Skip to content

Commit d1ccd35

Browse files
DnD-RodgeurDnD-Rodgeur
committed
MAG-440: Add info sections missing escapers
1 parent d6dd763 commit d1ccd35

File tree

6 files changed

+155
-125
lines changed

6 files changed

+155
-125
lines changed

view/adminhtml/templates/info/default.phtml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,9 @@ use Payplug\Payments\Block\Info;
1010
* @var Escaper $escaper
1111
*/
1212
$specificInfo = $block->getAdminSpecificInformation();
13+
$title = $block->getMethod()->getTitle();
1314
?>
14-
<?= $escaper->escapeHtml($block->getMethod()->getTitle()); ?>
15+
<?= $escaper->escapeHtml(__($title)) ?>
1516
<?php if ($specificInfo): ?>
1617
<table class="data-table admin__table-secondary">
1718
<?php foreach ($specificInfo as $label => $value): ?>

view/adminhtml/templates/info/installment_plan.phtml

Lines changed: 70 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -10,79 +10,87 @@ use Payplug\Payments\Block\InstallmentPlanInfo as Info;
1010
* @var Escaper $escaper
1111
*/
1212
$specificInfo = $block->getAdminSpecificInformation();
13+
$title = $block->getMethod()->getTitle();
1314
?>
14-
<?= $escaper->escapeHtml($block->getMethod()->getTitle()) ?>
15+
<?= $escaper->escapeHtml(__($title)) ?>
1516
<?php if ($specificInfo) : ?>
16-
<p><?= $specificInfo['status']; ?></p>
17-
<p><?= __('Installment plan id'); ?> : <?= $specificInfo['installment_plan_id']; ?></p>
17+
<p><?= $specificInfo['status']; ?></p>
18+
<p><?= __('Installment plan id'); ?> : <?= $specificInfo['installment_plan_id']; ?></p>
1819

19-
<table class="data-table admin__table-primary">
20-
<tr>
21-
<th><?= __('Date'); ?></th>
22-
<th><?= __('Amount'); ?></th>
23-
<th><?= __('Status'); ?></th>
24-
<th></th>
25-
</tr>
26-
<?php foreach ($specificInfo['payments'] as $key => $paymentInfo) : ?>
27-
<tr>
28-
<td><?= $paymentInfo['date']; ?></td>
29-
<td><?= $paymentInfo['amount']; ?></td>
30-
<td><?= $paymentInfo['status']; ?></td>
31-
<td>
32-
<?php if (!empty($paymentInfo['details'])) : ?>
33-
<button type="button" class="toggle-details" data-toggle="collapse" data-target="#payment-detail-<?= $key; ?>" role="button" aria-expanded="false" aria-controls="payment-detail-<?= $key; ?>">
34-
<?= __('Details'); ?>
35-
</button>
36-
<?php endif; ?>
37-
</td>
38-
</tr>
20+
<table class="data-table admin__table-primary">
21+
<tr>
22+
<th><?= $escaper->escapeHtml(__('Date')) ?></th>
23+
<th><?= $escaper->escapeHtml(__('Amount')) ?></th>
24+
<th><?= $escaper->escapeHtml(__('Status')) ?></th>
25+
<th></th>
26+
</tr>
27+
<?php foreach ($specificInfo['payments'] as $key => $paymentInfo) : ?>
28+
<tr>
29+
<td><?= $escaper->escapeHtml($paymentInfo['date']) ?></td>
30+
<td><?= $escaper->escapeHtml($paymentInfo['amount']) ?></td>
31+
<td><?= $escaper->escapeHtml($paymentInfo['status']) ?></td>
32+
<td>
3933
<?php if (!empty($paymentInfo['details'])) : ?>
40-
<tr class="collapse" id="payment-detail-<?= $key; ?>" style="display: none;">
41-
<td colspan="4">
42-
<table class="data-table admin__table-secondary">
43-
<?php foreach ($paymentInfo['details'] as $label => $value) : ?>
44-
<tr>
45-
<th><?= $escaper->escapeHtml(__($label)) ?>:</th>
46-
<td>
47-
<?= /* @noEscape */ nl2br($escaper->escapeHtml(implode("\n", $block->getValueAsArray($value, true)))) ?>
48-
</td>
49-
</tr>
50-
<?php endforeach; ?>
51-
</table>
34+
<button type="button"
35+
class="toggle-details"
36+
data-toggle="collapse"
37+
data-target="#payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>"
38+
role="button"
39+
aria-expanded="false"
40+
aria-controls="payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>">
41+
<?= __('Details'); ?>
42+
</button>
43+
<?php endif; ?>
44+
</td>
45+
</tr>
46+
<?php if (!empty($paymentInfo['details'])) : ?>
47+
<tr class="collapse"
48+
id="payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>"
49+
style="display: none;">
50+
<td colspan="4">
51+
<table class="data-table admin__table-secondary">
52+
<?php foreach ($paymentInfo['details'] as $label => $value) : ?>
53+
<tr>
54+
<th><?= $escaper->escapeHtml(__($label)) ?>:</th>
55+
<td>
56+
<?= /* @noEscape */ nl2br($escaper->escapeHtml(implode("\n", $block->getValueAsArray($value, true)))) ?>
5257
</td>
5358
</tr>
54-
<?php endif; ?>
55-
<?php endforeach; ?>
56-
</table>
57-
58-
<?php if ($specificInfo['can_abort']) : ?>
59-
<a class="action-default"
60-
href="<?= $block->getUrl('payplug_payments_admin/order/installmentPlanAbort', ['order_id' => $block->getInfo()->getOrder()->getId(), 'form_key' => $block->getFormKey()]); ?>"
61-
onclick="return confirmAbortInstallmentPlan()"
62-
>
63-
<?= __('Abort'); ?>
64-
</a>
59+
<?php endforeach; ?>
60+
</table>
61+
</td>
62+
</tr>
6563
<?php endif; ?>
64+
<?php endforeach; ?>
65+
</table>
66+
67+
<?php if ($specificInfo['can_abort']) : ?>
68+
<a class="action-default"
69+
href="<?= $block->getUrl('payplug_payments_admin/order/installmentPlanAbort', ['order_id' => $block->getInfo()->getOrder()->getId(), 'form_key' => $block->getFormKey()]); ?>"
70+
onclick="return confirmAbortInstallmentPlan()">
71+
<?= __('Abort'); ?>
72+
</a>
73+
<?php endif; ?>
6674
<?php endif;?>
6775

