Merge remote-tracking branch 'origin/develop' into MAGETWO-55217-new

Author: Natalia Momotenko

app/code/Magento/AdvancedPricingImportExport/Model/Export/AdvancedPricing.php

@@ -395,7 +395,8 @@ protected function _getWebsiteCode($websiteId)
     {
         $storeName = ($websiteId == 0)
             ? ImportAdvancedPricing::VALUE_ALL_WEBSITES
-            : $this->_storeManager->getWebsite($websiteId)->getName();
+            : $this->_storeManager->getWebsite($websiteId)->getCode();
+        $currencyCode = '';
         if ($websiteId == 0) {
             $currencyCode = $this->_storeManager->getWebsite($websiteId)->getBaseCurrencyCode();
         }

app/code/Magento/Backend/Block/Widget/Button.php

@@ -113,7 +113,7 @@ protected function _attributesToHtml($attributes)
             if ($attributeValue === null || $attributeValue == '') {
                 continue;
             }
-            $html .= $attributeKey . '="' . $this->escapeHtml($attributeValue) . '" ';
+            $html .= $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '" ';
         }
 
         return $html;

app/code/Magento/Backend/Block/Widget/Button/SplitButton.php

@@ -229,7 +229,7 @@ protected function _getAttributesString($attributes)
             if ($attributeValue === null || $attributeValue == '') {
                 continue;
             }
-            $html[] = $attributeKey . '="' . $this->escapeHtml($attributeValue) . '"';
+            $html[] = $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '"';
         }
         return join(' ', $html);
     }

app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php

@@ -82,7 +82,9 @@ protected function _toOptionHtml($action, \Magento\Framework\DataObject $row)
         $actionCaption = '';
         $this->_transformActionData($action, $actionCaption, $row);
 
-        $htmlAttributes = ['value' => $this->escapeHtml($this->_jsonEncoder->encode($action))];
+        $htmlAttributes = [
+            'value' => $this->escapeHtmlAttr($this->_jsonEncoder->encode($action), false)
+        ];
         $actionAttributes->setData($htmlAttributes);
         return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>';
     }

app/code/Magento/Backend/Block/Widget/Grid/Massaction/AbstractMassaction.php

@@ -54,7 +54,7 @@ protected function _construct()
     {
         parent::_construct();
 
-        $this->setErrorText($this->escapeJsQuote(__('Please select items.')));
+        $this->setErrorText($this->escapeHtml(__('Please select items.')));
 
         if (null !== $this->getOptions()) {
             foreach ($this->getOptions() as $optionId => $option) {

app/code/Magento/Backend/Block/Widget/Grid/Massaction/Extended.php

@@ -66,7 +66,7 @@ public function __construct(
     public function _construct()
     {
         parent::_construct();
-        $this->setErrorText($this->escapeJsQuote(__('Please select items.')));
+        $this->setErrorText($this->escapeHtml(__('Please select items.')));
     }
 
     /**

app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml

@@ -17,7 +17,7 @@
                     class="search-global-input"
                     id="search-global"
                     name="query"
-                    data-mage-init='<?php echo $block->escapeHtml($this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getWidgetInitOptions()))?>'>
+                    data-mage-init='<?php /* @noEscape */ echo $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getWidgetInitOptions()) ?>'>
             <button
                 type="submit"
                 class="search-global-action"

app/code/Magento/Backup/view/adminhtml/templates/backup/dialogs.phtml

@@ -147,8 +147,8 @@ require([
 
 //<![CDATA[
     backup = new AdminBackup();
-    backup.rollbackUrl = '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote($rollbackUrl);?>';
-    backup.backupUrl = '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote($backupUrl);?>';
+    backup.rollbackUrl = '<?php echo $block->escapeUrl($rollbackUrl); ?>';
+    backup.backupUrl = '<?php echo $block->escapeUrl($backupUrl); ?>';
 //]]>
 
 });

app/code/Magento/Catalog/Block/Adminhtml/Product/Attribute/Set/Main.php

@@ -127,7 +127,7 @@ protected function _prepareLayout()
                 'Magento\Backend\Block\Widget\Button',
                 [
                     'label' => __('Delete'),
-                    'onclick' => 'deleteConfirm(\'' . $this->escapeJsQuote(
+                    'onclick' => 'deleteConfirm(\'' . $this->escapeJs(
                         __(
                             'You are about to delete all products in this attribute set. '
                             . 'Are you sure you want to do that?'

app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/attribute/set/main.phtml

@@ -214,7 +214,7 @@
 
                             if( editSet.SystemNodesExists(editSet.currentNode) ) {
                                 alert({
-                                    content: '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote(__('This group contains system attributes. Please move system attributes to another group and try again.')) ?>'
+                                    content: '<?php echo $block->escapeJs(__('This group contains system attributes. Please move system attributes to another group and try again.')) ?>'
                                 });
                                 return;
                             }
@@ -343,7 +343,7 @@
 
                         failure : function(o) {
                             alert({
-                                content: '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote(__('Sorry, we\'re unable to complete this request.')) ?>'
+                                content: '<?php echo $block->escapeJs(__('Sorry, we\'re unable to complete this request.')) ?>'
                             });
                         },
 
@@ -360,7 +360,7 @@
                         rightBeforeAppend : function(tree, nodeThis, node, newParent) {
                             if (node.attributes.is_user_defined == 0) {
                                 alert({
-                                    content: '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote(__('You can\'t remove attributes from this attribute set.')) ?>'
+                                    content: '<?php echo $block->escapeJs(__('You can\'t remove attributes from this attribute set.')) ?>'
                                 });
                                 return false;
                             } else {
@@ -376,7 +376,7 @@
 
                             if (node.attributes.is_unassignable == 0) {
                                 alert({
-                                    content: '<?php /* @escapeNotVerified */ echo $block->escapeJsQuote(__('You can\'t remove attributes from this attribute set.')) ?>'
+                                    content: '<?php echo $block->escapeJs(__('You can\'t remove attributes from this attribute set.')) ?>'
                                 });
                                 return false;
                             } else {