diff --git a/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml b/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml
index c6dd0ce00e6be2f18ee5d5385a43c7de54a83016..6c02076b5a7dbe55d9a81b7114599221c6c9f14e 100644
--- a/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml
+++ b/app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml
@@ -5,7 +5,6 @@
*/
// @codingStandardsIgnoreFile
-
/**
* @var \Magento\Authorizenet\Block\Transparent\Iframe $block
* @see \Magento\Authorizenet\Block\Transparent\Iframe
@@ -24,10 +23,12 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
src="<?php /* @noEscape */ echo $block->getViewFileUrl('blank.html'); ?>">
</iframe>
<!-- IFRAME for request to Authorize.net -->
-<iframe id="directpost-iframe" allowtransparency="true" frameborder="0" name="iframeDirectPost" style="display:none;width:100%;background-color:transparent"
+<iframe id="directpost-iframe" allowtransparency="true" frameborder="0" name="iframeDirectPost"
+ style="display:none;width:100%;background-color:transparent"
src="<?php /* @noEscape */ echo $block->getViewFileUrl('blank.html'); ?>">
</iframe>
-<fieldset class="admin__fieldset payment-method" id="payment_form_<?php /* @noEscape */ echo $code; ?>" style="display:none;">
+<fieldset class="admin__fieldset payment-method" id="payment_form_<?php /* @noEscape */ echo $code; ?>"
+ style="display:none;">
<div class="admin__field _required">
<label for="<?php /* @noEscape */ echo $code; ?>_cc_type" class="admin__field-label">
<span><?php echo $block->escapeHtml(__('Credit Card Type')); ?></span>
@@ -81,11 +82,11 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
<?php if ($k == $ccExpYear): ?>selected="selected"<?php endif; ?>>
<?php echo $block->escapeHtml($v); ?>
</option>
- <?php endforeach ?>
+ <?php endforeach; ?>
</select>
</div>
</div>
- <?php if ($_form->hasVerification()): ?>
+ <?php if ($block->hasVerification()): ?>
<div class="admin__field _required">
<label for="<?php /* @noEscape */ echo $code; ?>_cc_cid">
<span><?php echo $block->escapeHtml(__('Card Verification Number')); ?></span>
@@ -123,7 +124,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
'<?php /* @noEscape */ echo $controller; ?>',
'<?php /* @noEscape */ echo $orderUrl; ?>',
'<?php echo $block->escapeUrl($method->getCgiUrl()); ?>',
- '<?php /* @noEscape */ echo $block->getUrl('*/*/save', ['_secure' => $block->getRequest()->isSecure()]) ?>');
+ '<?php /* @noEscape */ echo $block->getUrl('*/*/save', [
+ '_secure' => $block->getRequest()->isSecure()
+ ]);?>');
<?php if (!$block->isAjaxRequest()): ?>
});
diff --git a/app/code/Magento/Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js b/app/code/Magento/Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js
index cb58db6d1d5a00283a2d87461dbac55272121dad..bf6978cfa365c38700830a02dcff602881af509d 100644
--- a/app/code/Magento/Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js
+++ b/app/code/Magento/Authorizenet/view/frontend/web/js/view/payment/method-renderer/authorizenet-directpost.js
@@ -50,9 +50,8 @@ define(
placeOrder: function () {
var self = this;
- fullScreenLoader.startLoader();
-
if (this.validateHandler() && additionalValidators.validate()) {
+ fullScreenLoader.startLoader();
this.isPlaceOrderActionAllowed(false);
$.when(setPaymentInformationAction(this.messageContainer, {
'method': self.getCode()
diff --git a/app/code/Magento/Braintree/etc/frontend/di.xml b/app/code/Magento/Braintree/etc/frontend/di.xml
index ddc18722e8df532bf34fb3e30b4122e24e4e8445..83dc6607ed3160f5719646521ffcb74b8a822c34 100644
--- a/app/code/Magento/Braintree/etc/frontend/di.xml
+++ b/app/code/Magento/Braintree/etc/frontend/di.xml
@@ -21,4 +21,11 @@
</argument>
</arguments>
</type>
+ <type name="Magento\Framework\Url\SecurityInfo">
+ <arguments>
+ <argument name="secureUrlList" xsi:type="array">
+ <item name="braintree" xsi:type="string">/braintree/</item>
+ </argument>
+ </arguments>
+ </type>
</config>
diff --git a/app/code/Magento/Braintree/view/adminhtml/templates/data_js.phtml b/app/code/Magento/Braintree/view/adminhtml/templates/data_js.phtml
index cbfe3dcda5f9f52c183a7382e9cf4c33d5a50811..70634e81b0992114ed262c1781c46dd5c4f1fb07 100644
--- a/app/code/Magento/Braintree/view/adminhtml/templates/data_js.phtml
+++ b/app/code/Magento/Braintree/view/adminhtml/templates/data_js.phtml
@@ -7,21 +7,20 @@
/**
* @var $block \Magento\Braintree\Block\Datajs
*/
-?>
-<?php
+
$arrayData = [
"kountId" => $this->helper('Magento\Braintree\Helper\Data')->getKountId() ?
$this->helper('Magento\Braintree\Helper\Data')->getKountId() : false,
"formId" =>$block->getFormId(),
"merchantId" => $block->getMerchantId(),
- "braintreeDataJs" => $block->getJsSrc(),
+ "braintreeDataJs" => $block->escapeUrl($block->getJsSrc()),
];
$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($arrayData);
?>
<script type="text/x-magento-init">
{
"body": {
- "braintreeDataJs": <?php /* @escapeNotVerified */ echo $serializedFormData ?>
+ "braintreeDataJs": <?php /* @noEscape */ echo $serializedFormData ?>
}
}
</script>
diff --git a/app/code/Magento/Braintree/view/adminhtml/templates/form.phtml b/app/code/Magento/Braintree/view/adminhtml/templates/form.phtml
index f13f2d77b1c086e288bf87d21556e231f379c0b8..c27901cd4e8704fc7fdf044e47b8cc40db1a7e40 100644
--- a/app/code/Magento/Braintree/view/adminhtml/templates/form.phtml
+++ b/app/code/Magento/Braintree/view/adminhtml/templates/form.phtml
@@ -7,110 +7,143 @@
// @codingStandardsIgnoreFile
/** @var \Magento\Braintree\Block\Form $block */
-$_form = $block;
-$_code = $_form->getMethodCode();
-$_storedCards = $this->helper('\Magento\Braintree\Helper\Createorder')->getLoggedInCustomerCards();
-$_useVault = $block->useVault();
-$_useCvv = $block->useCvv();
-$clientToken = $block->getClientToken();
+$code = $block->getMethodCode();
+$storedCards = $this->helper('\Magento\Braintree\Helper\Createorder')->getLoggedInCustomerCards();
+$useVault = $block->useVault();
+$useCvv = $block->useCvv();
+$clientToken = $block->escapeHtml($block->getClientToken());
$isFraudDetectionEnabled = $block->isFraudDetectionEnabled();
$braintreeDataJs = $block->getBraintreeDataJs();
$formData = [
- "useVault" => $_useVault,
- "useCvv" => $_useCvv,
+ "useVault" => $useVault,
+ "useCvv" => $useCvv,
"clientToken" => $clientToken,
- "code" => $_code,
+ "code" => $code,
"isFraudDetectionEnabled" => $isFraudDetectionEnabled,
"braintreeDataJs"=> $braintreeDataJs,
];
$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($formData);
+$ccType = $block->getInfoData('cc_type');
+$ccExpMonth = $block->getInfoData('cc_exp_month');
+$ccExpYear = $block->getInfoData('cc_exp_year');
?>
-<input id="<?php /* @escapeNotVerified */ echo $_code ?>_payment_method" type="hidden" name="payment[method]" value="<?php /* @escapeNotVerified */ echo $_code ?>" />
-<div id="payment_form_<?php /* @escapeNotVerified */ echo $_code ?>" class="admin__page-section-item" style="display:none;"
- data-mage-init='{"braintreeCcForm":<?php /* @escapeNotVerified */ echo $serializedFormData ?>}'
+<input id="<?php /* @noEscape */ echo $code; ?>_payment_method" type="hidden" name="payment[method]"
+ value="<?php /* @noEscape */ echo $code; ?>" />
+<div id="payment_form_<?php /* @noEscape */ echo $code; ?>" class="admin__page-section-item" style="display:none;"
+ data-mage-init='{"braintreeCcForm":<?php /* @noEscape */ echo $serializedFormData; ?>}'
>
<input type="hidden" name="payment[payment_method_nonce]" id="braintree_nonce" value="" />
<input type="hidden" name="payment[cc_last4]" id="cc_last4" value="" />
<?php if ($isFraudDetectionEnabled): ?>
- <input type="hidden" name="payment[device_data]" id="braintree_device_id" value="" />
+ <input type="hidden" name="payment[device_data]" id="braintree_device_id" value="" />
