MAGETWO-99488: Eliminate @escapeNotVerified in Tax-related Modules

eug123 · eug123 · commit b091b925c071 · 2019-05-14T13:49:26.000-05:00
diff --git a/app/code/Magento/Tax/view/adminhtml/templates/rate/title.phtml b/app/code/Magento/Tax/view/adminhtml/templates/rate/title.phtml
@@ -15,7 +15,7 @@
                 <input
                     class="admin__control-text<?php if ($_store->getId() == 0): ?> required-entry<?php endif; ?>"
                     type="text"
-                    name="title[<?= $block->escapeHtml($_store->getId()) ?>]"
+                    name="title[<?= (int)$_store->getId() ?>]"
                     value="<?= $block->escapeHtml($_labels[$_store->getId()]) ?>" />
             </div>
         </div>
diff --git a/app/code/Magento/Tax/view/adminhtml/templates/rule/edit.phtml b/app/code/Magento/Tax/view/adminhtml/templates/rule/edit.phtml
@@ -76,7 +76,7 @@ require([
             $.ajax({
                 type: "POST",
                 data: {id:id},
-                url: '<?= $block->escapeUrl($block->getTaxRateLoadUrl()) ?>',
+                url: '<?= $block->escapeJs($block->escapeUrl($block->getTaxRateLoadUrl())) ?>',
                 success: function(result, status) {
                     $('body').trigger('processStop');
                     if (result.success) {
@@ -93,14 +93,14 @@ require([
                             });
                         else
                             alert({
-                                content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                                content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                             });
                     }
                 },
                 error: function () {
                     $('body').trigger('processStop');
                     alert({
-                        content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                        content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                     });
                 },
                 dataType: "json"
@@ -111,7 +111,7 @@ require([
             var options = {
                 mselectContainer: '#tax_rate + section.mselect-list',
                 toggleAddButton:false,
-                addText: '<?= $block->escapeJs(__('Add New Tax Rate')) ?>',
+                addText: '<?= $block->escapeJs($block->escapeHtml(__('Add New Tax Rate'))) ?>',
                 parse: null,
                 nextPageUrl: '<?php echo $block->escapeHtml($block->getTaxRatesPageUrl())?>',
                 selectedValues: this.settings.selected_values,
@@ -176,7 +176,7 @@ require([
                                 form_key: $('input[name="form_key"]').val()
                             },
                             dataType: 'json',
-                            url: '<?= $block->escapeUrl($block->getTaxRateDeleteUrl()) ?>',
+                            url: '<?= $block->escapeJs($block->escapeUrl($block->getTaxRateDeleteUrl())) ?>',
                             success: function(result, status) {
                                 $('body').trigger('processStop');
                                 if (result.success) {
@@ -194,14 +194,14 @@ require([
                                         });
                                     else
                                         alert({
-                                            content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                                            content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                                         });
                                 }
                             },
                             error: function () {
                                 $('body').trigger('processStop');
                                 alert({
-                                    content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                                    content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                                 });
                             }
                         };
@@ -222,15 +222,15 @@ require([
             taxRateFormElement.mage('form').mage('validation');
 
