Merge pull request #4334 from magento-qwerty/MAGETWO-55809

Implemented Stories:
- MAGETWO-55809: Eliminate @escapeNotVerified in Module Backend

Author: dvoskoboinikov

app/code/Magento/Backend/view/adminhtml/templates/admin/access_denied.phtml

@@ -3,14 +3,13 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 /**
  * @see \Magento\Backend\Block\Denied
  */
+
+// phpcs:disable Magento2.Security.Superglobal
 ?>
 <hr class="access-denied-hr"/>
 <div class="access-denied-page">
@@ -21,10 +20,10 @@
         <li><span><?= $block->escapeHtml(__('Contact a system administrator or store owner to gain permissions.')) ?></span></li>
         <li>
             <span><?= $block->escapeHtml(__('Return to ')) ?>
-                <?php if(isset($_SERVER['HTTP_REFERER'])): ?>
+                <?php if (isset($_SERVER['HTTP_REFERER'])) : ?>
                     <a href="<?= $block->escapeUrl(__($_SERVER['HTTP_REFERER'])) ?>">
                         <?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
-                <?php else: ?>
+                <?php else : ?>
                     <a href="<?= $block->escapeHtmlAttr(__('javascript:history.back()')) ?>">
                         <?= $block->escapeHtml(__('previous page')) ?></a><?= $block->escapeHtml(__('.')) ?>
                 <?php endif ?>

app/code/Magento/Backend/view/adminhtml/templates/admin/formkey.phtml

@@ -4,4 +4,4 @@
  * See COPYING.txt for license details.
  */
 ?>
-<div><input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" /></div>
+<div><input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" /></div>

app/code/Magento/Backend/view/adminhtml/templates/admin/login.phtml

@@ -4,19 +4,20 @@
  * See COPYING.txt for license details.
  */
 
-// @codingStandardsIgnoreFile
-
+/**
+ * @var \Magento\Framework\View\Element\AbstractBlock $block
+ */
 ?>
 
 <form method="post" action="" id="login-form" data-mage-init='{"form": {}, "validation": {}}' autocomplete="off">
     <fieldset class="admin__fieldset">
         <legend class="admin__legend">
-            <span><?= /* @escapeNotVerified */ __('Welcome, please sign in') ?></span>
+            <span><?= $block->escapeHtml(__('Welcome, please sign in')) ?></span>
         </legend><br/>
-        <input name="form_key" type="hidden" value="<?= /* @escapeNotVerified */ $block->getFormKey() ?>" />
+        <input name="form_key" type="hidden" value="<?= $block->escapeHtmlAttr($block->getFormKey()) ?>" />
         <div class="admin__field _required field-username">
             <label for="username" class="admin__field-label">
-                <span><?= /* @escapeNotVerified */ __('Username') ?></span>
+                <span><?= $block->escapeHtml(__('Username')) ?></span>
             </label>
             <div class="admin__field-control">
                 <input id="username"
@@ -26,14 +27,14 @@
                        autofocus
                        value=""
                        data-validate="{required:true}"
-                       placeholder="<?= /* @escapeNotVerified */ __('user name') ?>"
+                       placeholder="<?= $block->escapeHtmlAttr(__('user name')) ?>"
                        autocomplete="off"
                     />
             </div>
         </div>
         <div class="admin__field _required field-password">
             <label for="login" class="admin__field-label">
-                <span><?= /* @escapeNotVerified */ __('Password') ?></span>
+                <span><?= $block->escapeHtml(__('Password')) ?></span>
             </label>
             <div class="admin__field-control">
                 <input id="login"
@@ -42,7 +43,7 @@
                        name="login[password]"
                        data-validate="{required:true}"
                        value=""
-                       placeholder="<?= /* @escapeNotVerified */ __('password') ?>"
+                       placeholder="<?= $block->escapeHtmlAttr(__('password')) ?>"
                        autocomplete="off"
                     />
             </div>

app/code/Magento/Backend/view/adminhtml/templates/admin/login_buttons.phtml

@@ -8,6 +8,6 @@
     <button
         <?php $block->getUiId(); ?>
         class="action-login action-primary">
-        <span><?= /* @escapeNotVerified */ __('Sign in') ?></span>
+        <span><?= $block->escapeHtml(__('Sign in')) ?></span>
     </button>
 </div>

