Merge pull request #4269 from magento-obsessive-owls/MC-16624

[Owls] MC-16624

Author: cspruiell

app/code/Magento/Integration/view/adminhtml/templates/integration/activate/permissions.phtml

@@ -7,10 +7,8 @@
  *
  * @var \Magento\Backend\Block\Widget\Form\Container $block
  */
-
-// @codingStandardsIgnoreFile
 ?>
-<div><p><?= /* @escapeNotVerified */ __('The integration you selected asks you to approve access to the following:') ?></p></div>
+<div><p><?= $block->escapeHtml(__('The integration you selected asks you to approve access to the following:')) ?></p></div>
 <div id="integration-activate-permissions-tabs">
     <?= $block->getChildHtml('tabs') ?>
 </div>

app/code/Magento/Integration/view/adminhtml/templates/integration/activate/permissions/tab/webapi.phtml

@@ -7,22 +7,19 @@
  *
  * @var \Magento\Integration\Block\Adminhtml\Integration\Activate\Permissions\Tab\Webapi $block
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <fieldset class="admin__fieldset form-inline entry-edit">
-    <?php if ($block->isTreeEmpty()): ?>
-        <p class="empty"><?= /* @escapeNotVerified */ __('No permissions requested') ?></p>
-    <?php else: ?>
+    <?php if ($block->isTreeEmpty()) : ?>
+        <p class="empty"><?= $block->escapeHtml(__('No permissions requested')) ?></p>
+    <?php else : ?>
         <div class="field" data-role="tree-resources-container">
             <div class="control">
                 <div id="resource-tree" class="tree x-tree" data-role="resource-tree"></div>
             </div>
         </div>
     <?php endif ?>
 </fieldset>
-<?php if (!$block->isTreeEmpty()): ?>
+<?php if (!$block->isTreeEmpty()) : ?>
     <script>
         require(["jquery", "Magento_User/js/roles-tree"], function($){
             $.widget('mage.rolesTree', $.mage.rolesTree, {
@@ -35,8 +32,8 @@
             });
 
             $('[data-role="resource-tree"]').rolesTree({
-                'treeInitData': <?= /* @escapeNotVerified */ $block->getResourcesTreeJson() ?>,
-                'treeInitSelectedData': <?= /* @escapeNotVerified */ $block->getSelectedResourcesJson() ?>
+                'treeInitData': <?= /* @noEscape */ $block->getResourcesTreeJson() ?>,
+                'treeInitSelectedData': <?= /* @noEscape */ $block->getSelectedResourcesJson() ?>
             });
         });
     </script>

app/code/Magento/Integration/view/adminhtml/templates/integration/popup_container.phtml

@@ -7,8 +7,6 @@
  *
  * @var \Magento\Backend\Block\Template $block
  */
-
-// @codingStandardsIgnoreFile
 ?>
 <script>
     require([
@@ -20,11 +18,11 @@
     ], function ($, Confirm) {
 
         window.integration = new Integration(
-            '<?= /* @escapeNotVerified */ $block->getUrl('*/*/permissionsDialog', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false]) ?>',
-            '<?= /* @escapeNotVerified */ $block->getUrl('*/*/tokensDialog', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false]) ?>',
-            '<?= /* @escapeNotVerified */ $block->getUrl('*/*/tokensExchange', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false]) ?>',
-            '<?= /* @escapeNotVerified */ $block->getUrl('*/*') ?>',
-            '<?= /* @escapeNotVerified */ $block->getUrl('*/*/loginSuccessCallback') ?>'
+            '<?= $block->escapeUrl($block->getUrl('*/*/permissionsDialog', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false])) ?>',
+            '<?= $block->escapeUrl($block->getUrl('*/*/tokensDialog', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false])) ?>',
+            '<?= $block->escapeUrl($block->getUrl('*/*/tokensExchange', ['id' => ':id', 'reauthorize' => ':isReauthorize', '_escape_params' => false])) ?>',
+            '<?= $block->escapeUrl($block->getUrl('*/*')) ?>',
+            '<?= $block->escapeUrl($block->getUrl('*/*/loginSuccessCallback')) ?>'
         );
 
         /**
@@ -34,8 +32,8 @@
             $('div#integrationGrid').on('click', 'button#delete', function (e) {
 
                 new Confirm({
-                    title: '<?= /* @escapeNotVerified */ __('Are you sure?') ?>',
-                    content: "<?= /* @escapeNotVerified */ __("Are you sure you want to delete this integration? You can't undo this action.") ?>",
+                    title: '<?= $block->escapeHtml(__('Are you sure?')) ?>',
+                    content: "<?= $block->escapeHtml(__("Are you sure you want to delete this integration? You can't undo this action.")) ?>",
                     actions: {
                         confirm: function () {
                             $.mage.dataPost().postData({action: $(e.target).data('url'), data: {}});

app/code/Magento/Integration/view/adminhtml/templates/integration/tokens_exchange.phtml