             taxRateForm.dialogRates({
-                title: '<?= $block->escapeJs(__('Tax Rate')) ?>',
+                title: '<?= $block->escapeJs($block->escapeHtml(__('Tax Rate'))) ?>',
                 type: 'slide',
-                id: '<?= $block->escapeJs($block->getJsId()) ?>',
+                id: '<?= /* @noEscape */ $block->getJsId() ?>',
                 modalClass: 'tax-rate-popup',
                 closed: function () {
                     taxRateFormElement.data('validation').clearError();
                 },
                 buttons: [{
-                    text: '<?= $block->escapeJs(__('Save')) ?>',
+                    text: '<?= $block->escapeJs($block->escapeHtml(__('Save'))) ?>',
                     'class': 'action-save action-primary',
                     click: function() {
                         this.updateItemRate();
@@ -250,7 +250,7 @@ require([
                             type: 'POST',
                             data: itemRateData,
                             dataType: 'json',
-                            url: '<?= $block->escapeUrl($block->getTaxRateSaveUrl()) ?>',
+                            url: '<?= $block->escapeJs($block->escapeUrl($block->getTaxRateSaveUrl())) ?>',
                             success: function(result, status) {
                                 $('body').trigger('processStop');
                                 if (result.success) {
@@ -275,14 +275,14 @@ require([
                                         });
                                     else
                                         alert({
-                                            content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                                            content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                                         });
                                 }
                             },
                             error: function () {
                                 $('body').trigger('processStop');
                                 alert({
-                                    content: '<?= $block->escapeJs(__('An error occurred')) ?>'
+                                    content: '<?= $block->escapeJs($block->escapeHtml(__('An error occurred'))) ?>'
                                 });
                             }
                         };
diff --git a/app/code/Magento/Weee/view/adminhtml/templates/renderer/tax.phtml b/app/code/Magento/Weee/view/adminhtml/templates/renderer/tax.phtml
@@ -16,7 +16,7 @@ $data = ['fptAttribute' => [
 ?>
 <div id="attribute-<?= $block->getElement()->getHtmlId() ?>-container" class="field"
      data-attribute-code="<?= $block->getElement()->getHtmlId() ?>"
-     data-mage-init="<?= $block->escapeHtml($this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($data)) ?>">
+     data-mage-init="<?= /* @noEscape */ $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($data) ?>">
     <label class="label"><span><?= $block->escapeHtml($block->getElement()->getLabel()) ?></span></label>
 
     <div class="control">
diff --git a/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/row_excl_tax.phtml b/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/row_excl_tax.phtml
@@ -9,15 +9,15 @@
 $_item = $block->getItem();
 ?>
 <?php if ($block->displayPriceWithWeeeDetails()): ?>
-    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= (int)$_item->getId() ?>"}}'>
 <?php else: ?>
     <span class="cart-price">
 <?php endif; ?>
 <?= /* @noEscape */ $block->formatPrice($block->getRowDisplayPriceExclTax()) ?>
     </span>
 
 <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item)): ?>
-    <span class="cart-tax-info" id="esubtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>" style="display: none;">
+    <span class="cart-tax-info" id="esubtotal-item-tax-details<?= (int)$_item->getId() ?>" style="display: none;">
     <?php if ($block->displayPriceWithWeeeDetails()): ?>
         <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item) as $tax): ?>
             <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>"><?= /* @noEscape */ $block->formatPrice($tax['row_amount'], true, true) ?></span>
@@ -26,7 +26,7 @@ $_item = $block->getItem();
     </span>
 
     <?php if ($block->displayFinalPrice()): ?>
-        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= (int)$_item->getId() ?>"}}'>
             <span class="weee" data-label="<?= $block->escapeHtml(__('Total')) ?>">
                 <?= /* @noEscape */ $block->formatPrice($block->getFinalRowDisplayPriceExclTax()) ?>
             </span>
diff --git a/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/row_incl_tax.phtml b/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/row_incl_tax.phtml
@@ -12,15 +12,15 @@ $_weeeHelper = $this->helper('Magento\Weee\Helper\Data');
 ?>
 <?php $_incl = $_item->getRowTotalInclTax(); ?>
 <?php if ($block->displayPriceWithWeeeDetails()): ?>
-    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= (int)$_item->getId() ?>"}}'>
 <?php else: ?>
     <span class="cart-price">
 <?php endif; ?>
 <?= /* @noEscape */ $block->formatPrice($block->getRowDisplayPriceInclTax()) ?>
     </span>
 
