Skip to content

Commit 5119ff8

Browse files
nathanjosiahnathanjosiah
committed
Merge remote-tracking branch 'origin/MAGETWO-56357' into 2.3-develop
2 parents 9d9b5c0 + cd27ead commit 5119ff8

File tree

14 files changed

+182
-182
lines changed

14 files changed

+182
-182
lines changed

app/code/Magento/AdvancedSearch/view/adminhtml/templates/system/config/testconnection.phtml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,10 +6,10 @@
66
// @codingStandardsIgnoreFile
77
?>
88
<button class="scalable" type="button" id="<?= $block->getHtmlId() ?>" data-mage-init='{"testConnection":{
9-
"url": "<?= /* @escapeNotVerified */ $block->getAjaxUrl() ?>",
9+
"url": "<?= $block->escapeUrl($block->getAjaxUrl()) ?>",
1010
"elementId": "<?= $block->getHtmlId() ?>",
11-
"successText": "<?= /* @escapeNotVerified */ __('Successful! Test again?') ?>",
12-
"failedText": "<?= /* @escapeNotVerified */ __('Connection failed! Test again?') ?>",
13-
"fieldMapping": "<?= /* @escapeNotVerified */ $block->getFieldMapping() ?>"}, "validation": {}}'>
11+
"successText": "<?= $block->escapeHtmlAttr(__('Successful! Test again?')) ?>",
12+
"failedText": "<?= $block->escapeHtmlAttr(__('Connection failed! Test again?')) ?>",
13+
"fieldMapping": "<?= /* @noEscape */ $block->getFieldMapping() ?>"}, "validation": {}}'>
1414
<span><span><span id="<?= $block->getHtmlId() ?>_result"><?= $block->escapeHtml($block->getButtonLabel()) ?></span></span></span>
1515
</button>

app/code/Magento/AdvancedSearch/view/frontend/templates/search_data.phtml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,13 +13,13 @@
1313
$data = $block->getItems();
1414
if (count($data)):?>
1515
<dl class="block">
16-
<dt class="title"><?= /* @escapeNotVerified */ __($block->getTitle()) ?></dt>
16+
<dt class="title"><?= $block->escapeHtml(__($block->getTitle())) ?></dt>
1717
<?php foreach ($data as $additionalInfo) : ?>
1818
<dd class="item">
19-
<a href="<?= /* @escapeNotVerified */ $block->getLink($additionalInfo->getQueryText()) ?>"
19+
<a href="<?= $block->escapeUrl($block->getLink($additionalInfo->getQueryText())) ?>"
2020
><?= $block->escapeHtml($additionalInfo->getQueryText()) ?></a>
2121
<?php if ($block->isShowResultsCount()): ?>
22-
<span class="count"><?= /* @escapeNotVerified */ $additionalInfo->getResultsCount() ?></span>
22+
<span class="count"><?= /* @noEscape */ (int)$additionalInfo->getResultsCount() ?></span>
2323
<?php endif; ?>
2424
</dd>
2525
<?php endforeach; ?>

