DefaultCaptcha $block */
10+
11+
/** @var \Magento\Captcha\Model\DefaultModel $captcha */
12+
$captcha = $block->getCaptchaModel();
913
?>
10-
<?php /* @var $captcha \Magento\Captcha\Model\DefaultModel */ ?>
11-
<?php /* @var $block \Magento\Captcha\Block\Captcha\DefaultCaptcha */ ?>
12-
<?php $captcha = $block->getCaptchaModel() ?>
1314
<div class="field captcha required" role="<?php echo $block->escapeHtmlAttr($block->getFormId())?>">
14-
<label for="captcha_<?php echo $block->escapeHtmlAttr($block->getFormId()) ?>" class="label"><span><?php /* @escapeNotVerified */ echo __('Please type the letters below')?></span></label>
15+
<label for="captcha_<?php echo $block->escapeHtmlAttr($block->getFormId()) ?>" class="label"><span><?php echo $block->escapeHtml(__('Please type the letters below')) ?></span></label>
1516
<div class="control captcha">
1617
<input name="<?php echo $block->escapeHtmlAttr(\Magento\Captcha\Helper\Data::INPUT_NAME_FIELD_VALUE) ?>[<?php echo $block->escapeHtmlAttr($block->getFormId())?>]" type="text" class="input-text required-entry" data-validate="{required:true}" id="captcha_<?php echo $block->escapeHtmlAttr($block->getFormId()) ?>" />
1718
<div class="nested">
@@ -22,13 +23,13 @@
2223
"imageLoader": "<?php echo $block->escapeUrl($block->getViewFileUrl('images/loader-2.gif')) ?>",
2324
"type": "<?php echo $block->escapeHtmlAttr($block->getFormId()) ?>"}}'>
2425
<div class="control captcha-image">
25-
<img alt="<?php /* @escapeNotVerified */ echo __('Please type the letters below')?>" class="captcha-img" height="<?php /* @noEscape */ echo (float) $block->getImgHeight() ?>" src="<?php echo $block->escapeUrl($captcha->getImgSrc()) ?>"/>
26-
<button type="button" class="action reload captcha-reload" title="<?php /* @escapeNotVerified */ echo __('Reload captcha') ?>"><span><?php /* @escapeNotVerified */ echo __('Reload captcha') ?></span></button>
26+
<img alt="<?php echo $block->escapeHtmlAttr(__('Please type the letters below')) ?>" class="captcha-img" height="<?php /* @noEscape */ echo (float) $block->getImgHeight() ?>" src="<?php echo $block->escapeUrl($captcha->getImgSrc()) ?>"/>
27+
<button type="button" class="action reload captcha-reload" title="<?php echo $block->escapeHtmlAttr(__('Reload captcha')) ?>"><span><?php echo $block->escapeHtml(__('Reload captcha')) ?></span></button>
2728
</div>
2829
</div>
2930
<?php if ($captcha->isCaseSensitive()) :?>
3031
<div class="captcha-note note">
31-
<?php /* @escapeNotVerified */ echo __('<strong>Attention</strong>: Captcha is case sensitive.') ?>
32+
<?php echo $block->escapeHtml(__('<strong>Attention</strong>: Captcha is case sensitive.'), ['strong']) ?>
3233
</div>
3334
<?php endif; ?>
3435
</div>

app/code/Magento/Contact/view/frontend/templates/form.phtml

Lines changed: 14 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -5,49 +5,48 @@
55
*/
66

