Skip to content

Commit 50e7169

Browse files
author
Hwashiang Yu
committed
MAGETWO-98235: Incorrect customer html address template
- Updated personal info and address templates
1 parent e29f4c5 commit 50e7169

File tree

2 files changed

+9
-3
lines changed

2 files changed

+9
-3
lines changed

app/code/Magento/Customer/view/adminhtml/templates/tab/view/personal_info.phtml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,9 @@ $lastLoginDateStore = $block->getStoreLastLoginDate();
1515

1616
$createDateAdmin = $block->getCreateDate();
1717
$createDateStore = $block->getStoreCreateDate();
18+
$allowedAddressHtmlTags = ['abbr', 'b', 'blockquote', 'br', 'code', 'dd', 'del', 'dl', 'dt', 'em',
19+
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'kbd', 'li', 'ol', 'p', 'pre', 's', 'strike',
20+
'strong', 'sub', 'sup', 'ul'];
1821
?>
1922

2023
<div class="fieldset-wrapper customer-information">
@@ -65,7 +68,7 @@ $createDateStore = $block->getStoreCreateDate();
6568
<address>
6669
<strong><?php echo $block->escapeHtml(__('Default Billing Address')) ?></strong>
6770
<br/>
68-
<?php echo $block->getBillingAddressHtml() ?>
71+
<?php echo $block->escapeHtml($block->getBillingAddressHtml(), $allowedAddressHtmlTags) ?>
6972
</address>
7073

7174
</div>

app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ $orderStoreDate = $block->formatDate(
2424
true,
2525
$block->getTimezoneForStore($order->getStore())
2626
);
27+
$allowedAddressHtmlTags = ['abbr', 'b', 'blockquote', 'br', 'code', 'dd', 'del', 'dl', 'dt', 'em',
28+
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'kbd', 'li', 'ol', 'p', 'pre', 's', 'strike',
29+
'strong', 'sub', 'sup', 'ul'];
2730
?>
2831

2932
<section class="admin__page-section order-view-account-information">
@@ -168,7 +171,7 @@ $orderStoreDate = $block->formatDate(
168171
<span class="title"><?php echo $block->escapeHtml(__('Billing Address')) ?></span>
169172
<div class="actions"><?php /* @noEscape */ echo $block->getAddressEditLink($order->getBillingAddress()); ?></div>
170173
</div>
171-
<address class="admin__page-section-item-content"><?php /* @noEscape */ echo $block->getFormattedAddress($order->getBillingAddress()); ?></address>
174+
<address class="admin__page-section-item-content"><?php echo $block->escapeHtml($block->getFormattedAddress($order->getBillingAddress()), $allowedAddressHtmlTags); ?></address>
172175
</div>
173176
<?php if (!$block->getOrder()->getIsVirtual()): ?>
174177
<div class="admin__page-section-item order-shipping-address">
@@ -177,7 +180,7 @@ $orderStoreDate = $block->formatDate(
177180
<span class="title"><?php echo $block->escapeHtml(__('Shipping Address')) ?></span>
178181
<div class="actions"><?php /* @noEscape */ echo $block->getAddressEditLink($order->getShippingAddress()); ?></div>
179182
</div>
180-
<address class="admin__page-section-item-content"><?php /* @noEscape */ echo $block->getFormattedAddress($order->getShippingAddress()); ?></address>
183+
<address class="admin__page-section-item-content"><?php echo $block->escapeHtml($block->getFormattedAddress($order->getShippingAddress()), $allowedAddressHtmlTags); ?></address>
181184
</div>
182185
<?php endif; ?>
183186
</div>

0 commit comments

Comments
 (0)