MAGETWO-99282: Eliminate @escapeNotVerified in Magento_Catalog module

Author: Joan He

app/code/Magento/Catalog/Block/Adminhtml/Product/Edit/AttributeSet.php

@@ -42,12 +42,14 @@ public function __construct(
     public function getSelectorOptions()
     {
         return [
-            'source' => $this->getUrl('catalog/product/suggestAttributeSets'),
+            'source' => $this->escapeUrl($this->getUrl('catalog/product/suggestAttributeSets')),
             'className' => 'category-select',
             'showRecent' => true,
             'storageKey' => 'product-template-key',
             'minLength' => 0,
-            'currentlySelected' => $this->_coreRegistry->registry('product')->getAttributeSetId()
+            'currentlySelected' => $this->escapeHtml(
+                $this->_coreRegistry->registry('product')->getAttributeSetId()
+            )
         ];
     }
 }

app/code/Magento/Catalog/Block/Adminhtml/Product/Edit/Tab/Attributes/Search.php

@@ -68,7 +68,7 @@ public function getSelectorOptions()
     {
         $templateId = $this->_coreRegistry->registry('product')->getAttributeSetId();
         return [
-            'source' => $this->getUrl('catalog/product/suggestAttributes'),
+            'source' => $this->escapeUrl($this->getUrl('catalog/product/suggestAttributes')),
             'minLength' => 0,
             'ajaxOptions' => ['data' => ['template_id' => $templateId]],
             'template' => '[data-template-for="product-attribute-search-' . $this->getGroupId() . '"]',

app/code/Magento/Catalog/Block/Product/Gallery.php

@@ -115,7 +115,7 @@ public function getImageWidth()
                 if ($size[0] > 600) {
                     return 600;
                 } else {
-                    return $size[0];
+                    return (int) $size[0];
                 }
             }
         }

app/code/Magento/Catalog/Block/Product/ListProduct.php

@@ -373,7 +373,7 @@ public function getAddToCartPostParams(Product $product)
         return [
             'action' => $url,
             'data' => [
-                'product' => $product->getEntityId(),
+                'product' => (int) $product->getEntityId(),
                 ActionInterface::PARAM_NAME_URL_ENCODED => $this->urlHelper->getEncodedUrl($url),
             ]
         ];

app/code/Magento/Catalog/Block/Product/View.php

@@ -189,22 +189,22 @@ public function getJsonConfig()
         $tierPrices = [];
         $tierPricesList = $product->getPriceInfo()->getPrice('tier_price')->getTierPriceList();
         foreach ($tierPricesList as $tierPrice) {
-            $tierPrices[] = $tierPrice['price']->getValue();
+            $tierPrices[] = $tierPrice['price']->getValue() * 1;
         }
         $config = [
-            'productId'   => $product->getId(),
+            'productId'   => (int)$product->getId(),
             'priceFormat' => $this->_localeFormat->getPriceFormat(),
             'prices'      => [
                 'oldPrice'   => [
-                    'amount'      => $product->getPriceInfo()->getPrice('regular_price')->getAmount()->getValue(),
+                    'amount'      => $product->getPriceInfo()->getPrice('regular_price')->getAmount()->getValue() * 1,
                     'adjustments' => []
                 ],
                 'basePrice'  => [
-                    'amount'      => $product->getPriceInfo()->getPrice('final_price')->getAmount()->getBaseAmount(),
+                    'amount'      => $product->getPriceInfo()->getPrice('final_price')->getAmount()->getBaseAmount() * 1,
                     'adjustments' => []
                 ],
                 'finalPrice' => [
-                    'amount'      => $product->getPriceInfo()->getPrice('final_price')->getAmount()->getValue(),
+                    'amount'      => $product->getPriceInfo()->getPrice('final_price')->getAmount()->getValue() * 1,
                     'adjustments' => []
                 ]
             ],

app/code/Magento/Catalog/Block/Product/View/Gallery.php

@@ -114,7 +114,7 @@ public function getGalleryImages()
      */
     public function getMagnifier()
     {
-        return $this->jsonEncoder->encode($this->getVar('magnifier'));
+        return $this->jsonEncoder->encode($this->escapeJs($this->getVar('magnifier')));
     }
 
     /**

app/code/Magento/Catalog/view/adminhtml/templates/catalog/category/checkboxes/tree.phtml