6876
<?= $block->getChildHtml() ?>
6977

7078
<script type="text/javascript">
71-
function confirmAbortInstallmentPlan() {
72-
return confirm('<?= __('Are you sure you want to abort the installment plan?'); ?>');
73-
}
74-
document.addEventListener('DOMContentLoaded', function () {
75-
const toggleButtons = document.querySelectorAll('.toggle-details');
76-
toggleButtons.forEach(function (button) {
77-
button.addEventListener('click', function () {
78-
const targetId = this.getAttribute('data-target');
79-
const targetElement = document.querySelector(targetId);
80-
if (targetElement.style.display === 'none' || targetElement.style.display === '') {
81-
targetElement.style.display = 'table-row';
82-
} else {
83-
targetElement.style.display = 'none';
84-
}
85-
});
79+
function confirmAbortInstallmentPlan() {
80+
return confirm('<?= __('Are you sure you want to abort the installment plan?'); ?>');
81+
}
82+
document.addEventListener('DOMContentLoaded', function() {
83+
const toggleButtons = document.querySelectorAll('.toggle-details');
84+
toggleButtons.forEach(function(button) {
85+
button.addEventListener('click', function() {
86+
const targetId = this.getAttribute('data-target');
87+
const targetElement = document.querySelector(targetId);
88+
if (targetElement.style.display === 'none' || targetElement.style.display === '') {
89+
targetElement.style.display = 'table-row';
90+
} else {
91+
targetElement.style.display = 'none';
92+
}
8693
});
8794
});
88-
</script>
95+
});
96+
</script>

