Skip to content

Commit bcb4298

Browse files
IndraniksIndraniks
committed
Merge remote-tracking branch '37982/fix-for-issue-37107' into bt_comm_pr_247beta3
2 parents 109a01a + 14bf97c commit bcb4298

File tree

3 files changed

+43
-29
lines changed
  • app/code/Magento/CatalogWidget/view
  • dev/tests/integration/testsuite/Magento/CatalogWidget/Block/Product/Widget

3 files changed

+43
-29
lines changed

app/code/Magento/CatalogWidget/view/adminhtml/templates/product/widget/conditions.phtml

Lines changed: 18 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,25 @@
44
* See COPYING.txt for license details.
55
*/
66

7-
/** @var \Magento\CatalogWidget\Block\Product\Widget\Conditions $block */
8-
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
7+
use Magento\CatalogWidget\Block\Product\Widget\Conditions;
8+
use Magento\Framework\View\Helper\SecureHtmlRenderer;
9+
use Magento\Framework\Escaper;
910

11+
/** @var Conditions $block */
12+
/** @var SecureHtmlRenderer $secureRenderer */
13+
/** @var Escaper $escaper */
14+
15+
// phpcs:disable Generic.Files.LineLength.TooLong
16+
?>
17+
<?php
1018
$element = $block->getElement();
11-
$fieldId = $element->getHtmlContainerId() ? ' id="' . $block->escapeHtmlAttr($element->getHtmlContainerId()) . '"' : '';
12-
$fieldClass = 'field admin__field field-' . $block->escapeHtmlAttr($element->getId()) . ' '
13-
. $block->escapeHtmlAttr($element->getCssClass());
19+
$fieldId = $element->getHtmlContainerId() ?
20+
' id="' . $escaper->escapeHtmlAttr($element->getHtmlContainerId()) . '"' : '';
21+
$fieldClass = 'field admin__field field-' . $escaper->escapeHtmlAttr((string)$element->getId()) . ' '
22+
. $escaper->escapeHtmlAttr($element->getCssClass());
1423
$fieldClass .= $element->getRequired() ? ' required' : '';
1524
$fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
16-
. $block->getUiId('form-field', $block->escapeHtmlAttr($element->getId()));
25+
. $block->getUiId('form-field', $escaper->escapeHtmlAttr((string)$element->getId()));
1726
?>
1827
<div<?= /* @noEscape */ $fieldAttributes ?>>
1928
<?= $element->getLabelHtml() ?>
@@ -31,8 +40,9 @@ $fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
3140
"Magento_Rule/rules",
3241
"prototype"
3342
], function(VarienRulesForm){
34-
window.{$block->escapeJs($block->getHtmlId())} = new VarienRulesForm('{$block->escapeJs($block->getHtmlId())}',
35-
'{$block->escapeUrl($block->getNewChildUrl())}');
43+
window.{$escaper->escapeJs($block->getHtmlId())} = new VarienRulesForm(
44+
'{$escaper->escapeJs($block->getHtmlId())}',
45+
'{$escaper->escapeUrl($block->getNewChildUrl())}');
3646
});
3747
script;
3848
?>

app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml

Lines changed: 23 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -4,12 +4,15 @@
44
* See COPYING.txt for license details.
55
*/
66

7+
use Magento\Catalog\Block\Product\ReviewRendererInterface;
8+
use Magento\Catalog\Helper\Product\Compare;
9+
use Magento\CatalogWidget\Block\Product\ProductsList;
710
use Magento\Framework\App\Action\Action;
11+
use Magento\Framework\Escaper;
12+
use Magento\Wishlist\Helper\Data;
813

9-
/**
10-
* @var \Magento\CatalogWidget\Block\Product\ProductsList $block
11-
* @var \Magento\Framework\Escaper $escaper
12-
*/
14+
/** @var Escaper $escaper */
15+
/** @var ProductsList $block */
1316