app/code/Magento/CatalogSearch/view/frontend/templates/advanced/form.phtml

Lines changed: 61 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -4,8 +4,7 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
8-
7+
// phpcs:disable Magento2.Templates.ThisInTemplate.FoundThis
98
?>
109
<?php
1110
/**
@@ -14,108 +13,120 @@
1413
* @var $block \Magento\CatalogSearch\Block\Advanced\Form
1514
*/
1615
?>
17-
<?php $maxQueryLength = $this->helper('Magento\CatalogSearch\Helper\Data')->getMaxQueryLength();?>
18-
<form class="form search advanced" action="<?= /* @escapeNotVerified */ $block->getSearchPostUrl() ?>" method="get" id="form-validate">
16+
<?php $maxQueryLength = $this->helper(\Magento\CatalogSearch\Helper\Data::class)->getMaxQueryLength();?>
17+
<form class="form search advanced" action="<?= $block->escapeUrl($block->getSearchPostUrl()) ?>" method="get" id="form-validate">
1918
<fieldset class="fieldset">
20-
<legend class="legend"><span><?= /* @escapeNotVerified */ __('Search Settings') ?></span></legend><br />
21-
<?php foreach ($block->getSearchableAttributes() as $_attribute): ?>
22-
<?php $_code = $_attribute->getAttributeCode() ?>
23-
<div class="field <?= /* @escapeNotVerified */ $_code ?>">
24-
<label class="label" for="<?= /* @escapeNotVerified */ $_code ?>">
19+
<legend class="legend"><span><?= $block->escapeHtml(__('Search Settings')) ?></span></legend><br />
20+
<?php foreach ($block->getSearchableAttributes() as $_attribute) : ?>
21+
<?php $_code = $_attribute->getAttributeCode() ?>
22+
<div class="field <?= $block->escapeHtmlAttr($_code) ?>">
23+
<label class="label" for="<?= $block->escapeHtmlAttr($_code) ?>">
2524
<span><?= $block->escapeHtml(__($block->getAttributeLabel($_attribute))) ?></span>
2625
</label>
2726
<div class="control">
28-
<?php switch ($block->getAttributeInputType($_attribute)):
29-
case 'number': ?>
27+
<?php
28+
switch ($block->getAttributeInputType($_attribute)) :
29+
case 'number':
30+
?>
3031
<div class="range fields group group-2">
3132
<div class="field no-label">
3233
<div class="control">
3334
<input type="text"
34-
name="<?= /* @escapeNotVerified */ $_code ?>[from]"
35+
name="<?= $block->escapeHtmlAttr($_code) ?>[from]"
3536
value="<?= $block->escapeHtml($block->getAttributeValue($_attribute, 'from')) ?>"
36-
id="<?= /* @escapeNotVerified */ $_code ?>"
37+
id="<?= $block->escapeHtmlAttr($_code) ?>"
3738
title="<?= $block->escapeHtml($block->getAttributeLabel($_attribute)) ?>"
3839
class="input-text"
39-
maxlength="<?= /* @escapeNotVerified */ $maxQueryLength ?>"
40-
data-validate="{number:true, 'less-than-equals-to':'#<?= /* @escapeNotVerified */ $_code ?>_to'}" />
40+
maxlength="<?= $block->escapeHtmlAttr($maxQueryLength) ?>"
41+
data-validate="{number:true, 'less-than-equals-to':'#<?= $block->escapeHtmlAttr($_code) ?>_to'}" />
4142
</div>
4243
</div>
4344
<div class="field no-label">
4445
<div class="control">
4546
<input type="text"
46-
name="<?= /* @escapeNotVerified */ $_code ?>[to]"
47+
name="<?= $block->escapeHtmlAttr($_code) ?>[to]"
4748
value="<?= $block->escapeHtml($block->getAttributeValue($_attribute, 'to')) ?>"
48-
id="<?= /* @escapeNotVerified */ $_code ?>_to"
49+
id="<?= $block->escapeHtmlAttr($_code) ?>_to"
4950
title="<?= $block->escapeHtml($block->getAttributeLabel($_attribute)) ?>"
5051
class="input-text"
51-
maxlength="<?= /* @escapeNotVerified */ $maxQueryLength ?>"
52-
data-validate="{number:true, 'greater-than-equals-to':'#<?= /* @escapeNotVerified */ $_code ?>'}" />
52+
maxlength="<?= $block->escapeHtmlAttr($maxQueryLength) ?>"
53+
data-validate="{number:true, 'greater-than-equals-to':'#<?= $block->escapeHtmlAttr($_code) ?>'}" />
5354
</div>
5455
</div>
5556
</div>
56-
<?php break;
57-
case 'price': ?>
57+
<?php
58+
break;
59+
case 'price':
60+
?>
5861
<div class="range price fields group group-2">
5962
<div class="field no-label">
6063
<div class="control">
61-
<input name="<?= /* @escapeNotVerified */ $_code ?>[from]"
64+
<input name="<?= $block->escapeHtmlAttr($_code) ?>[from]"
6265
value="<?= $block->escapeHtml($block->getAttributeValue($_attribute, 'from')) ?>"
63-
id="<?= /* @escapeNotVerified */ $_code ?>"
66+
id="<?= $block->escapeHtmlAttr($_code) ?>"
6467
title="<?= $block->escapeHtml($block->getAttributeLabel($_attribute)) ?>"
6568
class="input-text"
6669
type="text"
67-
maxlength="<?= /* @escapeNotVerified */ $maxQueryLength ?>"