view/adminhtml/templates/info/ondemand.phtml

Lines changed: 52 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -10,66 +10,68 @@ use Payplug\Payments\Block\OndemandInfo as Info;
1010
* @var Escaper $escaper
1111
*/
1212
$specificInfo = $block->getAdminSpecificInformation();
13+
$title = $block->getMethod()->getTitle();
1314
?>
14-
<?= $escaper->escapeHtml($block->getMethod()->getTitle()) ?>
15+
<?= $escaper->escapeHtml(__($title)) ?>
1516
<?php if ($specificInfo && isset($specificInfo['payments'])): ?>
16-
<table class="data-table admin__table-primary">
17-
<tr>
18-
<th><?= $escaper->escapeHtml(__('Date')); ?></th>
19-
<th><?= $escaper->escapeHtml(__('Amount')); ?></th>
20-
<th><?= $escaper->escapeHtml(__('Status')); ?></th>
21-
<th></th>
22-
</tr>
23-
<?php foreach ($specificInfo['payments'] as $key => $paymentInfo): ?>
24-
<tr>
25-
<td><?= $paymentInfo['date']; ?></td>
26-
<td><?= $paymentInfo['amount']; ?></td>
27-
<td><?= $paymentInfo['status']; ?></td>
28-
<td>
29-
<?php if (!empty($paymentInfo['details'])): ?>
30-
<button type="button"
31-
class="toggle-details"
32-
data-toggle="collapse"
33-
data-target="#payment-detail-<?= $key; ?>"
34-
role="button"
35-
aria-expanded="false"
36-
aria-controls="payment-detail-<?= $key; ?>"
37-
>
38-
<?= $escaper->escapeHtml(__('Details')); ?>
39-
</button>
40-
<?php endif; ?>
41-
</td>
42-
</tr>
17+
<table class="data-table admin__table-primary">
18+
<tr>
19+
<th><?= $escaper->escapeHtml(__('Date')); ?></th>
20+
<th><?= $escaper->escapeHtml(__('Amount')); ?></th>
21+
<th><?= $escaper->escapeHtml(__('Status')); ?></th>
22+
<th></th>
23+
</tr>
24+
<?php foreach ($specificInfo['payments'] as $key => $paymentInfo): ?>
25+
<tr>
26+
<td><?= $escaper->escapeHtml($paymentInfo['date']) ?></td>
27+
<td><?= $escaper->escapeHtml($paymentInfo['amount']) ?></td>
28+
<td><?= $escaper->escapeHtml($paymentInfo['status']) ?></td>
29+
<td>
4330
<?php if (!empty($paymentInfo['details'])): ?>
44-
<tr class="collapse" id="payment-detail-<?= $key; ?>" style="display: none;">
45-
<td colspan="4">
46-
<table class="data-table admin__table-secondary">
47-
<?php foreach ($paymentInfo['details'] as $label => $value): ?>
48-
<tr>
49-
<th><?= $escaper->escapeHtml(__($label)) ?>:</th>
50-
<td>
51-
<?php
52-
$formattedValue = implode("\n", $block->getValueAsArray($value, true));
53-
?>
54-
<?= /* @noEscape */ nl2br($escaper->escapeHtml($formattedValue)) ?>
55-
</td>
56-
</tr>
57-
<?php endforeach; ?>
58-
</table>
31+
<button type="button"
32+
class="toggle-details"
33+
data-toggle="collapse"
34+
data-target="#payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>"
35+
role="button"
36+
aria-expanded="false"
37+
aria-controls="payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>">
38+
<?= $escaper->escapeHtml(__('Details')); ?>
39+
</button>
40+
<?php endif; ?>
41+
</td>
42+
</tr>
43+
<?php if (!empty($paymentInfo['details'])): ?>
44+
<tr class="collapse"
45+
id="payment-detail-<?= $escaper->escapeHtmlAttr($key) ?>"
46+
style="display: none;">
47+
<td colspan="4">
48+
<table class="data-table admin__table-secondary">
49+
<?php foreach ($paymentInfo['details'] as $label => $value): ?>
50+
<tr>
51+
<th><?= $escaper->escapeHtml(__($label)) ?>:</th>
52+
<td>
53+
<?php
54+
$formattedValue = implode("\n", $block->getValueAsArray($value, true));
55+
?>
56+
<?= /* @noEscape */ nl2br($escaper->escapeHtml($formattedValue)) ?>
5957
</td>
6058
</tr>
61-
<?php endif; ?>
62-
<?php endforeach; ?>
63-
</table>
59+
<?php endforeach; ?>
60+
</table>
61+
</td>
62+
</tr>
63+
<?php endif; ?>
64+
<?php endforeach; ?>
65+
</table>
6466
<?php endif; ?>
6567

