Skip to content

Commit d844ada

Browse files
dkvashninbaydkvashninbay
committed
Merge remote-tracking branch 'origin/MAGETWO-42819' into MPI-BUGFIXES
2 parents d71303c + 4563c18 commit d844ada

File tree

3 files changed

+86
-60
lines changed

3 files changed

+86
-60
lines changed

app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/iframe.phtml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -16,15 +16,15 @@ $helper = $block->getHelper('adminhtml');
1616
<head>
1717
<script>
1818
<?php if (isset($params['redirect'])): ?>
19-
window.location="<?php echo $block->escapeUrl($params['redirect']) ?>";
19+
window.location="<?php echo $block->escapeUrl($params['redirect']); ?>";
2020
<?php endif; ?>
2121
<?php if (isset($params['redirect_parent'])): ?>
22-
window.top.location="<?php echo $block->escapeUrl($params['redirect_parent']) ?>";
22+
window.top.location="<?php echo $block->escapeUrl($params['redirect_parent']); ?>";
2323
<?php endif; ?>
2424
<?php if (isset($params['error_msg'])): ?>
25-
window.top.directPostModel.showError(<?php /* @escapeNotVerified */ echo json_encode((array)$params['error_msg']) ?>);
25+
window.top.directPostModel.showError(<?php /* @noEscape */ echo json_encode((array)$params['error_msg']); ?>);
2626
<?php if (isset($params['x_invoice_num'])): ?>
27-
window.top.directPostModel.successUrl="<?php /* @escapeNotVerified */ echo $helper->getSuccessOrderUrl($params) ?>";
27+
window.top.directPostModel.successUrl="<?php echo $block->escapeUrl($helper->getSuccessOrderUrl($params)); ?>";
2828
<?php endif; ?>
2929
<?php endif; ?>
3030
</script>

app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml

Lines changed: 59 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -7,82 +7,95 @@
77
// @codingStandardsIgnoreFile
88

