Skip to content

Commit

Permalink
Merge pull request #615 from magento-dragons/S75
Browse files Browse the repository at this point in the history 
[DRAGONS] S75
  • Loading branch information
Kasian,Andrii(akasian) committed Sep 22, 2015
2 parents cae6f5f + 0370613 commit 4df90a4
Show file tree
Hide file tree
Showing 31 changed files with 388 additions and 137 deletions.
2 changes: 1 addition & 1 deletion app/code/Magento/Backend/Block/Widget/Grid.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -760,7 +760,7 @@ public function setSaveParametersInSession($flag)
*/
public function getJsObjectName()
{
return $this->getId() . 'JsObject';
return preg_replace("~[^a-z0-9_]*~i", '', $this->getId()) . 'JsObject';
}

/**
Expand Down
6 changes: 3 additions & 3 deletions app/code/Magento/Backend/Block/Widget/Grid/Column/Filter/AbstractFilter.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public function getColumn()
*/
protected function _getHtmlName()
{
return $this->getColumn()->getId();
return $this->escapeHtml($this->getColumn()->getId());
}

/**
Expand All @@ -77,7 +77,7 @@ protected function _getHtmlName()
*/
protected function _getHtmlId()
{
return $this->getColumn()->getHtmlId();
return $this->escapeHtml($this->getColumn()->getHtmlId());
}

/**
Expand All @@ -88,7 +88,7 @@ protected function _getHtmlId()
*/
public function getEscapedValue($index = null)
{
return htmlspecialchars((string)$this->getValue($index));
return $this->escapeHtml((string)$this->getValue($index));
}

/**
Expand Down
68 changes: 68 additions & 0 deletions app/code/Magento/Backend/Test/Unit/Block/Widget/Grid/Column/Filter/TextTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/

namespace Magento\Backend\Test\Unit\Block\Widget\Grid\Column\Filter;

use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;

class TextTest extends \PHPUnit_Framework_TestCase
{
/** @var \Magento\Backend\Block\Widget\Grid\Column\Filter\Text*/
protected $block;

/** @var ObjectManagerHelper */
protected $objectManagerHelper;

/** @var \Magento\Backend\Block\Context|\PHPUnit_Framework_MockObject_MockObject */
protected $context;

/** @var \Magento\Framework\DB\Helper|\PHPUnit_Framework_MockObject_MockObject */
protected $helper;

/** @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject */
protected $escaper;

protected function setUp()
{
$this->context = $this->getMockBuilder('Magento\Backend\Block\Context')
->setMethods(['getEscaper'])
->disableOriginalConstructor()
->getMock();
$this->escaper = $this->getMock('Magento\Framework\Escaper', ['escapeHtml'], [], '', false);
$this->helper = $this->getMock('Magento\Framework\DB\Helper', [], [], '', false);

$this->context->expects($this->once())->method('getEscaper')->willReturn($this->escaper);

$this->objectManagerHelper = new ObjectManagerHelper($this);
$this->block = $this->objectManagerHelper->getObject(
'Magento\Backend\Block\Widget\Grid\Column\Filter\Text',
[
'context' => $this->context,
'resourceHelper' => $this->helper
]
);
}

public function testGetHtml()
{
$resultHtml = '<input type="text" name="escapedHtml" ' .
'id="escapedHtml" value="escapedHtml" ' .
'class="input-text admin__control-text no-changes" data-ui-id="filter-escapedhtml" />';

$column = $this->getMockBuilder('Magento\Backend\Block\Widget\Grid\Column')
->setMethods(['getId', 'getHtmlId'])
->disableOriginalConstructor()
->getMock();

$this->block->setColumn($column);

$this->escaper->expects($this->any())->method('escapeHtml')->willReturn('escapedHtml');
$column->expects($this->any())->method('getId')->willReturn('id');
$column->expects($this->once())->method('getHtmlId')->willReturn('htmlId');