app/code/Magento/Backend/view/adminhtml/templates/admin/overlay_popup.phtml

@@ -3,15 +3,12 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="wrapper-popup">
     <div class="middle" id="anchor-content">
         <div id="page:main-container">
-        <?php if ($block->getChildHtml('left')): ?>
-            <div class="columns <?= /* @escapeNotVerified */ $block->getContainerCssClass() ?>" id="page:container">
+        <?php if ($block->getChildHtml('left')) : ?>
+            <div class="columns <?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?>" id="page:container">
                 <div id="page:left" class="side-col">
                     <?= $block->getChildHtml('left') ?>
                 </div>
@@ -24,13 +21,13 @@
                     </div>
                 </div>
             </div>
-      <?php else: ?>
+        <?php else : ?>
           <div id="messages" data-container-for="messages"><?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?></div>
           <?= $block->getChildHtml('content') ?>
-      <?php endif; ?>
+        <?php endif; ?>
          </div>
     </div>
-    <?php if ($block->getChildHtml('footer')): ?>
+    <?php if ($block->getChildHtml('footer')) : ?>
     <div class="footer">
         <?= $block->getChildHtml('footer') ?>
     </div>

app/code/Magento/Backend/view/adminhtml/templates/admin/page.phtml

@@ -3,19 +3,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php /** @var $block \Magento\Backend\Block\Page */ ?>
 <!doctype html>
-<html lang="<?= /* @escapeNotVerified */ $block->getLang() ?>" class="no-js">
+<html lang="<?= $block->escapeHtmlAttr($block->getLang()) ?>" class="no-js">
 
 <head>
     <?= $block->getChildHtml('head') ?>
 </head>
 
-<body id="html-body"<?= $block->getBodyClass() ? ' class="' . $block->getBodyClass() . '"' : '' ?> data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
+<body id="html-body" class="<?= $block->escapeHtmlAttr($block->getBodyClass()) ?>" data-container="body" data-mage-init='{"loaderAjax":{},"loader":{}}'>
     <div class="page-wrapper">
         <?= $block->getChildHtml('notification_window') ?>
         <?= $block->getChildHtml('global_notices') ?>
@@ -31,8 +28,8 @@
                 <?= $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
             </div>
             <?= $block->getChildHtml('page_main_actions') ?>
-            <?php if ($block->getChildHtml('left')): ?>
-                <div id="page:main-container" class="<?= /* @escapeNotVerified */ $block->getContainerCssClass() ?> col-2-left-layout">
+            <?php if ($block->getChildHtml('left')) : ?>
+                <div id="page:main-container" class="<?= $block->escapeHtmlAttr($block->getContainerCssClass()) ?> col-2-left-layout">
                     <div class="main-col" id="content">
                         <?= $block->getChildHtml('content') ?>
                     </div>
@@ -41,7 +38,7 @@
                         <?= $block->getChildHtml('left') ?>
                     </div>
                 </div>
-            <?php else: ?>
+            <?php else : ?>
                 <div id="page:main-container" class="col-1-layout">
                     <?= $block->getChildHtml('content') ?>
                 </div>

app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph.phtml

@@ -3,33 +3,33 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <div class="dashboard-diagram">
     <div class="dashboard-diagram-switcher">
         <label for="order_<?= $block->getHtmlId() ?>_period"
-               class="label"><?= /* @escapeNotVerified */ __('Select Range:') ?></label>
+               class="label"><?= $block->escapeHtml(__('Select Range:')) ?></label>
         <select name="period" id="order_<?= $block->getHtmlId() ?>_period"
                 onchange="changeDiagramsPeriod(this);" class="admin__control-select">
-            <?php foreach ($this->helper('Magento\Backend\Helper\Dashboard\Data')->getDatePeriods() as $value => $label): ?>
-                <?php if (in_array($value, ['custom'])) {
+            <?php //phpcs:disable ?>
+            <?php foreach ($this->helper(\Magento\Backend\Helper\Dashboard\Data::class)->getDatePeriods() as $value => $label) : ?>
+                <?php
+                //phpcs:enable
+                if (in_array($value, ['custom'])) {
                     continue;
                 } ?>
-                <option value="<?= /* @escapeNotVerified */ $value ?>"
-                    <?php if ($block->getRequest()->getParam('period') == $value): ?> selected="selected"<?php endif; ?>
-                    ><?= /* @escapeNotVerified */ $label ?></option>
+                <option value="<?= /* @noEscape */ $value ?>"
+                    <?php if ($block->getRequest()->getParam('period') == $value) : ?> selected="selected"<?php endif; ?>
+                    ><?= $block->escapeHtml($label) ?></option>
             <?php endforeach; ?>
         </select>
     </div>
-    <?php if ($block->getCount()): ?>
+    <?php if ($block->getCount()) : ?>
     <div class="dashboard-diagram-image">
-        <img src="<?= /* @escapeNotVerified */ $block->getChartUrl(false) ?>" class="dashboard-diagram-chart" alt="Chart" title="Chart" />
+        <img src="<?= $block->escapeUrl($block->getChartUrl(false)) ?>" class="dashboard-diagram-chart" alt="Chart" title="Chart" />
     </div>
-    <?php else: ?>
+    <?php else : ?>
     <div class="dashboard-diagram-nodata">
-        <span><?= /* @escapeNotVerified */ __('No Data Found') ?></span>
+        <span><?= $block->escapeHtml(__('No Data Found')) ?></span>
     </div>
     <?php endif; ?>
 </div>

