magento
diff --git a/‎app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php
Lines changed: 20 additions & 0 deletions b/‎app/code/Magento/Sales/Block/Adminhtml/Order/Comments/View.php
Lines changed: 20 additions & 0 deletions
diff --git a/‎app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php
Lines changed: 20 additions & 0 deletions b/‎app/code/Magento/Sales/Block/Adminhtml/Order/View/History.php
Lines changed: 20 additions & 0 deletions
diff --git a/‎app/code/Magento/Sales/Block/Adminhtml/Order/View/Tab/History.php
Lines changed: 11 additions & 2 deletions b/‎app/code/Magento/Sales/Block/Adminhtml/Order/View/Tab/History.php
Lines changed: 11 additions & 2 deletions
diff --git a/‎app/code/Magento/Sales/Block/Adminhtml/Transactions/Detail.php
Lines changed: 12 additions & 1 deletion b/‎app/code/Magento/Sales/Block/Adminhtml/Transactions/Detail.php
Lines changed: 12 additions & 1 deletion
diff --git a/‎app/code/Magento/Sales/Helper/Admin.php
Lines changed: 34 additions & 1 deletion b/‎app/code/Magento/Sales/Helper/Admin.php
Lines changed: 34 additions & 1 deletion
diff --git a/‎app/code/Magento/Sales/Model/Order/Payment.php
Lines changed: 27 additions & 20 deletions b/‎app/code/Magento/Sales/Model/Order/Payment.php
Lines changed: 27 additions & 20 deletions
diff --git a/‎app/code/Magento/Sales/Model/Order/Payment/Transaction.php
Lines changed: 11 additions & 0 deletions b/‎app/code/Magento/Sales/Model/Order/Payment/Transaction.php
Lines changed: 11 additions & 0 deletions
@@ -19,18 +19,26 @@ class View extends \Magento\Backend\Block\Template
      */
     protected $_salesData = null;
 
+    /**
+     * @var \Magento\Sales\Helper\Admin
+     */
+    private $adminHelper;
+
     /**
      * @param \Magento\Backend\Block\Template\Context $context
      * @param \Magento\Sales\Helper\Data $salesData
+     * @param \Magento\Sales\Helper\Admin $adminHelper
      * @param array $data
      */
     public function __construct(
         \Magento\Backend\Block\Template\Context $context,
         \Magento\Sales\Helper\Data $salesData,
+        \Magento\Sales\Helper\Admin $adminHelper,
         array $data = []
     ) {
         $this->_salesData = $salesData;
         parent::__construct($context, $data);
+        $this->adminHelper = $adminHelper;
     }
 
     /**
@@ -96,4 +104,16 @@ public function canSendCommentEmail()
         }
         return true;
     }
+
+    /**
+     * Replace links in string
+     *
+     * @param array|string $data
+     * @param null|array $allowedTags
+     * @return string
+     */
+    public function escapeHtml($data, $allowedTags = null)
+    {
+        return $this->adminHelper->escapeHtmlWithLinks($data, $allowedTags);
+    }
 }
@@ -26,21 +26,29 @@ class History extends \Magento\Backend\Block\Template
      */
     protected $_salesData = null;
 
+    /**
+     * @var \Magento\Sales\Helper\Admin
+     */
+    private $adminHelper;
+
     /**
      * @param \Magento\Backend\Block\Template\Context $context
      * @param \Magento\Sales\Helper\Data $salesData
      * @param \Magento\Framework\Registry $registry
+     * @param \Magento\Sales\Helper\Admin $adminHelper
      * @param array $data
      */
     public function __construct(
         \Magento\Backend\Block\Template\Context $context,
         \Magento\Sales\Helper\Data $salesData,
         \Magento\Framework\Registry $registry,
+        \Magento\Sales\Helper\Admin $adminHelper,
         array $data = []
     ) {
         $this->_coreRegistry = $registry;
         $this->_salesData = $salesData;
         parent::__construct($context, $data);
+        $this->adminHelper = $adminHelper;
     }
 
     /**
@@ -122,4 +130,16 @@ public function isCustomerNotificationNotApplicable(\Magento\Sales\Model\Order\S
     {
         return $history->isCustomerNotificationNotApplicable();
     }
+
+    /**
+     * Replace links in string
+     *
+     * @param array|string $data
+     * @param null|array $allowedTags
+     * @return string
+     */
+    public function escapeHtml($data, $allowedTags = null)
+    {
+        return $this->adminHelper->escapeHtmlWithLinks($data, $allowedTags);
+    }
 }
@@ -26,18 +26,26 @@ class History extends \Magento\Backend\Block\Template implements \Magento\Backen
      */
     protected $_coreRegistry = null;
 