$this->assertEquals($resultHtml, $this->block->getHtml());
}
}
20 changes: 10 additions & 10 deletions app/code/Magento/Backend/view/adminhtml/templates/widget/grid.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ $numColumns = sizeof($block->getColumns());
<?php if ($block->getCollection()): ?>

<?php if ($block->canDisplayContainer()): ?>
<div id="<?php /* @escapeNotVerified */ echo $block->getId() ?>" data-grid-id="<?php /* @escapeNotVerified */ echo $block->getId() ?>">
<div id="<?php echo $block->escapeHtml($block->getId()) ?>" data-grid-id="<?php echo $block->escapeHtml($block->getId()) ?>">
<?php else: ?>
<?php echo $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
<?php endif; ?>
Expand All @@ -50,17 +50,17 @@ $numColumns = sizeof($block->getColumns());
<?php endif; ?>
<?php $countRecords = $block->getCollection()->getSize(); ?>
<div class="admin__control-support-text">
<span id="<?php echo $block->getHtmlId() ?>-total-count" <?php /* @escapeNotVerified */ echo $block->getUiId('total-count') ?>>
<span id="<?php echo $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?php /* @escapeNotVerified */ echo $block->getUiId('total-count') ?>>
<?php /* @escapeNotVerified */ echo $countRecords ?>
</span>
<?php /* @escapeNotVerified */ echo __('records found') ?>
<span id="<?php echo $block->getHtmlId() ?>_massaction-count"
<span id="<?php echo $block->escapeHtml($block->getHtmlId()) ?>_massaction-count"
class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?php /* @escapeNotVerified */ echo __('selected') ?></span></span>
</div>
<?php if ($block->getPagerVisibility()): ?>
<div class="admin__data-grid-pager-wrap">
<select name="<?php /* @escapeNotVerified */ echo $block->getVarNameLimit() ?>"
id="<?php echo $block->getHtmlId()?>_page-limit"
id="<?php echo $block->escapeHtml($block->getHtmlId())?>_page-limit"
onchange="<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.loadByElement(this)" <?php /* @escapeNotVerified */ echo $block->getUiId('per-page') ?>
class="admin__control-select">
<option value="20"<?php if ($block->getCollection()->getPageSize() == 20): ?>
Expand All @@ -79,7 +79,7 @@ $numColumns = sizeof($block->getColumns());
selected="selected"<?php endif; ?>>200
</option>
</select>
<label for="<?php echo $block->getHtmlId()?>_page-limit"
<label for="<?php echo $block->escapeHtml($block->getHtmlId())?>_page-limit"
class="admin__control-support-text"><?php /* @escapeNotVerified */ echo __('per page') ?></label>
<div class="admin__data-grid-pager">
<?php $_curPage = $block->getCollection()->getCurPage() ?>
Expand All @@ -96,13 +96,13 @@ $numColumns = sizeof($block->getColumns());
<?php endif; ?>

<input type="text"
id="<?php echo $block->getHtmlId()?>_page-current"
id="<?php echo $block->escapeHtml($block->getHtmlId())?>_page-current"
name="<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>"
value="<?php /* @escapeNotVerified */ echo $_curPage ?>"
class="admin__control-text"
onkeypress="<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.inputPage(event, '<?php /* @escapeNotVerified */ echo $_lastPage ?>')" <?php /* @escapeNotVerified */ echo $block->getUiId('current-page') ?> />