99
/**
10-
* @see \Magento\Authorizenet\Block\Directpost\Form
10+
* @var \Magento\Authorizenet\Block\Transparent\Iframe $block
11+
* @see \Magento\Authorizenet\Block\Transparent\Iframe
1112
*/
12-
?>
13-
<?php
14-
$_form = $block;
15-
$_code = $_form->getMethodCode();
16-
$_method = $_form->getMethod();
17-
$_controller = $block->getRequest()->getControllerName();
18-
$_orderUrl = $this->helper('Magento\Authorizenet\Helper\Backend\Data')->getPlaceOrderAdminUrl();
13+
$code = $block->getMethodCode();
14+
$method = $block->getMethod();
15+
$controller = $block->escapeHtml($block->getRequest()->getControllerName());
16+
$orderUrl = $block->escapeUrl($this->helper('Magento\Authorizenet\Helper\Backend\Data')->getPlaceOrderAdminUrl());
17+
$ccType = $block->getInfoData('cc_type');
18+
$ccExpMonth = $block->getInfoData('cc_exp_month');
19+
$ccExpYear = $block->getInfoData('cc_exp_year');
1920
?>
2021
<!-- IFRAME for request to our server -->
21-
<iframe id="order-directpost-iframe" allowtransparency="true" frameborder="0" name="iframeSubmitOrder" style="display:none;width:100%;background-color:transparent" src="<?php /* @escapeNotVerified */ echo $block->getViewFileUrl('blank.html') ?>"></iframe>
22+
<iframe id="order-directpost-iframe" allowtransparency="true" frameborder="0" name="iframeSubmitOrder"
23+
style="display:none;width:100%;background-color:transparent"
24+
src="<?php /* @noEscape */ echo $block->getViewFileUrl('blank.html'); ?>">
25+
</iframe>
2226
<!-- IFRAME for request to Authorize.net -->
23-
<iframe id="directpost-iframe" allowtransparency="true" frameborder="0" name="iframeDirectPost" style="display:none;width:100%;background-color:transparent" src="<?php /* @escapeNotVerified */ echo $block->getViewFileUrl('blank.html') ?>"></iframe>
24-
<fieldset class="admin__fieldset payment-method" id="payment_form_<?php /* @escapeNotVerified */ echo $_code ?>" style="display:none;">
27+
<iframe id="directpost-iframe" allowtransparency="true" frameborder="0" name="iframeDirectPost" style="display:none;width:100%;background-color:transparent"
28+
src="<?php /* @noEscape */ echo $block->getViewFileUrl('blank.html'); ?>">
29+
</iframe>
30+
<fieldset class="admin__fieldset payment-method" id="payment_form_<?php /* @noEscape */ echo $code; ?>" style="display:none;">
2531
<div class="admin__field _required">
26-
<label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type"
27-
class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('Credit Card Type') ?></span></label>
32+
<label for="<?php /* @noEscape */ echo $code; ?>_cc_type" class="admin__field-label">
33+
<span><?php echo $block->escapeHtml(__('Credit Card Type')); ?></span>
34+
</label>
2835
<div class="admin__field-control">
29-
<select id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type"
30-
name="payment[cc_type]"
36+
<select id="<?php /* @noEscape */ echo $code; ?>_cc_type" name="payment[cc_type]"
3137
class="required-entry validate-cc-type-select admin__control-select">
32-
<?php $_ccType = $_form->getInfoData('cc_type') ?>
3338
<option value=""></option>
34-
<?php foreach ($_form->getCcAvailableTypes() as $_typeCode => $_typeName): ?>
35-
<option value="<?php /* @escapeNotVerified */ echo $_typeCode ?>"
36-
<?php if ($_typeCode == $_ccType): ?>selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $_typeName ?></option>
37-
<?php endforeach ?>
39+
<?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
40+
<option value="<?php echo $block->escapeHtml($typeCode); ?>"
41+
<?php if ($typeCode == $ccType): ?>selected="selected"<?php endif; ?>>
42+
<?php echo $block->escapeHtml($typeName); ?>
43+
</option>
44+
<?php endforeach; ?>
3845
</select>
3946
</div>
4047
</div>
4148
<div class="admin__field _required">
42-
<label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number"
43-
class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('Credit Card Number') ?></span></label>
49+
<label for="<?php /* @noEscape */ echo $code; ?>_cc_number" class="admin__field-label">
50+
<span><?php echo $block->escapeHtml(__('Credit Card Number')); ?></span>
51+
</label>
4452

4553
<div class="admin__field-control">
46-
<input type="text" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number"
54+
<input type="text" id="<?php /* @noEscape */ echo $code; ?>_cc_number"
4755
name="payment[cc_number]"
4856
class="input-text required-entry validate-cc-number admin__control-text"
49-
value="<?php /* @escapeNotVerified */ echo $block->getInfoData('cc_number') ?>"/>
57+
value="<?php /* @noEscape */ echo $block->getInfoData('cc_number'); ?>"/>
5058
</div>
5159
</div>
5260
<div class="admin__field _required">
53-
<label for="<?php /* @escapeNotVerified */ echo $_code ?>_expiration"
54-
class="admin__field-label"><span><?php /* @escapeNotVerified */ echo __('Expiration Date') ?></span></label>
61+
<label for="<?php /* @noEscape */ echo $code; ?>_expiration" class="admin__field-label">
62+
<span><?php echo $block->escapeHtml(__('Expiration Date')); ?></span>
63+
</label>
5564

