Skip to content

Commit d8fd9b4

Browse files
mohitradobemohitradobe
committed
AC-14914: Added invoice render enhancement and definition for escaper
1 parent 24f4eff commit d8fd9b4

File tree

9 files changed

+193
-148
lines changed

9 files changed

+193
-148
lines changed

app/code/Magento/Bundle/view/adminhtml/templates/sales/creditmemo/create/items/renderer.phtml

Lines changed: 27 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,17 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2011 Adobe
4+
* All Rights Reserved.
55
*/
66

7+
use Magento\Framework\Escaper;
8+
79
/**
810
* @see \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer
911
*/
1012
/** @var $block \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer */
1113
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
14+
/** @var Escaper $escaper */
1215
?>
1316

1417
<?php $_item = $block->getItem() ?>
@@ -35,7 +38,7 @@ $catalogHelper = $block->getData('catalogHelper');
3538
<?php if ($_prevOptionId != $attributes['option_id']): ?>
3639
<tr>
3740
<td class="col-product">
38-
<div class="option-label"><?= $block->escapeHtml($attributes['option_label']) ?></div>
41+
<div class="option-label"><?= $escaper->escapeHtml($attributes['option_label']) ?></div>
3942
</td>
4043
<td>&nbsp;</td>
4144
<td>&nbsp;</td>
@@ -52,10 +55,12 @@ $catalogHelper = $block->getData('catalogHelper');
5255
<tr<?= (++$_index == $_count && !$_showlastRow) ? ' class="border"' : '' ?>>
5356
<?php if (!$_item->getOrderItem()->getParentItem()): ?>
5457
<td class="col-product">
55-
<div class="product-title"><?= $block->escapeHtml($_item->getName()) ?></div>
58+
<div class="product-title"><?= $escaper->escapeHtml($_item->getName()) ?></div>
5659
<div class="product-sku-block">
57-
<span><?= $block->escapeHtml(__('SKU')) ?>:</span>
58-
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($_item->getSku())) ?>
60+
<span><?= $escaper->escapeHtml(__('SKU')) ?>:</span>
61+
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku(
62+
$escaper->escapeHtml($_item->getSku())
63+
)) ?>
5964
</div>
6065
</td>
6166
<?php else: ?>
@@ -72,44 +77,44 @@ $catalogHelper = $block->getData('catalogHelper');
7277
<?php if ($block->canShowPriceInfo($_item)): ?>
7378
<table class="qty-table">
7479
<tr>
75-
<th><?= $block->escapeHtml(__('Ordered')) ?></th>
80+
<th><?= $escaper->escapeHtml(__('Ordered')) ?></th>
7681
<td><?= (float)$_item->getOrderItem()->getQtyOrdered() * 1 ?></td>
7782
</tr>
7883
<?php if ((float) $_item->getOrderItem()->getQtyInvoiced()): ?>
7984
<tr>
80-
<th><?= $block->escapeHtml(__('Invoiced')) ?></th>
85+
<th><?= $escaper->escapeHtml(__('Invoiced')) ?></th>
8186
<td><?= (float)$_item->getOrderItem()->getQtyInvoiced() * 1 ?></td>
8287
</tr>
8388
<?php endif; ?>
8489
<?php if ((float) $_item->getOrderItem()->getQtyShipped() &&
8590
$block->isShipmentSeparately($_item)): ?>
8691
<tr>
87-
<th><?= $block->escapeHtml(__('Shipped')) ?></th>
92+
<th><?= $escaper->escapeHtml(__('Shipped')) ?></th>
8893
<td><?= (float)$_item->getOrderItem()->getQtyShipped() * 1 ?></td>
8994
</tr>
9095
<?php endif; ?>
9196
<?php if ((float) $_item->getOrderItem()->getQtyRefunded()): ?>
9297
<tr>
93-
<th><?= $block->escapeHtml(__('Refunded')) ?></th>
98+
<th><?= $escaper->escapeHtml(__('Refunded')) ?></th>
9499
<td><?= (float)$_item->getOrderItem()->getQtyRefunded() * 1 ?></td>
95100
</tr>
96101
<?php endif; ?>
97102
<?php if ((float) $_item->getOrderItem()->getQtyCanceled()): ?>
98103
<tr>
99-