<label class="admin__control-support-text" for="<?php echo $block->getHtmlId()
<label class="admin__control-support-text" for="<?php echo $block->escapeHtml($block->getHtmlId())
?>_page-current">
<?php /* @escapeNotVerified */ echo __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
</label>
Expand All @@ -122,13 +122,13 @@ $numColumns = sizeof($block->getColumns());
</div>
<div class="admin__data-grid-wrap admin__data-grid-wrap-static">
<?php if ($block->getGridCssClass()): ?>
<table class="<?php /* @escapeNotVerified */ echo $block->getGridCssClass() ?> data-grid" id="<?php /* @escapeNotVerified */ echo $block->getId() ?>_table">
<table class="<?php /* @escapeNotVerified */ echo $block->getGridCssClass() ?> data-grid" id="<?php echo $block->escapeHtml($block->getId()) ?>_table">
<!-- Rendering column set -->
<?php echo $block->getChildHtml('grid.columnSet'); ?>
</table>
<?php else: ?>

<table class="data-grid" id="<?php /* @escapeNotVerified */ echo $block->getId() ?>_table">
<table class="data-grid" id="<?php echo $block->escapeHtml($block->getId()) ?>_table">
<!-- Rendering column set -->
<?php echo $block->getChildHtml('grid.columnSet'); ?>
</table>
Expand Down Expand Up @@ -161,7 +161,7 @@ $numColumns = sizeof($block->getColumns());
registry.get('<?php /* @escapeNotVerified */ echo $block->getDependencyJsObject() ?>', function (<?php /* @escapeNotVerified */ echo $block->getDependencyJsObject() ?>) {
<?php endif; ?>

<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?> = new varienGrid('<?php /* @escapeNotVerified */ echo $block->getId() ?>', '<?php /* @escapeNotVerified */ echo $block->getGridUrl() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameSort() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameDir() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameFilter() ?>');
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?> = new varienGrid('<?php echo $block->escapeHtml($block->getId()) ?>', '<?php /* @escapeNotVerified */ echo $block->getGridUrl() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameSort() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameDir() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameFilter() ?>');
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.useAjax = <?php /* @escapeNotVerified */ echo $block->getUseAjax() ? 'true' : 'false' ?>;
<?php if ($block->getRowClickCallback()): ?>
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.rowClickCallback = <?php /* @escapeNotVerified */ echo $block->getRowClickCallback() ?>;
Expand Down
22 changes: 11 additions & 11 deletions app/code/Magento/Backend/view/adminhtml/templates/widget/grid/extended.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ $numColumns = sizeof($block->getColumns());
<?php if ($block->getCollection()): ?>
<?php if ($block->canDisplayContainer()): ?>

<div id="<?php /* @escapeNotVerified */ echo $block->getId() ?>" data-grid-id="<?php /* @escapeNotVerified */ echo $block->getId() ?>">
<div id="<?php echo $block->escapeHtml($block->getId()) ?>" data-grid-id="<?php echo $block->escapeHtml($block->getId()) ?>">
<?php else: ?>
<?php echo $block->getLayout()->getMessagesBlock()->getGroupedHtml() ?>
<?php endif; ?>
Expand All @@ -41,8 +41,8 @@ $numColumns = sizeof($block->getColumns());
<div class="admin__data-grid-export">
<label
class="admin__control-support-text"
for="<?php /* @escapeNotVerified */ echo $block->getId() ?>_export"><?php /* @escapeNotVerified */ echo __('Export to:') ?></label>
<select name="<?php /* @escapeNotVerified */ echo $block->getId() ?>_export" id="<?php /* @escapeNotVerified */ echo $block->getId() ?>_export"
for="<?php echo $block->escapeHtml($block->getId()) ?>_export"><?php /* @escapeNotVerified */ echo __('Export to:') ?></label>
<select name="<?php echo $block->escapeHtml($block->getId()) ?>_export" id="<?php echo $block->escapeHtml($block->getId()) ?>_export"
class="admin__control-select">
<?php foreach ($block->getExportTypes() as $_type): ?>
<option value="<?php /* @escapeNotVerified */ echo $_type->getUrl() ?>"><?php /* @escapeNotVerified */ echo $_type->getLabel() ?></option>
Expand All @@ -61,18 +61,18 @@ $numColumns = sizeof($block->getColumns());
<?php endif; ?>
<?php $countRecords = $block->getCollection()->getSize(); ?>
<div class="admin__control-support-text">
<span id="<?php echo $block->getHtmlId() ?>-total-count" <?php /* @escapeNotVerified */ echo $block->getUiId('total-count') ?>>
<span id="<?php echo $block->escapeHtml($block->getHtmlId()) ?>-total-count" <?php /* @escapeNotVerified */ echo $block->getUiId('total-count') ?>>
<?php /* @escapeNotVerified */ echo $countRecords ?>
</span>
<?php /* @escapeNotVerified */ echo __('records found') ?>
<span id="<?php echo $block->getHtmlId() ?>_massaction-count"
<span id="<?php echo $block->escapeHtml($block->getHtmlId()) ?>_massaction-count"
class="mass-select-info _empty"><strong data-role="counter">0</strong> <span><?php /* @escapeNotVerified */ echo __('selected') ?></span></span>
</div>