68-
data-validate="{number:true, 'less-than-equals-to':'#<?= /* @escapeNotVerified */ $_code ?>_to'}" />
70+
maxlength="<?= $block->escapeHtmlAttr($maxQueryLength) ?>"
71+
data-validate="{number:true, 'less-than-equals-to':'#<?= $block->escapeHtmlAttr($_code) ?>_to'}" />
6972
</div>
7073
</div>
7174
<div class="field with-addon no-label">
7275
<div class="control">
7376
<div class="addon">
74-
<input name="<?= /* @escapeNotVerified */ $_code ?>[to]"
77+
<input name="<?= $block->escapeHtmlAttr($_code) ?>[to]"
7578
value="<?= $block->escapeHtml($block->getAttributeValue($_attribute, 'to')) ?>"
76-
id="<?= /* @escapeNotVerified */ $_code ?>_to"
79+
id="<?= $block->escapeHtmlAttr($_code) ?>_to"
7780
title="<?= $block->escapeHtml($block->getAttributeLabel($_attribute)) ?>"
7881
class="input-text"
7982
type="text"
80-
maxlength="<?= /* @escapeNotVerified */ $maxQueryLength ?>"
81-
data-validate="{number:true, 'greater-than-equals-to':'#<?= /* @escapeNotVerified */ $_code ?>'}" />
83+
maxlength="<?= $block->escapeHtmlAttr($maxQueryLength) ?>"
84+
data-validate="{number:true, 'greater-than-equals-to':'#<?= $block->escapeHtmlAttr($_code) ?>'}" />
8285
<label class="addafter"
83-
for="<?= /* @escapeNotVerified */ $_code ?>_to">
84-
<?= /* @escapeNotVerified */ $block->getCurrency($_attribute) ?>
86+
for="<?= $block->escapeHtmlAttr($_code) ?>_to">
87+
<?= $block->escapeHtml($block->getCurrency($_attribute)) ?>
8588
</label>
8689
</div>
8790
</div>
8891
</div>
8992
</div>
90-
<?php break;
91-
case 'select': ?>
92-
<?= /* @escapeNotVerified */ $block->getAttributeSelectElement($_attribute) ?>
93-
<?php break;
94-
case 'yesno': ?>
95-
<?= /* @escapeNotVerified */ $block->getAttributeYesNoElement($_attribute) ?>
96-
<?php break;
97-
case 'date': ?>
93+
<?php
94+
break;
95+
case 'select':
96+
?>
97+
<?= /* @noEscape */ $block->getAttributeSelectElement($_attribute) ?>
98+
<?php
99+
break;
100+
case 'yesno':
101+
?>
102+
<?= /* @noEscape */ $block->getAttributeYesNoElement($_attribute) ?>
103+
<?php
104+
break;
105+
case 'date':
106+
?>
98107
<div class="range dates fields group group-2">
99108
<div class="field date no-label">
100109
<div class="control">
101-
<?= /* @escapeNotVerified */ $block->getDateInput($_attribute, 'from') ?>
110+
<?= /* @noEscape */ $block->getDateInput($_attribute, 'from') ?>
102111
</div>
103112
</div>
104113
<div class="field date no-label">
105114
<div class="control">
106-
<?= /* @escapeNotVerified */ $block->getDateInput($_attribute, 'to') ?>
115+
<?= /* @noEscape */ $block->getDateInput($_attribute, 'to') ?>
107116
</div>
108117
</div>
109118
</div>
110-
<?php break;
111-
default: ?>
119+
<?php
120+
break;
121+
default:
122+
?>
112123
<input type="text"
113-
name="<?= /* @escapeNotVerified */ $_code ?>"
114-
id="<?= /* @escapeNotVerified */ $_code ?>"
124+
name="<?= $block->escapeHtmlAttr($_code) ?>"
125+
id="<?= $block->escapeHtmlAttr($_code) ?>"
115126
value="<?= $block->escapeHtml($block->getAttributeValue($_attribute)) ?>"
116127
title="<?= $block->escapeHtml($block->getAttributeLabel($_attribute)) ?>"
117-
class="input-text <?= /* @escapeNotVerified */ $block->getAttributeValidationClass($_attribute) ?>"
118-
maxlength="<?= /* @escapeNotVerified */ $maxQueryLength ?>" />
128+
class="input-text <?= $block->escapeHtmlAttr($block->getAttributeValidationClass($_attribute)) ?>"
129+
maxlength="<?= $block->escapeHtmlAttr($maxQueryLength) ?>" />
119130
<?php endswitch; ?>
120131
</div>
121132
</div>
@@ -126,7 +137,7 @@
126137
<button type="submit"
127138
class="action search primary"
128139
title="<?= $block->escapeHtml(__('Search')) ?>">
129-
<span><?= /* @escapeNotVerified */ __('Search') ?></span>
140+
<span><?= $block->escapeHtml(__('Search')) ?></span>
130141
</button>
131142
</div>
132143
</div>
@@ -147,8 +158,8 @@ require([
147158
}
148159
},
149160
messages: {
150-
'price[to]': {'greater-than-equals-to': '<?= /* @escapeNotVerified */ __('Please enter a valid price range.') ?>'},
151-
'price[from]': {'less-than-equals-to': '<?= /* @escapeNotVerified */ __('Please enter a valid price range.') ?>'}
161+
'price[to]': {'greater-than-equals-to': '<?= $block->escapeJs(__('Please enter a valid price range.')) ?>'},
162+
'price[from]': {'less-than-equals-to': '<?= $block->escapeJs(__('Please enter a valid price range.')) ?>'}
152163
}
153164
});
154165
});

