diff --git a/app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml b/app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml
index 080714bd228de24f0aa69cae014cb554ef814c53..212846aaa01d7efd067eb14a546b8dcb3467fc1f 100644
--- a/app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml
+++ b/app/code/Magento/CatalogWidget/view/frontend/templates/product/widget/content/grid.phtml
@@ -15,7 +15,6 @@
$mode = 'grid';
$image = 'new_products_content_widget_grid';
- $title = $block->getTitle() ? __($block->getTitle()) : '';
$items = $block->getProductCollection()->getItems();
$showWishlist = true;
@@ -25,9 +24,9 @@
$description = false;
?>
<div class="block widget block-products-list <?php /* @noEscape */ echo $mode; ?>">
- <?php if ($title): ?>
+ <?php if ($block->getTitle()): ?>
<div class="block-title">
- <strong><?php echo $block->escapeHtml($title); ?></strong>
+ <strong><?php echo $block->escapeHtml(__($block->getTitle())); ?></strong>
</div>
<?php endif ?>
<div class="block-content">
@@ -64,27 +63,23 @@
<div class="actions-primary">
<?php if ($_item->isSaleable()): ?>
<?php if ($_item->getTypeInstance()->hasRequiredOptions($_item)): ?>
- <button class="action tocart primary"
- data-mage-init='{"redirectUrl":{"url":"<?php echo $block->escapeUrl($block->getAddToCartUrl($_item)) ?>"}}'
- type="button" title="<?php /* @escapeNotVerified */ echo __('Add to Cart') ?>">
- <span><?php /* @escapeNotVerified */ echo __('Add to Cart') ?></span>
+ <button class="action tocart primary" data-mage-init='{"redirectUrl":{"url":"<?php echo $block->escapeUrl($block->getAddToCartUrl($_item)) ?>"}}' type="button" title="<?php echo $block->escapeHtmlAttr(__('Add to Cart')) ?>">
+ <span><?php echo $block->escapeHtml(__('Add to Cart')) ?></span>
</button>
<?php else: ?>
<?php
$postDataHelper = $this->helper('Magento\Framework\Data\Helper\PostHelper');
$postData = $postDataHelper->getPostData($block->getAddToCartUrl($_item), ['product' => $_item->getEntityId()])
?>
- <button class="action tocart primary"
- data-post='<?php /* @noEscape */ echo $postData; ?>'
- type="button" title="<?php /* @escapeNotVerified */ echo __('Add to Cart') ?>">
- <span><?php /* @escapeNotVerified */ echo __('Add to Cart') ?></span>
+ <button class="action tocart primary" data-post='<?php /* @noEscape */ echo $postData; ?>' type="button" title="<?php echo $block->escapeHtmlAttr(__('Add to Cart')) ?>">
+ <span><?php echo $block->escapeHtml(__('Add to Cart')) ?></span>
</button>
<?php endif; ?>
<?php else: ?>
<?php if ($_item->getIsSalable()): ?>
- <div class="stock available"><span><?php /* @escapeNotVerified */ echo __('In stock') ?></span></div>
+ <div class="stock available"><span><?php echo $block->escapeHtml(__('In stock')) ?></span></div>
<?php else: ?>
- <div class="stock unavailable"><span><?php /* @escapeNotVerified */ echo __('Out of stock') ?></span></div>
+ <div class="stock unavailable"><span><?php echo $block->escapeHtml(__('Out of stock')) ?></span></div>
<?php endif; ?>
<?php endif; ?>
</div>
@@ -93,18 +88,14 @@
<div class="actions-secondary" data-role="add-to-links">
<?php if ($this->helper('Magento\Wishlist\Helper\Data')->isAllow() && $showWishlist): ?>
<a href="#"
