Skip to content

Commit aab079d

Browse files
Merge branch '2.3-develop' into 2.3.3-develop
# Conflicts: # app/code/Magento/Catalog/Ui/Component/ColumnFactory.php # app/code/Magento/Catalog/Ui/DataProvider/Product/Form/Modifier/Eav.php # app/code/Magento/Catalog/etc/acl.xml # app/code/Magento/CatalogImportExport/Model/Import/Product.php # app/code/Magento/CatalogImportExport/Test/Mftf/ActionGroup/AdminExportActionGroup.xml # app/code/Magento/Cms/Test/Unit/Ui/Component/Listing/Column/BlockActionsTest.php # app/code/Magento/Cms/etc/di.xml # app/code/Magento/CurrencySymbol/view/adminhtml/templates/system/currency/rate/matrix.phtml # app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/PreviewTest.php # app/code/Magento/Store/composer.json # app/code/Magento/Translation/Model/Inline/Parser.php # app/code/Magento/Ui/Component/Form/Element/AbstractOptionsField.php # composer.lock # dev/tests/integration/testsuite/Magento/CatalogImportExport/Model/Import/ProductTest.php # lib/internal/Magento/Framework/Escaper.php # lib/internal/Magento/Framework/Image/Adapter/AbstractAdapter.php
2 parents 743c7c7 + 7ffabd0 commit aab079d

File tree

1,933 files changed

+94123
-25598
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

1,933 files changed

+94123
-25598
lines changed

.github/CONTRIBUTING.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@ The Magento 2 development team or community maintainers will review all issues a
1111
During the review we might require clarifications from the contributor.
1212
If there is no response from the contributor within two weeks, the pull request will be closed.
1313

14-
For more detialed information on contribution please read our [beginners guide](https://github.com/magento/magento2/wiki/Getting-Started).
14+
For more detailed information on contribution please read our [beginners guide](https://github.com/magento/magento2/wiki/Getting-Started).
1515

1616
## Contribution requirements
1717

CHANGELOG.md

Lines changed: 612 additions & 0 deletions
Large diffs are not rendered by default.

app/code/Magento/AdminNotification/Model/Feed.php

Lines changed: 20 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,8 @@
55
*/
66
namespace Magento\AdminNotification\Model;
77

8+
use Magento\Framework\Escaper;
9+
use Magento\Framework\App\ObjectManager;
810
use Magento\Framework\Config\ConfigOptionsListConstants;
911

1012
/**
@@ -25,6 +27,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
2527

2628
const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
2729

30+
/**
31+
* @var Escaper
32+
*/
33+
private $escaper;
34+
2835
/**
2936
* Feed url
3037
*
@@ -77,6 +84,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
7784
* @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
7885
* @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
7986
* @param array $data
87+
* @param Escaper|null $escaper
8088
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
8189
*/
8290
public function __construct(
@@ -90,21 +98,26 @@ public function __construct(
9098
\Magento\Framework\UrlInterface $urlBuilder,
9199
\Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
92100
\Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
93-
array $data = []
101+
array $data = [],
102+
Escaper $escaper = null
94103
) {
95104
parent::__construct($context, $registry, $resource, $resourceCollection, $data);
96-
$this->_backendConfig = $backendConfig;
97-
$this->_inboxFactory = $inboxFactory;
98-
$this->curlFactory = $curlFactory;
105+
$this->_backendConfig = $backendConfig;
106+
$this->_inboxFactory = $inboxFactory;
107+
$this->curlFactory = $curlFactory;
99108
$this->_deploymentConfig = $deploymentConfig;
100-
$this->productMetadata = $productMetadata;
101-
$this->urlBuilder = $urlBuilder;
109+
$this->productMetadata = $productMetadata;
110+
$this->urlBuilder = $urlBuilder;
111+
$this->escaper = $escaper ?? ObjectManager::getInstance()->get(
112+
Escaper::class
113+
);
102114
}
103115