5665
<div class="admin__field-control">
57-
<select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration"
66+
<select id="<?php /* @noEscape */ echo $code; ?>_expiration"
5867
name="payment[cc_exp_month]"
5968
class="validate-cc-exp required-entry admin__control-select admin__control-select-month">
60-
<?php $_ccExpMonth = $_form->getInfoData('cc_exp_month') ?>
61-
<?php foreach ($_form->getCcMonths() as $k => $v): ?>
62-
<option value="<?php /* @escapeNotVerified */ echo $k ?>"
63-
<?php if ($k == $_ccExpMonth): ?>selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
64-
<?php endforeach ?>
69+
<?php foreach ($block->getCcMonths() as $k => $v): ?>
70+
<option value="<?php echo $block->escapeHtml($k); ?>"
71+
<?php if ($k == $ccExpMonth): ?>selected="selected"<?php endif; ?>>
72+
<?php echo $block->escapeHtml($v); ?>
73+
</option>
74+
<?php endforeach; ?>
6575
</select>
66-
<?php $_ccExpYear = $_form->getInfoData('cc_exp_year') ?>
67-
<select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration_yr"
76+
<select id="<?php /* @noEscape */ echo $code; ?>_expiration_yr"
6877
name="payment[cc_exp_year]"
6978
class="required-entry admin__control-select admin__control-select-year">
70-
<?php foreach ($_form->getCcYears() as $k => $v): ?>
71-
<option value="<?php /* @escapeNotVerified */ echo $k ? $k : '' ?>"
72-
<?php if ($k == $_ccExpYear): ?>selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
79+
<?php foreach ($block->getCcYears() as $k => $v): ?>
80+
<option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : ''; ?>"
81+
<?php if ($k == $ccExpYear): ?>selected="selected"<?php endif; ?>>
82+
<?php echo $block->escapeHtml($v); ?>
83+
</option>
7384
<?php endforeach ?>
7485
</select>
7586
</div>
7687
</div>
7788
<?php if ($_form->hasVerification()): ?>
7889
<div class="admin__field _required">
79-
<label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid"><span><?php /* @escapeNotVerified */ echo __('Card Verification Number') ?></span></label>
90+
<label for="<?php /* @noEscape */ echo $code; ?>_cc_cid">
91+
<span><?php echo $block->escapeHtml(__('Card Verification Number')); ?></span>
92+
</label>
8093

8194
<div class="admin__field-control">
8295
<input type="text"
8396
class="required-entry input-text validate-cc-cvn admin__control-text"
84-
id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid" name="payment[cc_cid]"
85-
value="<?php /* @escapeNotVerified */ echo $block->getInfoData('cc_cid') ?>"/>
97+
id="<?php /* @noEscape */ echo $code; ?>_cc_cid" name="payment[cc_cid]"
98+
value="<?php /* @noEscape */ echo $block->getInfoData('cc_cid') ?>"/>
8699
</div>
87100
</div>
88101
<?php endif; ?>
@@ -98,19 +111,19 @@ $_orderUrl = $this->helper('Magento\Authorizenet\Helper\Backend\Data')->getPlace
98111
/**
99112
* Disable card server validation in admin
100113
*/
101-
order.addExcludedPaymentMethod('<?php /* @escapeNotVerified */ echo $_code ?>');
114+
order.addExcludedPaymentMethod('<?php /* @noEscape */ echo $code; ?>');
102115

103116
<?php if (!$block->isAjaxRequest()): ?>
104117
document.observe('dom:loaded', function(){
105118
<?php endif; ?>
106119

107120
directPostModel = new directPost(
108-
'<?php /* @escapeNotVerified */ echo $_code ?>',
121+
'<?php /* @noEscape */ echo $code; ?>',
109122
'directpost-iframe',
110-
'<?php /* @escapeNotVerified */ echo $_controller ?>',
111-
'<?php /* @escapeNotVerified */ echo $_orderUrl ?>',
112-
'<?php /* @escapeNotVerified */ echo $_method->getCgiUrl() ?>',
113-
'<?php /* @escapeNotVerified */ echo $block->getUrl('*/*/save', ['_secure' => $block->getRequest()->isSecure()]) ?>');
123+
'<?php /* @noEscape */ echo $controller; ?>',
124+
'<?php /* @noEscape */ echo $orderUrl; ?>',
125+
'<?php echo $block->escapeUrl($method->getCgiUrl()); ?>',
126+
'<?php /* @noEscape */ echo $block->getUrl('*/*/save', ['_secure' => $block->getRequest()->isSecure()]) ?>');
114127

