@@ -11,20 +11,20 @@ use Magento\Framework\App\TemplateTypesInterface;
11
11
/** @var $block \Magento\Email\Block\Adminhtml\Template\Edit */
12
12
?>
13
13
<?php if (!$ block ->getEditMode ()): ?>
14
- <form action="<?php /* @escapeNotVerified */ echo $ block ->getLoadUrl () ?> " method="post" id="email_template_load_form">
14
+ <form action="<?php echo $ block ->escapeUrl ( $ block -> getLoadUrl () ) ?> " method="post" id="email_template_load_form">
15
15
<?php echo $ block ->getBlockHtml ('formkey ' )?>
16
16
<fieldset class="admin__fieldset form-inline">
17
- <legend class="admin__legend"><span><?php /* @escapeNotVerified */ echo __ ('Load default template ' ) ?> </span></legend><br>
17
+ <legend class="admin__legend"><span><?php echo $ block -> escapeHtml ( __ ('Load default template ' ) ) ?> </span></legend><br>
18
18
<div class="admin__field">
19
- <label class="admin__field-label" for="template_select"><?php /* @escapeNotVerified */ echo __ ('Template ' ) ?> </label>
19
+ <label class="admin__field-label" for="template_select"><?php echo $ block -> escapeHtml ( __ ('Template ' ) ) ?> </label>
20
20
<div class="admin__field-control">
21
21
<select id="template_select" name="code" class="admin__control-select required-entry">
22
22
<?php foreach ($ block ->getTemplateOptions () as $ group => $ options ): ?>
23
23
<?php if ($ group ): ?>
24
- <optgroup label="<?php echo $ block ->escapeHtml ($ group ) ?> ">
24
+ <optgroup label="<?php echo $ block ->escapeHtmlAttr ($ group ) ?> ">
25
25
<?php endif ; ?>
26
26
<?php foreach ($ options as $ option ): ?>
27
- <option value="<?php echo $ block ->escapeHtml ($ option ['value ' ]) ?> "<?php /* @escapeNotVerified */ echo $ block ->getOrigTemplateCode () == $ option ['value ' ] ? ' selected="selected" ' : '' ?> ><?php echo $ block ->escapeHtml ($ option ['label ' ]) ?> </option>
27
+ <option value="<?php echo $ block ->escapeHtmlAttr ($ option ['value ' ]) ?> "<?php /* @noEscape */ echo $ block ->getOrigTemplateCode () == $ option ['value ' ] ? ' selected="selected" ' : '' ?> ><?php echo $ block ->escapeHtml ($ option ['label ' ]) ?> </option>
28
28
<?php endforeach ; ?>
29
29
<?php if ($ group ): ?>
30
30
</optgroup>
@@ -36,24 +36,24 @@ use Magento\Framework\App\TemplateTypesInterface;
36
36
<div class="admin__field required">
37
37
<span class="admin__field-label"></span>
38
38
<div class="admin__field-control">
39
- <?php echo $ block ->getLoadButtonHtml () ?>
39
+ <?php /* @noEscape */ echo $ block ->getLoadButtonHtml () ?>
40
40
</div>
41
41
</div>
42
42
</fieldset>
43
43
</form>
44
44
<?php endif ?>
45
45
46
- <form action="<?php /* @escapeNotVerified */ echo $ block ->getSaveUrl () ?> " method="post" id="email_template_edit_form">
47
- <?php echo $ block ->getBlockHtml ('formkey ' )?>
46
+ <form action="<?php echo $ block ->escapeUrl ( $ block -> getSaveUrl () ) ?> " method="post" id="email_template_edit_form">
47
+ <?php /* @noEscape */ echo $ block ->getBlockHtml ('formkey ' )?>
48
48
<input type="hidden" id="change_flag_element" name="_change_type_flag" value="" />
49
- <input type="hidden" id="orig_template_code" name="orig_template_code" value="<?php /* @escapeNotVerified */ echo $ block ->getOrigTemplateCode () ?> " />
50
- <?php echo $ block ->getFormHtml () ?>
49
+ <input type="hidden" id="orig_template_code" name="orig_template_code" value="<?php echo $ block ->escapeHtmlAttr ( $ block -> getOrigTemplateCode () ) ?> " />
50