104116
/**
105117
* Init model
106118
*
107119
* @return void
120+
* phpcs:disable Magento2.CodeAnalysis.EmptyBlock
108121
*/
109122
protected function _construct()
110123
{
@@ -252,6 +265,6 @@ public function getFeedXml()
252265
*/
253266
private function escapeString(\SimpleXMLElement $data)
254267
{
255-
return htmlspecialchars((string)$data);
268+
return $this->escaper->escapeHtml((string)$data);
256269
}
257270
}

app/code/Magento/AdminNotification/composer.json

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,8 @@
1111
"magento/module-backend": "*",
1212
"magento/module-media-storage": "*",
1313
"magento/module-store": "*",
14-
"magento/module-ui": "*"
14+
"magento/module-ui": "*",
15+
"magento/module-config": "*"
1516
},
1617
"type": "magento2-module",
1718
"license": [

app/code/Magento/AdminNotification/view/adminhtml/templates/notification/window.phtml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,6 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
8-
9-
?>
10-
<?php
117
/**
128
* @see \Magento\AdminNotification\Block\Window
139
*/
@@ -19,11 +15,13 @@
1915
"autoOpen": true,
2016
"buttons": false,
2117
"modalClass": "modal-system-messages",
22-
"title": "<?= /* @escapeNotVerified */ $block->getHeaderText() ?>"
18+
"title": "<?= $block->escapeHtmlAttr($block->getHeaderText()) ?>"
2319
}
2420
}'>
2521
<li class="message message-warning warning">
26-
<?= /* @escapeNotVerified */ $block->getNoticeMessageText() ?><br/>
27-
<a href="<?= /* @escapeNotVerified */ $block->getNoticeMessageUrl() ?>"><?= /* @escapeNotVerified */ $block->getReadDetailsText() ?></a>
22+
<?= $block->escapeHtml($block->getNoticeMessageText()) ?><br/>
23+
<a href="<?= $block->escapeUrl($block->getNoticeMessageUrl()) ?>">
24+
<?= $block->escapeHtml($block->getReadDetailsText()) ?>
25+
</a>
2826
</li>
2927
</ul>

app/code/Magento/AdminNotification/view/adminhtml/templates/system/messages.phtml

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -4,41 +4,41 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
8-
7+
/** @var $block \Magento\AdminNotification\Block\System\Messages */
98
?>
10-
<?php /** @var $block \Magento\AdminNotification\Block\System\Messages */ ?>
119

1210
<?php $lastCritical = $block->getLastCritical();?>
13-
<div id="system_messages" class="message-system<?php if ($lastCritical): ?> message-system-unread<?php endif; ?>">
11+
<div id="system_messages"
12+
class="message-system<?php if ($lastCritical) : ?>
13+
message-system-unread<?php endif; ?>">
1414
<div class="message-system-inner">
15-
<?php if ($lastCritical): ?>
15+
<?php if ($lastCritical) : ?>
1616
<ul class="message-system-list">
1717
<li class="message message-warning error">
18-
<?= /* @escapeNotVerified */ $lastCritical->getText() ?>
18+
<?= $block->escapeHtml($lastCritical->getText()) ?>
1919
</li>
2020
</ul>
2121
<?php endif; ?>
2222
<div class="message-system-short">
2323
<span class="message-system-short-label">
24-
<?= /* @escapeNotVerified */ __('System Messages:') ?>
24+
<?= $block->escapeHtml(__('System Messages:')) ?>
2525
</span>
2626

27-
<?php if ($block->getCriticalCount()): ?>
27+
<?php if ($block->getCriticalCount()) : ?>
2828
<div class="message message-warning error">
2929
<a class="message-link" href="#" title="<?= $block->escapeHtml(__('Critical System Messages')) ?>">
30-
<?= /* @escapeNotVerified */ $block->getCriticalCount() ?>
30+
<?= (int) $block->getCriticalCount() ?>
3131
</a>
3232
</div>
33-
<?php endif;?>
33+
<?php endif; ?>
3434

