Skip to content

Commit

Permalink
magento#37107 Replace Deprecated Output Escaping
Browse files Browse the repository at this point in the history 
- Replace in templates in module Magento_CatalogWidget
  • Loading branch information
@BeggiNN
BeggiNN committed Sep 12, 2023
1 parent 968fb3e commit ccf12e8
Show file tree
Hide file tree
Showing 2 changed files with 41 additions and 28 deletions.
26 changes: 18 additions & 8 deletions app/code/Magento/CatalogWidget/view/adminhtml/templates/product/widget/conditions.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,16 +4,25 @@
* See COPYING.txt for license details.
*/

/** @var \Magento\CatalogWidget\Block\Product\Widget\Conditions $block */
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
use Magento\CatalogWidget\Block\Product\Widget\Conditions;
use Magento\Framework\View\Helper\SecureHtmlRenderer;
use Magento\Framework\Escaper;

/** @var Conditions $block */
/** @var SecureHtmlRenderer $secureRenderer */
/** @var Escaper $escaper */

// phpcs:disable Generic.Files.LineLength.TooLong
?>
<?php
$element = $block->getElement();
$fieldId = $element->getHtmlContainerId() ? ' id="' . $block->escapeHtmlAttr($element->getHtmlContainerId()) . '"' : '';
$fieldClass = 'field admin__field field-' . $block->escapeHtmlAttr($element->getId()) . ' '
. $block->escapeHtmlAttr($element->getCssClass());
$fieldId = $element->getHtmlContainerId() ?
' id="' . $escaper->escapeHtmlAttr($element->getHtmlContainerId()) . '"' : '';
$fieldClass = 'field admin__field field-' . $escaper->escapeHtmlAttr((string)$element->getId()) . ' '
. $escaper->escapeHtmlAttr($element->getCssClass());
$fieldClass .= $element->getRequired() ? ' required' : '';
$fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
. $block->getUiId('form-field', $block->escapeHtmlAttr($element->getId()));
. $block->getUiId('form-field', $escaper->escapeHtmlAttr((string)$element->getId()));
?>
<div<?= /* @noEscape */ $fieldAttributes ?>>
<?= $element->getLabelHtml() ?>
Expand All @@ -31,8 +40,9 @@ $fieldAttributes = $fieldId . ' class="' . $fieldClass . '" '
"Magento_Rule/rules",
"prototype"
], function(VarienRulesForm){
window.{$block->escapeJs($block->getHtmlId())} = new VarienRulesForm('{$block->escapeJs($block->getHtmlId())}',
'{$block->escapeUrl($block->getNewChildUrl())}');
window.{$escaper->escapeJs($block->getHtmlId())} = new VarienRulesForm(
'{$escaper->escapeJs($block->getHtmlId())}',
'{$escaper->escapeUrl($block->getNewChildUrl())}');
});
script;
?>
Expand Down
43 changes: 23 additions & 20 deletions app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,15 @@
* See COPYING.txt for license details.
*/

use Magento\Catalog\Block\Product\ReviewRendererInterface;
use Magento\Catalog\Helper\Product\Compare;
use Magento\CatalogWidget\Block\Product\ProductsList;
use Magento\Framework\App\Action\Action;
use Magento\Framework\Escaper;
use Magento\Wishlist\Helper\Data;

/**
* @var \Magento\CatalogWidget\Block\Product\ProductsList $block
* @var \Magento\Framework\Escaper $escaper
*/
/** @var Escaper $escaper */
/** @var ProductsList $block */