<th><?= $block->escapeHtml(__('Canceled')) ?></th>
104+
<th><?= $escaper->escapeHtml(__('Canceled')) ?></th>
100105
<td><?= (float)$_item->getOrderItem()->getQtyCanceled() * 1 ?></td>
101106
</tr>
102107
<?php endif; ?>
103108
</table>
104109
<?php elseif ($block->isShipmentSeparately($_item)): ?>
105110
<table class="qty-table">
106111
<tr>
107-
<th><?= $block->escapeHtml(__('Ordered')) ?></th>
112+
<th><?= $escaper->escapeHtml(__('Ordered')) ?></th>
108113
<td><?= (float)$_item->getOrderItem()->getQtyOrdered() * 1 ?></td>
109114
</tr>
110115
<?php if ((float) $_item->getOrderItem()->getQtyShipped()): ?>
111116
<tr>
112-
<th><?= $block->escapeHtml(__('Shipped')) ?></th>
117+
<th><?= $escaper->escapeHtml(__('Shipped')) ?></th>
113118
<td><?= (float)$_item->getOrderItem()->getQtyShipped() * 1 ?></td>
114119
</tr>
115120
<?php endif; ?>
@@ -124,7 +129,7 @@ $catalogHelper = $block->getData('catalogHelper');
124129
<?php if ($block->canReturnItemToStock($_item)): ?>
125130
<input type="checkbox"
126131
class="admin__control-checkbox"
127-
name="creditmemo[items][<?= $block->escapeHtmlAttr($_item->getOrderItemId())
132+
name="creditmemo[items][<?= $escaper->escapeHtmlAttr($_item->getOrderItemId())
128133
?>][back_to_stock]"
129134
value="1"<?php if ($_item->getBackToStock()):?> checked="checked"<?php endif;?> />
130135
<label class="admin__field-label"></label>
@@ -139,7 +144,7 @@ $catalogHelper = $block->getData('catalogHelper');
139144
<?php if ($block->canEditQty()): ?>
140145
<input type="text"
141146
class="input-text admin__control-text qty-input"
142-
name="creditmemo[items][<?= $block->escapeHtmlAttr($_item->getOrderItemId()) ?>][qty]"
147+
name="creditmemo[items][<?= $escaper->escapeHtmlAttr($_item->getOrderItemId()) ?>][qty]"
143148
value="<?= (float)$_item->getQty() * 1 ?>" />
144149
<?php else: ?>
145150
<?= (float)$_item->getQty() * 1 ?>
@@ -184,16 +189,16 @@ $catalogHelper = $block->getData('catalogHelper');
184189
<?php if ($block->getOrderOptions($_item->getOrderItem())): ?>
185190
<dl class="item-options">
186191
<?php foreach ($block->getOrderOptions($_item->getOrderItem()) as $option): ?>
187-
<dt><?= $block->escapeHtml($option['label']) ?></dt>
192+
<dt><?= $escaper->escapeHtml($option['label']) ?></dt>
188193
<dd>
189194
<?php if (isset($option['custom_view']) && $option['custom_view']): ?>
190-
<?= $block->escapeHtml($option['value']) ?>
195+
<?= $escaper->escapeHtml($option['value']) ?>
191196
<?php else: ?>
192-
<?= $block->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
197+
<?= $escaper->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
193198
<?php if ($_remainder):?>
194-
... <span id="<?= $block->escapeHtmlAttr($_id = 'id' . uniqid())
195-
?>"><?= $block->escapeHtml($_remainder) ?></span>
196-
<?php $escapedId = /* @noEscape */ $block->escapeJs($_id);
199+
... <span id="<?= $escaper->escapeHtmlAttr($_id = 'id' . uniqid())
200+
?>"><?= $escaper->escapeHtml($_remainder) ?></span>
201+
<?php $escapedId = /* @noEscape */ $escaper->escapeJs($_id);
197202
$scriptString = <<<script
198203
require(['prototype'], function(){
199204
$('{$escapedId}').hide();
@@ -211,7 +216,7 @@ script;
211216
<?php else: ?>
212217
&nbsp;
213218
<?php endif; ?>
214-
<?= $block->escapeHtml($_item->getDescription()) ?>
219+
<?= $escaper->escapeHtml($_item->getDescription()) ?>
215220
</td>
216221
<td>&nbsp;</td>
217222
<td>&nbsp;</td>

app/code/Magento/Bundle/view/adminhtml/templates/sales/creditmemo/view/items/renderer.phtml

