Merge remote-tracking branch 'origin/MAGETWO-95506' into 2.1.16-develop-pr59

zakdma · zakdma · commit 4c9e4c2ad786 · 2018-10-26T14:06:14.000+03:00
diff --git a/app/code/Magento/Swagger/Block/Index.php b/app/code/Magento/Swagger/Block/Index.php
@@ -11,6 +11,7 @@
  * Class Index
  *
  * @api
+ * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
  */
 class Index extends Template
 {
@@ -19,7 +20,7 @@ class Index extends Template
      */
     private function getParamStore()
     {
-        return $this->getRequest()->getParam('store') ?: 'all';
+        return $this->stripTags($this->getRequest()->getParam('store')) ?: 'all';
     }
 
     /**
diff --git a/app/code/Magento/Swagger/view/frontend/templates/swagger-ui/index.phtml b/app/code/Magento/Swagger/view/frontend/templates/swagger-ui/index.phtml
@@ -24,7 +24,7 @@ $schemaUrl = $block->getSchemaUrl();
     <div class="swagger-ui-wrap">
         <a id="logo" href="http://swagger.io">swagger</a>
         <form id='api_selector'>
-            <input id="input_baseUrl" type="hidden" value="<?php /* @escapeNotVerified */ echo $schemaUrl ?>"/>
+            <input id="input_baseUrl" type="hidden" value="<?php echo $block->escapeUrl($schemaUrl) ?>"/>
             <div class='input'><input placeholder="api_key" id="input_apiKey" name="apiKey" type="text"/></div>
             <div class='input'><a id="explore" href="#" data-sw-translate>apply</a></div>
         </form>

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,7 @@`
`11`	`11`	`* Class Index`
`12`	`12`	`*`
`13`	`13`	`* @api`
	`14`	`+ * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)`
`14`	`15`	`*/`
`15`	`16`	`class Index extends Template`
`16`	`17`	`{`
`@@ -19,7 +20,7 @@ class Index extends Template`
`19`	`20`	`*/`
`20`	`21`	`private function getParamStore()`
`21`	`22`	`{`
`22`		`- return $this->getRequest()->getParam('store') ?: 'all';`
	`23`	`+ return $this->stripTags($this->getRequest()->getParam('store')) ?: 'all';`
`23`	`24`	`}`
`24`	`25`
`25`	`26`	`/**`