@@ -7,8 +7,5 @@
  *
  * @var \Magento\Backend\Block\Template $block
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
-<div><p><?= /* @escapeNotVerified */ __("Please setup or sign in into your 3rd party account to complete setup of this integration.") ?></p></div>
+<div><p><?= $block->escapeHtml(__("Please setup or sign in into your 3rd party account to complete setup of this integration.")) ?></p></div>

app/code/Magento/Integration/view/adminhtml/templates/resourcetree.phtml

@@ -4,38 +4,33 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
-?>
-
-<?php
 /** @var $block \Magento\Integration\Block\Adminhtml\Integration\Edit\Tab\Webapi */
 ?>
 
 <?= $block->getChildHtml() ?>
 
 <fieldset class="fieldset form-inline entry-edit">
     <legend class="legend">
-        <span><?= /* @escapeNotVerified */ __('Available APIs') ?></span>
+        <span><?= $block->escapeHtml(__('Available APIs')) ?></span>
     </legend><br />
 
     <div class="field">
-        <label class="label" for="all_resources"><span><?= /* @escapeNotVerified */ __('Resource Access') ?></span></label>
+        <label class="label" for="all_resources"><span><?= $block->escapeHtml(__('Resource Access')) ?></span></label>
 
         <div class="control">
             <select id="all_resources" name="all_resources" onchange="jQuery('[data-role=tree-resources-container]').toggle()" class="select">
-                <option value="0" <?= ($block->isEverythingAllowed() ? '' : 'selected="selected"') ?>><?= /* @escapeNotVerified */ __('Custom') ?></option>
-                <option value="1" <?= ($block->isEverythingAllowed() ? 'selected="selected"' : '') ?>><?= /* @escapeNotVerified */ __('All') ?></option>
+                <option value="0" <?= ($block->isEverythingAllowed() ? '' : 'selected="selected"') ?>><?= $block->escapeHtml(__('Custom')) ?></option>
+                <option value="1" <?= ($block->isEverythingAllowed() ? 'selected="selected"' : '') ?>><?= $block->escapeHtml(__('All')) ?></option>
             </select>
         </div>
     </div>
 
-    <div class="field<?php if ($block->isEverythingAllowed()):?> no-display<?php endif?>" data-role="tree-resources-container">
-        <label class="label"><span><?= /* @escapeNotVerified */ __('Resources') ?></span></label>
+    <div class="field<?php if ($block->isEverythingAllowed()) : ?> no-display<?php endif?>" data-role="tree-resources-container">
+        <label class="label"><span><?= $block->escapeHtml(__('Resources')) ?></span></label>
 
         <div class="control">
-            <div class="tree x-tree" data-role="resource-tree" data-mage-init='<?php
-            echo $block->escapeHtml($this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode([
+            <div class="tree x-tree" data-role="resource-tree" data-mage-init='<?=
+            $block->escapeHtml($this->helper(\Magento\Framework\Json\Helper\Data::class)->jsonEncode([
                 'rolesTree' => [
                     "treeInitData" => $block->getTree(),
                     "treeInitSelectedData" => $block->getSelectedResources(),