- data-post='<?php /* @noEscape */ echo $block->getAddToWishlistParams($_item); ?>'
- class="action towishlist" data-action="add-to-wishlist"
- title="<?php /* @escapeNotVerified */ echo __('Add to Wish List') ?>">
- <span><?php /* @escapeNotVerified */ echo __('Add to Wish List') ?></span>
+ data-post='<?php /* @noEscape */ echo $block->getAddToWishlistParams($_item); ?>' class="action towishlist" data-action="add-to-wishlist" title="<?php echo $block->escapeHtmlAttr(__('Add to Wish List')) ?>">
+ <span><?php echo $block->escapeHtml(__('Add to Wish List')) ?></span>
</a>
<?php endif; ?>
<?php if ($block->getAddToCompareUrl() && $showCompare): ?>
<?php $compareHelper = $this->helper('Magento\Catalog\Helper\Product\Compare');?>
- <a href="#" class="action tocompare"
- data-post='<?php /* @noEscape */ echo $compareHelper->getPostDataParams($_item);?>'
- title="<?php /* @escapeNotVerified */ echo __('Add to Compare') ?>">
- <span><?php /* @escapeNotVerified */ echo __('Add to Compare') ?></span>
+ <a href="#" class="action tocompare" data-post='<?php /* @noEscape */ echo $compareHelper->getPostDataParams($_item);?>' title="<?php echo $block->escapeHtmlAttr(__('Add to Compare')) ?>">
+ <span><?php echo $block->escapeHtml(__('Add to Compare')) ?></span>
</a>
<?php endif; ?>
</div>
diff --git a/app/code/Magento/Cms/view/adminhtml/templates/browser/content/files.phtml b/app/code/Magento/Cms/view/adminhtml/templates/browser/content/files.phtml
index a6185c454189770f39d00ae0c54c95086dc1fcf1..827f2ee938e41378a158090c16a383e62fa9e74e 100644
--- a/app/code/Magento/Cms/view/adminhtml/templates/browser/content/files.phtml
+++ b/app/code/Magento/Cms/view/adminhtml/templates/browser/content/files.phtml
@@ -21,11 +21,11 @@ $_height = $block->getImagesHeight();
<?php endif; ?>
</p>
<?php if ($block->getFileWidth($file)): ?>
- <small><?php echo $block->escapeHtml($block->getFileWidth($file)) ?>x<?php echo $block->escapeHtml($block->getFileHeight($file)) ?> <?php /* @escapeNotVerified */ echo __('px.') ?></small><br/>
+ <small><?php echo $block->escapeHtml($block->getFileWidth($file)) ?>x<?php echo $block->escapeHtml($block->getFileHeight($file)) ?> <?php echo $block->escapeHtml(__('px.')) ?></small><br/>
<?php endif; ?>
<small><?php echo $block->escapeHtml($block->getFileShortName($file)); ?></small>
</div>
<?php endforeach; ?>
<?php else: ?>
- <div class="empty"><?php /* @escapeNotVerified */ echo __('No files found') ?></div>
+ <div class="empty"><?php echo $block->escapeHtml(__('No files found')) ?></div>
<?php endif; ?>
diff --git a/app/code/Magento/Cms/view/adminhtml/templates/browser/content/uploader.phtml b/app/code/Magento/Cms/view/adminhtml/templates/browser/content/uploader.phtml
index 6a29cb1497175d418723af26a041c6bb80a990f8..3233bb17c09a319f27a987e47cb4cdd16661c20d 100644
--- a/app/code/Magento/Cms/view/adminhtml/templates/browser/content/uploader.phtml
+++ b/app/code/Magento/Cms/view/adminhtml/templates/browser/content/uploader.phtml
@@ -11,7 +11,7 @@
<div id="<?php echo $block->getHtmlId() ?>" class="uploader">
<span class="fileinput-button form-buttons">
- <span><?php /* @escapeNotVerified */ echo __('Browse Files...') ?></span>
+ <span><?php echo $block->escapeHtml(__('Browse Files...')) ?></span>