115128
<?php if (!$block->isAjaxRequest()): ?>
116129
});

app/code/Magento/Authorizenet/view/adminhtml/templates/order/view/info/fraud_details.phtml

Lines changed: 23 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,38 +5,51 @@
55
*/
66

77
// @codingStandardsIgnoreFile
8+
/**
9+
* @var \Magento\Authorizenet\Block\Adminhtml\Order\View\Info\FraudDetails $block
10+
*/
11+
$payment = $block->getPayment();
12+
$fraudDetails = $payment->getAdditionalInformation('fraud_details');
813
?>
914

10-
<?php $payment = $block->getPayment() ?>
11-
<?php $fraudDetails = $payment->getAdditionalInformation('fraud_details') ?>
12-
1315
<?php if (!empty($fraudDetails)): ?>
1416
<div class="admin__page-section-item-title">
15-
<span class="title"><?php /* @escapeNotVerified */ echo __('Fraud Detection ') ?></span>
17+
<span class="title"><?php echo $block->escapeHtml(__('Fraud Detection ')); ?></span>
1618
</div>
1719

1820
<div class="admin__page-section-item-content">
1921
<div class="order-payment-additional">
2022
<?php if(!empty($fraudDetails['fds_filter_action'])): ?>
21-
<?php /* @escapeNotVerified */ echo __('FDS Filter Action') ?>: <?php /* @escapeNotVerified */ echo $fraudDetails['fds_filter_action'] ?></br>
23+
<?php echo $block->escapeHtml(__('FDS Filter Action')); ?>:
24+
<?php echo $block->escapeHtml($fraudDetails['fds_filter_action']); ?>
25+
</br>
2226
<?php endif; ?>
2327

2428
<?php if(!empty($fraudDetails['avs_response'])): ?>
25-
<?php /* @escapeNotVerified */ echo __('AVS Response') ?>: <?php /* @escapeNotVerified */ echo $fraudDetails['avs_response'] ?></br>
29+
<?php echo $block->escapeHtml(__('AVS Response')); ?>:
30+
<?php echo $block->escapeHtml($fraudDetails['avs_response']); ?>
31+
</br>
2632
<?php endif; ?>
2733

2834
<?php if(!empty($fraudDetails['card_code_response'])): ?>
29-
<?php /* @escapeNotVerified */ echo __('Card Code Response') ?>: <?php /* @escapeNotVerified */ echo $fraudDetails['card_code_response'] ?></br>
35+
<?php echo $block->escapeHtml(__('Card Code Response')); ?>:
36+
<?php echo $block->escapeHtml($fraudDetails['card_code_response']); ?>
37+
</br>
3038
<?php endif; ?>
3139

3240
<?php if(!empty($fraudDetails['cavv_response']) || ($fraudDetails['cavv_response'] === 0)): ?>
33-
<?php /* @escapeNotVerified */ echo __('CAVV Response') ?>: <?php /* @escapeNotVerified */ echo $fraudDetails['cavv_response'] ?></br>
41+
<?php echo $block->escapeHtml(__('CAVV Response')); ?>:
42+
<?php echo $block->escapeHtml($fraudDetails['cavv_response']); ?>
43+
</br>
3444
<?php endif; ?>
3545

3646
<?php if(!empty($fraudDetails['fraud_filters'])): ?>
37-
<b><?php /* @escapeNotVerified */ echo __('Fraud Filters') ?>:</b></br>
47+
<b><?php echo $block->escapeHtml(__('Fraud Filters')); ?>:
48+
</b></br>
3849
<?php foreach($fraudDetails['fraud_filters'] as $filter): ?>
39-
<?php /* @escapeNotVerified */ echo $filter['name'] ?>: <?php /* @escapeNotVerified */ echo $filter['action'] ?></br>
50+
<?php echo $block->escapeHtml($filter['name']); ?>:
51+
<?php echo $block->escapeHtml($filter['action']); ?>
52+
</br>
4053
<?php endforeach; ?>
4154
<?php endif; ?>
4255
</div>

0 commit comments

Comments
 (0)