Lines changed: 18 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,17 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2011 Adobe
4+
* All Rights Reserved.
55
*/
66

7+
use Magento\Framework\Escaper;
8+
79
/**
810
* @see \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer
911
*/
1012
/** @var $block \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer */
1113
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
14+
/** @var Escaper $escaper */
1215
?>
1316

1417
<?php $_item = $block->getItem() ?>
@@ -35,7 +38,7 @@ $catalogHelper = $block->getData('catalogHelper');
3538
<?php if ($_prevOptionId != $attributes['option_id']): ?>
3639
<tr>
3740
<td class="col-product">
38-
<div class="option-label"><?= $block->escapeHtml($attributes['option_label']) ?></div>
41+
<div class="option-label"><?= $escaper->escapeHtml($attributes['option_label']) ?></div>
3942
</td>
4043
<td>&nbsp;</td>
4144
<td>&nbsp;</td>
@@ -50,10 +53,12 @@ $catalogHelper = $block->getData('catalogHelper');
5053
<tr<?= (++$_index == $_count && !$_showlastRow) ? ' class="border"' : '' ?>>
5154
<?php if (!$_item->getOrderItem()->getParentItem()): ?>
5255
<td class="col-product">
53-
<div class="product-title"><?= $block->escapeHtml($_item->getName()) ?></div>
56+
<div class="product-title"><?= $escaper->escapeHtml($_item->getName()) ?></div>
5457
<div class="product-sku-block">
55-
<span><?= $block->escapeHtml(__('SKU')) ?>:</span>
56-
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($_item->getSku())) ?>
58+
<span><?= $escaper->escapeHtml(__('SKU')) ?>:</span>
59+
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku(
60+
$escaper->escapeHtml($_item->getSku())
61+
)) ?>
5762
</div>
5863
</td>
5964
<?php else: ?>
@@ -109,16 +114,16 @@ $catalogHelper = $block->getData('catalogHelper');
109114
<?php if ($block->getOrderOptions()): ?>
110115
<dl class="item-options">
111116
<?php foreach ($block->getOrderOptions() as $option): ?>
112-
<dt><?= $block->escapeHtml($option['label']) ?></dt>
117+
<dt><?= $escaper->escapeHtml($option['label']) ?></dt>
113118
<dd>
114119
<?php if (isset($option['custom_view']) && $option['custom_view']): ?>
115-
<?= $block->escapeHtml($option['value']) ?>
120+
<?= $escaper->escapeHtml($option['value']) ?>
116121
<?php else: ?>
117-
<?= $block->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
122+
<?= $escaper->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
118123
<?php if ($_remainder):?>
119-
... <span id="<?= $block->escapeHtmlAttr($_id = 'id' . uniqid())
120-
?>"><?= $block->escapeHtml($_remainder) ?></span>
121-
<?php $escapedId = /* @noEscape */ $block->escapeJs($_id);
124+
... <span id="<?= $escaper->escapeHtmlAttr($_id = 'id' . uniqid())
125+
?>"><?= $escaper->escapeHtml($_remainder) ?></span>
126+
<?php $escapedId = /* @noEscape */ $escaper->escapeJs($_id);
122127
$scriptString = <<<script
123128
require(['prototype'], function(){
124129
$('{$escapedId}').hide();
@@ -134,7 +139,7 @@ script;
134139
<?php endforeach; ?>
135140
</dl>
136141
<?php endif; ?>
137-
<?= $block->escapeHtml($block->getItem()->getDescription()) ?>
142+
<?= $escaper->escapeHtml($block->getItem()->getDescription()) ?>
138143
</td>
139144
<td>&nbsp;</td>
140145
<td>&nbsp;</td>

app/code/Magento/Bundle/view/adminhtml/templates/sales/invoice/create/items/renderer.phtml

