Merge remote-tracking branch 'origin/MAGETWO-81474' into 2.3-develop-pr1

Author: zakdma

app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable/links.phtml

@@ -21,7 +21,7 @@
     <div class="admin__field" <?= !$block->isSingleStoreMode() ? ' data-config-scope="' . __('[STORE VIEW]') . '"' : '' ?>>
         <label class="admin__field-label" for="downloadable_links_title"><span><?= /* @escapeNotVerified */ __('Title') ?></span></label>
         <div class="admin__field-control">
-            <input type="text" class="admin__control-text" id="downloadable_links_title" name="product[links_title]" value="<?= /* @escapeNotVerified */ $block->getLinksTitle() ?>" <?= ($_product->getStoreId() && $block->getUsedDefault()) ? 'disabled="disabled"' : '' ?>>
+            <input type="text" class="admin__control-text" id="downloadable_links_title" name="product[links_title]" value="<?= $block->escapeHtml($block->getLinksTitle()) ?>" <?= ($_product->getStoreId() && $block->getUsedDefault()) ? 'disabled="disabled"' : '' ?>>
             <?php if ($_product->getStoreId()): ?>
                 <div class="admin__field admin__field-option">
                     <input id="link_title_default" class="admin__control-checkbox" type="checkbox" name="use_default[]" value="links_title" onclick="toggleValueElements(this, this.parentNode.parentNode)" <?= $block->getUsedDefault() ? 'checked="checked"' : '' ?> />
@@ -158,9 +158,9 @@ require([
                         '<div id="downloadable_link_<%- data.id %>_file-new" class="file-row-info new-file"></div>'+
                         '<div class="fileinput-button form-buttons">'+
                             '<span><?= /* @escapeNotVerified */ __('Browse Files...') ?></span>' +
-                            '<input id="downloadable_link_<%- data.id %>_file" type="file" name="<?= /* @escapeNotVerified */ $block->getFileFieldName('links') ?>">' +
+                            '<input id="downloadable_link_<%- data.id %>_file" type="file" name="<?= $block->escapeHtml($block->getFileFieldName('links')) ?>">' +
                             '<script>' +
-                                'linksUploader("#downloadable_link_<%- data.id %>_file", "<?= /* @escapeNotVerified */ $block->getUploadUrl('links') ?>"); ' +
+                                'linksUploader("#downloadable_link_<%- data.id %>_file", "<?= $block->escapeUrl($block->getUploadUrl('links')) ?>"); ' +
                             '</scr'+'ipt>'+
                         '</div>'+
                     '</div>'+
@@ -184,9 +184,9 @@ require([
                         '<div id="downloadable_link_<%- data.id %>_sample_file-new" class="file-row-info new-file"></div>'+
                         '<div class="fileinput-button form-buttons">'+
                         '<span><?= /* @escapeNotVerified */ __('Browse Files...') ?></span>' +
-                        '<input id="downloadable_link_<%- data.id %>_sample_file" type="file" name="<?= /* @escapeNotVerified */ $block->getFileFieldName('link_samples') ?>">' +
+                        '<input id="downloadable_link_<%- data.id %>_sample_file" type="file" name="<?= $block->escapeHtml($block->getFileFieldName('link_samples'), '"') ?>">' +
                         '<script>'+
-                        'linksUploader("#downloadable_link_<%- data.id %>_sample_file", "<?= /* @escapeNotVerified */ $block->getUploadUrl('link_samples') ?>"); ' +
+                        'linksUploader("#downloadable_link_<%- data.id %>_sample_file", "<?= $block->escapeUrl($block->getUploadUrl('link_samples')) ?>"); ' +
                         '</scr'+'ipt>'+
                         '</div>'+
                     '</div>'+

app/code/Magento/Downloadable/view/adminhtml/templates/product/edit/downloadable/samples.phtml

