Skip to content

Commit eeda4f4

Browse files
committed
Merge remote-tracking branch 'remotes/mainline/2.3.3-develop' into MC-15972-squashed
2 parents 04c6599 + 1321b15 commit eeda4f4

File tree

12 files changed

+96
-39
lines changed

12 files changed

+96
-39
lines changed

app/code/Magento/Catalog/view/frontend/templates/product/view/form.phtml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,7 @@
2222
<input type="hidden" name="product" value="<?= (int)$_product->getId() ?>" />
2323
<input type="hidden" name="selected_configurable_option" value="" />
2424
<input type="hidden" name="related_product" id="related-products-field" value="" />
25-
<input type="hidden" name="item" value="<?= $block->escapeHtmlAttr($block->getRequest()->getParam('id')) ?>" />
25+
<input type="hidden" name="item" value="<?= (int)$block->getRequest()->getParam('id') ?>" />
2626
<?= $block->getBlockHtml('formkey') ?>
2727
<?= $block->getChildHtml('form_top') ?>
2828
<?php if (!$block->hasOptions()) :?>

app/code/Magento/Checkout/view/frontend/web/js/action/select-payment-method.js

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,10 @@ define([
1212
'use strict';
1313

1414
return function (paymentMethod) {
15+
paymentMethod.__disableTmpl = {
16+
title: true
17+
};
18+
1519
quote.paymentMethod(paymentMethod);
1620
};
1721
});

app/code/Magento/CurrencySymbol/view/adminhtml/templates/system/currency/rate/matrix.phtml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -28,7 +28,7 @@ $_rates = ($_newRates) ? $_newRates : $_oldRates;
2828
<tr>
2929
<th>&nbsp;</th>
3030
<?php $_i = 0; foreach ($block->getAllowedCurrencies() as $_currencyCode): ?>
31-
<th><span><?= /* @escapeNotVerified */ $_currencyCode ?></span></th>
31+
<th><span><?= $block->escapeHtml($_currencyCode) ?></span></th>
3232
<?php endforeach; ?>
3333
</tr>
3434
</thead>

app/code/Magento/Customer/Controller/Adminhtml/Index/InlineEdit.php

Lines changed: 29 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,11 @@ class InlineEdit extends \Magento\Backend\App\Action implements HttpPostActionIn
7070
*/
7171
private $addressRegistry;
7272

73+
/**
74+
* @var \Magento\Framework\Escaper
75+
*/
76+
private $escaper;
77+
7378
/**
7479
* @param Action\Context $context
7580
* @param CustomerRepositoryInterface $customerRepository
@@ -78,6 +83,7 @@ class InlineEdit extends \Magento\Backend\App\Action implements HttpPostActionIn
7883
* @param \Magento\Framework\Api\DataObjectHelper $dataObjectHelper
7984
* @param \Psr\Log\LoggerInterface $logger
8085
* @param AddressRegistry|null $addressRegistry
86+
* @param \Magento\Framework\Escaper $escaper
8187
*/
8288
public function __construct(
8389
Action\Context $context,
@@ -86,14 +92,16 @@ public function __construct(
8692
\Magento\Customer\Model\Customer\Mapper $customerMapper,
8793
\Magento\Framework\Api\DataObjectHelper $dataObjectHelper,
8894
\Psr\Log\LoggerInterface $logger,
89-
AddressRegistry $addressRegistry = null
95+
AddressRegistry $addressRegistry = null,
96+
\Magento\Framework\Escaper $escaper = null
9097
) {
9198
$this->customerRepository = $customerRepository;
9299
$this->resultJsonFactory = $resultJsonFactory;
93100
$this->customerMapper = $customerMapper;
94101
$this->dataObjectHelper = $dataObjectHelper;
95102
$this->logger = $logger;
96103
$this->addressRegistry = $addressRegistry ?: ObjectManager::getInstance()->get(AddressRegistry::class);
104+
$this->escaper = $escaper ?: ObjectManager::getInstance()->get(\Magento\Framework\Escaper::class);
97105
parent::__construct($context);
98106
}
99107

@@ -128,10 +136,14 @@ public function execute()
128136

129137
$postItems = $this->getRequest()->getParam('items', []);
130138
if (!($this->getRequest()->getParam('isAjax') && count($postItems))) {
131-
return $resultJson->setData([
132-
'messages' => [__('Please correct the data sent.')],
133-
'error' => true,
134-
]);
139+
return $resultJson->setData(
140+
[
141+
'messages' => [
142+
__('Please correct the data sent.')
143+
],
144+
'error' => true,
145+
]
146+
);
135147
}
136148

