Skip to content

Commit ac171e1

Browse files
author
Hwashiang Yu
committed
MC-14826: Incorrect customer html address template
- Updated personal info and address templates
1 parent a1cfc8a commit ac171e1

File tree

2 files changed

+9
-3
lines changed

2 files changed

+9
-3
lines changed

app/code/Magento/Customer/view/adminhtml/templates/tab/view/personal_info.phtml

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,9 @@ $lastLoginDateStore = $block->getStoreLastLoginDate();
1313

1414
$createDateAdmin = $block->getCreateDate();
1515
$createDateStore = $block->getStoreCreateDate();
16+
$allowedAddressHtmlTags = ['abbr', 'b', 'blockquote', 'br', 'code', 'dd', 'del', 'dl', 'dt', 'em',
17+
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'kbd', 'li', 'ol', 'p', 'pre', 's', 'strike',
18+
'strong', 'sub', 'sup', 'ul'];
1619
?>
1720
<div class="fieldset-wrapper customer-information">
1821
<div class="fieldset-wrapper-title">
@@ -61,7 +64,7 @@ $createDateStore = $block->getStoreCreateDate();
6164
</table>
6265
<address>
6366
<strong><?= $block->escapeHtml(__('Default Billing Address')) ?></strong><br/>
64-
<?= $block->getBillingAddressHtml() ?>
67+
<?= $block->escapeHtml($block->getBillingAddressHtml(), $allowedAddressHtmlTags) ?>
6568
</address>
6669

6770
</div>

app/code/Magento/Sales/view/adminhtml/templates/order/view/info.phtml

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,9 @@ $orderStoreDate = $block->formatDate(
2626
);
2727

2828
$customerUrl = $block->getCustomerViewUrl();
29+
$allowedAddressHtmlTags = ['abbr', 'b', 'blockquote', 'br', 'code', 'dd', 'del', 'dl', 'dt', 'em',
30+
'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'hr', 'i', 'kbd', 'li', 'ol', 'p', 'pre', 's', 'strike',
31+
'strong', 'sub', 'sup', 'ul'];
2932
?>
3033

3134
<section class="admin__page-section order-view-account-information">
@@ -171,7 +174,7 @@ $customerUrl = $block->getCustomerViewUrl();
171174
<span class="title"><?= $block->escapeHtml(__('Billing Address')) ?></span>
172175
<div class="actions"><?= /* @noEscape */ $block->getAddressEditLink($order->getBillingAddress()); ?></div>
173176
</div>
174-
<address class="admin__page-section-item-content"><?= /* @noEscape */ $block->getFormattedAddress($order->getBillingAddress()); ?></address>
177+
<address class="admin__page-section-item-content"><?= $block->escapeHtml($block->getFormattedAddress($order->getBillingAddress()), $allowedAddressHtmlTags); ?></address>
175178
</div>
176179
<?php if (!$block->getOrder()->getIsVirtual()): ?>
177180
<div class="admin__page-section-item order-shipping-address">
@@ -180,7 +183,7 @@ $customerUrl = $block->getCustomerViewUrl();
180183
<span class="title"><?= $block->escapeHtml(__('Shipping Address')) ?></span>
181184
<div class="actions"><?= /* @noEscape */ $block->getAddressEditLink($order->getShippingAddress()); ?></div>
182185
</div>
183-
<address class="admin__page-section-item-content"><?= /* @noEscape */ $block->getFormattedAddress($order->getShippingAddress()); ?></address>
186+
<address class="admin__page-section-item-content"><?= $block->escapeHtml($block->getFormattedAddress($order->getShippingAddress()), $allowedAddressHtmlTags); ?></address>
184187
</div>
185188
<?php endif; ?>
186189
</div>

0 commit comments

Comments
 (0)