@@ -21,7 +21,7 @@ $block->getConfigJson();
     <div class="admin__field"<?= !$block->isSingleStoreMode() ? ' data-config-scope="' . __('[STORE VIEW]') . '"' : '' ?>>
         <label class="admin__field-label" for="downloadable_samples_title"><span><?= /* @noEscape */ __('Title') ?></span></label>
         <div class="admin__field-control">
-            <input type="text" class="admin__control-text" id="downloadable_samples_title" name="product[samples_title]" value="<?= /* @noEscape */ $block->getSamplesTitle() ?>" <?= /* @noEscape */ ($_product->getStoreId() && $block->getUsedDefault()) ? 'disabled="disabled"' : '' ?>>
+            <input type="text" class="admin__control-text" id="downloadable_samples_title" name="product[samples_title]" value="<?= $block->escapeHtml($block->getSamplesTitle()) ?>" <?= /* @noEscape */ ($_product->getStoreId() && $block->getUsedDefault()) ? 'disabled="disabled"' : '' ?>>
             <?php if ($_product->getStoreId()): ?>
                 <div class="admin__field admin__field-option">
                     <input id="sample_title_default" class="admin__control-checkbox" type="checkbox" name="use_default[]" value="samples_title" onclick="toggleValueElements(this, this.parentNode.parentNode)" <?= /* @noEscape */ $block->getUsedDefault() ? 'checked="checked"' : '' ?> />
@@ -93,7 +93,7 @@ require([
                         '<div id="downloadable_sample_<%- data.id %>_file-new" class="file-row-info new-file"></div>'+
                         '<div class="fileinput-button">'+
                             '<span><?= /* @noEscape */ __('Browse Files...') ?></span>' +
-                            '<input id="downloadable_sample_<%- data.id %>_file" type="file" name="<?= /* @noEscape */ $block->getConfig()->getFileField() ?>" data-url="<?= /* @noEscape */ $block->getConfig()->getUrl() ?>">' +
+                            '<input id="downloadable_sample_<%- data.id %>_file" type="file" name="<?= /* @noEscape */ $block->getConfig()->getFileField() ?>" data-url="<?= $block->escapeHtml($block->getConfig()->getUrl()) ?>">' +
                             '<script>' +
                             '/*<![CDATA[*/' +
                                 'sampleUploader("#downloadable_sample_<%- data.id %>_file"); ' +

app/code/Magento/Downloadable/view/adminhtml/templates/sales/items/column/downloadable/creditmemo/name.phtml

@@ -14,7 +14,7 @@
     <?php if ($block->getOrderOptions()): ?>
         <dl class="item-options">
         <?php foreach ($block->getOrderOptions() as $_option): ?>
-            <dt><?= /* @escapeNotVerified */ $_option['label'] ?></dt>
+            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
             <dd>
             <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
                 <?= /* @escapeNotVerified */ $_option['value'] ?>
@@ -39,7 +39,7 @@ require(['prototype'], function(){
     <?php endif; ?>
     <?php if ($block->getLinks()): ?>
         <dl class="item-options">
-            <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
+            <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
             <?php foreach ($block->getLinks()->getPurchasedItems() as $_link): ?>
                 <dd><?= $block->escapeHtml($_link->getLinkTitle()) ?></dd>
             <?php endforeach; ?>

app/code/Magento/Downloadable/view/adminhtml/templates/sales/items/column/downloadable/invoice/name.phtml

@@ -14,7 +14,7 @@
     <?php if ($block->getOrderOptions()): ?>
         <dl class="item-options">
         <?php foreach ($block->getOrderOptions() as $_option): ?>
-            <dt><?= /* @escapeNotVerified */ $_option['label'] ?></dt>
+            <dt><?= $block->escapeHtml($_option['label']) ?></dt>
             <dd>
             <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
                 <?= /* @escapeNotVerified */ $_option['value'] ?>
@@ -39,7 +39,7 @@ require(['prototype'], function(){
     <?php endif; ?>
     <?php if ($block->getLinks()): ?>
         <dl class="item-options">
-            <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
+            <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
             <?php foreach ($block->getLinks()->getPurchasedItems() as $_link): ?>
                 <dd><?= $block->escapeHtml($_link->getLinkTitle()) ?> (<?= /* @escapeNotVerified */ $_link->getNumberOfDownloadsBought() ? $_link->getNumberOfDownloadsBought() : __('Unlimited') ?>)</dd>
             <?php endforeach; ?>

app/code/Magento/Downloadable/view/adminhtml/templates/sales/items/column/downloadable/name.phtml

@@ -17,7 +17,7 @@
     <?php if ($block->getOrderOptions()): ?>
         <dl class="item-options">
         <?php foreach ($block->getOrderOptions() as $_option): ?>
-            <dt><?= /* @escapeNotVerified */ $_option['label'] ?>:</dt>
+            <dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
             <dd>
             <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
                 <?= /* @escapeNotVerified */ $_option['value'] ?>
@@ -42,7 +42,7 @@ require(['prototype'], function(){
     <?php endif; ?>
     <?php if ($block->getLinks()): ?>
         <dl class="item-options">
-            <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?>:</dt>
+            <dt><?= $block->escapeHtml($block->getLinksTitle()) ?>:</dt>
             <?php foreach ($block->getLinks()->getPurchasedItems() as $_link): ?>
                 <dd><?= $block->escapeHtml($_link->getLinkTitle()) ?> (<?= /* @escapeNotVerified */ $_link->getNumberOfDownloadsUsed() . ' / ' . ($_link->getNumberOfDownloadsBought() ? $_link->getNumberOfDownloadsBought() : __('U')) ?>)</dd>
             <?php endforeach; ?>

app/code/Magento/Downloadable/view/frontend/templates/catalog/product/links.phtml