137149
foreach (array_keys($postItems) as $customerId) {
@@ -147,10 +159,12 @@ public function execute()
147159
$this->getEmailNotification()->credentialsChanged($this->getCustomer(), $currentCustomer->getEmail());
148160
}
149161

150-
return $resultJson->setData([
151-
'messages' => $this->getErrorMessages(),
152-
'error' => $this->isErrorExists()
153-
]);
162+
return $resultJson->setData(
163+
[
164+
'messages' => $this->getErrorMessages(),
165+
'error' => $this->isErrorExists()
166+
]
167+
);
154168
}
155169

156170
/**
@@ -234,13 +248,16 @@ protected function saveCustomer(CustomerInterface $customer)
234248
$this->disableAddressValidation($customer);
235249
$this->customerRepository->save($customer);
236250
} catch (\Magento\Framework\Exception\InputException $e) {
237-
$this->getMessageManager()->addError($this->getErrorWithCustomerId($e->getMessage()));
251+
$this->getMessageManager()
252+
->addError($this->getErrorWithCustomerId($this->escaper->escapeHtml($e->getMessage())));
238253
$this->logger->critical($e);
239254
} catch (\Magento\Framework\Exception\LocalizedException $e) {
240-
$this->getMessageManager()->addError($this->getErrorWithCustomerId($e->getMessage()));
255+
$this->getMessageManager()
256+
->addError($this->getErrorWithCustomerId($this->escaper->escapeHtml($e->getMessage())));
241257
$this->logger->critical($e);
242258
} catch (\Exception $e) {
243-
$this->getMessageManager()->addError($this->getErrorWithCustomerId('We can\'t save the customer.'));
259+
$this->getMessageManager()
260+
->addError($this->getErrorWithCustomerId('We can\'t save the customer.'));
244261
$this->logger->critical($e);
245262
}
246263
}

app/code/Magento/Customer/Model/AttributeMetadataResolver.php

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -113,7 +113,12 @@ public function getAttributesMeta(
113113
// use getDataUsingMethod, since some getters are defined and apply additional processing of returning value
114114
foreach (self::$metaProperties as $metaName => $origName) {
115115
$value = $attribute->getDataUsingMethod($origName);
116-
$meta['arguments']['data']['config'][$metaName] = ($metaName === 'label') ? __($value) : $value;
116+
if ($metaName === 'label') {
117+
$meta['arguments']['data']['config'][$metaName] = __($value);
118+
$meta['arguments']['data']['config']['__disableTmpl'] = [$metaName => true];
119+
} else {
120+
$meta['arguments']['data']['config'][$metaName] = $value;
121+
}
117122
if ('frontend_input' === $origName) {
118123
$meta['arguments']['data']['config']['formElement'] = self::$formElement[$value] ?? $value;
119124
}
@@ -144,7 +149,6 @@ public function getAttributesMeta(
144149
$attribute,
145150
$meta['arguments']['data']['config']
146151
);
147-
148152
return $meta;
149153
}
150154

app/code/Magento/Customer/Test/Unit/Controller/Adminhtml/Index/InlineEditTest.php

Lines changed: 24 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,7 @@
99
use Magento\Customer\Model\EmailNotificationInterface;
1010
use Magento\Framework\DataObject;
1111
use Magento\Framework\Message\MessageInterface;
12+
use Magento\Framework\Escaper;
1213

1314
/**
1415
* Unit tests for Inline customer edit
@@ -78,6 +79,9 @@ class InlineEditTest extends \PHPUnit\Framework\TestCase
7879
/** @var array */
7980
private $items;
8081

82+
/** @var \Magento\Framework\Escaper */
83+
private $escaper;
84+
8185
/**
8286
* Sets up mocks
8387
*
@@ -86,7 +90,7 @@ class InlineEditTest extends \PHPUnit\Framework\TestCase
8690
protected function setUp()
8791
{
8892
$objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
89-
93+
$this->escaper = new Escaper();
9094
$this->request = $this->getMockForAbstractClass(
9195
\Magento\Framework\App\RequestInterface::class,
9296
[],
@@ -172,7 +176,8 @@ protected function setUp()
172176
'addressDataFactory' => $this->addressDataFactory,
173177
'addressRepository' => $this->addressRepository,
174178
'logger' => $this->logger,
175-
'addressRegistry' => $this->addressRegistry
179+
'addressRegistry' => $this->addressRegistry,
180+
'escaper' => $this->escaper,
176181
]
177182
);
178183
$reflection = new \ReflectionClass(get_class($this->controller));
@@ -291,10 +296,14 @@ protected function prepareMocksForErrorMessagesProcessing()
291296
->willReturn('Error text');
292297
$this->resultJson->expects($this->once())
293298
->method('setData')
294-
->with([
295-
'messages' => ['Error text'],
296-
'error' => true,
297-
])
299+
->with(
300+
[
301+
'messages' => [
302+
'Error text',
303+
],
304+
'error' => true,
305+
]
306+
)
298307
->willReturnSelf();
299308
}
300309