Lines changed: 26 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,17 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2011 Adobe
4+
* All Rights Reserved.
55
*/
66

7+
use Magento\Framework\Escaper;
8+
79
/**
810
* @see \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer
911
*/
1012
/** @var $block \Magento\Bundle\Block\Adminhtml\Sales\Order\Items\Renderer */
1113
/** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */
14+
/** @var Escaper $escaper */
1215
?>
1316

1417
<?php $_item = $block->getItem() ?>
@@ -45,7 +48,7 @@ $catalogHelper = $block->getData('catalogHelper');
4548
<?php if ($_prevOptionId != $attributes['option_id']): ?>
4649
<tr>
4750
<td class="col-product">
48-
<div class="option-label"><?= $block->escapeHtml($attributes['option_label']) ?></div>
51+
<div class="option-label"><?= $escaper->escapeHtml($attributes['option_label']) ?></div>
4952
</td>
5053
<td>&nbsp;</td>
5154
<td>&nbsp;</td>
@@ -61,10 +64,12 @@ $catalogHelper = $block->getData('catalogHelper');
6164
<tr<?= (++$_index == $_count && !$_showlastRow) ? ' class="border"' : '' ?>>
6265
<?php if (!$_item->getOrderItem()->getParentItem()): ?>
6366
<td class="col-product">
64-
<div class="product-title"><?= $block->escapeHtml($_item->getName()) ?></div>
67+
<div class="product-title"><?= $escaper->escapeHtml($_item->getName()) ?></div>
6568
<div class="product-sku-block">
66-
<span><?= $block->escapeHtml(__('SKU')) ?>:</span>
67-
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($_item->getSku())) ?>
69+
<span><?= $escaper->escapeHtml(__('SKU')) ?>:</span>
70+
<?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku(
71+
$escaper->escapeHtml($_item->getSku())
72+
)) ?>
6873
</div>
6974
</td>
7075
<?php else: ?>
@@ -83,44 +88,44 @@ $catalogHelper = $block->getData('catalogHelper');
8388
<?php if ($block->canShowPriceInfo($_item) || $shipTogether): ?>
8489
<table class="qty-table">
8590
<tr>
86-
<th><?= $block->escapeHtml(__('Ordered')) ?></th>
91+
<th><?= $escaper->escapeHtml(__('Ordered')) ?></th>
8792
<td><span><?= (float)$_item->getOrderItem()->getQtyOrdered() * 1 ?></span></td>
8893
</tr>
8994
<?php if ((float) $_item->getOrderItem()->getQtyInvoiced()): ?>
9095
<tr>
91-
<th><?= $block->escapeHtml(__('Invoiced')) ?></th>
96+
<th><?= $escaper->escapeHtml(__('Invoiced')) ?></th>
9297
<td><?= (float)$_item->getOrderItem()->getQtyInvoiced() * 1 ?></td>
9398
</tr>
9499
<?php endif; ?>
95100
<?php if ((float) $_item->getOrderItem()->getQtyShipped() &&
96101
$block->isShipmentSeparately($_item)): ?>
97102
<tr>
98-
<th><?= $block->escapeHtml(__('Shipped')) ?></th>
103+
<th><?= $escaper->escapeHtml(__('Shipped')) ?></th>
99104
<td><?= (float)$_item->getOrderItem()->getQtyShipped() * 1 ?></td>
100105
</tr>
101106
<?php endif; ?>
102107
<?php if ((float) $_item->getOrderItem()->getQtyRefunded()): ?>
103108
<tr>
104-
<th><?= $block->escapeHtml(__('Refunded')) ?></th>
109+
<th><?= $escaper->escapeHtml(__('Refunded')) ?></th>
105110
<td><?= (float)$_item->getOrderItem()->getQtyRefunded() * 1 ?></td>
106111