app/code/Magento/Backend/view/adminhtml/templates/dashboard/graph/disabled.phtml

@@ -3,9 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
 ?>
 <div class="dashboard-diagram-disabled">
-    <?= /* @escapeNotVerified */ __('Chart is disabled. To enable the chart, click <a href="%1">here</a>.', $block->getConfigUrl()) ?>
+    <?= /* @noEscape */ __('Chart is disabled. To enable the chart, click <a href="%1">here</a>.', $block->escapeUrl($block->getConfigUrl())) ?>
 </div>

app/code/Magento/Backend/view/adminhtml/templates/dashboard/grid.phtml

@@ -3,90 +3,87 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
-
-// @codingStandardsIgnoreFile
-
 ?>
 <?php
 
-$numColumns = sizeof($block->getColumns());
+$numColumns = count($block->getColumns());
 ?>
-<?php if ($block->getCollection()): ?>
+<?php if ($block->getCollection()) : ?>
 <div class="dashboard-item-content">
-    <?php if ($block->getCollection()->getSize()>0): ?>
-        <table class="admin__table-primary dashboard-data" id="<?= /* @escapeNotVerified */ $block->getId() ?>_table">
+    <?php if ($block->getCollection()->getSize() > 0) : ?>
+        <table class="admin__table-primary dashboard-data" id="<?= $block->escapeHtmlAttr($block->getId()) ?>_table">
             <?php
             /* This part is commented to remove all <col> tags from the code. */
             /* foreach ($block->getColumns() as $_column): ?>
             <col <?= $_column->getHtmlProperty() ?> />
             <?php endforeach; */ ?>
-            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()): ?>
+            <?php if ($block->getHeadersVisibility() || $block->getFilterVisibility()) : ?>
                 <thead>
-                <?php if ($block->getHeadersVisibility()): ?>
+                <?php if ($block->getHeadersVisibility()) : ?>
                     <tr>
-                        <?php foreach ($block->getColumns() as $_column): ?>
+                        <?php foreach ($block->getColumns() as $_column) : ?>
                             <?= $_column->getHeaderHtml() ?>
                         <?php endforeach; ?>
                     </tr>
                 <?php endif; ?>
                 </thead>
             <?php endif; ?>
-            <?php if (!$block->getIsCollapsed()): ?>
+            <?php if (!$block->getIsCollapsed()) : ?>
                 <tbody>
-                <?php foreach ($block->getCollection() as $_index => $_item): ?>
-                    <tr title="<?= /* @escapeNotVerified */ $block->getRowUrl($_item) ?>">
-                    <?php $i = 0; foreach ($block->getColumns() as $_column): ?>
-                        <td class="<?= /* @escapeNotVerified */ $_column->getCssProperty() ?> <?= ++$i == $numColumns ? 'last' : '' ?>"><?= (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
+                <?php foreach ($block->getCollection() as $_index => $_item) : ?>
+                    <tr title="<?= $block->escapeHtmlAttr($block->getRowUrl($_item)) ?>">
+                    <?php $i = 0; foreach ($block->getColumns() as $_column) : ?>
+                        <td class="<?= $block->escapeHtmlAttr($_column->getCssProperty()) ?> <?= /* @noEscape */ ++$i == $numColumns ? 'last' : '' ?>"><?= /* @noEscape */ (($_html = $_column->getRowField($_item)) != '' ? $_html : '&nbsp;') ?></td>
                     <?php endforeach; ?>
                     </tr>
                 <?php endforeach; ?>
                 </tbody>
             <?php endif; ?>
         </table>
-    <?php else: ?>
-        <div class="<?= /* @escapeNotVerified */ $block->getEmptyTextClass() ?>"><?= /* @escapeNotVerified */ $block->getEmptyText() ?></div>
+    <?php else : ?>
+        <div class="<?= $block->escapeHtmlAttr($block->getEmptyTextClass()) ?>"><?= $block->escapeHtml($block->getEmptyText()) ?></div>
     <?php endif; ?>
 </div>
-<?php if ($block->canDisplayContainer()): ?>
+    <?php if ($block->canDisplayContainer()) : ?>
 <script>
 var deps = [];
 