<?php endif; ?>
- <?php if ($_storedCards): ?>
- <fieldset class="admin__fieldset">
- <div class="admin__field" id="<?php /* @escapeNotVerified */ echo $_code ?>_token_selector">
- <label class="admin__field-label" for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_token"><?php /* @escapeNotVerified */ echo __('Payment Information') ?></label>
- <div class="admin__field-control control">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_token" name="payment[cc_token]" class="select admin__control-select">
- <?php foreach ($_storedCards as $creditCard): ?>
- <option value="<?php /* @escapeNotVerified */ echo $creditCard->token?>" <?php echo $creditCard->default ? 'selected="selected"' : '' ?>>
- <?php /* @escapeNotVerified */ echo $creditCard->maskedNumber . ' - ' . $creditCard->cardType ?>
- </option>
- <?php endforeach; ?>
- <option value=''><?php /* @escapeNotVerified */ echo __('Add new card') ?></option>
- </select>
+ <?php if ($storedCards): ?>
+ <fieldset class="admin__fieldset">
+ <div class="admin__field" id="<?php /* @noEscape */ echo $code; ?>_token_selector">
+ <label class="admin__field-label" for="<?php /* @noEscape */ echo $code; ?>_cc_token">
+ <?php echo $block->escapeHtml(__('Payment Information')); ?>
+ </label>
+ <div class="admin__field-control control">
+ <select id="<?php /* @noEscape */ echo $code; ?>_cc_token" name="payment[cc_token]"
+ class="select admin__control-select">
+ <?php foreach ($storedCards as $creditCard): ?>
+ <option value="<?php echo $block->escapeHtml($creditCard->token); ?>"
+ <?php /* @noEscape */ echo $creditCard->default ? ' selected="selected"' : ''; ?>>
+ <?php echo $block->escapeHtml($creditCard->maskedNumber); ?> - <?php echo $block->escapeHtml($creditCard->cardType); ?>
+ </option>
+ <?php endforeach; ?>
+ <option value=''><?php echo $block->escapeHtml(__('Add new card')); ?></option>
+ </select>
+ </div>
</div>
- </div>
- </fieldset>
+ </fieldset>
<?php endif; ?>
<fieldset class="admin__fieldset hide_if_token_selected">
<div class="admin__field">
- <label class="label admin__field-label" for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type" ><?php /* @escapeNotVerified */ echo __('Credit Card Type') ?><span class="required">*</span></label>
+ <label class="label admin__field-label" for="<?php /* @noEscape */ echo $code; ?>_cc_type" >
+ <?php echo $block->escapeHtml(__('Credit Card Type')); ?><span class="required">*</span>
+ </label>
<div class="admin__field-control control">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type" name="payment[cc_type]" class="required-entry _required select admin__control-select validate-cc-type-select">
- <option value="">--<?php /* @escapeNotVerified */ echo __('Please Select')?>--</option>
- <?php $_ccType = $_form->getInfoData('cc_type') ?>
- <?php foreach ($_form->getCcAvailableTypes() as $_typeCode => $_typeName): ?>
- <option value="<?php /* @escapeNotVerified */ echo $_typeCode ?>"<?php if($_typeCode==$_ccType): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $_typeName ?></option>
- <?php endforeach ?>
+ <select id="<?php /* @noEscape */ echo $code; ?>_cc_type" name="payment[cc_type]"
+ class="required-entry _required select admin__control-select validate-cc-type-select">
+ <option value="">--<?php echo $block->escapeHtml(__('Please Select')); ?>--</option>
+ <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
+ <option value="<?php echo $block->escapeHtml($typeCode); ?>"
+ <?php if($typeCode == $ccType): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($typeName); ?>
+ </option>
+ <?php endforeach; ?>
</select>
</div>
</div>
</fieldset>
<fieldset class="admin__fieldset hide_if_token_selected">
<div class="admin__field">
- <label class="label admin__field-label" for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number"><?php /* @escapeNotVerified */ echo __('Credit Card Number') ?><span class="required">*</span></label>
+ <label class="label admin__field-label" for="<?php /* @noEscape */ echo $code; ?>_cc_number">
+ <?php echo $block->escapeHtml(__('Credit Card Number')); ?><span class="required">*</span>
+ </label>
<div class="admin__field-control control">
- <input type="text" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number" data-encrypted-name="payment[cc_number]" title="<?php /* @escapeNotVerified */ echo __('Credit Card Number') ?>" class="input-text admin__control-text validate-cc-number validate-cc-type" value="" />
+ <input type="text" id="<?php /* @noEscape */ echo $code; ?>_cc_number" data-encrypted-name="payment[cc_number]"
+ title="<?php echo $block->escapeHtml(__('Credit Card Number')); ?>"
+ class="input-text admin__control-text validate-cc-number validate-cc-type" value="" />
</div>
</div>
</fieldset>
<fieldset class="admin__fieldset hide_if_token_selected">
- <div id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type_exp_div" class="admin__field">
- <label class="label admin__field-label" for="<?php /* @escapeNotVerified */ echo $_code ?>_expiration" ><?php /* @escapeNotVerified */ echo __('Expiration Date') ?><span class="required">*</span></label>
+ <div id="<?php /* @noEscape */ echo $code; ?>_cc_type_exp_div" class="admin__field">
+ <label class="label admin__field-label" for="<?php /* @noEscape */ echo $code; ?>_expiration">
+ <?php echo $block->escapeHtml(__('Expiration Date')); ?><span class="required">*</span>
+ </label>
<div class="admin__field-control control">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration" name="payment[cc_exp_month]" class="month validate-cc-exp required-entry _required select admin__control-select">
- <?php $_ccExpMonth = $_form->getInfoData('cc_exp_month') ?>
- <?php foreach ($_form->getCcMonths() as $k=>$v): ?>
- <option value="<?php echo $k?$k:'' ?>"<?php if($k==$_ccExpMonth): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
- <?php endforeach ?>
+ <select id="<?php /* @noEscape */ echo $code; ?>_expiration" name="payment[cc_exp_month]"
+ class="month validate-cc-exp required-entry _required select admin__control-select">
+ <?php foreach ($block->getCcMonths() as $k=>$v): ?>
+ <option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : ''; ?>"
+ <?php if ($k == $ccExpMonth): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?></option>
+ <?php endforeach; ?>
</select>
- <?php $_ccExpYear = $_form->getInfoData('cc_exp_year') ?>
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration_yr" name="payment[cc_exp_year]" class="year required-entry _required select admin__control-select">
- <?php foreach ($_form->getCcYears() as $k=>$v): ?>
- <option value="<?php echo $k?$k:'' ?>"<?php if($k==$_ccExpYear): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
+ <select id="<?php /* @noEscape */ echo $code; ?>_expiration_yr" name="payment[cc_exp_year]"
+ class="year required-entry _required select admin__control-select">
+ <?php foreach ($block->getCcYears() as $k => $v): ?>
+ <option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : ''; ?>"
+ <?php if ($k == $ccExpYear): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?>
+ </option>
<?php endforeach ?>
</select>
</div>
</div>
</fieldset>
- <?php echo $_form->getChildHtml() ?>
- <?php if($_form->hasVerification()): ?>
- <fieldset class="admin__fieldset hide_if_token_selected">
- <div id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type_cvv_div" class="admin__field">
- <label class="label admin__field-label" for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid" ><?php /* @escapeNotVerified */ echo __('Card Verification Number') ?><span class="required">*</span></label>
- <div class="admin__field-control control">
- <div class="v-fix">