// phpcs:disable Generic.Files.LineLength.TooLong
// phpcs:disable Magento2.Templates.ThisInTemplate.FoundHelper
Expand All @@ -27,13 +30,13 @@ use Magento\Framework\App\Action\Action;
$showWishlist = true;
$showCompare = true;
$showCart = true;
$templateType = \Magento\Catalog\Block\Product\ReviewRendererInterface::SHORT_VIEW;
$templateType = ReviewRendererInterface::SHORT_VIEW;
$description = false;
?>
<div class="block widget block-products-list <?= /* @noEscape */ $mode ?>">
<?php if ($block->getTitle()): ?>
<div class="block-title">
<strong><?= $block->escapeHtml(__($block->getTitle())) ?></strong>
<strong><?= $escaper->escapeHtml(__($block->getTitle())) ?></strong>
</div>
<?php endif ?>
<div class="block-content">
Expand All @@ -44,15 +47,15 @@ use Magento\Framework\App\Action\Action;
<?php foreach ($items as $_item): ?>
<?= /* @noEscape */ ($iterator++ == 1) ? '<li class="product-item">' : '</li><li class="product-item">' ?>
<div class="product-item-info">
<a href="<?= $block->escapeUrl($block->getProductUrl($_item)) ?>" class="product-item-photo">
<a href="<?= $escaper->escapeUrl($block->getProductUrl($_item)) ?>" class="product-item-photo">
<?= $block->getImage($_item, $image)->toHtml() ?>
</a>
<div class="product-item-details">
<strong class="product-item-name">
<a title="<?= $block->escapeHtml($_item->getName()) ?>"
href="<?= $block->escapeUrl($block->getProductUrl($_item)) ?>"
<a title="<?= $escaper->escapeHtml($_item->getName()) ?>"
href="<?= $escaper->escapeUrl($block->getProductUrl($_item)) ?>"
class="product-item-link">
<?= $block->escapeHtml($_item->getName()) ?>
<?= $escaper->escapeHtml($_item->getName()) ?>
</a>
</strong>
<?php if ($templateType): ?>
Expand All @@ -70,14 +73,14 @@ use Magento\Framework\App\Action\Action;
<div class="actions-primary">
<?php if ($_item->isSaleable()): ?>
<?php $postParams = $block->getAddToCartPostParams($_item); ?>
<form data-role="tocart-form" data-product-sku="<?= $block->escapeHtml($_item->getSku()) ?>" action="<?= $block->escapeUrl($postParams['action']) ?>" method="post">
<input type="hidden" name="product" value="<?= $block->escapeHtmlAttr($postParams['data']['product']) ?>">
<form data-role="tocart-form" data-product-sku="<?= $escaper->escapeHtml($_item->getSku()) ?>" action="<?= $escaper->escapeUrl($postParams['action']) ?>" method="post">
<input type="hidden" name="product" value="<?= $escaper->escapeHtmlAttr($postParams['data']['product']) ?>">
<input type="hidden" name="<?= /* @noEscape */ Action::PARAM_NAME_URL_ENCODED ?>" value="<?= /* @noEscape */ $postParams['data'][Action::PARAM_NAME_URL_ENCODED] ?>">
<?= $block->getBlockHtml('formkey') ?>
<button type="submit"
title="<?= $block->escapeHtml(__('Add to Cart')) ?>"
title="<?= $escaper->escapeHtml(__('Add to Cart')) ?>"
class="action tocart primary">
<span><?= $block->escapeHtml(__('Add to Cart')) ?></span>
<span><?= $escaper->escapeHtml(__('Add to Cart')) ?></span>
</button>
</form>
<?php if ($block->getBlockHtml('formkey')): ?>
Expand All @@ -93,25 +96,25 @@ use Magento\Framework\App\Action\Action;
<?php endif;?>
<?php else: ?>
<?php if ($_item->isAvailable()): ?>
<div class="stock available"><span><?= $block->escapeHtml(__('In stock')) ?></span></div>
<div class="stock available"><span><?= $escaper->escapeHtml(__('In stock')) ?></span></div>
<?php else: ?>
<div class="stock unavailable"><span><?= $block->escapeHtml(__('Out of stock')) ?></span></div>
<div class="stock unavailable"><span><?= $escaper->escapeHtml(__('Out of stock')) ?></span></div>
<?php endif; ?>
<?php endif; ?>
</div>
<?php endif; ?>
<?php if ($showWishlist || $showCompare): ?>
<div class="actions-secondary" data-role="add-to-links">
<?php if ($this->helper(\Magento\Wishlist\Helper\Data::class)->isAllow() && $showWishlist): ?>
<?php if ($this->helper(Data::class)->isAllow() && $showWishlist): ?>
<a href="#"
data-post='<?= /* @noEscape */ $block->getAddToWishlistParams($_item) ?>' class="action towishlist" data-action="add-to-wishlist" title="<?= $block->escapeHtmlAttr(__('Add to Wish List')) ?>">
<span><?= $block->escapeHtml(__('Add to Wish List')) ?></span>
<span><?= $escaper->escapeHtml(__('Add to Wish List')) ?></span>
</a>
<?php endif; ?>
<?php if ($block->getAddToCompareUrl() && $showCompare): ?>
<?php $compareHelper = $this->helper(\Magento\Catalog\Helper\Product\Compare::class);?>
<?php $compareHelper = $this->helper(Compare::class);?>
<a href="#" class="action tocompare" data-post='<?= /* @noEscape */ $compareHelper->getPostDataParams($_item) ?>' title="<?= $block->escapeHtmlAttr(__('Add to Compare')) ?>">
<span><?= $block->escapeHtml(__('Add to Compare')) ?></span>
<span><?= $escaper->escapeHtml(__('Add to Compare')) ?></span>
</a>
<?php endif; ?>
</div>
Expand Down

0 comments on commit ccf12e8

Please sign in to comment.