@@ -340,10 +349,14 @@ public function testExecuteWithoutItems()
340349
$this->resultJson
341350
->expects($this->once())
342351
->method('setData')
343-
->with([
344-
'messages' => [__('Please correct the data sent.')],
345-
'error' => true,
346-
])
352+
->with(
353+
[
354+
'messages' => [
355+
__('Please correct the data sent.'),
356+
],
357+
'error' => true,
358+
]
359+
)
347360
->willReturnSelf();
348361
$this->assertSame($this->resultJson, $this->controller->execute());
349362
}
@@ -365,6 +378,7 @@ public function testExecuteLocalizedException()
365378
->method('save')
366379
->with($this->customerData)
367380
->willThrowException($exception);
381+
368382
$this->messageManager->expects($this->once())
369383
->method('addError')
370384
->with('[Customer ID: 12] Exception message');

app/code/Magento/Payment/Ui/Component/Listing/Column/Method/Options.php

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
* Copyright © Magento, Inc. All rights reserved.
44
* See COPYING.txt for license details.
55
*/
6+
declare(strict_types=1);
67
namespace Magento\Payment\Ui\Component\Listing\Column\Method;
78

89
/**
@@ -41,6 +42,14 @@ public function toOptionArray()
4142
if ($this->options === null) {
4243
$this->options = $this->paymentHelper->getPaymentMethodList(true, true);
4344
}
45+
46+
array_walk(
47+
$this->options,
48+
function (&$item) {
49+
$item['__disableTmpl'] = true;
50+
}
51+
);
52+
4453
return $this->options;
4554
}
4655
}

app/code/Magento/Store/etc/config.xml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -135,14 +135,14 @@
135135
</protected_extensions>
136136
<public_files_valid_paths>
137137
<protected>
138-
<app>/app/*/*</app>
139-
<bin>/bin/*/*</bin>
140-
<dev>/dev/*/*</dev>
141-
<generated>/generated/*/*</generated>
142-
<lib>/lib/*/*</lib>
143-
<setup>/setup/*/*</setup>
144-
<update>/update/*/*</update>
145-
<vendor>/vendor/*/*</vendor>
138+
<app>*/app/*/*</app>
139+
<bin>*/bin/*/*</bin>
140+
<dev>*/dev/*/*</dev>
141+
<generated>*/generated/*/*</generated>
142+
<lib>*/lib/*/*</lib>
143+
<setup>*/setup/*/*</setup>
144+
<update>*/update/*/*</update>
145+
<vendor>*/vendor/*/*</vendor>
146146
</protected>
147147
</public_files_valid_paths>
148148
</file>

app/code/Magento/Ui/view/base/web/js/grid/filters/filters.js

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -274,7 +274,8 @@ define([
274274
filter = utils.extend({}, filters.base, filter);
275275
//Accepting labels as is.
276276
filter.__disableTmpl = {
277-
label: 1
277+
label: 1,
278+
options: 1
278279
};
279280

280281
filter = utils.template(filter, {

app/code/Magento/Wishlist/Controller/Index/Add.php

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,15 +7,18 @@
77

88
use Magento\Catalog\Api\ProductRepositoryInterface;
99
use Magento\Framework\App\Action;
10+
use Magento\Framework\App\Action\HttpPostActionInterface;
1011
use Magento\Framework\Data\Form\FormKey\Validator;
1112
use Magento\Framework\Exception\NotFoundException;
1213
use Magento\Framework\Exception\NoSuchEntityException;
1314
use Magento\Framework\Controller\ResultFactory;
1415

1516
/**
17+
* Wish list Add controller
18+
*
1619
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
1720
*/
18-
class Add extends \Magento\Wishlist\Controller\AbstractIndex
21+
class Add extends \Magento\Wishlist\Controller\AbstractIndex implements HttpPostActionInterface
1922
{
2023
/**
2124
* @var \Magento\Wishlist\Controller\WishlistProviderInterface
@@ -138,6 +141,7 @@ public function execute()
138141
'referer' => $referer
139142
]
140143
);
144+
// phpcs:disable Magento2.Exceptions.ThrowCatch
141145
} catch (\Magento\Framework\Exception\LocalizedException $e) {
142146
$this->messageManager->addErrorMessage(
143147
__('We can\'t add the item to Wish List right now: %1.', $e->getMessage())

0 commit comments

Comments
 (0)