 <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item)): ?>
-    <span class="cart-tax-info" id="subtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>" style="display: none;">
+    <span class="cart-tax-info" id="subtotal-item-tax-details<?= (int)$_item->getId() ?>" style="display: none;">
         <?php if ($block->displayPriceWithWeeeDetails()): ?>
             <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item) as $tax): ?>
                 <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>"><?= /* @noEscape */ $block->formatPrice($tax['row_amount_incl_tax'], true, true) ?></span>
@@ -29,7 +29,7 @@ $_weeeHelper = $this->helper('Magento\Weee\Helper\Data');
     </span>
 
     <?php if ($block->displayFinalPrice()): ?>
-        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= (int)$_item->getId() ?>"}}'>
             <span class="weee" data-label="<?= $block->escapeHtml(__('Total Incl. Tax')) ?>">
                 <?= /* @noEscape */ $block->formatPrice($block->getFinalRowDisplayPriceInclTax()) ?>
             </span>
diff --git a/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/unit_excl_tax.phtml b/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/unit_excl_tax.phtml
@@ -9,7 +9,7 @@
 $_item = $block->getItem();
 ?>
 <?php if ($block->displayPriceWithWeeeDetails()): ?>
-    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#eunit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#eunit-item-tax-details<?= (int)$_item->getId() ?>"}}'>
 <?php else: ?>
     <span class="cart-price">
 <?php endif; ?>
@@ -18,7 +18,7 @@ $_item = $block->getItem();
     </span>
 
 <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item)): ?>
-    <span class="cart-tax-info" id="eunit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>" style="display:none;">
+    <span class="cart-tax-info" id="eunit-item-tax-details<?= (int)$_item->getId() ?>" style="display:none;">
     <?php if ($block->displayPriceWithWeeeDetails()): ?>
         <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item) as $tax): ?>
             <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>"><?= /* @noEscape */ $block->formatPrice($tax['amount'], true, true) ?></span>
@@ -27,7 +27,7 @@ $_item = $block->getItem();
     </span>
 
     <?php if ($block->displayFinalPrice()): ?>
-        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#eunit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#eunit-item-tax-details<?= (int)$_item->getId() ?>"}}'>
             <span class="weee" data-label="<?= $block->escapeHtml(__('Total')) ?>">
                 <?= /* @noEscape */ $block->formatPrice($block->getFinalUnitDisplayPriceExclTax()) ?>
             </span>
diff --git a/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/unit_incl_tax.phtml b/app/code/Magento/Weee/view/frontend/templates/checkout/onepage/review/item/price/unit_incl_tax.phtml
@@ -12,7 +12,7 @@ $_weeeHelper = $this->helper('Magento\Weee\Helper\Data');
 ?>
 <?php $_incl = $_item->getPriceInclTax(); ?>
 <?php if ($block->displayPriceWithWeeeDetails()): ?>
-    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#unit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+    <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#unit-item-tax-details<?= (int)$_item->getId() ?>"}}'>
 <?php else: ?>
     <span class="cart-price">
 <?php endif; ?>
@@ -21,7 +21,7 @@ $_weeeHelper = $this->helper('Magento\Weee\Helper\Data');
     </span>
 
 <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item)): ?>
-    <span class="cart-tax-info" id="unit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>" style="display: none;">
+    <span class="cart-tax-info" id="unit-item-tax-details<?= (int)$_item->getId() ?>" style="display: none;">
         <?php if ($block->displayPriceWithWeeeDetails()): ?>
             <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($_item) as $tax): ?>
                 <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>"><?= /* @noEscape */ $block->formatPrice($tax['amount_incl_tax'], true, true) ?></span>
@@ -30,7 +30,7 @@ $_weeeHelper = $this->helper('Magento\Weee\Helper\Data');
     </span>
 