- <input type="text" title="<?php /* @escapeNotVerified */ echo __('Card Verification Number') ?>" class="input-text admin__control-text cvv required-entry validate-cc-cvn" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid" data-encrypted-name="payment[cc_cid]" value="" />
+ <?php echo $block->getChildHtml(); ?>
+ <?php if ($block->hasVerification()): ?>
+ <fieldset class="admin__fieldset hide_if_token_selected">
+ <div id="<?php /* @noEscape */ echo $code; ?>_cc_type_cvv_div" class="admin__field">
+ <label class="label admin__field-label" for="<?php /* @noEscape */ echo $code; ?>_cc_cid">
+ <?php echo $block->escapeHtml(__('Card Verification Number')); ?><span class="required">*</span>
+ </label>
+
+ <div class="admin__field-control control">
+ <div class="v-fix">
+ <input type="text" title="<?php echo $block->escapeHtml(__('Card Verification Number')); ?>"
+ class="input-text admin__control-text cvv required-entry validate-cc-cvn"
+ id="<?php /* @noEscape */ echo $code; ?>_cc_cid" data-encrypted-name="payment[cc_cid]" value=""/>
+ </div>
</div>
</div>
- </div>
- </fieldset>
+ </fieldset>
<?php endif; ?>
<?php if($_useVault): ?>
- <fieldset class="admin__fieldset hide_if_token_selected">
- <div id="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault_div" style="text-align:left;" class="">
- <input type="checkbox" title="<?php /* @escapeNotVerified */ echo __('Save this card for future use') ?>" class="input-checkbox" id="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault" name="payment[store_in_vault]" value="1" />
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault" style="float:none;"><?php /* @escapeNotVerified */ echo __('Save this card for future use') ?></label>
- </div>
- </fieldset>
+ <fieldset class="admin__fieldset hide_if_token_selected">
+ <div id="<?php /* @noEscape */ echo $code; ?>_store_in_vault_div" style="text-align:left;" class="">
+ <input type="checkbox" title="<?php echo $block->escapeHtml(__('Save this card for future use')); ?>"
+ class="input-checkbox" id="<?php /* @noEscape */ echo $code; ?>_store_in_vault"
+ name="payment[store_in_vault]" value="1"/>
+ <label for="<?php /* @noEscape */ echo $code; ?>_store_in_vault" style="float:none;">
+ <?php echo $block->escapeHtml(__('Save this card for future use')); ?>
+
+ </label>
+ </div>
+ </fieldset>
<?php endif; ?>
</div>
\ No newline at end of file
diff --git a/app/code/Magento/Braintree/view/frontend/templates/creditcard/delete.phtml b/app/code/Magento/Braintree/view/frontend/templates/creditcard/delete.phtml
index b9011bdd4f54e009622789aa2992d42cd89f1fe9..cba8e56e5aa3366172f42663999757bfce6b5448 100644
--- a/app/code/Magento/Braintree/view/frontend/templates/creditcard/delete.phtml
+++ b/app/code/Magento/Braintree/view/frontend/templates/creditcard/delete.phtml
@@ -6,46 +6,54 @@
// @codingStandardsIgnoreFile
- $creditCard = $block->creditCard();
- $token = $creditCard->token;
+/**
+ * @var \Magento\Braintree\Block\Creditcard\Management $block
+ */
+$creditCard = $block->creditCard();
+$token = $block->escapeHtml($creditCard->token);
?>
<?php echo $block->getLayout()->getMessagesBlock()->getGroupedHtml();?>
-<form action="<?php /* @escapeNotVerified */ echo $block->getDeleteConfirmUrl() ?>" method="post" id="delete-form"
+<form action="<?php echo $block->escapeUrl($block->getDeleteConfirmUrl()); ?>" method="post" id="delete-form"
xmlns="http://www.w3.org/1999/html">
<fieldset class="fieldset info">
- <legend class="legend"><?php /* @escapeNotVerified */ echo __('Please confirm that you want to delete this credit card') ?></legend>
+ <legend class="legend">
+ <?php echo $block->escapeHtml(__('Please confirm that you want to delete this credit card')); ?>
+ </legend>
<div class="field">
<ul>
<li>
- <b><?php /* @escapeNotVerified */ echo __('Credit Card Number');?></b>
+ <b><?php echo $block->escapeHtml(__('Credit Card Number'));?></b>
</li>
<li>
- <?php /* @escapeNotVerified */ echo $creditCard->maskedNumber;?>
+ <?php echo $block->escapeHtml($creditCard->maskedNumber);?>
</li>
<li>
- <b><?php /* @escapeNotVerified */ echo __('Expiration Date');?></b>
+ <b><?php echo $block->escapeHtml(__('Expiration Date'));?></b>
</li>
<li>
- <?php /* @escapeNotVerified */ echo $creditCard->expirationDate; ?>
+ <?php echo $block->escapeHtml($creditCard->expirationDate); ?>
</li>
<li>
- <b><?php /* @escapeNotVerified */ echo __('Cardholder Name');?></b>
+ <b><?php echo $block->escapeHtml(__('Cardholder Name'));?></b>
</li>
<li>
- <?php /* @escapeNotVerified */ echo $creditCard->cardholderName;?>
+ <?php echo $block->escapeHtml($creditCard->cardholderName);?>
</li>
</ul>
</div>
</fieldset>
- <input type="hidden" name="token" value="<?php /* @escapeNotVerified */ echo $token ?>">
+ <input type="hidden" name="token" value="<?php /* @noEscape */ echo $token; ?>">
<div class="actions-toolbar">
<div class="primary">
<button type="submit" id="opc-submit" data-role="opc-submit" class="action save primary"
- title="<?php /* @escapeNotVerified */ echo __('Delete') ?>" ><?php /* @escapeNotVerified */ echo __('Delete') ?></span></button>
+ title="<?php echo $block->escapeHtml(__('Delete')); ?>" >
+ <?php echo $block->escapeHtml(__('Delete')); ?>
+ </button>
</div>
<div class="secondary">
- <a class="action back" href="<?php /* @escapeNotVerified */ echo $block->getBackUrl() ?>"><span><span><small>« </small>
- <?php /* @escapeNotVerified */ echo __('Back') ?></span></a>
+ <a class="action back" href="<?php echo $block->escapeUrl($block->getBackUrl()); ?>">
+ <span><small>« </small><?php echo $block->escapeHtml(__('Back')); ?></span>
+ </a>
</div>
</div>
diff --git a/app/code/Magento/Braintree/view/frontend/templates/creditcard/edit.phtml b/app/code/Magento/Braintree/view/frontend/templates/creditcard/edit.phtml
index 073009c4c6eb6de718c3d85c41270ebedfedfa85..6fcac2eae9c411929472c7b79ef1038836646183 100644
--- a/app/code/Magento/Braintree/view/frontend/templates/creditcard/edit.phtml
+++ b/app/code/Magento/Braintree/view/frontend/templates/creditcard/edit.phtml
@@ -53,21 +53,37 @@ if ($block->isEditMode()) {
$defaultPostalCode = '';
$defaultCountryCodeAlpha2 = '';
}
+$streetValidationClass = $this->helper('Magento\Customer\Helper\Address')->getAttributeValidationClass('street');
+$default = $defaultCountryCodeAlpha2;
+
+$clientToken = $block->getClientToken();
+$formData = [
+ "clientToken" => $clientToken,
+ 'ajaxSaveUrl' => $block->escapeUrl($block->getAjaxSaveUrl()),
+ 'isEditMode' => $block->isEditMode() ? true : false,
+ 'cardToken' => $block->isEditMode() ? $block->escapeHtml($creditCard->token) : '',
+ 'backUrl' => $block->escapeUrl($block->getBackUrl()),
+ 'hasVerification' => $block->hasVerification(),
+ "countrySpecificCardTypes" => $countrySpecificCardTypeConfig,
+ "applicableCardTypes" => $applicableCardTypeConfig,
+ "cardTypes" => $block->getCcAvailableTypes(),
+ "isFraudDetectionEnabled" => $block->isFraudDetectionEnabled()
+];
+$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($formData);
?>
<form
- class="form form-edit-credit-card"
- action='<?php /* @escapeNotVerified */ echo $block->getFormAction() ?>'
+ class="form form-edit-credit-card" action="<?php echo $block->escapeUrl($block->getFormAction()); ?>"
method="post" id="form-validate" data-mage-init='{"validation":{}}'>
<?php echo $block->getBlockHtml('formkey'); ?>
- <fieldset class="fieldset info" data-hasrequired="<?php /* @escapeNotVerified */ echo __('* Required Fields') ?>">
+ <fieldset class="fieldset info" data-hasrequired="<?php echo $block->escapeHtml(__('* Required Fields')); ?>">
<legend class="legend">
- <span><?php /* @escapeNotVerified */ echo __('Credit Card') ?></span>
+ <span><?php echo $block->escapeHtml(__('Credit Card')); ?></span>
</legend>
<br>
<div class="field name required">