77
// @codingStandardsIgnoreFile
8-
8+
/** @var \Magento\Contact\Block\ContactForm $block */
99
?>
10-
<?php /** @var $block \Magento\Contact\Block\ContactForm */ ?>
1110
<form class="form contact"
1211
action="<?php echo $block->escapeUrl($block->getFormAction()); ?>"
1312
id="contact-form"
1413
method="post"
15-
data-hasrequired="<?php /* @escapeNotVerified */ echo __('* Required Fields') ?>"
14+
data-hasrequired="<?php echo $block->escapeHtmlAttr(__('* Required Fields')) ?>"
1615
data-mage-init='{"validation":{}}'>
1716
<fieldset class="fieldset">
18-
<legend class="legend"><span><?php /* @escapeNotVerified */ echo __('Write Us') ?></span></legend><br />
19-
<div class="field note no-label"><?php /* @escapeNotVerified */ echo __('Jot us a note and we’ll get back to you as quickly as possible.') ?></div>
17+
<legend class="legend"><span><?php echo $block->escapeHtml(__('Write Us')) ?></span></legend><br />
18+
<div class="field note no-label"><?php echo $block->escapeHtml(__('Jot us a note and we’ll get back to you as quickly as possible.')) ?></div>
2019
<div class="field name required">
21-
<label class="label" for="name"><span><?php /* @escapeNotVerified */ echo __('Name') ?></span></label>
20+
<label class="label" for="name"><span><?php echo $block->escapeHtml(__('Name')) ?></span></label>
2221
<div class="control">
23-
<input name="name" id="name" title="<?php /* @escapeNotVerified */ echo __('Name') ?>" value="<?php echo $block->escapeHtml($this->helper('Magento\Contact\Helper\Data')->getPostValue('name') ?: $this->helper('Magento\Contact\Helper\Data')->getUserName()) ?>" class="input-text" type="text" data-validate="{required:true}"/>
22+
<input name="name" id="name" title="<?php echo $block->escapeHtmlAttr(__('Name')) ?>" value="<?php echo $block->escapeHtmlAttr($this->helper('Magento\Contact\Helper\Data')->getPostValue('name') ?: $this->helper('Magento\Contact\Helper\Data')->getUserName()) ?>" class="input-text" type="text" data-validate="{required:true}"/>
2423
</div>
2524
</div>
2625
<div class="field email required">
27-
<label class="label" for="email"><span><?php /* @escapeNotVerified */ echo __('Email') ?></span></label>
26+
<label class="label" for="email"><span><?php echo $block->escapeHtml(__('Email')) ?></span></label>
2827
<div class="control">
29-
<input name="email" id="email" title="<?php /* @escapeNotVerified */ echo __('Email') ?>" value="<?php echo $block->escapeHtml($this->helper('Magento\Contact\Helper\Data')->getPostValue('email') ?: $this->helper('Magento\Contact\Helper\Data')->getUserEmail()) ?>" class="input-text" type="email" data-validate="{required:true, 'validate-email':true}"/>
28+
<input name="email" id="email" title="<?php echo $block->escapeHtmlAttr(__('Email')) ?>" value="<?php echo $block->escapeHtmlAttr($this->helper('Magento\Contact\Helper\Data')->getPostValue('email') ?: $this->helper('Magento\Contact\Helper\Data')->getUserEmail()) ?>" class="input-text" type="email" data-validate="{required:true, 'validate-email':true}"/>
3029
</div>
3130
</div>
3231
<div class="field telephone">
33-
<label class="label" for="telephone"><span><?php /* @escapeNotVerified */ echo __('Phone Number') ?></span></label>
32+
<label class="label" for="telephone"><span><?php echo $block->escapeHtml(__('Phone Number')) ?></span></label>
3433
<div class="control">
35-
<input name="telephone" id="telephone" title="<?php /* @escapeNotVerified */ echo __('Phone Number') ?>" value="<?php echo $block->escapeHtml($this->helper('Magento\Contact\Helper\Data')->getPostValue('telephone')) ?>" class="input-text" type="text" />
34+
<input name="telephone" id="telephone" title="<?php echo $block->escapeHtmlAttr(__('Phone Number')) ?>" value="<?php echo $block->escapeHtmlAttr($this->helper('Magento\Contact\Helper\Data')->getPostValue('telephone')) ?>" class="input-text" type="text" />
3635
</div>
3736
</div>
3837
<div class="field comment required">
39-
<label class="label" for="comment"><span><?php /* @escapeNotVerified */ echo __('What’s on your mind?') ?></span></label>
38+
<label class="label" for="comment"><span><?php echo $block->escapeHtml(__('What’s on your mind?')) ?></span></label>
4039
<div class="control">
41-
<textarea name="comment" id="comment" title="<?php /* @escapeNotVerified */ echo __('What’s on your mind?') ?>" class="input-text" cols="5" rows="3" data-validate="{required:true}"><?php echo $block->escapeHtml($this->helper('Magento\Contact\Helper\Data')->getPostValue('comment')) ?></textarea>
40+
<textarea name="comment" id="comment" title="<?php echo $block->escapeHtmlAttr(__('What’s on your mind?')) ?>" class="input-text" cols="5" rows="3" data-validate="{required:true}"><?php echo $block->escapeHtml($this->helper('Magento\Contact\Helper\Data')->getPostValue('comment')) ?></textarea>
4241
</div>
4342
</div>
4443
<?php echo $block->getChildHtml('form.additional.info'); ?>
4544
</fieldset>
4645
<div class="actions-toolbar">
4746
<div class="primary">
4847
<input type="hidden" name="hideit" id="hideit" value="" />
49-
<button type="submit" title="<?php /* @escapeNotVerified */ echo __('Submit') ?>" class="action submit primary">
50-
<span><?php /* @escapeNotVerified */ echo __('Submit') ?></span>
48+
<button type="submit" title="<?php echo $block->escapeHtmlAttr(__('Submit')) ?>" class="action submit primary">
49+
<span><?php echo $block->escapeHtml(__('Submit')) ?></span>
5150
</button>
5251
</div>
5352
</div>