app/code/Magento/Marketplace/view/adminhtml/templates/index.phtml

@@ -3,20 +3,17 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
 ?>
 
 <section class="page-partners">
-    <h2 class="page-sub-title"><?= /* @escapeNotVerified */ __('Platinum Partners') ?></h2>
+    <h2 class="page-sub-title"><?= $block->escapeHtml(__('Platinum Partners')) ?></h2>
     <p class="partners-description">
-        <?php /* @escapeNotVerified */
-        echo __(
+        <?= $block->escapeHtml(__(
             'Representing Magento\'s highest level of partner engagement, Magento Platinum Partners have established themselves as leaders and innovators of key products and services designed to help merchants and brands grow their business. ' .
             'Magento reserves the Platinum level for select trusted partners that are committed to offering integrations of commerce features, functions, and tools, as well as back-end systems and operations, to extend and enhance the power of the Magento commerce platform.'
-        ); ?>
+        )); ?>
     </p>
-    <h3 class="page-sub-sub-title"><?= /* @escapeNotVerified */ __('Featured Platinum Partners') ?></h3>
+    <h3 class="page-sub-sub-title"><?= $block->escapeHtml(__('Featured Platinum Partners')) ?></h3>
     <div data-role="partners-block" class="partners-block">
         <div data-role="spinner" class="admin__data-grid-loading-mask">
             <div class="spinner">
@@ -29,40 +26,39 @@
     <div class="row row-gutter partners-footer">
         <div class="col-m-5">
             <div class="partners-search">
-                <h2 class="page-sub-title"><?= /* @escapeNotVerified */ __('Partner search') ?></h2>
+                <h2 class="page-sub-title"><?= $block->escapeHtml(__('Partner search')) ?></h2>
                 <p>
-                    <?php /* @escapeNotVerified */
-                    echo __(
+                    <?= $block->escapeHtml(__(
                         'Magento has a thriving ecosystem of technology partners to help merchants and brands deliver the best possible customer experiences. ' .
                         'They are recognized as experts in eCommerce, search, email marketing, payments, tax, fraud, optimization and analytics, fulfillment, and more. ' .
                         'Visit the Magento Partner Directory to see all of our trusted partners.'
-                    ); ?>
+                    )); ?>
                 </p>
                 <a class="action-secondary" target="_blank"
                    href="http://partners.magento.com/partner_locator/search.aspx">
-                    <?= /* @escapeNotVerified */ __('More Partners') ?>
+                    <?= $block->escapeHtml(__('More Partners')) ?>
                 </a>
             </div>
         </div>
         <div class="col-m-3">
             <img
                 class="magento-marketplace-logo"
-                src="<?php /* @escapeNotVerified */ echo $block
-                    ->getViewFileUrl('Magento_Marketplace::partners/images/magento-marketplace.svg');
+                src="<?= $block->escapeUrl($block
+                    ->getViewFileUrl('Magento_Marketplace::partners/images/magento-marketplace.svg'));
                 ?>"
                 alt="Partner"/>
         </div>
         <div class="col-m-4">
-            <h2 class="page-sub-title"><?= /* @escapeNotVerified */ __('Magento Marketplace') ?></h2>
+            <h2 class="page-sub-title"><?= $block->escapeHtml(__('Magento Marketplace')) ?></h2>
             <p class="partner-description">
-                <?php /* @escapeNotVerified */ echo __(
+                <?= $block->escapeHtml(__(
                     'Extensions and Themes are an essential component of the Magento Ecosystem. ' .
                     'Please visit the Magento Marketplace to see the latest innovations that developers have created to enhance your Magento Store.'
-                ); ?>
+                )); ?>
             </p>
             <a class="action-secondary" target="_blank"
                href="https://marketplace.magento.com/">
-                <?= /* @escapeNotVerified */ __('Visit Magento Marketplaces') ?>
+                <?= $block->escapeHtml(__('Visit Magento Marketplaces')) ?>
             </a>
         </div>
     </div>
@@ -73,8 +69,10 @@
     {
         "*": {
             "Magento_Marketplace/default": {
-                "url": "<?= $block->getUrl('marketplace/partners/index',
-                    ['_current' => true, 'block' => '', 'period' => '']) ?>"
+                "url": "<?= $block->escapeUrl($block->getUrl(
+                    'marketplace/partners/index',
+                    ['_current' => true, 'block' => '', 'period' => '']
+                )) ?>"
             }
         }
     }

app/code/Magento/Marketplace/view/adminhtml/templates/partners.phtml

@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 $partners = $block->getPartners();
@@ -22,17 +19,17 @@ $partners = $block->getPartners();
                 <?= $block->escapeHtml($partner['description']) ?>
                 <br />
                 <a href="<?= $block->escapeHtml($partner['url_page']) ?>" target="_blank">
-                    <?= /* @escapeNotVerified */ __('Read More') ?>
+                    <?= $block->escapeHtml(__('Read More')) ?>
                 </a>
                 <br />
                 <a href="<?= $block->escapeHtml($partner['url_partner_page']) ?>" target="_blank">
-                    <?= /* @escapeNotVerified */ __('Partner Page') ?>
+                    <?= $block->escapeHtml(__('Partner Page')) ?>
                 </a>
             </p>
         </div>
     <?php endforeach; ?>
 <?php else : ?>
     <p>
-        <?= /* @escapeNotVerified */ __('No partners were found') ?>
+        <?= $block->escapeHtml(__('No partners were found')) ?>
     </p>
 <?php endif; ?>