<input class="fileupload" type="file" name="<?php echo $block->escapeHtmlAttr($block->getConfig()->getFileField()) ?>" data-url="<?php echo $block->escapeUrl($block->getConfig()->getUrl()) ?>" multiple>
</span>
<div class="clear"></div>
diff --git a/app/code/Magento/Cms/view/adminhtml/templates/browser/tree.phtml b/app/code/Magento/Cms/view/adminhtml/templates/browser/tree.phtml
index 90a00c32015b7733b54e08cda63217c897f0bf58..2e6204496eba453a40c8288ed041db7781ec27e7 100644
--- a/app/code/Magento/Cms/view/adminhtml/templates/browser/tree.phtml
+++ b/app/code/Magento/Cms/view/adminhtml/templates/browser/tree.phtml
@@ -11,9 +11,9 @@
<div class="tree-panel" >
<div class="categories-side-col">
<div class="tree-actions">
- <a onclick="jQuery('[data-role=tree]').jstree('close_all');"><?php /* @escapeNotVerified */ echo __('Collapse All'); ?></a>
+ <a onclick="jQuery('[data-role=tree]').jstree('close_all');"><?php echo $block->escapeHtml(__('Collapse All')) ?></a>
<span class="separator">|</span>
- <a onclick="jQuery('[data-role=tree]').jstree('open_all');"><?php /* @escapeNotVerified */ echo __('Expand All'); ?></a>
+ <a onclick="jQuery('[data-role=tree]').jstree('open_all');"><?php echo $block->escapeHtml(__('Expand All')) ?></a>
</div>
</div>
<div data-role="tree" data-mage-init='<?php echo $block->escapeHtml($this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getTreeWidgetOptions())); ?>'>
diff --git a/app/code/Magento/Cms/view/frontend/templates/widget/link/link_block.phtml b/app/code/Magento/Cms/view/frontend/templates/widget/link/link_block.phtml
index 55c1b02be8797a45a9f4b27914e3195d7695da61..82a27c7aa0d78f1b44f44c9ca9f108d8df1ae586 100644
--- a/app/code/Magento/Cms/view/frontend/templates/widget/link/link_block.phtml
+++ b/app/code/Magento/Cms/view/frontend/templates/widget/link/link_block.phtml
@@ -3,9 +3,13 @@
* Copyright © 2016 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
+
+/**
+ * @var \Magento\Cms\Block\Widget\Page\Link $block
+ */
?>
<div class="widget block block-cms-link">
- <a <?php /* @escapeNotVerified */ echo $block->getLinkAttributes() ?>>
+ <a <?php /* @noEscape */ echo $block->getLinkAttributes() ?>>
<span><?php echo $block->escapeHtml($block->getLabel()) ?></span>
</a>
</div>
diff --git a/app/code/Magento/Cms/view/frontend/templates/widget/link/link_inline.phtml b/app/code/Magento/Cms/view/frontend/templates/widget/link/link_inline.phtml
index 382b492db3da5c815530d87f13ee959d82e2c083..d906826507d73b50f1c8cbf50a85f8ae2e09c5c8 100644
--- a/app/code/Magento/Cms/view/frontend/templates/widget/link/link_inline.phtml
+++ b/app/code/Magento/Cms/view/frontend/templates/widget/link/link_inline.phtml
@@ -3,9 +3,13 @@
* Copyright © 2016 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
+
+/**
+ * @var \Magento\Cms\Block\Widget\Page\Link $block
+ */
?>
<span class="widget block block-cms-link-inline">
- <a <?php /* @escapeNotVerified */ echo $block->getLinkAttributes() ?>>
+ <a <?php /* @noEscape */ echo $block->getLinkAttributes() ?>>
<span><?php echo $block->escapeHtml($block->getLabel()) ?></span>
</a>
</span>
diff --git a/app/code/Magento/UrlRewrite/view/adminhtml/templates/categories.phtml b/app/code/Magento/UrlRewrite/view/adminhtml/templates/categories.phtml