+ <?php /* @noEscape */ echo $ block ->getFormHtml () ?>
51
51
</form>
52
52
53
- <form action="<?php /* @escapeNotVerified */ echo $ block ->getPreviewUrl () ?> " method="post" id="email_template_preview_form" target="_blank">
54
- <?php echo $ block ->getBlockHtml ('formkey ' )?>
53
+ <form action="<?php echo $ block ->escapeUrl ( $ block -> getPreviewUrl () ) ?> " method="post" id="email_template_preview_form" target="_blank">
54
+ <?php /* @noEscape */ echo $ block ->getBlockHtml ('formkey ' )?>
55
55
<div class="no-display">
56
- <input type="hidden" id="preview_type" name="type" value="<?php /* @escapeNotVerified */ echo $ block ->isTextType () ? 1 : 2 ?> " />
56
+ <input type="hidden" id="preview_type" name="type" value="<?php /* @noEscape */ echo $ block ->isTextType () ? 1 : 2 ?> " />
57
57
<input type="hidden" id="preview_text" name="text" value="" />
58
58
<input type="hidden" id="preview_styles" name="styles" value="" />
59
59
</div>
@@ -93,7 +93,7 @@ require([
93
93
94
94
this.bindEvents();
95
95
96
- this.renderPaths(<?php /* @escapeNotVerified */ echo $ block ->getCurrentlyUsedForPaths (); ?> , 'currently_used_for');
96
+ this.renderPaths(<?php /* @noEscape */ echo $ block ->getCurrentlyUsedForPaths (); ?> , 'currently_used_for');
97
97
},
98
98
99
99
bindEvents: function(){
@@ -115,7 +115,7 @@ require([
115
115
},
116
116
117
117
stripTags: function () {
118
- if(!window.confirm("<?php /* @escapeNotVerified */ echo __ ('Are you sure you want to strip tags? ' ) ?> ")) {
118
+ if(!window.confirm("<?php echo $ block -> escapeJs ( $ block -> escapeHtml ( __ ('Are you sure you want to strip tags? ' )) ) ?> ")) {
119
119
return false;
120
120
}
121
121
this.unconvertedText = $('template_text').value;
@@ -146,9 +146,9 @@ require([
146
146
},
147
147
preview: function() {
148
148
if (this.typeChange) {
149
- $('preview_type').value = <?php /* @escapeNotVerified */ echo TemplateTypesInterface::TYPE_TEXT ?> ;
149
+ $('preview_type').value = <?php /* @noEscape */ echo TemplateTypesInterface::TYPE_TEXT ?> ;
150
150
} else {
151
- $('preview_type').value = <?php /* @escapeNotVerified */ echo $ block ->getTemplateType () ?> ;
151
+ $('preview_type').value = <?php echo ( int ) $ block ->getTemplateType () ?> ;
152
152
}
153
153
if (typeof tinyMCE == 'undefined' || !tinyMCE.getInstanceById('template_text')) {
154
154
$('preview_text').value = $('template_text').value;
@@ -166,8 +166,8 @@ require([
166
166
},
167
167
168
168
deleteTemplate: function() {
169
- if(window.confirm("<?php /* @escapeNotVerified */ echo __ ('Are you sure you want to delete this template? ' ) ?> ")) {
170
- window.location.href = '<?php /* @escapeNotVerified */ echo $ block ->getDeleteUrl () ?> ';
169
+ if(window.confirm("<?php echo $ block -> escapeJs ( $ block -> escapeHtml ( __ ('Are you sure you want to delete this template? ' )) ) ?> ")) {
170
+ window.location.href = '<?php echo $ block ->escapeJs ( $ block -> escapeUrl ( $ block -> getDeleteUrl ()) ) ?> ';
171
171
}
172
172
},
173
173
@@ -212,7 +212,7 @@ require([
212
212
}.bind(this));
213
213
} else {
214
214
alert({
215
- content: '<?php /* @escapeNotVerified */ echo __ ('The template did not load. Please review the log for details. ' ) ?> '
215
+ content: '<?php echo $ block -> escapeJs ( $ block -> escapeHtml ( __ ('The template did not load. Please review the log for details. ' )) ) ?> '
216
216
});
217
217
}
218
218
}.bind(this)
0 commit comments