     <?php if ($block->displayFinalPrice()): ?>
-        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#unit-item-tax-details<?= $block->escapeHtml($_item->getId()) ?>"}}'>
+        <span class="cart-tax-total" data-mage-init='{"taxToggle": {"itemTaxId" : "#unit-item-tax-details<?= (int)$_item->getId() ?>"}}'>
             <span class="weee" data-label="<?= $block->escapeHtml(__('Total Incl. Tax')) ?>">
                 <?= /* @noEscape */ $block->formatPrice($block->getFinalUnitDisplayPriceInclTax()) ?>
             </span>
diff --git a/app/code/Magento/Weee/view/frontend/templates/item/price/row.phtml b/app/code/Magento/Weee/view/frontend/templates/item/price/row.phtml
@@ -12,15 +12,15 @@ $item = $block->getItem();
     <span class="price-including-tax" data-label="<?= $block->escapeHtml(__('Incl. Tax')) ?>">
         <?php if ($block->displayPriceWithWeeeDetails()): ?>
             <span class="cart-tax-total"
-                data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>"}}'>
+                data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= (int)$item->getId() ?>"}}'>
         <?php else: ?>
             <span class="cart-price">
         <?php endif; ?>
             <?= /* @noEscape */ $block->formatPrice($block->getRowDisplayPriceInclTax()) ?>
             </span>
 
         <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($item)): ?>
-            <div class="cart-tax-info" id="subtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>" style="display: none;">
+            <div class="cart-tax-info" id="subtotal-item-tax-details<?= (int)$item->getId() ?>" style="display: none;">
                 <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($item) as $tax): ?>
                     <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>">
                         <?= /* @noEscape */ $block->formatPrice($tax['row_amount_incl_tax'], true, true) ?>
@@ -30,7 +30,7 @@ $item = $block->getItem();
 
             <?php if ($block->displayFinalPrice()): ?>
                 <span class="cart-tax-total"
-                    data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>"}}'>
+                    data-mage-init='{"taxToggle": {"itemTaxId" : "#subtotal-item-tax-details<?= (int)$item->getId() ?>"}}'>
                     <span class="weee" data-label="<?= $block->escapeHtml(__('Total Incl. Tax')) ?>">
                         <?= /* @noEscape */ $block->formatPrice($block->getFinalRowDisplayPriceInclTax()) ?>
                     </span>
@@ -44,15 +44,15 @@ $item = $block->getItem();
     <span class="price-excluding-tax" data-label="<?= $block->escapeHtml(__('Excl. Tax')) ?>">
         <?php if ($block->displayPriceWithWeeeDetails()): ?>
             <span class="cart-tax-total"
-                data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>"}}'>
+                data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= (int)$item->getId() ?>"}}'>
         <?php else: ?>
             <span class="cart-price">
         <?php endif; ?>
                 <?= /* @noEscape */ $block->formatPrice($block->getRowDisplayPriceExclTax()) ?>
             </span>
 
         <?php if ($this->helper('Magento\Weee\Helper\Data')->getApplied($item)): ?>
-            <span class="cart-tax-info" id="esubtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>"
+            <span class="cart-tax-info" id="esubtotal-item-tax-details<?= (int)$item->getId() ?>"
                 style="display: none;">
                 <?php foreach ($this->helper('Magento\Weee\Helper\Data')->getApplied($item) as $tax): ?>
                     <span class="weee" data-label="<?= $block->escapeHtml($tax['title']) ?>">
@@ -63,7 +63,7 @@ $item = $block->getItem();
 
             <?php if ($block->displayFinalPrice()): ?>
                 <span class="cart-tax-total"
-                      data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= $block->escapeHtml($item->getId()) ?>"}}'>
+                      data-mage-init='{"taxToggle": {"itemTaxId" : "#esubtotal-item-tax-details<?= (int)$item->getId() ?>"}}'>
                     <span class="weee" data-label="<?= $block->escapeHtml(__('Total')) ?>">
                         <?= /* @noEscape */ $block->formatPrice($block->getFinalRowDisplayPriceExclTax()) ?>
                     </span>
diff --git a/app/code/Magento/Weee/view/frontend/templates/item/price/unit.phtml b/app/code/Magento/Weee/view/frontend/templates/item/price/unit.phtml