<label for="credit_card_cardholder_name" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Cardholder Name') ?></span>
+ <span><?php echo $block->escapeHtml(__('Cardholder Name')); ?></span>
</label>
<div class="control">
@@ -75,40 +91,32 @@ if ($block->isEditMode()) {
type="text"
class="input-text required-entry"
id="credit_card_cardholder_name"
- value="<?php /* @escapeNotVerified */ echo $defaultCardholder ?>"
+ value="<?php echo $block->escapeHtml($defaultCardholder); ?>"
data-validate="{required:true}">
</div>
</div>
<div class="field required type">
<label for="credit_card_type" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Credit Card Type') ?></span>
+ <span><?php echo $block->escapeHtml(__('Credit Card Type')); ?></span>
</label>
<div class="control">
<select name="credit_card_type" id="credit_card_type" data-container="credit_card_type"
data-validate='{required:true, "validate-cc-type-select":"#credit_card_number"}'>
- <option value=""><?php /* @escapeNotVerified */ echo __('--Please Select--') ?></option>
- <?php
- foreach ($block->getCcAvailableTypes() as $_typeCode => $_typeName) :
- ?>
- <option value="<?php /* @escapeNotVerified */ echo $_typeCode ?>"
- <?php
- if (stripos($_typeName, $defaultCcType) !== false) :
- ?> selected="selected"
- <?php
- endif;
- ?>>
- <?php /* @escapeNotVerified */ echo $_typeName ?>
+ <option value=""><?php echo $block->escapeHtml(__('--Please Select--')); ?></option>
+ <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
+ <option value="<?php echo $block->escapeHtml($typeCode); ?>"
+ <?php if (stripos($typeName, $defaultCcType) !== false): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($typeName); ?>
</option>
- <?php
- endforeach;
+ <?php endforeach;
?>
</select>
</div>
</div>
<div class="field name required">
- <label for="credit_card_number" class="label"><span>
- <?php /* @escapeNotVerified */ echo __('Credit Card Number') ?></span>
+ <label for="credit_card_number" class="label">
+ <span><?php echo $block->escapeHtml(__('Credit Card Number')); ?></span>
</label>
<div class="control">
@@ -118,19 +126,13 @@ if ($block->isEditMode()) {
class="input-text required-entry validate-cc-number"
id="credit_card_number"
autocomplete="off"
- <?php
- if ($block->isEditMode()) :
- ?>
- placeholder="<?php /* @escapeNotVerified */ echo $maskedNumber ?>"
- <?php
- endif;
- ?>
+ <?php if ($block->isEditMode()): ?> placeholder="<?php echo $block->escapeHtml($maskedNumber); ?>"<?php endif; ?>
data-validate="{'required-number':true, 'validate-cc-number':'#credit_card_number', 'validate-cc-type':'#credit_card_type'}">
</div>
</div>
<div class="field sp-methods required">
<label for="credit_card_expiration_date" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Expiration Date') ?></span>
+ <span><?php echo $block->escapeHtml(__('Expiration Date')); ?></span>
</label>
<div class="control">
@@ -143,14 +145,12 @@ if ($block->isEditMode()) {
id="credit_card_expiration"
class="month validate-cc-exp required-entry"
data-validate="{'required-number':true, 'validate-cc-exp':'#credit_card_expiration_yr'}">
- <?php
- foreach ($block->getCcMonths() as $k => $v) :
- ?>
- <option
- value="<?php echo $k ? $k : '' ?>"<?php if ($k == $defaultExpMonth) : ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
- <?php
- endforeach;
- ?>
+ <?php foreach ($block->getCcMonths() as $k => $v): ?>
+ <option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : '' ?>"
+ <?php if ($k == $defaultExpMonth): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?>
+ </option>
+ <?php endforeach; ?>
</select>
</div>
</div>
@@ -163,22 +163,12 @@ if ($block->isEditMode()) {
id="credit_card_expiration_yr"
class="year required-entry"
data-validate="{required:true}">
- <?php
- foreach ($block->getCcYears() as $k => $v) :
- ?>
- <option
- value="<?php echo $k ? $k : ''; ?>"
- <?php
- if ($k == $defaultExpYear) :
- ?> selected="selected"
- <?php
- endif;
- ?>>
- <?php /* @escapeNotVerified */ echo $v ?>
+ <?php foreach ($block->getCcYears() as $k => $v): ?>
+ <option value="<?php /* @noEscape */ echo $k ? $k : ''; ?>"
+ <?php if ($k == $defaultExpYear): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?>
</option>
- <?php
- endforeach;
- ?>
+ <?php endforeach; ?>
</select>
</div>
</div>
@@ -189,13 +179,13 @@ if ($block->isEditMode()) {
<?php if ($block->hasVerification()): ?>
<div class="field sp-methods required">
<label for="credit_card_cvv" class="label">
- <span><?php /* @escapeNotVerified */ echo __('CVV') ?></span>
+ <span><?php echo $block->escapeHtml(__('CVV')); ?></span>
</label>
<div class="control">
<input
type="text"
- title="<?php /* @escapeNotVerified */ echo __('Card Verification Number') ?>"
+ title="<?php echo $block->escapeHtml(__('Card Verification Number')); ?>"
class="input-text cvv required-entry validate-cc-cvn validate-cc-cvn-autodetect"
name="credit_card_cvv"
data-container="credit_card_cvv"
@@ -203,14 +193,14 @@ if ($block->isEditMode()) {
value=""
autocomplete="off"
data-validate="{'required-number':true, 'validate-cc-cvn':'#credit_card_type'}">
- <?php $_content = '<img src=\"' . $block->getViewFileUrl('Magento_Checkout::cvv.png') .
- '\" alt=\"' . __('Card Verification Number Visual Reference') . '\" title=\"' .
- __('Card Verification Number Visual Reference') . '\" />'; ?>
+ <?php $content = '<img src=\"' . $block->escapeUrl($block->getViewFileUrl('Magento_Checkout::cvv.png')) .
+ '\" alt=\"' . $block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" title=\"' .
+ $block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" />'; ?>
<div class="note">
<a href="#" id="credit_card-cvv-what-is-this" class="action cvv"
title="<?php echo $block->escapeHtml(__('What is this?')); ?>"
- data-mage-init='{"tooltip": {"content": "<?php /* @escapeNotVerified */ echo $_content ?>"}}'>
- <span><?php /* @escapeNotVerified */ echo __('What is this?') ?></span>
+ data-mage-init='{"tooltip": {"content": "<?php /* @noEscape */ echo $content; ?>"}}'>
+ <span><?php echo $block->escapeHtml(__('What is this?')); ?></span>
</a>
</div>
</div>
@@ -224,58 +214,61 @@ if ($block->isEditMode()) {
<div class="control">
<input type="checkbox" name="credit_card[options][make_default]" id="credit_card_options_make_default"
- value="1" <?php /* @escapeNotVerified */ echo $isCCDefault ? "checked" : "" ?>>
+ value="1" <?php /* @noEscape */ echo $isCCDefault ? "checked" : "" ?>>
<label for="credit_card_options_make_default" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Make Default') ?></span>
+ <span><?php echo $block->escapeHtml(__('Make Default')); ?></span>
</label>
</div>
</div>
</fieldset>
<fieldset class="fieldset info">
<legend class="legend">
- <span><?php /* @escapeNotVerified */ echo __('Billing Address') ?></span>
+ <span><?php echo $block->escapeHtml(__('Billing Address')); ?></span>
</legend>
<div class="field name billing_address_first_name required">
<label for="billing_address_first_name" class="label">
- <span><?php /* @escapeNotVerified */ echo __('First Name') ?></span>
+ <span><?php echo $block->escapeHtml(__('First Name')); ?></span>
</label>
<div class="control">
<input type="text" class="input-text required-entry " name="credit_card[billing_address][first_name]"
id="billing_address_first_name"
- value="<?php /* @escapeNotVerified */ echo $defaultFirstName ?>"
+ value="<?php echo $block->escapeHtml($defaultFirstName); ?>"
data-validate="{required:true}">
</div>
</div>
<div class="field name billing_address_last_name required">
- <label for="billing_address_last_name" class="label"><span><?php /* @escapeNotVerified */ echo __('Last Name') ?></span></label>
+ <label for="billing_address_last_name" class="label">
+ <span><?php echo $block->escapeHtml(__('Last Name')); ?></span>
