Skip to content

Commit

Permalink
MAGETWO-55809: Eliminate @escapeNotVerified in Module Backend
Browse files Browse the repository at this point in the history
  • Loading branch information
Oleksandr Gorkun committed May 28, 2019
1 parent 73a25b2 commit c844e34
Show file tree
Hide file tree
Showing 25 changed files with 168 additions and 190 deletions.
6 changes: 4 additions & 2 deletions app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
/**
* @see \Magento\Backend\Block\Denied
*/

// phpcs:disable Magento2.Security.Superglobal
?>
<hr class="access-denied-hr"/>
<div class="access-denied-page">
Expand All @@ -18,10 +20,10 @@
<li><span><?= $block->escapeHtml(__('Contact a system administrator or store owner to gain permissions.')) ?></span></li>
<li>
<span><?= $block->escapeHtml(__('Return to ')) ?>
<?php if(isset($_SERVER['HTTP_REFERER'])): ?>
<?php if (isset($_SERVER['HTTP_REFERER'])) : ?>
<a href="<?= $block->escapeUrl(__($_SERVER['HTTP_REFERER'])) ?>">
<?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
<?php else: ?>
<?php else : ?>
<a href="<?= $block->escapeHtmlAttr(__('javascript:history.back()')) ?>">
<?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
<?php endif ?>
Expand Down
6 changes: 3 additions & 3 deletions app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<div class="wrapper-popup">
<div class="middle" id="anchor-content">
<div id="page:main-container">
<?php if ($block->getChildHtml('left')): ?>
<?php if ($block->getChildHtml('left')) : ?>
<div class="columns <?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?>" id="page:container">
<div id="page:left" class="side-col">
<?= $block->getChildHtml('left') ?>
Expand All @@ -21,13 +21,13 @@
</div>
</div>
</div>
<?php else: ?>
<?php else : ?>
<div id="messages" data-container-for="messages"><?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?></div>
<?= $block->getChildHtml('content') ?>
<?php endif; ?>
</div>
</div>
<?php if ($block->getChildHtml('footer')): ?>
<?php if ($block->getChildHtml('footer')) : ?>
<div class="footer">
<?= $block->getChildHtml('footer') ?>
</div>
Expand Down
6 changes: 3 additions & 3 deletions app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
<?= $block->getChildHtml('head') ?>
</head>

<body id="html-body"<?= $block->getBodyClass() ? ' class="' . $block->getBodyClass() . '"' : '' ?> data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
<body id="html-body" class="<?= $block->escapeHtmlAttr($block->getBodyClass()) ?>" data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
<div class="page-wrapper">
<?= $block->getChildHtml('notification_window') ?>
<?= $block->getChildHtml('global_notices') ?>
Expand All @@ -28,7 +28,7 @@
<?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
</div>
<?= $block->getChildHtml('page_main_actions') ?>
<?php if ($block->getChildHtml('left')): ?>
<?php if ($block->getChildHtml('left')) : ?>
<div id="page:main-container" class="<?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?> col-2-left-layout">
<div class="main-col" id="content">
<?= $block->getChildHtml('content') ?>
Expand All @@ -38,7 +38,7 @@
<?= $block->getChildHtml('left') ?>
</div>
</div>
<?php else: ?>
<?php else : ?>
<div id="page:main-container" class="col-1-layout">
<?= $block->getChildHtml('content') ?>
</div>
Expand Down
11 changes: 7 additions & 4 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,11 @@
class="label"><?= $block->escapeHtml(__('Select Range:')) ?></label>
<select name="period" id="order_<?= $block->getHtmlId() ?>_period"
onchange="changeDiagramsPeriod(this);" class="admin__control-select">
<?php foreach ($this->helper('Magento\Backend\Helper\Dashboard\Data')->getDatePeriods() as $value => $label): ?>
<?php if (in_array($value, ['custom'])) {
<?php //phpcs:disable ?>
<?php foreach ($this->helper(\Magento\Backend\Helper\Dashboard\Data::class)->getDatePeriods() as $value => $label) : ?>
<?php
//phpcs:enable
if (in_array($value, ['custom'])) {
continue;
} ?>
<option value="<?= /* @noEscape */ $value ?>"
Expand All @@ -20,11 +23,11 @@
<?php endforeach; ?>
</select>
</div>
<?php if ($block->getCount()): ?>
<?php if ($block->getCount()) : ?>
<div class="dashboard-diagram-image">
<img src="<?= $block->escapeUrl($block->getChartUrl(false)) ?>" class="dashboard-diagram-chart" alt="Chart" title="Chart" />
</div>
<?php else: ?>
<?php else : ?>
<div class="dashboard-diagram-nodata">
<span><?= $block->escapeHtml(__('No Data Found')) ?></span>
</div>
Expand Down
72 changes: 36 additions & 36 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,84 +6,84 @@
?>
<?php