app/code/Magento/User/view/adminhtml/templates/admin/forgotpassword.phtml

@@ -3,29 +3,26 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <form method="post" action="" id="login-form" data-mage-init='{"form": {}, "validation": {}}'>
     <fieldset class="admin__fieldset">
-        <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Password Help') ?></span></legend><br/>
-        <input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" />
-        <p class="admin__field-info"><?= /* @escapeNotVerified */ __('Enter your email address.  You will receive an email with a link to reset your password.') ?></p>
+        <legend class="admin__legend"><span><?= $block->escapeHtml(__('Password Help')) ?></span></legend><br/>
+        <input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" />
+        <p class="admin__field-info"><?= $block->escapeHtml(__('Enter your email address.  You will receive an email with a link to reset your password.')) ?></p>
         <div class="admin__field _required field-email">
-            <label for="email" class="admin__field-label"><span><?= /* @escapeNotVerified */ __('Email address') ?></span></label>
+            <label for="email" class="admin__field-label"><span><?= $block->escapeHtml(__('Email address')) ?></span></label>
             <div class="admin__field-control">
                 <input type="text" id="email" name="email" value="" data-validate="{required:true, 'validate-email':true}" class="admin__control-text" />
             </div>
         </div>
         <?= $block->getChildHtml('form.additional.info') ?>
         <div class="form-actions">
             <div class="actions">
-                <button class="action-retrieve action-primary" type="submit"><span><?= /* @escapeNotVerified */ __('Retrieve Password') ?></span></button>
+                <button class="action-retrieve action-primary" type="submit"><span><?= $block->escapeHtml(__('Retrieve Password')) ?></span></button>
             </div>
             <div class="links">
-                <a class="action-back" href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml', ['_nosecret' => true]) ?>">
-                    <?= /* @escapeNotVerified */ __('Back to Sign in') ?>
+                <a class="action-back" href="<?= $block->escapeUrl($block->getUrl('adminhtml', ['_nosecret' => true])) ?>">
+                    <?= $block->escapeHtml(__('Back to Sign in')) ?>
                 </a>
             </div>
         </div>

app/code/Magento/User/view/adminhtml/templates/admin/forgotpassword_url.phtml

@@ -3,10 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="links">
-<a class="action-forgotpassword" href="<?= /* @escapeNotVerified */ $this->helper('Magento\Backend\Helper\Data')->getUrl('adminhtml/auth/forgotpassword', ['_nosecret' => true]) ?>"><?= /* @escapeNotVerified */ __('Forgot your password?') ?></a>
+<a class="action-forgotpassword" href="<?= $block->escapeUrl($block->getUrl('adminhtml/auth/forgotpassword', ['_nosecret' => true])) ?>"><?= $block->escapeHtml(__('Forgot your password?')) ?></a>
 </div>

app/code/Magento/User/view/adminhtml/templates/admin/resetforgottenpassword.phtml

@@ -3,33 +3,30 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
-<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?= /* @escapeNotVerified */ $block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]]) ?>" id="reset-password-form" autocomplete="off">
+<form method="post" data-mage-init='{"form": {}, "validation": {}}' action="<?= $block->escapeUrl($block->getUrl('*/auth/resetpasswordpost', ['_query' => ['id' => $block->getUserId(), 'token' => $block->getResetPasswordLinkToken()]])) ?>" id="reset-password-form" autocomplete="off">
     <fieldset class="admin__fieldset">
-        <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Reset a Password') ?></span></legend><br />
-        <input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" />
+        <legend class="admin__legend"><span><?= $block->escapeHtml(__('Reset a Password')) ?></span></legend><br />
+        <input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" />
         <div class="admin__field _required field-password">
-            <label class="admin__field-label" for="password"><span><?= /* @escapeNotVerified */ __('New Password') ?></span></label>
+            <label class="admin__field-label" for="password"><span><?= $block->escapeHtml(__('New Password')) ?></span></label>
             <div class="admin__field-control">
                 <input type="password" class="admin__control-text" data-validate="{required:true, 'validate-admin-password':true}" name="password" id="password" placeholder="new password" autocomplete="off" />
             </div>
         </div>
         <div class="admin__field _required field-confirmation">
-            <label class="admin__field-label" for="confirmation"><span><?= /* @escapeNotVerified */ __('Confirm New Password') ?></span></label>
+            <label class="admin__field-label" for="confirmation"><span><?= $block->escapeHtml(__('Confirm New Password')) ?></span></label>
             <div class="admin__field-control">
                 <input type="password" class="admin__control-text" data-validate="{required:true, 'validate-cpassword':true}" name="confirmation" id="confirmation" placeholder="confirm new password" autocomplete="off" />
             </div>
         </div>
         <div class="form-actions">
             <div class="actions">
-                <button type="submit" title="<?= /* @escapeNotVerified */ __('Reset Password') ?>" class="action-reset action-primary"><span><?= /* @escapeNotVerified */ __('Reset Password') ?></span></button>
+                <button type="submit" title="<?= $block->escapeHtml(__('Reset Password')) ?>" class="action-reset action-primary"><span><?= $block->escapeHtml(__('Reset Password')) ?></span></button>
             </div>
             <div class="links">
-                <a class="action-back" href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml', ['_nosecret' => true]) ?>"><?= /* @escapeNotVerified */ __('Back to Sign in') ?></a>
+                <a class="action-back" href="<?= $block->escapeUrl($block->getUrl('adminhtml', ['_nosecret' => true])) ?>"><?= $block->escapeHtml(__('Back to Sign in')) ?></a>
             </div>
         </div>
     </fieldset>