Merge pull request #4376 from magento-qwerty/MAGETWO-56441

VladimirZaets · web-flow · commit 46d3df356526 · 2019-06-19T14:56:29.000-05:00
[Qwerty] MAGETWO-56441: Eliminate @escapeNotVerified in Product and Catalog Rules Modules
diff --git a/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/fieldset.phtml b/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/fieldset.phtml
@@ -4,17 +4,15 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**@var \Magento\Backend\Block\Widget\Form\Renderer\Fieldset $block */
 ?>
 <?php $_element = $block->getElement() ?>
 <?php $_jsObjectName = $block->getFieldSetId() != null ? $block->getFieldSetId() : $_element->getHtmlId() ?>
 <div class="rule-tree">
-    <fieldset id="<?= /* @escapeNotVerified */ $_jsObjectName ?>" <?= /* @escapeNotVerified */ $_element->serialize(['class']) ?> class="fieldset">
-        <legend class="legend"><span><?= /* @escapeNotVerified */ $_element->getLegend() ?></span></legend>
+    <fieldset id="<?= $block->escapeHtmlAttr($_jsObjectName) ?>" <?= /* @noEscape */ $_element->serialize(['class']) ?> class="fieldset">
+        <legend class="legend"><span><?= $block->escapeHtml($_element->getLegend()) ?></span></legend>
         <br>
-    <?php if ($_element->getComment()): ?>
+    <?php if ($_element->getComment()) : ?>
         <div class="messages">
             <div class="message message-notice"><?= $block->escapeHtml($_element->getComment()) ?></div>
         </div>
@@ -30,9 +28,9 @@ require([
     "prototype"
 ], function(VarienRulesForm){
 
-window.<?= /* @escapeNotVerified */ $_jsObjectName ?> = new VarienRulesForm('<?= /* @escapeNotVerified */ $_jsObjectName ?>', '<?= /* @escapeNotVerified */ $block->getNewChildUrl() ?>');
-<?php if ($_element->getReadonly()): ?>
-    <?= $_element->getHtmlId() ?>.setReadonly(true);
+window.<?= /* @noEscape */ $_jsObjectName ?> = new VarienRulesForm('<?= /* @noEscape */ $_jsObjectName ?>', '<?= /* @noEscape */ $block->getNewChildUrl() ?>');
+<?php if ($_element->getReadonly()) : ?>
+    <?= /* @noEscape */ $_element->getHtmlId() ?>.setReadonly(true);
 <?php endif; ?>
 
 });
diff --git a/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/form.phtml b/app/code/Magento/CatalogRule/view/adminhtml/templates/promo/form.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="entry-edit rule-tree">
 <?= $block->getFormHtml() ?>
diff --git a/app/code/Magento/Msrp/view/base/templates/product/price/msrp.phtml b/app/code/Magento/Msrp/view/base/templates/product/price/msrp.phtml
@@ -4,8 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
 /**
  * Template for displaying product price at product view page, gift registry and wish-list
  *
@@ -34,27 +32,29 @@ $msrpPrice = $block->renderAmount(
 $priceElementIdPrefix = $block->getPriceElementIdPrefix() ? $block->getPriceElementIdPrefix() : 'product-price-';
 ?>
 
-<?php if ($amount): ?>
-    <span class="old-price map-old-price"><?= /* @escapeNotVerified */ $msrpPrice ?></span>
-    <span class="map-fallback-price normal-price"><?= /* @escapeNotVerified */ $msrpPrice ?></span>
+<?php if ($amount) : ?>
+    <span class="old-price map-old-price"><?= /* @noEscape */ $msrpPrice ?></span>
+    <span class="map-fallback-price normal-price"><?= /* @noEscape */ $msrpPrice ?></span>
 <?php endif; ?>
 
-<?php if ($priceType->isShowPriceOnGesture()): ?>
+<?php if ($priceType->isShowPriceOnGesture()) : ?>
     <?php
 