1417
// phpcs:disable Generic.Files.LineLength.TooLong
1518
// phpcs:disable Magento2.Templates.ThisInTemplate.FoundHelper
@@ -27,13 +30,13 @@ use Magento\Framework\App\Action\Action;
2730
$showWishlist = true;
2831
$showCompare = true;
2932
$showCart = true;
30-
$templateType = \Magento\Catalog\Block\Product\ReviewRendererInterface::SHORT_VIEW;
33+
$templateType = ReviewRendererInterface::SHORT_VIEW;
3134
$description = false;
3235
?>
3336
<div class="block widget block-products-list <?= /* @noEscape */ $mode ?>">
3437
<?php if ($block->getTitle()): ?>
3538
<div class="block-title">
36-
<strong><?= $block->escapeHtml(__($block->getTitle())) ?></strong>
39+
<strong><?= $escaper->escapeHtml(__($block->getTitle())) ?></strong>
3740
</div>
3841
<?php endif ?>
3942
<div class="block-content">
@@ -44,15 +47,15 @@ use Magento\Framework\App\Action\Action;
4447
<?php foreach ($items as $_item): ?>
4548
<?= /* @noEscape */ ($iterator++ == 1) ? '<li class="product-item">' : '</li><li class="product-item">' ?>
4649
<div class="product-item-info">
47-
<a href="<?= $block->escapeUrl($block->getProductUrl($_item)) ?>" class="product-item-photo">
50+
<a href="<?= $escaper->escapeUrl($block->getProductUrl($_item)) ?>" class="product-item-photo">
4851
<?= $block->getImage($_item, $image)->toHtml() ?>
4952
</a>
5053
<div class="product-item-details">
5154
<strong class="product-item-name">
52-
<a title="<?= $block->escapeHtml($_item->getName()) ?>"
53-
href="<?= $block->escapeUrl($block->getProductUrl($_item)) ?>"
55+
<a title="<?= $escaper->escapeHtml($_item->getName()) ?>"
56+
href="<?= $escaper->escapeUrl($block->getProductUrl($_item)) ?>"
5457
class="product-item-link">
55-
<?= $block->escapeHtml($_item->getName()) ?>
58+
<?= $escaper->escapeHtml($_item->getName()) ?>
5659
</a>
5760
</strong>
5861
<?php if ($templateType): ?>
@@ -70,14 +73,14 @@ use Magento\Framework\App\Action\Action;
7073
<div class="actions-primary">
7174
<?php if ($_item->isSaleable()): ?>
7275
<?php $postParams = $block->getAddToCartPostParams($_item); ?>
73-
<form data-role="tocart-form" data-product-sku="<?= $block->escapeHtml($_item->getSku()) ?>" action="<?= $block->escapeUrl($postParams['action']) ?>" method="post">
74-
<input type="hidden" name="product" value="<?= $block->escapeHtmlAttr($postParams['data']['product']) ?>">
76+
<form data-role="tocart-form" data-product-sku="<?= $escaper->escapeHtml($_item->getSku()) ?>" action="<?= $escaper->escapeUrl($postParams['action']) ?>" method="post">
77+
<input type="hidden" name="product" value="<?= $escaper->escapeHtmlAttr($postParams['data']['product']) ?>">
7578
<input type="hidden" name="<?= /* @noEscape */ Action::PARAM_NAME_URL_ENCODED ?>" value="<?= /* @noEscape */ $postParams['data'][Action::PARAM_NAME_URL_ENCODED] ?>">
7679
<?= $block->getBlockHtml('formkey') ?>
7780
<button type="submit"
78-
title="<?= $block->escapeHtml(__('Add to Cart')) ?>"
81+
title="<?= $escaper->escapeHtml(__('Add to Cart')) ?>"
7982
class="action tocart primary">
80-
<span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
83+
<span><?= $escaper->escapeHtml(__('Add to Cart')) ?></span>
8184
</button>
8285
</form>
8386
<?php if ($block->getBlockHtml('formkey')): ?>
@@ -93,25 +96,25 @@ use Magento\Framework\App\Action\Action;
9396
<?php endif;?>
9497
<?php else: ?>
9598
<?php if ($_item->isAvailable()): ?>
96-
<div class="stock available"><span><?= $block->escapeHtml(__('In stock')) ?></span></div>
99+
<div class="stock available"><span><?= $escaper->escapeHtml(__('In stock')) ?></span></div>
97100
<?php else: ?>
98-
<div class="stock unavailable"><span><?= $block->escapeHtml(__('Out of stock')) ?></span></div>
101+
<div class="stock unavailable"><span><?= $escaper->escapeHtml(__('Out of stock')) ?></span></div>
99102
<?php endif; ?>
100103
<?php endif; ?>
101104
</div>
102105
<?php endif; ?>
103106
<?php if ($showWishlist || $showCompare): ?>
104107
<div class="actions-secondary" data-role="add-to-links">
105-
<?php if ($this->helper(\Magento\Wishlist\Helper\Data::class)->isAllow() && $showWishlist): ?>
108+
<?php if ($this->helper(Data::class)->isAllow() && $showWishlist): ?>
106109
<a href="#"
107110
data-post='<?= /* @noEscape */ $block->getAddToWishlistParams($_item) ?>' class="action towishlist" data-action="add-to-wishlist" title="<?= $block->escapeHtmlAttr(__('Add to Wish List')) ?>">
108-
<span><?= $block->escapeHtml(__('Add to Wish List')) ?></span>
111+
<span><?= $escaper->escapeHtml(__('Add to Wish List')) ?></span>
109112
</a>
110113
<?php endif; ?>
111114
<?php if ($block->getAddToCompareUrl() && $showCompare): ?>
112-
<?php $compareHelper = $this->helper(\Magento\Catalog\Helper\Product\Compare::class);?>
115+
<?php $compareHelper = $this->helper(Compare::class);?>
113116
<a href="#" class="action tocompare" data-post='<?= /* @noEscape */ $compareHelper->getPostDataParams($_item) ?>' title="<?= $block->escapeHtmlAttr(__('Add to Compare')) ?>">
114-
<span><?= $block->escapeHtml(__('Add to Compare')) ?></span>
117+
<span><?= $escaper->escapeHtml(__('Add to Compare')) ?></span>
115118
</a>
116119
<?php endif; ?>
117120
</div>

dev/tests/integration/testsuite/Magento/CatalogWidget/Block/Product/Widget/ConditionsTest.php

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -73,6 +73,7 @@ public function testRender()
7373
/* Assert HTML contains html id */
7474
$this->assertStringContainsString('window.options_fieldset67a77e971a7c331b6eaefcaf2f596097', $result);
7575
/* Assert HTML contains required JS code */
76-
$this->assertStringContainsString("VarienRulesForm('options_fieldset67a77e971a7c331b6eaefcaf2f596097", $result);
76+
$this->assertStringContainsString("VarienRulesForm(
77+
'options_fieldset67a77e971a7c331b6eaefcaf2f596097", $result);
7778
}
7879
}

0 commit comments

Comments
 (0)