+ </label>
<div class="control">
<input type="text" class="input-text required-entry " name="credit_card[billing_address][last_name]"
id="billing_address_last_name"
- value="<?php /* @escapeNotVerified */ echo $defaultLastName ?>"
+ value="<?php echo $block->escapeHtml($defaultLastName); ?>"
data-validate="{required:true}">
</div>
</div>
<div class="field name billing_address_company">
- <label for="billing_address_company" class="label"><span><?php /* @escapeNotVerified */ echo __('Company') ?></span></label>
+ <label for="billing_address_company" class="label">
+ <span><?php echo $block->escapeHtml(__('Company')); ?></span>
+ </label>
<div class="control">
<input type="text" class="input-text " name="credit_card[billing_address][company]"
id="billing_address_company"
- value="<?php /* @escapeNotVerified */ echo $defaultCompany ?>">
+ value="<?php echo $block->escapeHtml($defaultCompany); ?>">
</div>
</div>
- <?php $_streetValidationClass = $this->helper('Magento\Customer\Helper\Address')->getAttributeValidationClass('street'); ?>
<div class="field name billing_address_street_address required">
<label for="billing_address_street_address" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Address') ?></span>
+ <span><?php echo $block->escapeHtml(__('Address')); ?></span>
</label>
<div class="control">
<input type="text" class="input-text required-entry "
name="credit_card[billing_address][street_address]" id="billing_address_street_address"
- value="<?php /* @escapeNotVerified */ echo $defaultStreetAddress ?>"
+ value="<?php echo $block->escapeHtml($defaultStreetAddress); ?>"
data-validate="{required:true}">
</div>
</div>
@@ -287,95 +280,78 @@ if ($block->isEditMode()) {
<div class="control">
<input type="text" class="input-text " name="credit_card[billing_address][extended_address]"
id="billing_address_extended_address"
- value="<?php /* @escapeNotVerified */ echo $defaultExtendedAddress ?>">
+ value="<?php echo $block->escapeHtml($defaultExtendedAddress); ?>">
</div>
</div>
<div class="field name billing_address_locality required">
<label for="billing_address_locality" class="label">
- <span><?php /* @escapeNotVerified */ echo __('City') ?></span>
+ <span><?php echo $block->escapeHtml(__('City')); ?></span>
</label>
<div class="control">
<input type="text" class="input-text required-entry " name="credit_card[billing_address][locality]"
id="billing_address_locality"
- value="<?php /* @escapeNotVerified */ echo $defaultLocality ?>"
+ value="<?php echo $block->escapeHtml($defaultLocality); ?>"
data-validate="{required:true}">
</div>
</div>
<div class="field region billing_address_region required">
<label for="billing_address_region" class="label">
- <span><?php /* @escapeNotVerified */ echo __('State/Province') ?></span>
+ <span><?php echo $block->escapeHtml(__('State/Province')); ?></span>
</label>
<div class="control">
<select id="billing_address_region_id" name="credit_card[billing_address][region_id]"
- title="<?php /* @escapeNotVerified */ echo __('State/Province') ?>" class="validate-select" style="display:none;"
+ title="<?php echo $block->escapeHtml(__('State/Province')); ?>" class="validate-select" style="display:none;"
data-validate="{'validate-select':true}">
- <option value=""><?php /* @escapeNotVerified */ echo __('Please select region, state or province') ?></option>
+ <option value=""><?php echo $block->escapeHtml(__('Please select region, state or province')); ?></option>
</select>
<input type="text" class="input-text " name="credit_card[billing_address][region]"
id="billing_address_region"
- value="<?php /* @escapeNotVerified */ echo $block->getPostParam('customer.creditCard.billingAddress.region', $defaultRegion) ?>">
+ value="<?php echo $block->escapeHtml($block->getPostParam('customer.creditCard.billingAddress.region', $defaultRegion)); ?>">
</div>
</div>
<div class="field zip billing_address_postal_code required">
<label for="billing_address_postal_code" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Zip/Postal Code') ?></span>
+ <span><?php echo $block->escapeHtml(__('Zip/Postal Code')); ?></span>
</label>
<div class="control">
<input type="text" class="input-text required-entry validate-zip-international "
name="credit_card[billing_address][postal_code]" id="billing_address_postal_code"
- value="<?php /* @escapeNotVerified */ echo $defaultPostalCode ?>"
+ value="<?php echo $block->escapeHtml($defaultPostalCode); ?>"
data-validate="{required:true, 'validate-zip-international':true}">
</div>
</div>
<div class="field name billing_address_country required">
<label for="billing_address_country" class="label">
- <span><?php /* @escapeNotVerified */ echo __('Country') ?></span>
+ <span><?php echo $block->escapeHtml(__('Country')); ?></span>
</label>
<div class="control">
- <?php $default = $defaultCountryCodeAlpha2 ?>
- <?php /* @escapeNotVerified */ echo $block->countrySelect('credit_card' . '[billing_address][country_code_alpha2]', 'billing_address_country', $default) ?>
+ <?php echo $block->escapeHtml($block->countrySelect('credit_card[billing_address][country_code_alpha2]', 'billing_address_country', $default)); ?>
</div>
</div>
</fieldset>
<div class="actions-toolbar">
<div class="primary">
<button type="submit" id="opc-submit" data-role="opc-submit" class="action save primary"
- title="<?php /* @escapeNotVerified */ echo __('Submit') ?>">
- <span><?php /* @escapeNotVerified */ echo __('Submit') ?></span>
+ title="<?php echo $block->escapeHtml(__('Submit')); ?>">
+ <span><?php echo $block->escapeHtml(__('Submit')); ?></span>
</button>
</div>
<div class="secondary">
- <a class="action back" href="<?php /* @escapeNotVerified */ echo $block->getBackUrl() ?>">
- <span><span><small>« </small><?php /* @escapeNotVerified */ echo __('Back') ?></span>
+ <a class="action back" href="<?php echo $block->escapeUrl($block->getBackUrl()); ?>">
+ <span><span><small>« </small><?php echo $block->escapeUrl(__('Back')); ?></span>
</a>
</div>
</div>
</form>
-<?php
-$clientToken = $block->getClientToken();
-$formData = [
- "clientToken" => $clientToken,
- 'ajaxSaveUrl' => $block->getAjaxSaveUrl(),
- 'isEditMode' => $block->isEditMode() ? true : false,
- 'cardToken' => $block->isEditMode() ? $creditCard->token : '',
- 'backUrl' => $block->getBackUrl(),
- 'hasVerification' => $block->hasVerification(),
- "countrySpecificCardTypes" => $countrySpecificCardTypeConfig,
- "applicableCardTypes" => $applicableCardTypeConfig,
- "cardTypes" => $block->getCcAvailableTypes(),
- "isFraudDetectionEnabled" => $block->isFraudDetectionEnabled()
-];
-$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($formData);
-?>
<script type="text/x-magento-init">
{
"#form-validate": {
"validation": {},
- "braintreeEditForm": <?php /* @escapeNotVerified */ echo $serializedFormData ?>
+ "braintreeEditForm": <?php /* @noEscape */ echo $serializedFormData; ?>
},
"#billing_address_country": {
"regionUpdater": {
@@ -384,13 +360,11 @@ $serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonE
"regionInputId": "#billing_address_region",
"postcodeId": "#billing_address_region",
"form": "#form-validate",
- "regionJson": <?php /* @escapeNotVerified */ echo $this->helper('Magento\Directory\Helper\Data')->getRegionJson() ?>,
- "defaultRegion": "<?php /* @escapeNotVerified */ echo $defaultRegionId ?>",
+ "regionJson": <?php /* @noEscape */ echo $this->helper('Magento\Directory\Helper\Data')->getRegionJson(); ?>,
+ "defaultRegion": "<?php echo $block->escapeHtml($defaultRegionId); ?>",
"countriesWithOptionalZip":
- <?php /* @escapeNotVerified */ echo $this->helper('Magento\Directory\Helper\Data')->getCountriesWithOptionalZip(true) ?>
+ <?php /* @noEscape */ echo $this->helper('Magento\Directory\Helper\Data')->getCountriesWithOptionalZip(true); ?>