     $addToCartUrl = '';
     if ($product->isSaleable()) {
         /** @var Magento\Catalog\Block\Product\AbstractProduct $addToCartUrlGenerator */
-        $addToCartUrlGenerator = $block->getLayout()->getBlockSingleton('Magento\Catalog\Block\Product\AbstractProduct');
+        $addToCartUrlGenerator = $block->getLayout()->getBlockSingleton(\Magento\Catalog\Block\Product\AbstractProduct::class);
+        // phpcs:disable
         $addToCartUrl = $addToCartUrlGenerator->getAddToCartUrl(
             $product,
             ['_query' => [
                 \Magento\Framework\App\ActionInterface::PARAM_NAME_URL_ENCODED =>
-                    $this->helper('Magento\Framework\Url\Helper\Data')->getEncodedUrl(
+                    $this->helper(\Magento\Framework\Url\Helper\Data::class)->getEncodedUrl(
                         $addToCartUrlGenerator->getAddToCartUrl($product)
                     ),
             ]]
         );
+        // phpcs:enable
     }
 
     $priceElementId = $priceElementIdPrefix . $productId . $block->getIdSuffix();
@@ -79,30 +79,36 @@ $priceElementIdPrefix = $block->getPriceElementIdPrefix() ? $block->getPriceElem
         $data['addToCart']['addToCartButton'] = sprintf(
             'form:has(input[type="hidden"][name="product"][value="%s"]) button[type="submit"]',
             (int) $productId . ',' .
-            sprintf('.block.widget .price-box[data-product-id=%s]+.product-item-actions button.tocart',
-            (int) $productId));
+            sprintf(
+                '.block.widget .price-box[data-product-id=%s]+.product-item-actions button.tocart',
+                (int)$productId
+            )
+        );
     }
     ?>
-    <span id="<?= /* @escapeNotVerified */ $block->getPriceId() ? $block->getPriceId() : $priceElementId ?>" style="display:none"></span>
+    <span id="<?= $block->escapeHtmlAttr($block->getPriceId() ? $block->getPriceId() : $priceElementId) ?>" style="display:none"></span>
     <a href="javascript:void(0);"
-       id="<?= /* @escapeNotVerified */ ($popupId) ?>"
+       id="<?= /* @noEscape */ ($popupId) ?>"
        class="action map-show-info"
-       data-mage-init='<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($data) ?>'><?= /* @escapeNotVerified */ __('Click for price') ?>
+       <?php //phpcs:disable ?>
+       data-mage-init='<?= /* @noEscape */ $this->helper(\Magento\Framework\Json\Helper\Data::class)->jsonEncode($data) ?>'>
+        <?php //phpcs:enable ?>
+        <?= $block->escapeHtml(__('Click for price')) ?>
     </a>
-<?php else: ?>
+<?php else : ?>
     <span class="msrp-message">
-     <?= /* @escapeNotVerified */ $priceType->getMsrpPriceMessage() ?>
+     <?= $block->escapeHtml($priceType->getMsrpPriceMessage()) ?>
     </span>
 <?php endif; ?>
 
