Merge remote-tracking branch 'origin/MC-15662' into borg-qwerty-2.3

nathanjosiah · nathanjosiah · commit a1d6f788eaae · 2019-04-22T09:36:59.000-05:00
diff --git a/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml b/app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml
@@ -10,7 +10,7 @@
 <div class="page-create-order">
     <script>
     require(["Magento_Sales/order/create/form"], function(){
-        order.setCurrencySymbol('<?= /* @escapeNotVerified */ $block->getCurrencySymbol($block->getCurrentCurrencyCode()) ?>')
+        order.setCurrencySymbol('<?= $block->escapeJs($block->getCurrencySymbol($block->getCurrentCurrencyCode())) ?>')
     });
 </script>
     <div class="order-details<?php if ($block->getCustomerId()): ?> order-details-existing-customer<?php endif; ?>">
@@ -35,7 +35,7 @@
 
         <section id="order-addresses" class="admin__page-section order-addresses">
             <div class="admin__page-section-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Address Information') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Address Information')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <div id="order-billing_address" class="admin__page-section-item order-billing-address">
@@ -69,11 +69,11 @@
 
         <section class="admin__page-section order-summary">
             <div class="admin__page-section-title">
-                <span class="title"><?= /* @escapeNotVerified */ __('Order Total') ?></span>
+                <span class="title"><?= $block->escapeHtml(__('Order Total')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <fieldset class="admin__fieldset order-history" id="order-comment">
-                    <legend class="admin__legend"><span><?= /* @escapeNotVerified */ __('Order History') ?></span></legend>
+                    <legend class="admin__legend"><span><?= $block->escapeHtml(__('Order History')) ?></span></legend>
                     <br>
                     <?= $block->getChildHtml('comment') ?>
                 </fieldset>
@@ -88,15 +88,15 @@
         <div class="order-sidebar">
             <div class="store-switcher order-currency">
                 <label class="admin__field-label" for="currency_switcher">
-                    <?= /* @escapeNotVerified */ __('Order Currency:') ?>
+                    <?= $block->escapeHtml(__('Order Currency:')) ?>
                 </label>
                 <select id="currency_switcher"
                         class="admin__control-select"
                         name="order[currency]"
                         onchange="order.setCurrencyId(this.value); order.setCurrencySymbol(this.options[this.selectedIndex].getAttribute('symbol'));">
                     <?php foreach ($block->getAvailableCurrencies() as $_code): ?>
-                        <option value="<?= /* @escapeNotVerified */ $_code ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?= /* @escapeNotVerified */ $block->getCurrencySymbol($_code) ?>">
-                            <?= /* @escapeNotVerified */ $block->getCurrencyName($_code) ?>
+                        <option value="<?= $block->escapeHtmlAttr($_code) ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?=$block->escapeHtmlAttr($block->getCurrencySymbol($_code)) ?>">
+                            <?= $block->escapeHtml($block->getCurrencyName($_code)) ?>
                         </option>
                     <?php endforeach; ?>
                 </select>