@@ -13,9 +13,9 @@
     <?php $_links = $block->getLinks(); ?>
     <?php $_linksLength = 0; ?>
     <?php $_isRequired = $block->getLinkSelectionRequired(); ?>
-    <legend class="legend links-title"><span><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></span></legend><br>
+    <legend class="legend links-title"><span><?= $block->escapeHtml($block->getLinksTitle()) ?></span></legend><br>
     <div class="field downloads<?php if ($_isRequired) echo ' required' ?><?php if (!$_linksPurchasedSeparately) echo ' downloads-no-separately' ?>">
-        <label class="label"><span><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></span></label>
+        <label class="label"><span><?= $block->escapeHtml($block->getLinksTitle()) ?></span></label>
         <div class="control" id="downloadable-links-list"
              data-mage-init='{"downloadable":{
                  "linkElement":"input:checkbox[value]",
@@ -37,7 +37,7 @@
                         <span><?= $block->escapeHtml($_link->getTitle()) ?></span>
                         <?php if ($_link->getSampleFile() || $_link->getSampleUrl()): ?>
                             <a class="sample link"
-                               href="<?= /* @escapeNotVerified */ $block->getLinkSampleUrl($_link) ?>" <?= $block->getIsOpenInNewWindow() ? 'target="_blank"' : '' ?>>
+                               href="<?= $block->escapeUrl($block->getLinkSampleUrl($_link)) ?>" <?= $block->getIsOpenInNewWindow() ? 'target="_blank"' : '' ?>>
                                 <?= /* @escapeNotVerified */ __('sample') ?>
                             </a>
                         <?php endif; ?>

app/code/Magento/Downloadable/view/frontend/templates/catalog/product/samples.phtml

@@ -15,11 +15,11 @@
 
 <?php if ($block->hasSamples()): ?>
     <dl class="items samples">
-        <dt class="item-title samples-item-title"><?= /* @escapeNotVerified */ $block->getSamplesTitle() ?></dt>
+        <dt class="item-title samples-item-title"><?= $block->escapeHtml($block->getSamplesTitle()) ?></dt>
         <?php $_samples = $block->getSamples() ?>
         <?php foreach ($_samples as $_sample): ?>
             <dd class="item samples-item">
-                <a href="<?= /* @escapeNotVerified */ $block->getSampleUrl($_sample) ?>" <?= $block->getIsOpenInNewWindow() ? 'onclick="this.target=\'_blank\'"' : '' ?>
+                <a href="<?= $block->escapeHtml($block->getSampleUrl($_sample)) ?>" <?= $block->getIsOpenInNewWindow() ? 'onclick="this.target=\'_blank\'"' : '' ?>
                    class="item-link samples-item-link">
                     <?= $block->escapeHtml($_sample->getTitle()) ?>
                 </a>

app/code/Magento/Downloadable/view/frontend/templates/sales/order/creditmemo/items/renderer/downloadable.phtml

@@ -39,7 +39,7 @@
         <?php /* downloadable */?>
         <?php if ($links = $block->getLinks()): ?>
             <dl class="item-options links">
-                <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
+                <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
                 <?php foreach ($links->getPurchasedItems() as $link): ?>
                     <dd><?= $block->escapeHtml($link->getLinkTitle()) ?></dd>
                 <?php endforeach; ?>

app/code/Magento/Downloadable/view/frontend/templates/sales/order/invoice/items/renderer/downloadable.phtml

@@ -39,7 +39,7 @@
         <?php /* downloadable */ ?>
         <?php if ($links = $block->getLinks()): ?>
             <dl class="item-options links">
-                <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
+                <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
                 <?php foreach ($links->getPurchasedItems() as $link): ?>
                     <dd><?= $block->escapeHtml($link->getLinkTitle()) ?></dd>
                 <?php endforeach; ?>

app/code/Magento/Downloadable/view/frontend/templates/sales/order/items/renderer/downloadable.phtml

@@ -40,7 +40,7 @@
         <?php /* downloadable */ ?>
         <?php if ($links = $block->getLinks()): ?>
             <dl class="item-options links">
-                <dt><?= /* @escapeNotVerified */ $block->getLinksTitle() ?></dt>
+                <dt><?= $block->escapeHtml($block->getLinksTitle()) ?></dt>
                 <?php foreach ($links->getPurchasedItems() as $link): ?>
                     <dd><?= $block->escapeHtml($link->getLinkTitle()) ?></dd>
                 <?php endforeach; ?>