6668
<?= $block->getChildHtml() ?>
6769

6870
<script type="text/javascript">
69-
document.addEventListener('DOMContentLoaded', function () {
71+
document.addEventListener('DOMContentLoaded', function() {
7072
const toggleButtons = document.querySelectorAll('.toggle-details');
71-
toggleButtons.forEach(function (button) {
72-
button.addEventListener('click', function () {
73+
toggleButtons.forEach(function(button) {
74+
button.addEventListener('click', function() {
7375
const targetId = this.getAttribute('data-target');
7476
const targetElement = document.querySelector(targetId);
7577
if (targetElement.style.display === 'none' || targetElement.style.display === '') {
@@ -80,4 +82,4 @@ $specificInfo = $block->getAdminSpecificInformation();
8082
});
8183
});
8284
});
83-
</script>
85+
</script>

view/frontend/templates/info/default.phtml

Lines changed: 10 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,17 +10,23 @@ use Payplug\Payments\Block\Info;
1010
* @var Info $block
1111
*/
1212
$specificInfo = $block->getSpecificInformation();
13-
$title = $escaper->escapeHtml($block->getMethod()->getTitle());
13+
$title = $block->getMethod()->getTitle();
1414
?>
1515
<dl class="payment-method">
16-
<dt class="title"><?= /* @noEscape */ $title ?></dt>
16+
<dt class="title">
17+
<?= $escaper->escapeHtml(__($title)) ?>
18+
</dt>
1719
<?php if ($specificInfo): ?>
1820
<dd class="content">
1921
<table class="data table">
20-
<caption class="table-caption"><?= /* @noEscape */ $title ?></caption>
22+
<caption class="table-caption">
23+
<?= $escaper->escapeHtml(__($title)) ?>
24+
</caption>
2125
<?php foreach ($specificInfo as $label => $value): ?>
2226
<tr>
23-
<th scope="row"><?= $escaper->escapeHtml($label) ?></th>
27+
<th scope="row">
28+
<?= $escaper->escapeHtml($label) ?>
29+
</th>
2430
<td>
2531
<?php
2632
$formattedValue = implode(PHP_EOL, $block->getValueAsArray($value, true));

view/frontend/templates/info/installment_plan.phtml

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -13,14 +13,20 @@ $specificInfo = $block->getSpecificInformation();
1313
$title = $escaper->escapeHtml($block->getMethod()->getTitle());
1414
?>
1515
<dl class="payment-method">
16-
<dt class="title"><?= /* @noEscape */ $title ?></dt>
16+
<dt class="title">
17+
<?= $escaper->escapeHtml(__($title)) ?>
18+
</dt>
1719
<?php if ($specificInfo): ?>
1820
<dd class="content">
1921
<table class="data table">
20-
<caption class="table-caption"><?= /* @noEscape */ $title ?></caption>
22+
<caption class="table-caption">
23+
<?= $escaper->escapeHtml(__($title)) ?>
24+
</caption>
2125
<?php foreach ($specificInfo as $label => $value): ?>
2226
<tr>
23-
<th scope="row"><?= $escaper->escapeHtml($label) ?></th>
27+
<th scope="row">
28+
<?= $escaper->escapeHtml($label) ?>
29+
</th>
2430
<td>
2531
<?php
2632
$formattedValue = implode(PHP_EOL, $block->getValueAsArray($value, true));

view/frontend/templates/info/ondemand.phtml

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -10,27 +10,34 @@ use Payplug\Payments\Block\OndemandInfo;
1010
* @var OndemandInfo $block
1111
*/
1212
$specificInfo = $block->getSpecificInformation();
13-
$title = $escaper->escapeHtml($block->getMethod()->getTitle());
13+
$title = $block->getMethod()->getTitle();
1414
?>
1515
<dl class="payment-method">
16-
<dt class="title"><?= /* @noEscape */ $title ?></dt>
16+
<dt class="title">
17+
<?= $escaper->escapeHtml(__($title)) ?>
18+
</dt>
1719
<?php if ($specificInfo): ?>
1820
<dd class="content">
1921
<table class="data table">
20-
<caption class="table-caption"><?= /* @noEscape */ $title ?></caption>
22+
<caption class="table-caption">
23+
<?= $escaper->escapeHtml(__($title)) ?>
24+
</caption>
2125
<?php foreach ($specificInfo as $label => $value): ?>
2226
<tr>
23-
<th scope="row"><?= $escaper->escapeHtml($label) ?></th>
27+
<th scope="row">
28+
<?= $escaper->escapeHtml($label) ?>
29+
</th>
2430
<td>
2531
<?php
2632
$formattedValue = implode(PHP_EOL, $block->getValueAsArray($value, true));
2733
?>
2834
<?= /* @noEscape */ nl2br($escaper->escapeHtml($formattedValue)) ?>
2935
</td>
3036
</tr>
37+
<tr>POUET</tr>
3138
<?php endforeach; ?>
3239
</table>
3340
</dd>
3441
<?php endif;?>
3542
</dl>
36-
<?= $block->getChildHtml() ?>
43+
<?= $block->getChildHtml() ?>

0 commit comments

Comments
 (0)