35-
<?php if ($block->getMajorCount()): ?>
35+
<?php if ($block->getMajorCount()) : ?>
3636
<div class="message message-warning warning">
3737
<a class="message-link" href="#" title="<?= $block->escapeHtml(__('Major System Messages')) ?>">
38-
<?= /* @escapeNotVerified */ $block->getMajorCount() ?>
38+
<?= (int) $block->getMajorCount() ?>
3939
</a>
4040
</div>
41-
<?php endif;?>
41+
<?php endif; ?>
4242
</div>
4343
<div id="message-system-all" title="<?= $block->escapeHtml(__('System messages')) ?>" data-mage-init='<?= $block->escapeHtml($block->getSystemMessageDialogJson()) ?>'></div>
4444
</div>

app/code/Magento/AdminNotification/view/adminhtml/templates/system/messages/popup.phtml

Lines changed: 6 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,15 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
8-
7+
/** @var $block \Magento\AdminNotification\Block\System\Messages\UnreadMessagePopup */
98
?>
10-
<?php /** @var $block \Magento\AdminNotification\Block\System\Messages\UnreadMessagePopup */ ?>
119

12-
<div style="display:none" id="system_messages_list" data-role="system_messages_list" title="<?= $block->escapeHtml($block->getPopupTitle()) ?>">
10+
<div style="display:none" id="system_messages_list" data-role="system_messages_list"
11+
title="<?= $block->escapeHtmlAttr($block->getPopupTitle()) ?>">
1312
<ul class="message-system-list messages">
14-
<?php foreach ($block->getUnreadMessages() as $message): ?>
15-
<li class="message message-warning <?= /* @escapeNotVerified */ $block->getItemClass($message) ?>">
16-
<?= /* @escapeNotVerified */ $message->getText() ?>
13+
<?php foreach ($block->getUnreadMessages() as $message) : ?>
14+
<li class="message message-warning <?= $block->escapeHtmlAttr($block->getItemClass($message)) ?>">
15+
<?= $block->escapeHtml($message->getText()) ?>
1716
</li>
1817
<?php endforeach;?>
1918
</ul>

app/code/Magento/AdminNotification/view/adminhtml/templates/toolbar_entry.phtml

Lines changed: 44 additions & 47 deletions
Original file line numberDiff line numberDiff line change
@@ -4,81 +4,78 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
// @codingStandardsIgnoreFile
7+
/** @var $this \Magento\AdminNotification\Block\ToolbarEntry */
88