$numColumns = sizeof($block->getColumns());
$numColumns = count($block->getColumns());
?>
<?php if ($block->getCollection()): ?>
<?php if ($block->getCollection()) : ?>
<div class="dashboard-item-content">
<?php if ($block->getCollection()->getSize()>0): ?>
<?php if ($block->getCollection()->getSize() > 0) : ?>
<table class="admin__table-primary dashboard-data" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_table">
<?php
/* This part is commented to remove all <col> tags from the code. */
/* foreach ($block->getColumns() as $_column): ?>
<col <?= $_column->getHtmlProperty() ?> />
<?php endforeach; */ ?>
<?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()): ?>
<?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()) : ?>
<thead>
<?php if ($block->getHeadersVisibility()): ?>
<?php if ($block->getHeadersVisibility()) : ?>
<tr>
<?php foreach ($block->getColumns() as $_column): ?>
<?php foreach ($block->getColumns() as $_column) : ?>
<?= $_column->getHeaderHtml() ?>
<?php endforeach; ?>
</tr>
<?php endif; ?>
</thead>
<?php endif; ?>
<?php if (!$block->getIsCollapsed()): ?>
<?php if (!$block->getIsCollapsed()) : ?>
<tbody>
<?php foreach ($block->getCollection() as $_index => $_item): ?>
<?php foreach ($block->getCollection() as $_index => $_item) : ?>
<tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>">
<?php $i = 0; foreach ($block->getColumns() as $_column): ?>
<td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= ++$i == $numColumns ? 'last' : '' ?>"><?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
<?php $i = 0; foreach ($block->getColumns() as $_column) : ?>
<td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ ++$i == $numColumns ? 'last' : '' ?>"><?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
<?php endforeach; ?>
</tr>
<?php endforeach; ?>
</tbody>
<?php endif; ?>
</table>
<?php else: ?>
<?php else : ?>
<div class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></div>
<?php endif; ?>
</div>
<?php if ($block->canDisplayContainer()): ?>
<?php if ($block->canDisplayContainer()) : ?>
<script>
var deps = [];

<?php if ($block->getDependencyJsObject()): ?>
<?php if ($block->getDependencyJsObject()) : ?>
deps.push('uiRegistry');
<?php endif; ?>
<?php endif; ?>

<?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
<?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
deps.push('Magento_Sales/order/create/form');
<?php endif; ?>
<?php endif; ?>

deps.push('mage/adminhtml/grid');

require(deps, function(<?= ($block->getDependencyJsObject() ? 'registry' : '') ?>){
<?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
<?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>

<?php if ($block->getDependencyJsObject()): ?>
<?php if ($block->getDependencyJsObject()) : ?>
registry.get('<?= $block->escapeJs($block->getDependencyJsObject()) ?>', function (<?= $block->escapeJs($block->getDependencyJsObject()) ?>) {
<?php endif; ?>
<?php endif; ?>

<?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid('<?= $block->escapeJs($block->getId()) ?>', '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
<?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = '<?= $block->escapeJs($block->getUseAjax()) ?>';
<?php if ($block->getRowClickCallback()): ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
<?php endif; ?>
<?php if ($block->getCheckboxCheckCallback()): ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
<?php endif; ?>
<?php if ($block->getRowInitCallback()): ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
<?= $block->escapeJs($block->getJsObjectName()) ?>.rows.each(function(row){<?= /* @noEscape */ $block->getRowInitCallback() ?>(<?= $block->escapeJs($block->getJsObjectName()) ?>, row)});
<?php endif; ?>
<?php if ($block->getMassactionBlock()->isAvailable()): ?>
<?= /* @noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
<?php endif ?>
<?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid('<?= $block->escapeJs($block->getId()) ?>', '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
<?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = '<?= $block->escapeJs($block->getUseAjax()) ?>';
<?php if ($block->getRowClickCallback()) : ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
<?php endif; ?>
<?php if ($block->getCheckboxCheckCallback()) : ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
<?php endif; ?>
<?php if ($block->getRowInitCallback()): ?>
<?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
<?= $block->escapeJs($block->getJsObjectName()) ?>.rows.each(function(row){<?= /* @noEscape */ $block->getRowInitCallback() ?>(<?= $block->escapeJs($block->getJsObjectName()) ?>, row)});
<?php endif; ?>
<?php if ($block->getMassactionBlock()->isAvailable()): ?>
<?= /* @noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
<?php endif ?>