-<?php if ($block->getZone() == \Magento\Framework\Pricing\Render::ZONE_ITEM_VIEW): ?>
+<?php if ($block->getZone() == \Magento\Framework\Pricing\Render::ZONE_ITEM_VIEW) : ?>
     <?php $helpLinkId = 'msrp-help-' . $productId . $block->getRandomString(20); ?>
     <a href="javascript:void(0);"
-       id="<?= /* @escapeNotVerified */ $helpLinkId ?>"
+       id="<?= /* @noEscape */ $helpLinkId ?>"
        class="action map-show-info"
        data-mage-init='{"addToCart":{"origin": "info",
-                                     "helpLinkId": "#<?= /* @escapeNotVerified */ $helpLinkId ?>",
+                                     "helpLinkId": "#<?= /* @noEscape */ $helpLinkId ?>",
                                      "productName": "<?= $block->escapeJs($block->escapeHtml($product->getName())) ?>",
-                                     "closeButtonId": "#map-popup-close"}}'><span><?= /* @escapeNotVerified */ __("What's this?") ?></span>
+                                     "closeButtonId": "#map-popup-close"}}'><span><?= $block->escapeHtml(__("What's this?")) ?></span>
     </a>
 <?php endif; ?>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/cart/subtotal.phtml b/app/code/Magento/Msrp/view/frontend/templates/cart/subtotal.phtml
@@ -6,6 +6,6 @@
 ?>
 <div class="subtotal">
     <span class="mark msrp">
-        <?= /* @escapeNotVerified */ __('Order total will be displayed before you submit the order') ?>
+        <?= $block->escapeHtml(__('Order total will be displayed before you submit the order')) ?>
     </span>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/cart/totals.phtml b/app/code/Magento/Msrp/view/frontend/templates/cart/totals.phtml
@@ -3,9 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
 ?>
 <div class="cart-totals">
-    <div class="msrp totals"><?= /* @escapeNotVerified */ __('You will see the order total before you submit the order.') ?></div>
+    <div class="msrp totals"><?= $block->escapeHtml(__('You will see the order total before you submit the order.')) ?></div>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/popup.phtml b/app/code/Magento/Msrp/view/frontend/templates/popup.phtml
@@ -3,14 +3,11 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /** @var \Magento\Msrp\Block\Popup $block */
 ?>
-<?php if ($block->isEnabled()): ?>
+<?php if ($block->isEnabled()) : ?>
     <script data-role="msrp-popup-template" type="text/x-magento-template">
     <div id="map-popup-click-for-price" class="map-popup">
         <div class="popup-header">
@@ -20,13 +17,13 @@
             <div class="map-info-price" id="map-popup-content">
                 <div class="price-box">
                     <div class="map-msrp" id="map-popup-msrp-box">
-                        <span class="label"><?= /* @escapeNotVerified */ __('Price') ?></span>
+                        <span class="label"><?= $block->escapeHtml(__('Price')) ?></span>
                         <span class="old-price map-old-price" id="map-popup-msrp">
                             <span class="price"></span>
                         </span>
                     </div>
                     <div class="map-price" id="map-popup-price-box">
-                        <span class="label"><?= /* @escapeNotVerified */ __('Actual Price') ?></span>
+                        <span class="label"><?= $block->escapeHtml(__('Actual Price')) ?></span>
                         <span id="map-popup-price" class="actual-price"></span>
                     </div>
                 </div>
@@ -35,15 +32,15 @@
                     <button type="button"
                             title="<?= $block->escapeHtml(__('Add to Cart')) ?>"
                             class="action tocart primary">
-                        <span><?= /* @escapeNotVerified */ __('Add to Cart') ?></span>
+                        <span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
                     </button>
                     <div class="additional-addtocart-box">
                         <?= $block->getChildHtml() ?>
                     </div>
                 </form>
             </div>
             <div class="map-text" id="map-popup-text">
-                <?= /* @escapeNotVerified */ $block->getExplanationMessage() ?>
+                <?= /* @noEscape */ $block->getExplanationMessage() ?>
             </div>
         </div>
     </div>
@@ -55,7 +52,7 @@
         </div>
         <div class="popup-content">
             <div class="map-help-text" id="map-popup-text-what-this">
-                <?= /* @escapeNotVerified */ $block->getExplanationMessageWhatsThis() ?>
+                <?= /* @noEscape */ $block->getExplanationMessageWhatsThis() ?>
             </div>
         </div>
     </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_item.phtml b/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_item.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 
 <?php
@@ -16,40 +13,44 @@
  */
 ?>
 <?php
+    //phpcs:disable
     /** @var $pricingHelper \Magento\Framework\Pricing\Helper\Data */
-    $pricingHelper = $this->helper('Magento\Framework\Pricing\Helper\Data');
+    $pricingHelper = $this->helper(\Magento\Framework\Pricing\Helper\Data::class);
     /** @var $_catalogHelper \Magento\Catalog\Helper\Data */
-    $_catalogHelper = $this->helper('Magento\Catalog\Helper\Data');
+    $_catalogHelper = $this->helper(\Magento\Catalog\Helper\Data::class);
+    //phpcs:enable
 