app/code/Magento/CatalogSearch/view/frontend/templates/advanced/link.phtml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,13 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
7+
// phpcs:disable Magento2.Templates.ThisInTemplate.FoundThis
88

99
/** @var \Magento\CatalogSearch\Helper\Data $helper */
10-
$helper = $this->helper('Magento\CatalogSearch\Helper\Data');
10+
$helper = $this->helper(\Magento\CatalogSearch\Helper\Data::class);
1111
?>
1212
<div class="nested">
13-
<a class="action advanced" href="<?= /* @escapeNotVerified */ $helper->getAdvancedSearchUrl() ?>" data-action="advanced-search">
14-
<?= /* @escapeNotVerified */ __('Advanced Search') ?>
13+
<a class="action advanced" href="<?= $block->escapeUrl($helper->getAdvancedSearchUrl()) ?>" data-action="advanced-search">
14+
<?= $block->escapeHtml(__('Advanced Search')) ?>
1515
</a>
1616
</div>

app/code/Magento/CatalogSearch/view/frontend/templates/advanced/result.phtml

Lines changed: 14 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,6 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6-
7-
// @codingStandardsIgnoreFile
8-
96
?>
107
<?php
118
/**
@@ -14,43 +11,43 @@
1411
/** this changes need for valid apply filters and configuration before search process is started */
1512
$productList = $block->getProductListHtml();
1613
?>
17-
<?php if ($results = $block->getResultCount()): ?>
14+
<?php if ($results = $block->getResultCount()) : ?>
1815
<div class="search found">
1916
<?php if ($results == 1) : ?>
20-
<?= /* @escapeNotVerified */ __('<strong>%1 item</strong> were found using the following search criteria', $results) ?>
21-
<?php else: ?>
22-
<?= /* @escapeNotVerified */ __('<strong>%1 items</strong> were found using the following search criteria', $results) ?>
17+
<?= /* @noEscape */ __('<strong>%1 item</strong> were found using the following search criteria', $results) ?>
18+
<?php else : ?>
19+
<?= /* @noEscape */ __('<strong>%1 items</strong> were found using the following search criteria', $results) ?>
2320
<?php endif; ?>
2421
</div>
25-
<?php else: ?>
22+
<?php else : ?>
2623
<div role="alert" class="message error">
2724
<div>
28-
<?= /* @escapeNotVerified */ __('We can\'t find any items matching these search criteria.') ?> <a href="<?= /* @escapeNotVerified */ $block->getFormUrl() ?>"><?= /* @escapeNotVerified */ __('Modify your search.') ?></a>
25+
<?= $block->escapeHtml(__('We can\'t find any items matching these search criteria.')) ?> <a href="<?= $block->escapeUrl($block->getFormUrl()) ?>"><?= $block->escapeHtml(__('Modify your search.')) ?></a>
2926
</div>
3027
</div>
3128
<?php endif; ?>
3229