9-
?>
10-
<?php /** @var $this \Magento\AdminNotification\Block\ToolbarEntry */ ?>
11-
<?php
129
$notificationCount = $block->getUnreadNotificationCount();
1310
$notificationCounterMax = $block->getNotificationCounterMax();
1411
?>
1512
<div
1613
data-mage-init='{"toolbarEntry": {}}'
1714
class="notifications-wrapper admin__action-dropdown-wrap"
18-
data-notification-count="<?= /* @escapeNotVerified */ $notificationCount ?>">
15+
data-notification-count="<?= (int)$notificationCount ?>">
1916
<?php if ($notificationCount > 0) : ?>
2017
<a
21-
href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/notification/index') ?>"
18+
href="<?= $block->escapeUrl($block->getUrl('adminhtml/notification/index')) ?>"
2219
class="notifications-action admin__action-dropdown"
2320
data-mage-init='{"dropdown":{}}'
24-
title="<?= /* @escapeNotVerified */ __('Notifications') ?>"
21+
title="<?= $block->escapeHtmlAttr(__('Notifications')) ?>"
2522
data-toggle="dropdown">
2623
<span class="notifications-counter">
27-
<?= /* @escapeNotVerified */ ($notificationCount > $notificationCounterMax) ? $notificationCounterMax . '+' : $notificationCount ?>
24+
<?= /* @noEscape */ ($notificationCount > $notificationCounterMax) ? (int)$notificationCounterMax . '+' : (int)$notificationCount ?>
2825
</span>
2926
</a>
3027
<ul
3128
class="admin__action-dropdown-menu"
32-
data-mark-as-read-url="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/notification/ajaxMarkAsRead') ?>">
29+
data-mark-as-read-url="<?= $block->escapeUrl($block->getUrl('adminhtml/notification/ajaxMarkAsRead')) ?>">
3330
<?php foreach ($block->getLatestUnreadNotifications() as $notification) : ?>
34-
<?php /** @var $notification \Magento\AdminNotification\Model\Inbox*/ ?>
35-
<li class="notifications-entry<?php if ($notification->getSeverity() == 1): ?> notifications-critical<?php endif; ?>"
36-
data-notification-id="<?= /* @escapeNotVerified */ $notification->getId() ?>"
37-
data-notification-severity="<?php if ($notification->getSeverity() == 1): ?>1<?php endif; ?>">
38-
<?php
39-
$notificationDescription = $block->escapeHtml($notification->getDescription());
40-
$notificationDescriptionLength = $block->getNotificationDescriptionLength();
41-
?>
42-
<strong class="notifications-entry-title">
43-
<?= $block->escapeHtml($notification->getTitle()) ?>
44-
</strong>
45-
<?php if (strlen($notificationDescription) > $notificationDescriptionLength) : ?>
46-
<p class="notifications-entry-description _cutted">
47-
<span class="notifications-entry-description-start">
48-
<?= /* @escapeNotVerified */ substr($notificationDescription, 0, $notificationDescriptionLength) ?>
49-
</span>
50-
<span class="notifications-entry-description-end">
51-
<?= /* @escapeNotVerified */ substr($notificationDescription, $notificationDescriptionLength) ?>
52-
</span>
53-
</p>
54-
<?php else : ?>
55-
<p class="notifications-entry-description">
56-
<?= /* @escapeNotVerified */ $notificationDescription ?>
57-
</p>
58-
<?php endif; ?>
59-
<time class="notifications-entry-time">
60-
<?= /* @escapeNotVerified */ $block->formatNotificationDate($notification->getDateAdded()) ?>
61-
</time>
62-
<button
63-
type="button"
64-
class="notifications-close"
65-
title="<?= /* @escapeNotVerified */ __('Close') ?>"
66-
></button>
67-
</li>
31+
<?php /** @var $notification \Magento\AdminNotification\Model\Inbox */ ?>
32+
<li class="notifications-entry<?php if ($notification->getSeverity() == 1) : ?> notifications-critical<?php endif; ?>"
33+
data-notification-id="<?= $block->escapeHtmlAttr($notification->getId()) ?>"
34+
data-notification-severity="<?php if ($notification->getSeverity() == 1) : ?>1<?php endif; ?>">
35+
<?php
36+
$notificationDescription = $notification->getDescription();
37+
$notificationDescriptionLength = $block->getNotificationDescriptionLength();
38+
?>
39+
<strong class="notifications-entry-title">
40+
<?= $block->escapeHtml($notification->getTitle()) ?>
41+
</strong>
42+
<?php if (strlen($notificationDescription) > $notificationDescriptionLength) : ?>
43+
<p class="notifications-entry-description _cutted">
44+
<span class="notifications-entry-description-start">
45+
<?= $block->escapeHtml(substr($notificationDescription, 0, $notificationDescriptionLength)) ?>
46+
</span>
47+
<span class="notifications-entry-description-end">
48+
<?= $block->escapeHtml(substr($notificationDescription, $notificationDescriptionLength)) ?>
49+
</span>
50+
</p>
51+
<?php else : ?>
52+
<p class="notifications-entry-description">
53+
<?= $block->escapeHtml($notificationDescription) ?>
54+
</p>
55+
<?php endif; ?>
56+
<time class="notifications-entry-time">
57+
<?= $block->escapeHtml($block->formatNotificationDate($notification->getDateAdded())) ?>
58+
</time>
59+
<button
60+
type="button"
61+
class="notifications-close"
62+
title="<?= $block->escapeHtmlAttr(__('Close')) ?>"
63+
></button>
64+
</li>
6865
<?php endforeach; ?>
6966
<li class="notifications-entry notifications-entry-last">
7067
<a
71-
href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/notification/index') ?>"
68+
href="<?= $block->escapeUrl($block->getUrl('adminhtml/notification/index')) ?>"
7269
class="action-tertiary action-more">
73-
<?= /* @escapeNotVerified */ __('See All (') ?><span class="notifications-counter"><?= /* @escapeNotVerified */ $notificationCount ?></span><?= /* @escapeNotVerified */ __(' unread)') ?>
70+
<?= $block->escapeHtml(__('See All (')) ?><span class="notifications-counter"><?= (int)$notificationCount ?></span><?= $block->escapeHtml(__(' unread)')) ?>
7471
</a>
7572
</li>
7673
</ul>
7774
<?php else : ?>
7875
<a
7976
class="notifications-action admin__action-dropdown"
80-
href="<?= /* @escapeNotVerified */ $block->getUrl('adminhtml/notification/index') ?>"
81-
title="<?= /* @escapeNotVerified */ __('Notifications') ?>">
77+
href="<?= $block->escapeUrl($block->getUrl('adminhtml/notification/index')) ?>"
78+
title="<?= $block->escapeHtmlAttr(__('Notifications')) ?>">
8279
</a>
8380
<?php endif; ?>
8481
</div>

