|
6 | 6 |
|
7 | 7 | // @codingStandardsIgnoreFile |
8 | 8 |
|
| 9 | +$escapeHelper = $this->helper(\Magento\Framework\EscapeHelper::class); |
9 | 10 | ?> |
10 | 11 | <div class="page-create-order"> |
11 | 12 | <script> |
12 | 13 | require(["Magento_Sales/order/create/form"], function(){ |
13 | | - order.setCurrencySymbol('<?php /* @escapeNotVerified */ echo $block->getCurrencySymbol($block->getCurrentCurrencyCode()) ?>') |
| 14 | + order.setCurrencySymbol('<?php echo $escapeHelper->escapeJs($block->getCurrencySymbol($block->getCurrentCurrencyCode())) ?>') |
14 | 15 | }); |
15 | 16 | </script> |
16 | 17 | <div class="order-details<?php if ($block->getCustomerId()): ?> order-details-existing-customer<?php endif; ?>"> |
|
35 | 36 |
|
36 | 37 | <section id="order-addresses" class="admin__page-section order-addresses"> |
37 | 38 | <div class="admin__page-section-title"> |
38 | | - <span class="title"><?php /* @escapeNotVerified */ echo __('Address Information') ?></span> |
| 39 | + <span class="title"><?php echo $block->escapeHtml(__('Address Information')) ?></span> |
39 | 40 | </div> |
40 | 41 | <div class="admin__page-section-content"> |
41 | 42 | <div id="order-billing_address" class="admin__page-section-item order-billing-address"> |
|
49 | 50 |
|
50 | 51 | <section id="order-methods" class="admin__page-section order-methods"> |
51 | 52 | <div class="admin__page-section-title"> |
52 | | - <span class="title"><?php /* @escapeNotVerified */ echo __('Payment & Shipping Information') ?></span> |
| 53 | + <span class="title"><?php echo $block->escapeHtml(__('Payment & Shipping Information')) ?></span> |
53 | 54 | </div> |
54 | 55 | <div class="admin__page-section-content"> |
55 | 56 | <div id="order-billing_method" class="admin__page-section-item order-billing-method"> |
|
71 | 72 |
|
72 | 73 | <section class="admin__page-section order-summary"> |
73 | 74 | <div class="admin__page-section-title"> |
74 | | - <span class="title"><?php /* @escapeNotVerified */ echo __('Order Total') ?></span> |
| 75 | + <span class="title"><?php echo $block->escapeHtml(__('Order Total')) ?></span> |
75 | 76 | </div> |
76 | 77 | <div class="admin__page-section-content"> |
77 | 78 | <fieldset class="admin__fieldset order-history" id="order-comment"> |
78 | | - <legend class="admin__legend"><span><?php /* @escapeNotVerified */ echo __('Order History') ?></span></legend> |
| 79 | + <legend class="admin__legend"><span><?php echo $block->escapeHtml(__('Order History')) ?></span></legend> |
79 | 80 | <br> |
80 | 81 | <?php echo $block->getChildHtml('comment') ?> |
81 | 82 | </fieldset> |
|
90 | 91 | <div class="order-sidebar"> |
91 | 92 | <div class="store-switcher order-currency"> |
92 | 93 | <label class="admin__field-label" for="currency_switcher"> |
93 | | - <?php /* @escapeNotVerified */ echo __('Order Currency:') ?> |
| 94 | + <?php echo $block->escapeHtml(__('Order Currency:')) ?> |
94 | 95 | </label> |
95 | 96 | <select id="currency_switcher" |
96 | 97 | class="admin__control-select" |
97 | 98 | name="order[currency]" |
98 | 99 | onchange="order.setCurrencyId(this.value); order.setCurrencySymbol(this.options[this.selectedIndex].getAttribute('symbol'));"> |
99 | 100 | <?php foreach ($block->getAvailableCurrencies() as $_code): ?> |
100 | | - <option value="<?php /* @escapeNotVerified */ echo $_code ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?php /* @escapeNotVerified */ echo $block->getCurrencySymbol($_code) ?>"> |
101 | | - <?php /* @escapeNotVerified */ echo $block->getCurrencyName($_code) ?> |
| 101 | + <option value="<?php echo $escapeHelper->escapeHtmlAttr($_code) ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?php echo $escapeHelper->escapeHtmlAttr($block->getCurrencySymbol($_code)) ?>"> |
| 102 | + <?php echo $block->escapeHtml($block->getCurrencyName($_code)) ?> |
102 | 103 | </option> |
103 | 104 | <?php endforeach; ?> |
104 | 105 | </select> |
|
0 commit comments