}
}
}
-
-
</script>
\ No newline at end of file
diff --git a/app/code/Magento/Braintree/view/frontend/templates/creditcard/index.phtml b/app/code/Magento/Braintree/view/frontend/templates/creditcard/index.phtml
index f4cef98141bd9a4f549dff973874bd8a63a706a3..fd9ee17028bb6eae399fe70103f3f8e82933681f 100644
--- a/app/code/Magento/Braintree/view/frontend/templates/creditcard/index.phtml
+++ b/app/code/Magento/Braintree/view/frontend/templates/creditcard/index.phtml
@@ -7,14 +7,18 @@
// @codingStandardsIgnoreFile
/** @var $block \Magento\Braintree\Block\Creditcard\Management */
- $_storedCards = $block->getCurrentCustomerStoredCards();
+$storedCards = $block->getCurrentCustomerStoredCards();
?>
<div class="page-title title-buttons">
<?php if ($block->getUsesVault()): ?>
- <button type="button" title="<?php /* @escapeNotVerified */ echo __('Add Credit Card') ?>" class="action subscribe primary" onclick="window.location='<?php /* @escapeNotVerified */ echo $block->getAddUrl() ?>';"><span><span><?php /* @escapeNotVerified */ echo __('Add Credit Card') ?></span></span></button>
- <?php endif ?>
+ <button type="button" title="<?php echo $block->escapeHtml(__('Add Credit Card')); ?>"
+ class="action subscribe primary"
+ onclick="window.location='<?php echo $block->escapeUrl($block->getAddUrl()) ?>';">
+ <span><span><?php echo $block->escapeHtml(__('Add Credit Card')); ?></span></span>
+ </button>
+ <?php endif; ?>
</div>
-<?php echo $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
+<?php echo $block->getLayout()->getMessagesBlock()->getGroupedHtml(); ?>
<?php if (count($_storedCards)): ?>
<table class="data-table" id="my-quotes-table">
<col width="1" />
@@ -24,23 +28,27 @@
<col width="1" />
<thead>
<tr>
- <th><?php /* @escapeNotVerified */ echo __('Type') ?></th>
- <th><?php /* @escapeNotVerified */ echo __('Card Number') ?></th>
- <th><?php /* @escapeNotVerified */ echo __('Is Default') ?></th>
- <th colspan="2"><?php /* @escapeNotVerified */ echo __('Actions') ?></th>
+ <th><?php echo $block->escapeHtml(__('Type')); ?></th>
+ <th><?php echo $block->escapeHtml(__('Card Number')); ?></th>
+ <th><?php echo $block->escapeHtml(__('Is Default')); ?></th>
+ <th colspan="2"><?php echo $block->escapeHtml(__('Actions')); ?></th>
</tr>
</thead>
<tbody>
- <?php foreach ($_storedCards as $card):?>
+ <?php foreach ($storedCards as $card):?>
<tr>
- <td><?php /* @escapeNotVerified */ echo $card->cardType ?></td>
- <td><?php /* @escapeNotVerified */ echo $card->maskedNumber ?></td>
- <td><?php /* @escapeNotVerified */ echo ($card->default) ? __('Yes') : __('No') ?></td>
+ <td><?php echo $block->escapeHtml($card->cardType); ?></td>
+ <td><?php echo $block->escapeHtml($card->maskedNumber); ?></td>
+ <td><?php /* @noEscape */ echo ($card->default) ? $block->escapeHtml(__('Yes')) : $block->escapeHtml(__('No')); ?></td>
<td>
- <a href="<?php /* @escapeNotVerified */ echo $block->getEditUrl($card->token) ?>"><?php /* @escapeNotVerified */ echo __('Edit')?></a>
+ <a href="<?php echo $block->escapeUrl($block->getEditUrl($card->token)); ?>">
+ <?php echo $block->escapeHtml(__('Edit')); ?>
+ </a>
</td>
<td>
- <a href="<?php /* @escapeNotVerified */ echo $block->getDeleteUrl($card->token) ?>"><?php /* @escapeNotVerified */ echo __('Delete')?></a>
+ <a href="<?php echo $block->escapeUrl($block->getDeleteUrl($card->token)); ?>">
+ <?php echo $block->escapeHtml(__('Delete'));?>
+ </a>
</td>
</tr>
<?php endforeach; ?>
diff --git a/app/code/Magento/Braintree/view/frontend/templates/data_js.phtml b/app/code/Magento/Braintree/view/frontend/templates/data_js.phtml
index cbfe3dcda5f9f52c183a7382e9cf4c33d5a50811..14579540152c5ac6e53839cf17dfdd861f564d89 100644
--- a/app/code/Magento/Braintree/view/frontend/templates/data_js.phtml
+++ b/app/code/Magento/Braintree/view/frontend/templates/data_js.phtml
@@ -14,14 +14,14 @@ $arrayData = [
$this->helper('Magento\Braintree\Helper\Data')->getKountId() : false,
"formId" =>$block->getFormId(),
"merchantId" => $block->getMerchantId(),
- "braintreeDataJs" => $block->getJsSrc(),
+ "braintreeDataJs" => $block->escapeUrl($block->getJsSrc()),
];
$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($arrayData);
?>
<script type="text/x-magento-init">
{
"body": {
- "braintreeDataJs": <?php /* @escapeNotVerified */ echo $serializedFormData ?>
+ "braintreeDataJs": <?php /* @noEscape */ echo $serializedFormData; ?>
}
}
</script>
diff --git a/app/code/Magento/Braintree/view/frontend/templates/form.phtml b/app/code/Magento/Braintree/view/frontend/templates/form.phtml
index f740ad803b188d5c3c7b53b31021d2e2b8f0edde..459a61568cff7fa67f19d3146b1a2f7e0fb5ff5d 100644
--- a/app/code/Magento/Braintree/view/frontend/templates/form.phtml
+++ b/app/code/Magento/Braintree/view/frontend/templates/form.phtml
@@ -7,75 +7,112 @@
// @codingStandardsIgnoreFile
/** @var \Magento\Braintree\Block\Form $block */
-$_code = $block->getMethodCode();
-$_loggedIn = $block->isCustomerLoggedIn();
-$_storedCards = $block->getStoredCards();
-$_useVault = $_loggedIn && $block->useVault() && count($_storedCards);
-$_autoDetection = $block->isCcDetectionEnabled();
-$clientToken = $block->getClientToken();
+$code = $block->getMethodCode();
+$loggedIn = $block->isCustomerLoggedIn();
+$storedCards = $block->getStoredCards();
+$useVault = $loggedIn && $block->useVault() && count($storedCards);
+$autoDetection = $block->isCcDetectionEnabled();
+$clientToken = $block->escapeHtml($block->getClientToken());
+$formData = [
+ "useVault" => $useVault,
+ "clientToken" => $clientToken,
+ "autoDetection" => $autoDetection,
+ "loggedIn" => $loggedIn,
+];
+$serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($formData);
+$ccType = $block->getInfoData('cc_type');
+$ccExpMonth = $block->getInfoData('cc_exp_month');
+$ccExpYear = $block->getInfoData('cc_exp_year');
?>
-<fieldset class="fieldset items braintree" id="payment_form_<?php /* @escapeNotVerified */ echo $_code ?>" style="display:none;">
+<fieldset class="fieldset items braintree" id="payment_form_<?php /* @noEscape */ echo $code; ?>" style="display:none;">
<input type="hidden" name="payment[payment_method_nonce]" id="braintree_nonce" value="" />
- <input type="hidden" name="payment[cc_last4]" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_last4" value="" />
- <?php if ($_autoDetection) : ?>
+ <input type="hidden" name="payment[cc_last4]" id="<?php /* @noEscape */ echo $code; ?>_cc_last4" value="" />
+ <?php if ($autoDetection) : ?>
<input type="hidden" id="card_type_autoselect" value="" />
<?php endif; ?>
- <?php if ($_useVault): ?>
- <li id="<?php /* @escapeNotVerified */ echo $_code ?>_token_selector">
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_token"><?php /* @escapeNotVerified */ echo __('Payment Information') ?></label>
+ <?php if ($useVault): ?>
+ <li id="<?php /* @noEscape */ echo $code; ?>_token_selector">
+ <label for="<?php /* @noEscape */ echo $code; ?>_cc_token">
+ <?php echo $block->escapeHtml(__('Payment Information')); ?>
+ </label>
<div class="input-box">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_token" name="payment[cc_token]">
- <?php foreach ($_storedCards as $creditCard): ?>
- <option value="<?php /* @escapeNotVerified */ echo $creditCard->token?>" <?php echo $creditCard->default ? 'selected="selected"' : '' ?>>
- <?php /* @escapeNotVerified */ echo $creditCard->maskedNumber . ' - ' . $creditCard->cardType; ?>
+ <select id="<?php /* @noEscape */ echo $code; ?>_cc_token" name="payment[cc_token]">
+ <?php foreach ($storedCards as $creditCard): ?>
+ <option value="<?php echo $block->escapeHtml($creditCard->token); ?>"
+ <?php /* @noEscape */ echo $creditCard->default ? ' selected="selected"' : ''; ?>>
