Merge remote-tracking branch 'origin/MC-16003' into HEAD

Hwashiang Yu · Hwashiang Yu · commit f44f09b2e612 · 2019-11-01T10:55:22.000-05:00
diff --git a/app/code/Magento/Backend/Block/Store/Switcher.php b/app/code/Magento/Backend/Block/Store/Switcher.php
@@ -586,13 +586,11 @@ public function getHintHtml()
         $html = '';
         $url = $this->getHintUrl();
         if ($url) {
-            $html = '<div class="admin__field-tooltip tooltip">' . '<a' . ' href="' . $this->escapeUrl(
-                $url
-            ) . '"' . ' onclick="this.target=\'_blank\'"' . ' title="' . __(
-                'What is this?'
-            ) . '"' . ' class="admin__field-tooltip-action action-help"><span>' . __(
-                'What is this?'
-            ) . '</span></a>' . ' </div>';
+            $html = '<div class="admin__field-tooltip tooltip"><a href="%s" onclick="this.target=\'_blank\'"  title="%s"
+            class="admin__field-tooltip-action action-help"><span>%s</span></a></span></div>';
+            $title =  $this->escapeHtmlAttr(__('What is this?'));
+            $span= $this->escapeHtml(__('What is this?'));
+            sprintf($html, $this->escapeUrl($url), $title, $span);
         }
         return $html;
     }
diff --git a/app/code/Magento/Customer/Block/Account/Dashboard/Address.php b/app/code/Magento/Customer/Block/Account/Dashboard/Address.php
@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Customer\Block\Account\Dashboard;
 
 use Magento\Customer\Api\Data\AddressInterface;
@@ -104,17 +105,19 @@ public function getPrimaryBillingAddressHtml()
         try {
             $address = $this->currentCustomerAddress->getDefaultBillingAddress();
         } catch (NoSuchEntityException $e) {
-            return __('You have not set a default billing address.');
+            return $this->escapeHtml(__('You have not set a default billing address.'));
         }
 
         if ($address) {
             return $this->_getAddressHtml($address);
         } else {
-            return __('You have not set a default billing address.');
+            return $this->escapeHtml(__('You have not set a default billing address.'));
         }
     }
 
     /**
+     * Get Primary Shipping Address Edit Url
+     *
      * @return string
      */
     public function getPrimaryShippingAddressEditUrl()
@@ -132,6 +135,8 @@ public function getPrimaryShippingAddressEditUrl()
     }
 
     /**
+     * Get Primary Billing Address Edit Url
+     *
      * @return string
      */
     public function getPrimaryBillingAddressEditUrl()
@@ -149,6 +154,8 @@ public function getPrimaryBillingAddressEditUrl()
     }
 
     /**
+     * Get Address Book Url
+     *
      * @return string
      */
     public function getAddressBookUrl()
diff --git a/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/View/PersonalInfo.php b/app/code/Magento/Customer/Block/Adminhtml/Edit/Tab/View/PersonalInfo.php
@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 namespace Magento\Customer\Block\Adminhtml\Edit\Tab\View;
 
 use Magento\Customer\Api\AccountManagementInterface;
@@ -314,11 +315,11 @@ public function getBillingAddressHtml()
         try {
             $address = $this->accountManagement->getDefaultBillingAddress($this->getCustomer()->getId());
         } catch (NoSuchEntityException $e) {
-            return __('The customer does not have default billing address.');
+            return $this->escapeHtml(__('The customer does not have default billing address.'));
         }
 
         if ($address === null) {
-            return __('The customer does not have default billing address.');
+            return $this->escapeHtml(__('The customer does not have default billing address.'));
         }
 
         return $this->addressHelper->getFormatTypeRenderer(
diff --git a/app/code/Magento/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php b/app/code/Magento/Downloadable/Block/Adminhtml/Catalog/Product/Edit/Tab/Downloadable/Links.php
@@ -180,7 +180,7 @@ public function getAddButtonHtml()
             \Magento\Backend\Block\Widget\Button::class
         )->setData(
             [
-                'label' => __('Add New Link'),
+                'label' => $this->escapeHtmlAttr(__('Add New Link')),
                 'id' => 'add_link_item',
                 'class' => 'action-add',
                 'data_attribute' => ['action' => 'add-link'],
diff --git a/app/code/Magento/Shipping/Block/Items.php b/app/code/Magento/Shipping/Block/Items.php
@@ -12,6 +12,8 @@
 namespace Magento\Shipping\Block;
 
 /**
+ * Shipping Items Block
+ *
  * @api
  * @since 100.0.2
  */
@@ -49,6 +51,8 @@ public function getOrder()
     }
 
     /**
+     * Get Print Shipment Url
+     *
      * @param object $shipment
      * @return string
      */
@@ -58,6 +62,8 @@ public function getPrintShipmentUrl($shipment)
     }
 
     /**
+     * Get Print All Shipments Url
+     *
      * @param object $order
      * @return string
      */
@@ -77,7 +83,7 @@ public function getCommentsHtml($shipment)
         $html = '';
         $comments = $this->getChildBlock('shipment_comments');
         if ($comments) {
-            $comments->setEntity($shipment)->setTitle(__('About Your Shipment'));
+            $comments->setEntity($shipment)->setTitle($this->escapeHtml(__('About Your Shipment')));
             $html = $comments->toHtml();
         }
         return $html;

Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,7 @@ public function getAddButtonHtml()`
`180`	`180`	`\Magento\Backend\Block\Widget\Button::class`
`181`	`181`	`)->setData(`
`182`	`182`	`[`
`183`		`- 'label' => __('Add New Link'),`
	`183`	`+ 'label' => $this->escapeHtmlAttr(__('Add New Link')),`
`184`	`184`	`'id' => 'add_link_item',`
`185`	`185`	`'class' => 'action-add',`
`186`	`186`	`'data_attribute' => ['action' => 'add-link'],`