diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php index 65f9e41b074a3..3c009c47087e9 100644 --- a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php +++ b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Action.php @@ -42,7 +42,7 @@ public function render(\Magento\Framework\DataObject $row) protected function _getEscapedValue($value) { // phpcs:ignore Magento2.Functions.DiscouragedFunction - return addcslashes($this->escapeHtml($value), '\\\''); + return addcslashes($this->_escaper->escapeHtml($value), '\\\''); } /** diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php index 005d211a8962e..295284b8c4dd8 100644 --- a/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php +++ b/app/code/Magento/Email/Block/Adminhtml/Template/Grid/Renderer/Sender.php @@ -23,7 +23,7 @@ public function render(\Magento\Framework\DataObject $row) $str = ''; if ($row->getTemplateSenderName()) { - $str .= $this->escapeHtml($row->getTemplateSenderName()) . ' '; + $str .= $this->_escaper->escapeHtml($row->getTemplateSenderName()) . ' '; } if ($row->getTemplateSenderEmail()) { diff --git a/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php b/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php index 58fa4a1d318ff..f9c60950a4b15 100644 --- a/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php +++ b/app/code/Magento/Email/Block/Adminhtml/Template/Preview.php @@ -81,7 +81,7 @@ protected function _toHtml() $templateProcessed = $this->_maliciousCode->filter($templateProcessed); if ($template->isPlain()) { - $templateProcessed = "
" . $this->escapeHtml($templateProcessed) . "
"; + $templateProcessed = "
" . $this->_escaper->escapeHtml($templateProcessed) . "
"; } \Magento\Framework\Profiler::stop($this->profilerName); diff --git a/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Render/SenderTest.php b/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Render/SenderTest.php index d81c70d7955ed..4a8d25b1f59fa 100644 --- a/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Render/SenderTest.php +++ b/app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/Render/SenderTest.php @@ -8,27 +8,35 @@ namespace Magento\Email\Test\Unit\Block\Adminhtml\Template\Render; +use Magento\Backend\Block\Context; use Magento\Email\Block\Adminhtml\Template\Grid\Renderer\Sender; use Magento\Framework\DataObject; +use Magento\Framework\Escaper; use PHPUnit\Framework\MockObject\MockObject; use PHPUnit\Framework\TestCase; class SenderTest extends TestCase { /** - * @var MockObject|Sender + * @var Sender */ - protected $block; + private $block; + + /** + * @var MockObject|Escaper + */ + private $escaperMock; /** * Setup environment */ protected function setUp(): void { - $this->block = $this->getMockBuilder(Sender::class) - ->disableOriginalConstructor() - ->setMethods(['escapeHtml']) - ->getMock(); + $this->escaperMock = $this->createMock(Escaper::class); + $contextMock = $this->createMock(Context::class); + $contextMock->method('getEscaper')->willReturn($this->escaperMock); + + $this->block = new Sender($contextMock); } /** @@ -37,8 +45,8 @@ protected function setUp(): void public function testRenderWithSenderNameAndEmail() { $templateSenderEmail = 'test'; - $this->block->expects($this->any())->method('escapeHtml')->with($templateSenderEmail) - ->willReturn('test'); + $this->escaperMock->expects($this->any())->method('escapeHtml')->with($templateSenderEmail) + ->willReturn($templateSenderEmail); $actualResult = $this->block->render( new DataObject( [ @@ -56,8 +64,8 @@ public function testRenderWithSenderNameAndEmail() public function testRenderWithNoSenderNameAndEmail() { $templateSenderEmail = ''; - $this->block->expects($this->any())->method('escapeHtml')->with($templateSenderEmail) - ->willReturn(''); + $this->escaperMock->expects($this->any())->method('escapeHtml')->with($templateSenderEmail) + ->willReturn($templateSenderEmail); $actualResult = $this->block->render( new DataObject( [ diff --git a/app/code/Magento/Email/view/adminhtml/templates/preview/iframeswitcher.phtml b/app/code/Magento/Email/view/adminhtml/templates/preview/iframeswitcher.phtml index 900c527dcff17..9f22756889d83 100644 --- a/app/code/Magento/Email/view/adminhtml/templates/preview/iframeswitcher.phtml +++ b/app/code/Magento/Email/view/adminhtml/templates/preview/iframeswitcher.phtml @@ -4,25 +4,28 @@ * See COPYING.txt for license details. */ -/** @var \Magento\Backend\Block\Page $block */ +/** + * @var \Magento\Backend\Block\Page $block + * @var \Magento\Framework\Escaper $escaper + */ /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */ ?>
getPreviewFormViewModel()->getFormFields() as $name => $value): ?> - +
diff --git a/app/code/Magento/Email/view/adminhtml/templates/template/edit.phtml b/app/code/Magento/Email/view/adminhtml/templates/template/edit.phtml index a377cd8ae6722..6f5a8bdd5803d 100644 --- a/app/code/Magento/Email/view/adminhtml/templates/template/edit.phtml +++ b/app/code/Magento/Email/view/adminhtml/templates/template/edit.phtml @@ -8,28 +8,31 @@ use Magento\Framework\App\TemplateTypesInterface; // phpcs:disable Generic.Files.LineLength.TooLong -/** @var $block \Magento\Email\Block\Adminhtml\Template\Edit */ +/** + * @var $block \Magento\Email\Block\Adminhtml\Template\Edit + * @var \Magento\Framework\Escaper $escaper + */ /** @var \Magento\Framework\View\Helper\SecureHtmlRenderer $secureRenderer */ ?> getEditMode()): ?> -
+ getBlockHtml('formkey') ?>
- escapeHtml(__('Load Default Template')) ?>
+ escapeHtml(__('Load Default Template')) ?>
+ value="escapeHtmlAttr($block->getOrigTemplateCode()) ?>" /> getFormHtml() ?> -
getBlockHtml('formkey') ?>
@@ -132,7 +135,7 @@ require([ var self = this; confirm({ - content: "{$block->escapeJs(__('Are you sure you want to strip tags?'))}", + content: "{$escaper->escapeJs(__('Are you sure you want to strip tags?'))}", actions: { confirm: function () { self.unconvertedText = $('template_text').value; @@ -188,10 +191,10 @@ require([ deleteTemplate: function() { confirm({ - content: "{$block->escapeJs(__('Are you sure you want to delete this template?'))}", + content: "{$escaper->escapeJs(__('Are you sure you want to delete this template?'))}", actions: { confirm: function () { - window.location.href = '{$block->escapeJs($block->getDeleteUrl())}'; + window.location.href = '{$escaper->escapeJs($block->getDeleteUrl())}'; } } }); @@ -238,7 +241,7 @@ require([ }.bind(this)); } else { alert({ - content: '{$block->escapeJs(__( + content: '{$escaper->escapeJs(__( 'The template did not load. Please review the log for details.' ))}' }); diff --git a/app/code/Magento/Email/view/adminhtml/templates/template/preview.phtml b/app/code/Magento/Email/view/adminhtml/templates/template/preview.phtml index 80d2ab0692675..c507e67a9c3cd 100644 --- a/app/code/Magento/Email/view/adminhtml/templates/template/preview.phtml +++ b/app/code/Magento/Email/view/adminhtml/templates/template/preview.phtml @@ -4,13 +4,16 @@ * See COPYING.txt for license details. */ -/* @var $block \Magento\Email\Block\Adminhtml\Template\Preview */ +/** + * @var $block \Magento\Email\Block\Adminhtml\Template\Preview + * @var \Magento\Framework\Escaper $escaper + */ ?> - <?= $block->escapeHtml(__('Email Preview')) ?> + <?= $escaper->escapeHtml(__('Email Preview')) ?> getChildHtml('content') ?>