@@ -4,7 +4,6 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
 /**
  * @var $block \Magento\Catalog\Block\Adminhtml\Category\Tree
  */

app/code/Magento/Catalog/view/adminhtml/templates/catalog/category/edit.phtml

@@ -5,18 +5,18 @@
  */
 
 /**
- * Template for \Magento\Catalog\Block\Adminhtml\Category\Edit
+ * @var $block \Magento\Catalog\Block\Adminhtml\Category\Edit
  */
 ?>
 <div data-id="information-dialog-category" class="messages" style="display: none;">
     <div class="message message-notice">
-        <div><?= /* @escapeNotVerified */ __('This operation can take a long time') ?></div>
+        <div><?= $block->escapeHtml(__('This operation can take a long time')) ?></div>
     </div>
 </div>
 <script type="text/x-magento-init">
     {
         "*": {
-            "categoryForm": {"refreshUrl": "<?= /* @escapeNotVerified */ $block->getRefreshPathUrl() ?>"}
+            "categoryForm": {"refreshUrl": "<?= $block->escapeJs($block->escapeUrl($block->getRefreshPathUrl())) ?>"}
         }
     }
 </script>

app/code/Magento/Catalog/view/adminhtml/templates/catalog/category/edit/assign_products.phtml

@@ -16,8 +16,8 @@ $gridJsObjectName = $blockGrid->getJsObjectName();
     {
         "*": {
             "Magento_Catalog/catalog/category/assign-products": {
-                "selectedProducts": <?= /* @escapeNotVerified */ $block->getProductsJson() ?>,
-                "gridJsObjectName": <?= /* @escapeNotVerified */ '"' . $gridJsObjectName . '"' ?: '{}' ?>
+                "selectedProducts": <?= /* @noEscape */ $block->getProductsJson() ?>,
+                "gridJsObjectName": <?= /* @noEscape */ '"' . $gridJsObjectName . '"' ?: '{}' ?>
             }
         }
     }

app/code/Magento/Catalog/view/adminhtml/templates/catalog/category/tree.phtml

@@ -4,35 +4,34 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/** @var $block \Magento\Catalog\Block\Adminhtml\Category\Tree */
 ?>
 <div class="categories-side-col">
     <div class="sidebar-actions">
-        <?php if ($block->getRoot()): ?>
+        <?php if ($block->getRoot()) :?>
             <?= $block->getAddRootButtonHtml() ?><br/>
             <?= $block->getAddSubButtonHtml() ?>
         <?php endif; ?>
     </div>
     <div class="tree-actions">
-        <?php if ($block->getRoot()): ?>
+        <?php if ($block->getRoot()) :?>
             <?php //echo $block->getCollapseButtonHtml() ?>
             <?php //echo $block->getExpandButtonHtml() ?>
             <a href="#"
-               onclick="tree.collapseTree(); return false;"><?= /* @escapeNotVerified */ __('Collapse All') ?></a>
+               onclick="tree.collapseTree(); return false;"><?= $block->escapeHtml(__('Collapse All')) ?></a>
             <span class="separator">|</span> <a href="#"
-                                                onclick="tree.expandTree(); return false;"><?= /* @escapeNotVerified */ __('Expand All') ?></a>
+                                                onclick="tree.expandTree(); return false;"><?= $block->escapeHtml(_('Expand All')) ?></a>
         <?php endif; ?>
     </div>
-    <?php if ($block->getRoot()): ?>
+    <?php if ($block->getRoot()) :?>
     <div class="tree-holder">
         <div id="tree-div" class="tree-wrapper"></div>
     </div>
 </div>
 
     <div data-id="information-dialog-tree" class="messages" style="display: none;">
         <div class="message message-notice">
-            <div><?= /* @escapeNotVerified */ __('This operation can take a long time') ?></div>
+            <div><?= $block->escapeHtml(__('This operation can take a long time')) ?></div>
         </div>
     </div>
     <script>
@@ -172,7 +171,7 @@
 