+ <?php echo $block->escapeHtml($creditCard->maskedNumber); ?> - <?php echo $block->escapeHtml($creditCard->cardType); ?>
</option>
<?php endforeach; ?>
- <option value=''><?php /* @escapeNotVerified */ echo __('Add new card') ?></option>
+ <option value=''><?php echo $block->escapeHtml(__('Add new card')); ?></option>
</select>
</div>
</li>
<?php endif; ?>
<div class="field type required hide_if_token_selected">
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type" class="label"><span><?php /* @escapeNotVerified */ echo __('Credit Card Type') ?></span></label>
+ <label for="<?php /* @noEscape */ echo $code; ?>_cc_type" class="label">
+ <span><?php echo $block->escapeHtml(__('Credit Card Type')); ?></span>
+ </label>
<div class="control">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type"
- data-mage-init='{"creditCardType":{"creditCardTypeContainer":"#<?php /* @escapeNotVerified */ echo $_code ?>_cc_type_ss_div"}}'
- name="payment[cc_type]" data-validate='{required:true, "validate-cc-type-select":"#<?php /* @escapeNotVerified */ echo $_code ?>_cc_number"}' class="select">
- <option value=""><?php /* @escapeNotVerified */ echo __('--Please Select--')?></option>
- <?php $_ccType = $block->getInfoData('cc_type') ?>
- <?php foreach ($block->getCcAvailableTypes() as $_typeCode => $_typeName): ?>
- <option value="<?php /* @escapeNotVerified */ echo $_typeCode ?>"<?php if ($_typeCode == $_ccType): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $_typeName ?></option>
+ <select id="<?php /* @noEscape */ echo $code; ?>_cc_type"
+ data-mage-init='{"creditCardType":{"creditCardTypeContainer":"#<?php /* @noEscape */ echo $code; ?>_cc_type_ss_div"}}'
+ name="payment[cc_type]" data-validate='{
+ required:true,
+ "validate-cc-type-select":"#<?php /* @noEscape */ echo $code; ?>_cc_number"
+ }' class="select">
+ <option value=""><?php echo $block->escapeHtml(__('--Please Select--')); ?></option>
+ <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
+ <option value="<?php echo $block->escapeHtml($typeCode); ?>"
+ <?php if ($typeCode == $ccType): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($typeName); ?>
+ </option>
<?php endforeach ?>
</select>
</div>
</div>
<div class="field number required hide_if_token_selected">
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number" class="label"><span><?php /* @escapeNotVerified */ echo __('Credit Card Number') ?></span></label>
+ <label for="<?php /* @noEscape */ echo $code; ?>_cc_number" class="label">
+ <span><?php echo $block->escapeHtml(__('Credit Card Number')); ?></span>
+ </label>
<div class="control">
- <input type="number" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_number" name="payment[cc_number]" title="<?php /* @escapeNotVerified */ echo __('Credit Card Number') ?>" class="input-text" value="" data-validate='{"required-number":true, "validate-cc-number":"#<?php /* @escapeNotVerified */ echo $_code ?>_cc_type", "validate-cc-type":"#<?php /* @escapeNotVerified */ echo $_code ?>_cc_type"}'/>
+ <input type="number" id="<?php /* @noEscape */ echo $code; ?>_cc_number" name="payment[cc_number]"
+ title="<?php echo $block->escapeHtml(__('Credit Card Number')); ?>" class="input-text" value=""
+ data-validate='{
+ "required-number":true,
+ "validate-cc-number":"#<?php /* @noEscape */ echo $code; ?>_cc_type",
+ "validate-cc-type":"#<?php /* @noEscape */ echo $code; ?>_cc_type"
+ }'/>
</div>
</div>
- <div class="field date required hide_if_token_selected" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type_exp_div">
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_expiration" class="label"><span><?php /* @escapeNotVerified */ echo __('Expiration Date') ?></span></label>
+ <div class="field date required hide_if_token_selected" id="<?php /* @noEscape */ echo $code; ?>_cc_type_exp_div">
+ <label for="<?php /* @noEscape */ echo $code; ?>_expiration" class="label">
+ <span><?php echo $block->escapeHtml(__('Expiration Date')); ?></span>
+ </label>
<div class="control">
<div class="fields group group-2">
<div class="field no-label month">
<div class="control">
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration" name="payment[cc_exp_month]" class="select month" data-validate='{required:true, "validate-cc-exp":"#<?php /* @escapeNotVerified */ echo $_code ?>_expiration_yr"}'>
- <?php $_ccExpMonth = $block->getInfoData('cc_exp_month') ?>
+ <select id="<?php /* @noEscape */ echo $code; ?>_expiration" name="payment[cc_exp_month]"
+ class="select month" data-validate='{
+ required:true, "validate-cc-exp":"#<?php /* @noEscape */ echo $code; ?>_expiration_yr"
+ }'>
<?php foreach ($block->getCcMonths() as $k => $v): ?>
- <option value="<?php echo $k ? $k : '' ?>"<?php if ($k == $_ccExpMonth): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
- <?php endforeach ?>
+ <option value="<?php echo $k ? $block->escapeHtml($k) : ''; ?>"
+ <?php if ($k == $ccExpMonth): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?>
+ </option>
+ <?php endforeach; ?>
</select>
</div>
</div>
<div class="field no-label year">
<div class="control">
- <?php $_ccExpYear = $block->getInfoData('cc_exp_year') ?>
- <select id="<?php /* @escapeNotVerified */ echo $_code ?>_expiration_yr" name="payment[cc_exp_year]" class="select year" data-validate='{required:true}'>
+ <select id="<?php /* @noEscape */ echo $code; ?>_expiration_yr" name="payment[cc_exp_year]" class="select year" data-validate='{required:true}'>
<?php foreach ($block->getCcYears() as $k => $v): ?>
- <option value="<?php echo $k ? $k : '' ?>"<?php if ($k == $_ccExpYear): ?> selected="selected"<?php endif ?>><?php /* @escapeNotVerified */ echo $v ?></option>
- <?php endforeach ?>
+ <option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : '' ?>"
+ <?php if ($k == $ccExpYear): ?> selected="selected"<?php endif; ?>>
+ <?php echo $block->escapeHtml($v); ?>
+ </option>
+ <?php endforeach; ?>
</select>
</div>
</div>
@@ -83,39 +120,44 @@ $clientToken = $block->getClientToken();
</div>
</div>
<?php if ($block->hasVerification()): ?>
- <div class="field cvv required hide_if_token_selected" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_type_cvv_div">
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid" class="label"><span><?php /* @escapeNotVerified */ echo __('Card Verification Number') ?></span></label>
+ <div class="field cvv required hide_if_token_selected" id="<?php /* @noEscape */ echo $code; ?>_cc_type_cvv_div">
+ <label for="<?php /* @noEscape */ echo $code; ?>_cc_cid" class="label">
+ <span><?php echo $block->escapeHtml(__('Card Verification Number')); ?></span>
+ </label>
<div class="control">
- <input type="number" title="<?php /* @escapeNotVerified */ echo __('Card Verification Number') ?>" class="input-text cvv" id="<?php /* @escapeNotVerified */ echo $_code ?>_cc_cid" name="payment[cc_cid]" value="" data-validate='{"required-number":true, "validate-cc-cvn":"#<?php /* @escapeNotVerified */ echo $_code ?>_cc_type"}' />
- <?php $_content = '<img src=\"' . $block->getViewFileUrl('Magento_Checkout::cvv.png') . '\" alt=\"' . __('Card Verification Number Visual Reference') . '\" title=\"' . __('Card Verification Number Visual Reference') . '\" />'; ?>
+ <input type="number" title="<?php echo $block->escapeHtml(__('Card Verification Number')); ?>"
+ class="input-text cvv"
+ id="<?php /* @noEscape */ echo $code; ?>_cc_cid" name="payment[cc_cid]" value=""
+ data-validate='{
+ "required-number":true, "validate-cc-cvn":"#<?php /* @noEscape */ echo $code; ?>_cc_type"
+ }' />
+ <?php $content = '<img src=\"' . $block->escapeUrl($block->getViewFileUrl('Magento_Checkout::cvv.png')) .
+ '\" alt=\"' . $block->escapeHtml(__('Card Verification Number Visual Reference')) .