+    /**
+     * @var \Magento\Sales\Helper\Admin
+     */
+    private $adminHelper;
+
     /**
      * @param \Magento\Backend\Block\Template\Context $context
      * @param \Magento\Framework\Registry $registry
+     * @param \Magento\Sales\Helper\Admin $adminHelper
      * @param array $data
      */
     public function __construct(
         \Magento\Backend\Block\Template\Context $context,
         \Magento\Framework\Registry $registry,
+        \Magento\Sales\Helper\Admin $adminHelper,
         array $data = []
     ) {
         $this->_coreRegistry = $registry;
         parent::__construct($context, $data);
+        $this->adminHelper = $adminHelper;
     }
 
     /**
@@ -192,8 +200,9 @@ public function isItemNotified(array $item, $isSimpleCheck = true)
      */
     public function getItemComment(array $item)
     {
-        $allowedTags = ['b', 'br', 'strong', 'i', 'u'];
-        return isset($item['comment']) ? $this->escapeHtml($item['comment'], $allowedTags) : '';
+        $allowedTags = ['b', 'br', 'strong', 'i', 'u', 'a'];
+        return isset($item['comment'])
+            ? $this->adminHelper->escapeHtmlWithLinks($item['comment'], $allowedTags) : '';
     }
 
     /**
 
@@ -26,17 +26,25 @@ class Detail extends \Magento\Backend\Block\Widget\Container
      */
     protected $_coreRegistry = null;
 
+    /**
+     * @var \Magento\Sales\Helper\Admin
+     */
+    private $adminHelper;
+
     /**
      * @param \Magento\Backend\Block\Widget\Context $context
      * @param \Magento\Framework\Registry $registry
+     * @param \Magento\Sales\Helper\Admin $adminHelper
      * @param array $data
      */
     public function __construct(
         \Magento\Backend\Block\Widget\Context $context,
         \Magento\Framework\Registry $registry,
+        \Magento\Sales\Helper\Admin $adminHelper,
         array $data = []
     ) {
         $this->_coreRegistry = $registry;
+        $this->adminHelper = $adminHelper;
         parent::__construct($context, $data);
     }
 
@@ -97,7 +105,10 @@ public function getHeaderText()
      */
     protected function _toHtml()
     {
-        $this->setTxnIdHtml($this->escapeHtml($this->_txn->getTxnId()));
+        $this->setTxnIdHtml($this->adminHelper->escapeHtmlWithLinks(
+            $this->_txn->getHtmlTxnId(),
+            ['a']
+        ));
 
         $this->setParentTxnIdUrlHtml(
             $this->escapeHtml($this->getUrl('sales/transactions/view', ['txn_id' => $this->_txn->getParentId()]))
 
@@ -22,21 +22,29 @@ class Admin extends \Magento\Framework\App\Helper\AbstractHelper
      */
     protected $priceCurrency;
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    protected $escaper;
+
     /**
      * @param \Magento\Framework\App\Helper\Context $context
      * @param \Magento\Store\Model\StoreManagerInterface $storeManager
      * @param \Magento\Sales\Model\Config $salesConfig
      * @param \Magento\Framework\Pricing\PriceCurrencyInterface $priceCurrency
+     * @param \Magento\Framework\Escaper $escaper
      */
     public function __construct(
         \Magento\Framework\App\Helper\Context $context,
         \Magento\Store\Model\StoreManagerInterface $storeManager,
         \Magento\Sales\Model\Config $salesConfig,
-        \Magento\Framework\Pricing\PriceCurrencyInterface $priceCurrency
+        \Magento\Framework\Pricing\PriceCurrencyInterface $priceCurrency,
+        \Magento\Framework\Escaper $escaper
     ) {
         $this->priceCurrency = $priceCurrency;
         $this->_storeManager = $storeManager;
         $this->_salesConfig = $salesConfig;
+        $this->escaper = $escaper;
         parent::__construct($context);
     }
 
@@ -127,4 +135,29 @@ public function applySalableProductTypesFilter($collection)
         }
         return $collection;
     }
+
+    /**
+     * Escape string preserving links
+     *
+     * @param string $data
+     * @param null|array $allowedTags
+     * @return string
+     */
+    public function escapeHtmlWithLinks($data, $allowedTags = null)
+    {
+        if (!empty($data) && is_array($allowedTags) && in_array('a', $allowedTags)) {
+            $links = [];
+            $i = 1;
+            $data = str_replace('%', '%%', $data);
+            $regexp = '@(<a[^>]*>(?:[^<]|<[^/]|</[^a]|</a[^>])*</a>)@';
+            while (preg_match($regexp, $data, $matches)) {
+                $links[] = $matches[1];
+                $data = str_replace($matches[1], '%' . $i . '$s', $data);
+                ++$i;
+            }
+            $data = $this->escaper->escapeHtml($data, $allowedTags);
+            return vsprintf($data, $links);
+        }
+        return $this->escaper->escapeHtml($data, $allowedTags);
+    }
 }
@@ -948,28 +948,31 @@ public function accept()
     /**
      * Accept order with payment method instance
      *
+     * @param bool $isOnline
      * @return $this
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
-    public function deny()
+    public function deny($isOnline = true)
     {
-        $transactionId = $this->getLastTransId();
+        $transactionId = $isOnline ? $this->getLastTransId() : $this->getTransactionId();
 