     /** @var $_product \Magento\Catalog\Model\Product */
     $_product = $block->getProduct();
     $_id = $_product->getId();
     $_msrpPrice = '';
 ?>
 <div class="price-box msrp">
-    <?php if ($_product->getMsrp()): ?>
+    <?php if ($_product->getMsrp()) : ?>
         <?php $_msrpPrice = $pricingHelper->currency($_product->getMsrp(), true, false) ?>
-        <span class="old-price"><?= /* @escapeNotVerified */ $_msrpPrice ?></span>
+        <span class="old-price"><?= /* @noEscape */ $_msrpPrice ?></span>
     <?php endif; ?>
-    <?php if ($_catalogHelper->isShowPriceOnGesture($_product)): ?>
+    <?php if ($_catalogHelper->isShowPriceOnGesture($_product)) : ?>
         <?php $priceElementId = 'product-price-' . $_id . $block->getIdSuffix(); ?>
-        <span id="<?= /* @escapeNotVerified */ $priceElementId ?>" style="display: none"></span>
+        <span id="<?= /* @noEscape */ $priceElementId ?>" style="display: none"></span>
         <?php $popupId = 'msrp-popup-' . $_id . $block->getRandomString(20); ?>
         <a href="javascript:void(0);"
-           id="<?= /* @escapeNotVerified */ ($popupId) ?>"
-           data-mage-init='{"addToCart":{"popupId": "#<?= /* @escapeNotVerified */ ($popupId) ?>",
+           id="<?= /* @noEscape */ ($popupId) ?>"
+           data-mage-init='{"addToCart":{"popupId": "#<?= /* @noEscape */ ($popupId) ?>",
                                          "productName": "<?= /* @noEscape */ $block->escapeJs($block->escapeHtml($_product->getName())) ?>",
-                                         "realPrice": <?= /* @escapeNotVerified */ $block->getRealPriceJs($_product) ?>,
-                                         "msrpPrice": "<?= /* @escapeNotVerified */ $_msrpPrice ?>",
-                                         "priceElementId":"<?= /* @escapeNotVerified */ $priceElementId ?>",
+                                         "realPrice": <?= /* @noEscape */ $block->getRealPriceJs($_product) ?>,
+                                         "msrpPrice": "<?= /* @noEscape */ $_msrpPrice ?>",
+                                         "priceElementId":"<?= /* @noEscape */ $priceElementId ?>",
                                          "popupCartButtonId": "#map-popup-button",
-                                         "cartForm": "#wishlist-view-form"}}'><?= /* @escapeNotVerified */ __('Click for price') ?>
+                                         "cartForm": "#wishlist-view-form"}}'><?= $block->escapeHtml(__('Click for price')) ?>
         </a>
-    <?php else: ?>
+    <?php else : ?>
         <span class="msrp-message">
-            <?= /* @escapeNotVerified */ $_catalogHelper->getMsrpPriceMessage($_product) ?>
+            <?= $block->escapeHtml($_catalogHelper->getMsrpPriceMessage($_product)) ?>
         </span>
     <?php endif; ?>
     <?php $helpLinkId = 'msrp-help-' . $_id . $block->getRandomString(20); ?>
-    <a href="javascript:void(0);" id="<?= /* @escapeNotVerified */ ($helpLinkId) ?>" data-mage-init='{"addToCart":{"helpLinkId": "#<?= /* @escapeNotVerified */ ($helpLinkId) ?>", "productName": "<?= /* @noEscape */ $block->escapeJs($block->escapeHtml($_product->getName())) ?>"}}' class="link tip"><?= /* @escapeNotVerified */ __("What's this?") ?></a>
+    <a href="javascript:void(0);" id="<?= /* @noEscape */ ($helpLinkId) ?>" data-mage-init='{"addToCart":{"helpLinkId": "#<?= /* @noEscape */ ($helpLinkId) ?>", "productName": "<?= /* @noEscape */$block->escapeJs($block->escapeHtml($_product->getName())) ?>"}}' class="link tip">
+        <?= $block->escapeHtml(__("What's this?")) ?>
+    </a>
 </div>
diff --git a/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_rss.phtml b/app/code/Magento/Msrp/view/frontend/templates/render/item/price_msrp_rss.phtml
@@ -3,9 +3,6 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
@@ -15,7 +12,11 @@
  */
 ?>
 <div class="price-box msrp">
-    <?php if ($this->helper('Magento\Msrp\Helper\Data')->canApplyMsrp($block->getProduct())): ?>
-        <a href="<?= /* @escapeNotVerified */ $block->getProduct()->getProductUrl() ?>"><?= /* @escapeNotVerified */ __('Click for price') ?></a>
+    <?php //phpcs:disable ?>
+    <?php if ($this->helper(\Magento\Msrp\Helper\Data::class)->canApplyMsrp($block->getProduct())) : ?>
+    <?php //phpcs:enable ?>
+        <a href="<?= $block->escapeUrl($block->getProduct()->getProductUrl()) ?>">
+            <?= $block->escapeHtml(__('Click for price')) ?>
+        </a>
     <?php endif; ?>
 </div>