app/code/Magento/Cookie/Block/RequireCookie.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,10 @@ class RequireCookie extends \Magento\Framework\View\Element\Template
1818
*/
1919
public function getScriptOptions()
2020
{
21-
$params = ['noCookieUrl' => $this->getUrl('cookie/index/noCookies/'), 'triggers' => $this->getTriggers()];
21+
$params = [
22+
'noCookieUrl' => $this->escapeUrl($this->getUrl('cookie/index/noCookies/')),
23+
'triggers' => $this->escapeHtml($this->getTriggers())
24+
];
2225
return json_encode($params);
2326
}
2427
}

app/code/Magento/Cookie/Helper/Cookie.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -84,7 +84,7 @@ public function isUserNotAllowSaveCookie()
8484
public function getAcceptedSaveCookiesWebsiteIds()
8585
{
8686
$acceptedSaveCookiesWebsites = $this->_getAcceptedSaveCookiesWebsites();
87-
$acceptedSaveCookiesWebsites[$this->_website->getId()] = 1;
87+
$acceptedSaveCookiesWebsites[(int)$this->_website->getId()] = 1;
8888
return json_encode($acceptedSaveCookiesWebsites);
8989
}
9090

app/code/Magento/Cookie/view/frontend/templates/html/notices.phtml

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -16,13 +16,13 @@
1616
style="display: none;">
1717
<div role="document" class="content" tabindex="0">
1818
<p>
19-
<strong><?php /* @escapeNotVerified */ echo __('We use cookies to make your experience better.') ?></strong>
20-
<span><?php /* @escapeNotVerified */ echo __('To comply with the new e-Privacy directive, we need to ask for your consent to set the cookies.') ?></span>
21-
<?php /* @escapeNotVerified */ echo __('<a href="%1">Learn more</a>.', $block->getPrivacyPolicyLink()) ?>
19+
<strong><?php echo $block->escapeHtml(__('We use cookies to make your experience better.')) ?></strong>
20+
<span><?php echo $block->escapeHtml(__('To comply with the new e-Privacy directive, we need to ask for your consent to set the cookies.')) ?></span>
21+
<?php echo $block->escapeHtml(__('<a href="%1">Learn more</a>.', $block->getPrivacyPolicyLink()), ['a']) ?>
2222
</p>
2323
<div class="actions">
2424
<button id="btn-cookie-allow" class="action allow primary">
25-
<span><?php /* @escapeNotVerified */ echo __('Allow Cookies');?></span>
25+
<span><?php echo $block->escapeHtml(__('Allow Cookies')); ?></span>
2626
</button>
2727
</div>
2828
</div>
@@ -35,7 +35,7 @@
3535
"cookieName": "<?php /* @noEscape */ echo \Magento\Cookie\Helper\Cookie::IS_USER_ALLOWED_SAVE_COOKIE ?>",
3636
"cookieValue": <?php /* @noEscape */ echo $this->helper(\Magento\Cookie\Helper\Cookie::class)->getAcceptedSaveCookiesWebsiteIds() ?>,
3737
"cookieLifetime": <?php /* @noEscape */ echo $this->helper(\Magento\Cookie\Helper\Cookie::class)->getCookieRestrictionLifetime()?>,
38-
"noCookiesUrl": "<?php echo $block->escapeUrl($block->getUrl('cookie/index/noCookies')) ?>"
38+
"noCookiesUrl": "<?php echo $block->escapeJs($block->escapeUrl($block->getUrl('cookie/index/noCookies'))) ?>"
3939
}
4040
}
4141
}

app/code/Magento/Customer/Block/Account/AuthenticationPopup.php

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -43,10 +43,10 @@ public function getJsLayout()
4343
public function getConfig()
4444
{
4545
return [
46-
'autocomplete' => $this->isAutocompleteEnabled(),
47-
'customerRegisterUrl' => $this->getCustomerRegisterUrlUrl(),
48-
'customerForgotPasswordUrl' => $this->getCustomerForgotPasswordUrl(),
49-
'baseUrl' => $this->getBaseUrl()
46+
'autocomplete' => $this->escapeHtml($this->isAutocompleteEnabled()),
47+
'customerRegisterUrl' => $this->escapeUrl($this->getCustomerRegisterUrlUrl()),
48+
'customerForgotPasswordUrl' => $this->escapeUrl($this->getCustomerForgotPasswordUrl()),
49+
'baseUrl' => $this->escapeUrl($this->getBaseUrl())
5050
];
5151
}
5252

app/code/Magento/Customer/Test/Unit/Block/Account/AuthenticationPopupTest.php

Lines changed: 36 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -16,10 +16,10 @@
1616