                     if (!this.collapsed) {
                         this.collapsed = true;
-                        this.loader.dataUrl = '<?= /* @escapeNotVerified */ $block->getLoadTreeUrl(false) ?>';
+                        this.loader.dataUrl = '<?= $block->escapeJs($block->escapeUrl($block->getLoadTreeUrl(false))) ?>';
                         this.request(this.loader.dataUrl, false);
                     }
                 },
@@ -181,7 +180,7 @@
                     this.expandAll();
                     if (this.collapsed) {
                         this.collapsed = false;
-                        this.loader.dataUrl = '<?= /* @escapeNotVerified */ $block->getLoadTreeUrl(true) ?>';
+                        this.loader.dataUrl = '<?= $block->escapeJs($block->escapeUrl($block->getLoadTreeUrl(true))) ?>';
                         this.request(this.loader.dataUrl, false);
                     }
                 },
@@ -216,7 +215,7 @@
                 if (tree && switcherParams) {
                     var url;
                     if (switcherParams.useConfirm) {
-                        if (!confirm("<?= /* @escapeNotVerified */ __('Please confirm site switching. All data that hasn\'t been saved will be lost.') ?>")) {
+                        if (!confirm("<?= $block->escapeJs(__('Please confirm site switching. All data that hasn\'t been saved will be lost.')) ?>")) {
                             return false;
                         }
                     }
@@ -259,7 +258,7 @@
                             }
                         });
                     } else {
-                        var baseUrl = '<?= /* @escapeNotVerified */ $block->getEditUrl() ?>';
+                        var baseUrl = '<?= $block->escapeJs($block->escapeUrl($block->getEditUrl())) ?>';
                         var urlExt = switcherParams.scopeParams + 'id/' + tree.currentNodeId + '/';
                         url = parseSidUrl(baseUrl, urlExt);
                         setLocation(url);
@@ -296,7 +295,7 @@
                 if (scopeParams) {
                     url = url + scopeParams;
                 }
-                <?php if ($block->isClearEdit()): ?>
+                <?php if ($block->isClearEdit()) :?>
                 if (selectedNode) {
                     url = url + 'id/' + config.parameters.category_id;
                 }
@@ -307,7 +306,7 @@
 
             jQuery(function () {
                 categoryLoader = new Ext.tree.TreeLoader({
-                    dataUrl: '<?= /* @escapeNotVerified */ $block->getLoadTreeUrl() ?>'
+                    dataUrl: '<?= $block->escapeJs($block->escapeUrl($block->getLoadTreeUrl())) ?>'
                 });
 
                 categoryLoader.processResponse = function (response, parent, callback) {
@@ -389,26 +388,26 @@
                     enableDD: true,
                     containerScroll: true,
                     selModel: new Ext.tree.CheckNodeMultiSelectionModel(),
-                    rootVisible: '<?= /* @escapeNotVerified */ $block->getRoot()->getIsVisible() ?>',
-                    useAjax: <?= /* @escapeNotVerified */ $block->getUseAjax() ?>,
-                    switchTreeUrl: '<?= /* @escapeNotVerified */ $block->getSwitchTreeUrl() ?>',
-                    editUrl: '<?= /* @escapeNotVerified */ $block->getEditUrl() ?>',
-                    currentNodeId: <?= /* @escapeNotVerified */ (int)$block->getCategoryId() ?>,
-                    baseUrl: '<?= /* @escapeNotVerified */ $block->getEditUrl() ?>'
+                    rootVisible: '<?= (bool)$block->getRoot()->getIsVisible() ?>',
+                    useAjax: <?= (bool)$block->getUseAjax() ?>,
+                    switchTreeUrl: '<?= $block->escapeJs($block->escapeUrl($block->getSwitchTreeUrl())) ?>',
+                    editUrl: '<?= $block->escapeJs($block->escapeUrl($block->getEditUrl())) ?>',
+                    currentNodeId: <?= (int)$block->getCategoryId() ?>,
+                    baseUrl: '<?= $block->escapeJs($block->escapeUrl($block->getEditUrl())) ?>'
                 };
 
                 defaultLoadTreeParams = {
                     parameters: {
-                        text: <?= /* @escapeNotVerified */ json_encode(htmlentities($block->getRoot()->getName())) ?>,
+                        text: <?= /* @noEscape */ json_encode(htmlentities($block->getRoot()->getName())) ?>,
                         draggable: false,
-                        allowDrop: <?php if ($block->getRoot()->getIsVisible()): ?>true<?php else : ?>false<?php endif; ?>,
+                        allowDrop: <?php if ($block->getRoot()->getIsVisible()) :?>true<?php else :?>false<?php endif; ?>,
                         id: <?= (int)$block->getRoot()->getId() ?>,
                         expanded: <?= (int)$block->getIsWasExpanded() ?>,
                         store_id: <?= (int)$block->getStore()->getId() ?>,
                         category_id: <?= (int)$block->getCategoryId() ?>,
                         parent: <?= (int)$block->getRequest()->getParam('parent') ?>
                     },
-                    data: <?= /* @escapeNotVerified */ $block->getTreeJson() ?>
+                    data: <?= /* @noEscape */ $block->getTreeJson() ?>
                 };
 
                 reRenderTree();
@@ -486,7 +485,7 @@
                         click: function () {
                             (function ($) {
                                 $.ajax({
-                                    url: '<?= /* @escapeNotVerified */ $block->getMoveUrl() ?>',
+                                    url: '<?= $block->escapeJs($block->escapeUrl($block->getMoveUrl())) ?>',
                                     method: 'POST',
                                     data: registry.get('pd'),
                                     showLoader: true