3330
<?php $searchCriterias = $block->getSearchCriterias(); ?>
3431
<div class="search summary">
35-
<?php foreach (['left', 'right'] as $side): ?>
36-
<?php if (@$searchCriterias[$side]): ?>
32+
<?php foreach (['left', 'right'] as $side) : ?>
33+
<?php if (!empty($searchCriterias[$side])) : ?>
3734
<ul class="items">
38-
<?php foreach ($searchCriterias[$side] as $criteria): ?>
35+
<?php foreach ($searchCriterias[$side] as $criteria) : ?>
3936
<li class="item"><strong><?= $block->escapeHtml(__($criteria['name'])) ?>:</strong> <?= $block->escapeHtml($criteria['value']) ?></li>
4037
<?php endforeach; ?>
4138
</ul>
4239
<?php endif; ?>
4340
<?php endforeach; ?>
4441
</div>
45-
<?php if ($block->getResultCount()): ?>
42+
<?php if ($block->getResultCount()) : ?>
4643
<div class="message notice">
4744
<div>
48-
<?= /* @escapeNotVerified */ __("Don't see what you're looking for?") ?>
49-
<a href="<?= /* @escapeNotVerified */ $block->getFormUrl() ?>"><?= /* @escapeNotVerified */ __('Modify your search.') ?></a>
45+
<?= $block->escapeHtml(__("Don't see what you're looking for?")) ?>
46+
<a href="<?= $block->escapeUrl($block->getFormUrl()) ?>"><?= $block->escapeHtml(__('Modify your search.')) ?></a>
5047
</div>
5148
</div>
5249
<?php endif; ?>
53-
<?php if ($block->getResultCount()): ?>
54-
<div class="search results"><?= /* @escapeNotVerified */ $productList ?></div>
50+
<?php if ($block->getResultCount()) : ?>
51+
<div class="search results"><?= /* @noEscape */ $productList ?></div>
5552
<?php endif; ?>
5653
<?php $block->getSearchCriterias(); ?>

app/code/Magento/CatalogSearch/view/frontend/templates/result.phtml

Lines changed: 13 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -3,34 +3,31 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6-
7-
// @codingStandardsIgnoreFile
8-
96
?>
10-
<?php if ($block->getResultCount()): ?>
11-
<?= $block->getChildHtml('tagged_product_list_rss_link') ?>
7+
<?php if ($block->getResultCount()) : ?>
8+
<?= /* @noEscape */ $block->getChildHtml('tagged_product_list_rss_link') ?>
129
<div class="search results">
13-
<?php if ($messages = $block->getNoteMessages()):?>
10+
<?php if ($messages = $block->getNoteMessages()) : ?>
1411
<div class="message notice">
1512
<div>
16-
<?php foreach ($messages as $message):?>
17-
<?= /* @escapeNotVerified */ $message ?><br />
18-
<?php endforeach;?>
13+
<?php foreach ($messages as $message) : ?>
14+
<?= /* @noEscape */ $message ?><br />
15+
<?php endforeach; ?>
1916
</div>
2017
</div>
2118
<?php endif; ?>
2219
<?= $block->getProductListHtml() ?>
2320
</div>
24-
<?php else: ?>
21+
<?php else : ?>
2522

2623
<div class="message notice">
2724
<div>
28-
<?= /* @escapeNotVerified */ ($block->getNoResultText()) ? $block->getNoResultText() : __('Your search returned no results.') ?>
29-
<?= $block->getAdditionalHtml() ?>
30-
<?php if ($messages = $block->getNoteMessages()):?>
31-
<?php foreach ($messages as $message):?>
32-
<br /><?= /* @escapeNotVerified */ $message ?>
33-
<?php endforeach;?>
25+
<?= $block->escapeHtml($block->getNoResultText() ? $block->getNoResultText() : __('Your search returned no results.')) ?>
26+
<?= /* @noEscape */ $block->getAdditionalHtml() ?>
27+
<?php if ($messages = $block->getNoteMessages()) : ?>
28+
<?php foreach ($messages as $message) : ?>
29+
<br /><?= /* @noEscape */ $message ?>
30+
<?php endforeach; ?>
3431
<?php endif; ?>
3532
</div>
3633
</div>

0 commit comments

Comments
 (0)