+ '\" title=\"' . $block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" />'; ?>
<div class="note">
- <a href="#" class="action cvv" title="<?php /* @escapeNotVerified */ echo __('What is this?') ?>" data-mage-init='{"tooltip": {"content": "<?php /* @escapeNotVerified */ echo $_content ?>"}}'><span><?php /* @escapeNotVerified */ echo __('What is this?') ?></span></a>
+ <a href="#" class="action cvv" title="<?php echo $block->escapeHtml(__('What is this?')); ?>"
+ data-mage-init='{"tooltip": {"content": "<?php /* @noEscape */ echo $content; ?>"}}'>
+ <span><?php echo $block->escapeHtml(__('What is this?')); ?></span>
+ </a>
</div>
</div>
</div>
<?php endif; ?>
<?php if($block->canSaveCard()): ?>
- <li id="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault_div" style="text-align:left;" class="hide_if_token_selected">
- <input type="checkbox" title="<?php /* @escapeNotVerified */ echo __('Save this card for future use') ?>" class="input-checkbox" id="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault" checked="checked" name="payment[store_in_vault]" value="1" />
- <label for="<?php /* @escapeNotVerified */ echo $_code ?>_store_in_vault" class="required" style="float:none;"><?php /* @escapeNotVerified */ echo __('Save this card for future use') ?></label>
+ <li id="<?php /* @noEscape */ echo $code; ?>_store_in_vault_div" style="text-align:left;" class="hide_if_token_selected">
+ <input type="checkbox" title="<?php echo $block->escapeHtml(__('Save this card for future use')); ?>" class="input-checkbox"
+ id="<?php /* @noEscape */ echo $code; ?>_store_in_vault" checked="checked" name="payment[store_in_vault]" value="1" />
+ <label for="<?php /* @noEscape */ echo $code; ?>_store_in_vault" class="required" style="float:none;">
+ <?php echo $block->escapeHtml(__('Save this card for future use')); ?>
+ </label>
</li>
<?php endif; ?>
</fieldset>
-
-<?php
- $formData = [
- "useVault" => $_useVault,
- "clientToken" => $clientToken,
- "autoDetection" => $_autoDetection,
- "loggedIn" => $_loggedIn,
- ];
- $serializedFormData = $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($formData);
-?>
<script type="text/x-magento-init">
{
"#payment_form_braintree": {
- "braintreeForm": <?php /* @escapeNotVerified */ echo $serializedFormData ?>
+ "braintreeForm": <?php /* @noEscape */ echo $serializedFormData ?>
}
}
</script>
diff --git a/app/code/Magento/Payment/view/adminhtml/templates/info/default.phtml b/app/code/Magento/Payment/view/adminhtml/templates/info/default.phtml
index 9980563201013c5afd144b026df184fcfaac7738..2ce70dcad46a2f0b06e69eecf856cc6fe6bb9c05 100644
--- a/app/code/Magento/Payment/view/adminhtml/templates/info/default.phtml
+++ b/app/code/Magento/Payment/view/adminhtml/templates/info/default.phtml
@@ -9,10 +9,11 @@
* @var \Magento\Payment\Block\Info $block
* @see \Magento\Payment\Block\Info
*/
+$specificInfo = $block->getSpecificInformation();
?>
<?php echo $block->escapeHtml($block->getMethod()->getTitle()); ?>
-<?php if ($_specificInfo = $block->getSpecificInformation()):?>
+<?php if ($specificInfo): ?>
<table class="data-table admin__table-secondary">
<?php foreach ($specificInfo as $label => $value):?>
<tr>
diff --git a/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml b/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml
index 92c44c6c5d4b9ccadda17fe6fbbec87b46ad3451..1bb248e6fd5662bced43e2f7ee9d4c5a942a1f69 100644
--- a/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml
+++ b/app/code/Magento/Payment/view/adminhtml/templates/transparent/form.phtml
@@ -10,6 +10,7 @@
$code = $block->getMethodCode();
$ccType = $block->getInfoData('cc_type');
$ccExpYear = $block->getInfoData('cc_exp_year');
+$ccExpMonth = $block->getInfoData('cc_exp_month');
?>
<!-- IFRAME for request to Payment Gateway -->
@@ -87,11 +88,10 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
data-container="<?php /* @noEscape */ echo $code; ?>-cc-month"
class="admin__control-select admin__control-select-month"
data-validate='{required:true, "validate-cc-exp":"#<?php /* @noEscape */ echo $code; ?>_expiration_yr"}'>
- <?php $_ccExpMonth = $block->getInfoData('cc_exp_month') ?>
<?php foreach ($block->getCcMonths() as $k => $v): ?>
<option
- value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : '' ?>"
- <?php if ($k == $_ccExpMonth): ?> selected="selected"<?php endif ?>>
+ value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : ''; ?>"
+ <?php if ($k == $ccExpMonth): ?> selected="selected"<?php endif; ?>>
<?php echo $block->escapeHtml($v); ?>
</option>
<?php endforeach ?>
diff --git a/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml b/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml
index eeaa13ee814cc4d420fdbbc0ec7e66eb84c58aa7..64ea503996cd280d8b29dc154b4dc20e9e47f69d 100644
--- a/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml
+++ b/app/code/Magento/Payment/view/frontend/templates/transparent/form.phtml
@@ -10,6 +10,7 @@
$code = $block->getMethodCode();
$ccExpMonth = $block->getInfoData('cc_exp_month');
$ccExpYear = $block->getInfoData('cc_exp_year');
+$ccType = $block->getInfoData('cc_type');
$content = '<img src=\"' . $block->getViewFileUrl('Magento_Checkout::cvv.png') . '\" alt=\"' .
$block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" title=\"' .
$block->escapeHtml(__('Card Verification Number Visual Reference')) . '\" />';
@@ -46,10 +47,9 @@ $content = '<img src=\"' . $block->getViewFileUrl('Magento_Checkout::cvv.png') .
"validate-cc-type-select":"#<?php /* @noEscape */ echo $code; ?>_cc_number"
}'>
<option value=""><?php echo $block->escapeHtml(__('--Please Select--'));?></option>
- <?php $_ccType = $block->getInfoData('cc_type') ?>
<?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
<option value="<?php echo $block->escapeHtml($typeCode); ?>"
- <?php if ($typeCode == $_ccType): ?> selected="selected"<?php endif; ?>>
+ <?php if ($typeCode == $ccType): ?> selected="selected"<?php endif; ?>>
<?php echo $block->escapeHtml($typeName); ?></option>
<?php endforeach ?>
</select>
diff --git a/app/code/Magento/Paypal/Model/Express/Checkout.php b/app/code/Magento/Paypal/Model/Express/Checkout.php
index d9b9d986f1b31c0db42b578c6074e0f53dbc5453..d3b0cf72fc76bf9047b4a82e4cdc663380834123 100644
--- a/app/code/Magento/Paypal/Model/Express/Checkout.php
+++ b/app/code/Magento/Paypal/Model/Express/Checkout.php
@@ -1191,10 +1191,10 @@ class Checkout
/**
* Set shipping options to api
* @param \Magento\Paypal\Model\Cart $cart
- * @param \Magento\Quote\Model\Quote\Address $address
+ * @param \Magento\Quote\Model\Quote\Address|null $address
* @return void
*/
- private function setShippingOptions(PaypalCart $cart, Address $address)
+ private function setShippingOptions(PaypalCart $cart, Address $address = null)
{
// for included tax always disable line items (related to paypal amount rounding problem)
$this->_api->setIsLineItemsEnabled($this->_config->getValue(PaypalConfig::TRANSFER_CART_LINE_ITEMS));
diff --git a/app/code/Magento/Paypal/view/frontend/web/js/view/payment/method-renderer/payflowpro-method.js b/app/code/Magento/Paypal/view/frontend/web/js/view/payment/method-renderer/payflowpro-method.js
index a7a031848124e90d904a433912a4cdc722a27ed6..f0095877bbc9cb3a3831de67668c3234a287ec75 100644
--- a/app/code/Magento/Paypal/view/frontend/web/js/view/payment/method-renderer/payflowpro-method.js
+++ b/app/code/Magento/Paypal/view/frontend/web/js/view/payment/method-renderer/payflowpro-method.js
@@ -51,9 +51,8 @@ define(
placeOrder: function () {
var self = this;
- fullScreenLoader.startLoader();
-
if (this.validateHandler() && additionalValidators.validate()) {
+ fullScreenLoader.startLoader();
this.isPlaceOrderActionAllowed(false);
$.when(setPaymentInformationAction(this.messageContainer, {
'method': self.getCode()