-<?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
 deps.push('uiRegistry');
-<?php endif; ?>
+        <?php endif; ?>
 
-<?php if (strpos($block->getRowClickCallback(), 'order.') !== false): ?>
+        <?php if (strpos($block->getRowClickCallback(), 'order.') !== false) : ?>
 deps.push('Magento_Sales/order/create/form');
-<?php endif; ?>
+        <?php endif; ?>
 
 deps.push('mage/adminhtml/grid');
 
 require(deps, function(<?= ($block->getDependencyJsObject() ? 'registry' : '') ?>){
-    <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
+        <?php //TODO: getJsObjectName and getRowClickCallback has unexpected behavior. Should be removed ?>
 
-    <?php if ($block->getDependencyJsObject()): ?>
-        registry.get('<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>', function (<?= /* @escapeNotVerified */ $block->getDependencyJsObject() ?>) {
-    <?php endif; ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
+        registry.get('<?= $block->escapeJs($block->getDependencyJsObject()) ?>', function (<?= $block->escapeJs($block->getDependencyJsObject()) ?>) {
+        <?php endif; ?>
 
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?> = new varienGrid('<?= /* @escapeNotVerified */ $block->getId() ?>', '<?= /* @escapeNotVerified */ $block->getGridUrl() ?>', '<?= /* @escapeNotVerified */ $block->getVarNamePage() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameSort() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameDir() ?>', '<?= /* @escapeNotVerified */ $block->getVarNameFilter() ?>');
-    <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.useAjax = '<?= /* @escapeNotVerified */ $block->getUseAjax() ?>';
-    <?php if ($block->getRowClickCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rowClickCallback = <?= /* @escapeNotVerified */ $block->getRowClickCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getCheckboxCheckCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.checkboxCheckCallback = <?= /* @escapeNotVerified */ $block->getCheckboxCheckCallback() ?>;
-    <?php endif; ?>
-    <?php if ($block->getRowInitCallback()): ?>
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.initRowCallback = <?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>;
-        <?= /* @escapeNotVerified */ $block->getJsObjectName() ?>.rows.each(function(row){<?= /* @escapeNotVerified */ $block->getRowInitCallback() ?>(<?= /* @escapeNotVerified */ $block->getJsObjectName() ?>, row)});
-    <?php endif; ?>
-    <?php if ($block->getMassactionBlock()->isAvailable()): ?>
-    <?= /* @escapeNotVerified */ $block->getMassactionBlock()->getJavaScript() ?>
-    <?php endif ?>
+        <?= $block->escapeJs($block->getJsObjectName()) ?> = new varienGrid('<?= $block->escapeJs($block->getId()) ?>', '<?= $block->escapeJs($block->getGridUrl()) ?>', '<?= $block->escapeJs($block->getVarNamePage()) ?>', '<?= $block->escapeJs($block->getVarNameSort()) ?>', '<?= $block->escapeJs($block->getVarNameDir()) ?>', '<?= $block->escapeJs($block->getVarNameFilter()) ?>');
+        <?= $block->escapeJs($block->getJsObjectName()) ?>.useAjax = '<?= $block->escapeJs($block->getUseAjax()) ?>';
+        <?php if ($block->getRowClickCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.rowClickCallback = <?= /* @noEscape */ $block->getRowClickCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getCheckboxCheckCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.checkboxCheckCallback = <?= /* @noEscape */ $block->getCheckboxCheckCallback() ?>;
+        <?php endif; ?>
+        <?php if ($block->getRowInitCallback()) : ?>
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.initRowCallback = <?= /* @noEscape */ $block->getRowInitCallback() ?>;
+            <?= $block->escapeJs($block->getJsObjectName()) ?>.rows.each(function(row){<?= /* @noEscape */ $block->getRowInitCallback() ?>(<?= $block->escapeJs($block->getJsObjectName()) ?>, row)});
+        <?php endif; ?>
+        <?php if ($block->getMassactionBlock()->isAvailable()) : ?>
+            <?= /* @noEscape */ $block->getMassactionBlock()->getJavaScript() ?>
+        <?php endif ?>
 
-    <?php if ($block->getDependencyJsObject()): ?>
+        <?php if ($block->getDependencyJsObject()) : ?>
     });
-    <?php endif; ?>
+        <?php endif; ?>
 
 });
 </script>