app/code/Magento/AdvancedSearch/view/adminhtml/templates/system/config/testconnection.phtml

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,13 +3,12 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6-
// @codingStandardsIgnoreFile
76
?>
87
<button class="scalable" type="button" id="<?= $block->getHtmlId() ?>" data-mage-init='{"testConnection":{
98
"url": "<?= $block->escapeUrl($block->getAjaxUrl()) ?>",
109
"elementId": "<?= $block->getHtmlId() ?>",
1110
"successText": "<?= $block->escapeHtmlAttr(__('Successful! Test again?')) ?>",
1211
"failedText": "<?= $block->escapeHtmlAttr(__('Connection failed! Test again?')) ?>",
1312
"fieldMapping": "<?= /* @noEscape */ $block->getFieldMapping() ?>"}, "validation": {}}'>
14-
<span><span><span id="<?= $block->getHtmlId() ?>_result"><?= $block->escapeHtml($block->getButtonLabel()) ?></span></span></span>
13+
<span id="<?= $block->getHtmlId() ?>_result"><?= $block->escapeHtml($block->getButtonLabel()) ?></span>
1514
</button>

app/code/Magento/AdvancedSearch/view/frontend/templates/search_data.phtml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,22 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6-
// @codingStandardsIgnoreFile
6+
77
/**
88
* @var \Magento\AdvancedSearch\Block\SearchData $block
99
*/
1010
?>
1111
<?php
1212
/** @var \Magento\Search\Model\QueryResult[] $data */
1313
$data = $block->getItems();
14-
if (count($data)):?>
14+
if (count($data)) : ?>
1515
<dl class="block">
1616
<dt class="title"><?= $block->escapeHtml(__($block->getTitle())) ?></dt>
1717
<?php foreach ($data as $additionalInfo) : ?>
1818
<dd class="item">
1919
<a href="<?= $block->escapeUrl($block->getLink($additionalInfo->getQueryText())) ?>"
2020
><?= $block->escapeHtml($additionalInfo->getQueryText()) ?></a>
21-
<?php if ($block->isShowResultsCount()): ?>
21+
<?php if ($block->isShowResultsCount()) : ?>
2222
<span class="count"><?= /* @noEscape */ (int)$additionalInfo->getResultsCount() ?></span>
2323
<?php endif; ?>
2424
</dd>

0 commit comments

Comments
 (0)