<?php if ($block->getDependencyJsObject()): ?>
<?php if ($block->getDependencyJsObject()) : ?>
});
<?php endif; ?>
<?php endif; ?>

});
</script>
Expand Down
8 changes: 4 additions & 4 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/index.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,9 +14,9 @@ require([

window.changeDiagramsPeriod = function(periodObj) {
periodParam = periodObj.value ? 'period/' + periodObj.value + '/' : '';
<?php foreach ($block->getChildBlock('diagrams')->getTabsIds() as $tabId): ?>
<?php foreach ($block->getChildBlock('diagrams')->getTabsIds() as $tabId) : ?>
ajaxBlockParam = 'block/tab_<?= $block->escapeJs($tabId) ?>/';
ajaxBlockUrl = '<?= $block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => '', 'period' => '']) ?>' + ajaxBlockParam + periodParam;
ajaxBlockUrl = '<?= $block->escapeJs($block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => '', 'period' => ''])) ?>' + ajaxBlockParam + periodParam;
new Ajax.Request(ajaxBlockUrl, {
parameters: {isAjax: 'true', form_key: FORM_KEY},
onSuccess: function(transport) {
Expand All @@ -41,8 +41,8 @@ window.changeDiagramsPeriod = function(periodObj) {
}
}
});
<?php endforeach; ?>
ajaxBlockUrl = '<?= $block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => 'totals', 'period' => '']) ?>' + periodParam;
<?php endforeach; ?>
ajaxBlockUrl = '<?= $block->escapeJs($block->getUrl('adminhtml/*/ajaxBlock', ['_current' => true, 'block' => 'totals', 'period' => ''])) ?>' + periodParam;
new Ajax.Request(ajaxBlockUrl, {
parameters: {isAjax: 'true', form_key: FORM_KEY},
onSuccess: function(transport) {
Expand Down
4 changes: 2 additions & 2 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/salebar.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@
* See COPYING.txt for license details.
*/
?>
<?php if (sizeof($block->getTotals()) > 0): ?>
<?php foreach ($block->getTotals() as $_total): ?>
<?php if (count($block->getTotals()) > 0) : ?>
<?php foreach ($block->getTotals() as $_total) : ?>
<div class="dashboard-item dashboard-item-primary">
<div class="dashboard-item-title"><?= $block->escapeHtml($_total['label']) ?></div>
<div class="dashboard-item-content">
Expand Down
6 changes: 3 additions & 3 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/searches.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@
* See COPYING.txt for license details.
*/
?>
<?php if (count($block->getCollection()->getItems()) > 0): ?>
<?php if (count($block->getCollection()->getItems()) > 0) : ?>
<div class="searches-results">
<?php foreach ($block->getCollection()->getItems() as $item): ?>
<?php foreach ($block->getCollection()->getItems() as $item) : ?>
<span><?= $block->escapeHtml($item->getQueryText()) ?></span><br />
<?php endforeach; ?>
</div>
<?php else: ?>
<?php else : ?>
<div class="empty-text"><?= $block->escapeHtml(__('There are no search keywords.')) ?></div>
<?php endif; ?>
18 changes: 9 additions & 9 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/store/switcher.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,23 +8,23 @@
<?= $block->getHintHtml() ?>
<select name="store_switcher" id="store_switcher" class="left-col-block" onchange="return switchStore(this);">
<option value=""><?= $block->escapeHtml(__('All Websites')) ?></option>
<?php foreach ($block->getWebsiteCollection() as $_website): ?>
<?php foreach ($block->getWebsiteCollection() as $_website) : ?>
<?php $showWebsite = false; ?>
<?php foreach ($block->getGroupCollection($_website) as $_group): ?>
<?php foreach ($block->getGroupCollection($_website) as $_group) : ?>
<?php $showGroup = false; ?>
<?php foreach ($block->getStoreCollection($_group) as $_store): ?>
<?php if ($showWebsite == false): ?>
<?php foreach ($block->getStoreCollection($_group) as $_store) : ?>
<?php if ($showWebsite == false) : ?>
<?php $showWebsite = true; ?>
<option website="true" value="<?= $block->escapeHtmlAttr($_website->getId()) ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()): ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_website->getName()) ?></option>
<option website="true" value="<?= $block->escapeHtmlAttr($_website->getId()) ?>"<?php if ($block->getRequest()->getParam('website') == $_website->getId()) : ?> selected="selected"<?php endif; ?>><?= $block->escapeHtml($_website->getName()) ?></option>
<?php endif; ?>
<?php if ($showGroup == false): ?>
<?php if ($showGroup == false) : ?>
<?php $showGroup = true; ?>
<!--optgroup label="&nbsp;&nbsp;&nbsp;<?= /* @noEscape */ $_group->getName() ?>"-->
<option group="true" value="<?= $block->escapeHtmlAttr($_group->getId()) ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()): ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_group->getName()) ?></option>
<option group="true" value="<?= $block->escapeHtmlAttr($_group->getId()) ?>"<?php if ($block->getRequest()->getParam('group') == $_group->getId()) : ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_group->getName()) ?></option>
<?php endif; ?>
<option value="<?= $block->escapeHtmlAttr($_store->getId()) ?>"<?php if ($block->getStoreId() == $_store->getId()): ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_store->getName()) ?></option>
<option value="<?= $block->escapeHtmlAttr($_store->getId()) ?>"<?php if ($block->getStoreId() == $_store->getId()) : ?> selected="selected"<?php endif; ?>>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<?= $block->escapeHtml($_store->getName()) ?></option>
<?php endforeach; ?>
<?php if ($showGroup): ?>
<?php if ($showGroup) : ?>
<!--</optgroup>-->
<?php endif; ?>
<?php endforeach; ?>
Expand Down
4 changes: 2 additions & 2 deletions app/code/Magento/Backend/view/adminhtml/templates/dashboard/totalbar.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,10 @@
* See COPYING.txt for license details.
*/
?>
<?php if (sizeof($block->getTotals()) > 0): ?>
<?php if (count($block->getTotals()) > 0) : ?>
<div class="dashboard-totals" id="dashboard_diagram_totals">
<ul class="dashboard-totals-list">
<?php foreach ($block->getTotals() as $_total): ?>
<?php foreach ($block->getTotals() as $_total) : ?>
<li class="dashboard-totals-item">
<span class="dashboard-totals-label"><?= $block->escapeHtml($_total['label']) ?></span>
<strong class="dashboard-totals-value">
Expand Down
18 changes: 8 additions & 10 deletions app/code/Magento/Backend/view/adminhtml/templates/page/header.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,9 @@
*/

