From a1307d1b11664b2a20b8a93cfce97407c6120f42 Mon Sep 17 00:00:00 2001
From: Hayder Sharhan <hsharhan@ebay.com>
Date: Thu, 14 Jul 2016 18:27:37 -0500
Subject: [PATCH] MAGETWO-54849: Refactor \Magento\Framework\Url::escape to use
 \Magento\Framework\Escaper::escapeUrl

- Addressed occurances of htmlspecialchars that were added earlier.
---
 app/code/Magento/Backend/Block/Widget/Button.php              | 2 +-
 .../Backend/Block/Widget/Grid/Column/Renderer/Action.php      | 2 +-
 app/code/Magento/GoogleAnalytics/Block/Ga.php                 | 4 ++--
 .../Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php    | 2 +-
 .../Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php      | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/app/code/Magento/Backend/Block/Widget/Button.php b/app/code/Magento/Backend/Block/Widget/Button.php
index bc9deb2fd8b..baa3aac747f 100644
--- a/app/code/Magento/Backend/Block/Widget/Button.php
+++ b/app/code/Magento/Backend/Block/Widget/Button.php
@@ -113,7 +113,7 @@ class Button extends \Magento\Backend\Block\Widget
             if ($attributeValue === null || $attributeValue == '') {
                 continue;
             }
-            $html .= $attributeKey . '="' . htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false) . '" ';
+            $html .= $attributeKey . '="' . $this->escapeHtmlAttr($attributeValue, false) . '" ';
         }
 
         return $html;
diff --git a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
index 312a4601186..6e35ad8f4bc 100644
--- a/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
+++ b/app/code/Magento/Backend/Block/Widget/Grid/Column/Renderer/Action.php
@@ -83,7 +83,7 @@ class Action extends \Magento\Backend\Block\Widget\Grid\Column\Renderer\Text
         $this->_transformActionData($action, $actionCaption, $row);
 
         $htmlAttributes = [
-            'value' => htmlspecialchars($this->_jsonEncoder->encode($action), ENT_COMPAT, 'UTF-8', false)
+            'value' => $this->escapeHtmlAttr($this->_jsonEncoder->encode($action), false)
         ];
         $actionAttributes->setData($htmlAttributes);
         return '<option ' . $actionAttributes->serialize() . '>' . $actionCaption . '</option>';
diff --git a/app/code/Magento/GoogleAnalytics/Block/Ga.php b/app/code/Magento/GoogleAnalytics/Block/Ga.php
index eafc1121ea6..710dd494995 100644
--- a/app/code/Magento/GoogleAnalytics/Block/Ga.php
+++ b/app/code/Magento/GoogleAnalytics/Block/Ga.php
@@ -77,10 +77,10 @@ class Ga extends \Magento\Framework\View\Element\Template
         $pageName = trim($this->getPageName());
         $optPageURL = '';
         if ($pageName && substr($pageName, 0, 1) == '/' && strlen($pageName) > 1) {
-            $optPageURL = ", '" . htmlspecialchars($pageName, ENT_COMPAT, 'UTF-8', false) . "'";
+            $optPageURL = ", '" . $this->escapeHtmlAttr($pageName, false) . "'";
         }
 
-        return "\nga('create', '" . htmlspecialchars($accountId, ENT_COMPAT, 'UTF-8', false)
+        return "\nga('create', '" . $this->escapeHtmlAttr($accountId, false)
             . ", 'auto');\nga('send', 'pageview'{$optPageURL});\n";
     }
 
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
index 200bf08f37a..87b048e366d 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Button.php
@@ -87,7 +87,7 @@ class Button extends AbstractRenderer
             if ($attributeValue) {
                 $attributes[] = sprintf(
                     '%s="%s"',
-                    $attributeName, htmlspecialchars($attributeValue, ENT_COMPAT, 'UTF-8', false)
+                    $attributeName, $this->escapeHtmlAttr($attributeValue, false)
                 );
             }
         }
diff --git a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
index b7613f54f90..861af9f2a4c 100644
--- a/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
+++ b/app/code/Magento/Integration/Block/Adminhtml/Widget/Grid/Column/Renderer/Link.php
@@ -118,7 +118,7 @@ class Link extends AbstractRenderer
             if ($value === null || $value == '') {
                 continue;
             }
-            $html[] = sprintf('%s="%s"', $key, htmlspecialchars($value, ENT_COMPAT, 'UTF-8', false));
+            $html[] = sprintf('%s="%s"', $key, $this->escapeHtmlAttr($value, false));
         }
 
         return join(' ', $html);
-- 
GitLab