-        /** @var \Magento\Payment\Model\Method\AbstractMethod $method */
-        $method = $this->getMethodInstance();
-        $method->setStore(
-            $this->getOrder()->getStoreId()
-        );
-        if ($method->denyPayment($this)) {
+        $result = $isOnline ?
+            $this->getMethodInstance()->setStore($this->getOrder()->getStoreId())->denyPayment($this) :
+            (bool)$this->getNotificationResult();
+
+        if ($result) {
             $invoice = $this->_getInvoiceForTransactionId($transactionId);
             $message = $this->_appendTransactionToMessage(
                 $transactionId,
                 $this->_prependMessage(__('Denied the payment online'))
             );
             $this->cancelInvoiceAndRegisterCancellation($invoice, $message);
         } else {
+            $txt = $isOnline ?
+                'There is no need to deny this payment.' : 'Registered notification about denied payment.';
             $message = $this->_appendTransactionToMessage(
                 $transactionId,
-                $this->_prependMessage(__('There is no need to deny this payment.'))
+                $this->_prependMessage(__($txt))
             );
             $this->setOrderStatePaymentReview($message, $transactionId);
         }
@@ -979,17 +982,21 @@ public function deny()
     /**
      * Performs registered payment update.
      *
-     * @throws \Magento\Framework\Exception\LocalizedException
+     * @param bool $isOnline
      * @return $this
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
-    public function update()
+    public function update($isOnline = true)
     {
-        $transactionId = $this->getLastTransId();
+        $transactionId = $isOnline ? $this->getLastTransId() : $this->getTransactionId();
         $invoice = $this->_getInvoiceForTransactionId($transactionId);
 
-        $method = $this->getMethodInstance();
-        $method->setStore($this->getOrder()->getStoreId());
-        $method->fetchTransactionInfo($this, $transactionId);
+        
+        if ($isOnline) {
+            $method = $this->getMethodInstance();
+            $method->setStore($this->getOrder()->getStoreId());
+            $method->fetchTransactionInfo($this, $transactionId);
+        }
 
         if ($this->getIsTransactionApproved()) {
             $message = $this->_appendTransactionToMessage(
@@ -1443,7 +1450,7 @@ protected function _isTransactionExists($txnId = null)
     protected function _appendTransactionToMessage($transaction, $message)
     {
         if ($transaction) {
-            $txnId = is_object($transaction) ? $transaction->getTxnId() : $transaction;
+            $txnId = is_object($transaction) ? $transaction->getHtmlTxnId() : $transaction;
             $message .= ' ' . __('Transaction ID: "%1"', $txnId);
         }
         return $message;
@@ -1463,8 +1470,8 @@ protected function _prependMessage($messagePrependTo)
             if (is_string($preparedMessage)) {
                 return $preparedMessage . ' ' . $messagePrependTo;
             } elseif (is_object(
-                $preparedMessage
-            ) && $preparedMessage instanceof \Magento\Sales\Model\Order\Status\History
+                    $preparedMessage
+                ) && $preparedMessage instanceof \Magento\Sales\Model\Order\Status\History
             ) {
                 $comment = $preparedMessage->getComment() . ' ' . $messagePrependTo;
                 $preparedMessage->setComment($comment);
@@ -1688,8 +1695,8 @@ protected function _getInvoiceForTransactionId($transactionId)
         }
         foreach ($this->getOrder()->getInvoiceCollection() as $invoice) {
             if ($invoice->getState() == \Magento\Sales\Model\Order\Invoice::STATE_OPEN && $invoice->load(
-                $invoice->getId()
-            )
+                    $invoice->getId()
+                )
             ) {
                 $invoice->setTransactionId($transactionId);
                 return $invoice;
 
@@ -980,6 +980,17 @@ public function getTxnId()
         return $this->getData(TransactionInterface::TXN_ID);
     }
 
+    /**
+     * Get HTML format for transaction id
+     *
+     * @return string
+     */
+    public function getHtmlTxnId()
+    {
+        $this->_eventManager->dispatch($this->_eventPrefix . '_html_txn_id', $this->_getEventData());
+        return isset($this->_data['html_txn_id']) ? $this->_data['html_txn_id'] : $this->getTxnId();
+    }
+
     /**
      * Returns parent_txn_id
      *