1717
class AuthenticationPopupTest extends \PHPUnit_Framework_TestCase
1818
{
19-
/** @var AuthenticationPopup */
19+
/** @var \Magento\Customer\Block\Account\AuthenticationPopup */
2020
private $model;
2121

22-
/** @var Context|\PHPUnit_Framework_MockObject_MockObject */
22+
/** @var \Magento\Framework\View\Element\Template\Context|\PHPUnit_Framework_MockObject_MockObject */
2323
private $contextMock;
2424

2525
/** @var StoreManagerInterface|\PHPUnit_Framework_MockObject_MockObject */
@@ -53,6 +53,24 @@ protected function setUp()
5353
$this->contextMock->expects($this->once())
5454
->method('getUrlBuilder')
5555
->willReturn($this->urlBuilderMock);
56+
$escaperMock = $this->getMockBuilder(\Magento\Framework\Escaper::class)
57+
->disableOriginalConstructor()
58+
->getMock();
59+
$escaperMock->method('escapeHtml')
60+
->willReturnCallback(
61+
function ($string) {
62+
return 'escapeHtml' . $string;
63+
}
64+
);
65+
$escaperMock->method('escapeUrl')
66+
->willReturnCallback(
67+
function ($string) {
68+
return 'escapeUrl' . $string;
69+
}
70+
);
71+
$this->contextMock->expects($this->once())
72+
->method('getEscaper')
73+
->willReturn($escaperMock);
5674

5775
$this->model = new AuthenticationPopup(
5876
$this->contextMock
@@ -110,10 +128,10 @@ public function dataProviderGetConfig()
110128
'reg',
111129
'forgot',
112130
[
113-
'autocomplete' => 'off',
114-
'customerRegisterUrl' => 'reg',
115-
'customerForgotPasswordUrl' => 'forgot',
116-
'baseUrl' => 'base',
131+
'autocomplete' => 'escapeHtmloff',
132+
'customerRegisterUrl' => 'escapeUrlreg',
133+
'customerForgotPasswordUrl' => 'escapeUrlforgot',
134+
'baseUrl' => 'escapeUrlbase',
117135
],
118136
],
119137
[
@@ -122,10 +140,10 @@ public function dataProviderGetConfig()
122140
'reg',
123141
'forgot',
124142
[
125-
'autocomplete' => 'on',
126-
'customerRegisterUrl' => 'reg',
127-
'customerForgotPasswordUrl' => 'forgot',
128-
'baseUrl' => '',
143+
'autocomplete' => 'escapeHtmlon',
144+
'customerRegisterUrl' => 'escapeUrlreg',
145+
'customerForgotPasswordUrl' => 'escapeUrlforgot',
146+
'baseUrl' => 'escapeUrl',
129147
],
130148
],
131149
[
@@ -134,10 +152,10 @@ public function dataProviderGetConfig()
134152
'',
135153
'forgot',
136154
[
137-
'autocomplete' => 'off',
138-
'customerRegisterUrl' => '',
139-
'customerForgotPasswordUrl' => 'forgot',
140-
'baseUrl' => 'base',
155+
'autocomplete' => 'escapeHtmloff',
156+
'customerRegisterUrl' => 'escapeUrl',
157+
'customerForgotPasswordUrl' => 'escapeUrlforgot',
158+
'baseUrl' => 'escapeUrlbase',
141159
],
142160
],
143161
[
@@ -146,10 +164,10 @@ public function dataProviderGetConfig()
146164
'reg',
147165
'',
148166
[
149-
'autocomplete' => 'on',
150-
'customerRegisterUrl' => 'reg',
151-
'customerForgotPasswordUrl' => '',
152-
'baseUrl' => 'base',
167+
'autocomplete' => 'escapeHtmlon',
168+
'customerRegisterUrl' => 'escapeUrlreg',
169+
'customerForgotPasswordUrl' => 'escapeUrl',
170+
'baseUrl' => 'escapeUrlbase',
153171
],
154172
],
155173
];

0 commit comments

Comments
 (0)