/** @var $block \Magento\Backend\Block\Page\Header */
$part = $block->getShowPart();
?>
<?php switch ($block->getShowPart()):
case 'logo': ?>
<?php if ($part === 'logo') : ?>
<?php $edition = $block->hasEdition() ? 'data-edition="' . $block->escapeHtml($block->getEdition()) . '"' : ''; ?>
<?php $logoSrc = ($block->hasLogoImageSrc()) ? $block->escapeHtml($block->getLogoImageSrc()) : 'images/magento-logo.svg' ?>
<a
Expand All @@ -17,8 +17,7 @@
<img class="logo-img" src="<?= /* @noEscape */ $block->getViewFileUrl($logoSrc) ?>"
alt="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>" title="<?= $block->escapeHtml(__('Magento Admin Panel')) ?>"/>
</a>
<?php break; ?>
<?php case 'user': ?>
<?php elseif ($part === 'user') : ?>
<div class="admin-user admin__action-dropdown-wrap">
<a
href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
Expand All @@ -31,7 +30,7 @@
</span>
</a>
<ul class="admin__action-dropdown-menu">
<?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')): ?>
<?php if ($block->getAuthorization()->isAllowed('Magento_Backend::myaccount')) : ?>
<li>
<a
href="<?= /* @noEscape */ $block->getUrl('adminhtml/system_account/index') ?>"
Expand Down Expand Up @@ -59,8 +58,7 @@
</li>
</ul>
</div>
<?php break; ?>
<?php case 'other': ?>
<?= $block->getChildHtml() ?>
<?php break; ?>
<?php endswitch; ?>

<?php elseif ($part === 'other') : ?>
<?= $block->getChildHtml() ?>
<?php endif; ?>
Loading

0 comments on commit c844e34

Please sign in to comment.