index 7aa02ab019c46b9ad7094764118a9f5d07519293..d0f9678602707ff2950b8b051b8dd50f0b4c7df0 100644
--- a/app/code/Magento/UrlRewrite/view/adminhtml/templates/categories.phtml
+++ b/app/code/Magento/UrlRewrite/view/adminhtml/templates/categories.phtml
@@ -9,7 +9,7 @@
/** @var \Magento\UrlRewrite\Block\Catalog\Category\Tree $block */
?>
<fieldset class="admin__fieldset" data-ui-id="category-selector">
- <legend class="admin__legend"><span><?php /* @escapeNotVerified */ echo __('Select Category') ?></span></legend>
+ <legend class="admin__legend"><span><?php echo $block->escapeHtml(__('Select Category')) ?></span></legend>
<div class="content content-category-tree">
<input type="hidden" name="categories" id="product_categories" value="" />
<?php if ($block->getRoot()): ?>
diff --git a/app/code/Magento/Widget/view/adminhtml/templates/catalog/category/widget/tree.phtml b/app/code/Magento/Widget/view/adminhtml/templates/catalog/category/widget/tree.phtml
index 4e240770b04622e4ec6c68bfa796a6a83da006e1..94ee88698111f72c81cbd86eb16adef0e9b94317 100644
--- a/app/code/Magento/Widget/view/adminhtml/templates/catalog/category/widget/tree.phtml
+++ b/app/code/Magento/Widget/view/adminhtml/templates/catalog/category/widget/tree.phtml
@@ -79,7 +79,7 @@ jQuery(function()
// Add empty node to reset category filter
if(!emptyNodeAdded) {
var empty = Object.clone(_node);
- empty.text = '<?php /* @escapeNotVerified */ echo __('None') ?>';
+ empty.text = '<?php echo $block->escapeJs($block->escapeHtml(__('None'))); ?>';
empty.children = [];
empty.id = 'none';
empty.path = '1/none';
diff --git a/app/code/Magento/Widget/view/adminhtml/templates/instance/edit/layout.phtml b/app/code/Magento/Widget/view/adminhtml/templates/instance/edit/layout.phtml
index 62d92ac38aecdbc22f13de959eba3f419b47c431..5d55ba4035873d028f27e5662814cc838b7e18a8 100644
--- a/app/code/Magento/Widget/view/adminhtml/templates/instance/edit/layout.phtml
+++ b/app/code/Magento/Widget/view/adminhtml/templates/instance/edit/layout.phtml
@@ -10,7 +10,7 @@
?>
<fieldset class="fieldset">
- <legend class="legend"><span><?php /* @escapeNotVerified */ echo __('Layout Updates') ?></span></legend>
+ <legend class="legend"><span><?php echo $block->escapeHtml(__('Layout Updates')); ?></span></legend>
<br />
<div class="widget-layout-updates">
<div id="page_group_container"></div>
diff --git a/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php b/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
index c0316a435662ec4f85a42e5f65295e1f232b5c72..8075f9bddc318a81e8640f44c7e2081cd5aff161 100644
--- a/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
+++ b/dev/tests/static/testsuite/Magento/Test/Php/_files/whitelist/exempt_modules/ce.php
@@ -13,10 +13,8 @@ return [
'Magento_CatalogInventory',
'Magento_CatalogRule',
'Magento_CatalogSearch',
- 'Magento_CatalogWidget',
'Magento_Checkout',
'Magento_CheckoutAgreements',
- 'Magento_Cms',
'Magento_Config',
'Magento_ConfigurableProduct',
'Magento_CurrencySymbol',
@@ -47,8 +45,6 @@ return [
'Magento_Theme',
'Magento_Translation',
'Magento_Ui',
- 'Magento_UrlRewrite',
'Magento_User',
'Magento_Weee',
- 'Magento_Widget',
];