</tr>
107112
<?php endif; ?>
108113
<?php if ((float) $_item->getOrderItem()->getQtyCanceled()): ?>
109114
<tr>
110-
<th><?= $block->escapeHtml(__('Canceled')) ?></th>
115+
<th><?= $escaper->escapeHtml(__('Canceled')) ?></th>
111116
<td><?= (float)$_item->getOrderItem()->getQtyCanceled() * 1 ?></td>
112117
</tr>
113118
<?php endif; ?>
114119
</table>
115120
<?php elseif ($block->isShipmentSeparately($_item)): ?>
116121
<table class="qty-table">
117122
<tr>
118-
<th><?= $block->escapeHtml(__('Ordered')) ?></th>
123+
<th><?= $escaper->escapeHtml(__('Ordered')) ?></th>
119124
<td><?= (float)$_item->getOrderItem()->getQtyOrdered() * 1 ?></td>
120125
</tr>
121126
<?php if ((float) $_item->getOrderItem()->getQtyShipped()): ?>
122127
<tr>
123-
<th><?= $block->escapeHtml(__('Shipped')) ?></th>
128+
<th><?= $escaper->escapeHtml(__('Shipped')) ?></th>
124129
<td><?= (float)$_item->getOrderItem()->getQtyShipped() * 1 ?></td>
125130
</tr>
126131
<?php endif; ?>
@@ -134,7 +139,7 @@ $catalogHelper = $block->getData('catalogHelper');
134139
<?php if ($block->canEditQty() && $canEditItemQty): ?>
135140
<input type="text"
136141
class="input-text admin__control-text qty-input"
137-
name="invoice[items][<?= $block->escapeHtmlAttr($_item->getOrderItemId()) ?>]"
142+
name="invoice[items][<?= $escaper->escapeHtmlAttr($_item->getOrderItemId()) ?>]"
138143
value="<?= (float)$_item->getQty() * 1 ?>" />
139144
<?php else: ?>
140145
<?= (float)$_item->getQty() * 1 ?>
@@ -179,16 +184,16 @@ $catalogHelper = $block->getData('catalogHelper');
179184
<?php if ($block->getOrderOptions($_item->getOrderItem())): ?>
180185
<dl class="item-options">
181186
<?php foreach ($block->getOrderOptions($_item->getOrderItem()) as $option): ?>
182-
<dt><?= $block->escapeHtml($option['label']) ?></dt>
187+
<dt><?= $escaper->escapeHtml($option['label']) ?></dt>
183188
<dd>
184189
<?php if (isset($option['custom_view']) && $option['custom_view']): ?>
185-
<?= $block->escapeHtml($option['value']) ?>
190+
<?= $escaper->escapeHtml($option['value']) ?>
186191
<?php else: ?>
187-
<?= $block->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
192+
<?= $escaper->escapeHtml($block->truncateString($option['value'], 55, '', $_remainder)) ?>
188193
<?php if ($_remainder):?>
189-
... <span id="<?= $block->escapeHtmlAttr($_id = 'id' . uniqid())
190-
?>"><?= $block->escapeHtml($_remainder) ?></span>
191-
<?php $escapedId = /* @noEscape */ $block->escapeJs($_id);
194+
... <span id="<?= $escaper->escapeHtmlAttr($_id = 'id' . uniqid())
195+
?>"><?= $escaper->escapeHtml($_remainder) ?></span>
196+
<?php $escapedId = /* @noEscape */ $escaper->escapeJs($_id);
192197
$scriptString = <<<script
193198
require(['prototype'], function(){
194199
$('{$escapedId}').hide();
@@ -206,7 +211,7 @@ script;
206211
<?php else: ?>
207212
&nbsp;
208213
<?php endif; ?>
209-
<?= $block->escapeHtml($_item->getDescription()) ?>
214+
<?= $escaper->escapeHtml($_item->getDescription()) ?>
210215
</td>
211216
<td>&nbsp;</td>
212217
<td>&nbsp;</td>

0 commit comments

Comments
 (0)