<?php if ($block->getPagerVisibility()): ?>
<div class="admin__data-grid-pager-wrap">
<select name="<?php /* @escapeNotVerified */ echo $block->getVarNameLimit() ?>"
id="<?php echo $block->getHtmlId()?>_page-limit"
id="<?php echo $block->escapeHTML($block->getHtmlId())?>_page-limit"
onchange="<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.loadByElement(this)"
class="admin__control-select">
<option value="20"<?php if ($block->getCollection()->getPageSize() == 20): ?>
Expand All @@ -91,7 +91,7 @@ $numColumns = sizeof($block->getColumns());
selected="selected"<?php endif; ?>>200
</option>
</select>
<label for="<?php echo $block->getHtmlId()?><?php echo $block->getHtmlId()?>_page-limit"
<label for="<?php echo $block->escapeHTML($block->getHtmlId())?><?php echo $block->escapeHTML($block->getHtmlId())?>_page-limit"
class="admin__control-support-text"><?php /* @escapeNotVerified */ echo __('per page') ?></label>

<div class="admin__data-grid-pager">
Expand All @@ -107,12 +107,12 @@ $numColumns = sizeof($block->getColumns());
<button type="button" class="action-previous disabled"><span><?php /* @escapeNotVerified */ echo __('Previous page') ?></span></button>
<?php endif; ?>
<input type="text"
id="<?php echo $block->getHtmlId()?>_page-current"
id="<?php echo $block->escapeHTML($block->getHtmlId())?>_page-current"
name="<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>"
value="<?php /* @escapeNotVerified */ echo $_curPage ?>"
class="admin__control-text"
onkeypress="<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.inputPage(event, '<?php /* @escapeNotVerified */ echo $_lastPage ?>')" <?php /* @escapeNotVerified */ echo $block->getUiId('current-page') ?> />
<label class="admin__control-support-text" for="<?php echo $block->getHtmlId()?>_page-current">
<label class="admin__control-support-text" for="<?php echo $block->escapeHTML($block->getHtmlId())?>_page-current">
<?php /* @escapeNotVerified */ echo __('of %1', '<span>' . $block->getCollection()->getLastPageNumber() . '</span>') ?>
</label>
<?php if ($_curPage < $_lastPage): ?>
Expand All @@ -133,7 +133,7 @@ $numColumns = sizeof($block->getColumns());
<?php endif; ?>

<div class="admin__data-grid-wrap admin__data-grid-wrap-static">
<table class="data-grid" id="<?php /* @escapeNotVerified */ echo $block->getId() ?>_table">
<table class="data-grid" id="<?php echo $block->escapeHtml($block->getId()) ?>_table">
<?php
/* This part is commented to remove all <col> tags from the code. */
/* foreach ($block->getColumns() as $_column): ?>
Expand Down Expand Up @@ -263,7 +263,7 @@ $numColumns = sizeof($block->getColumns());
registry.get('<?php /* @escapeNotVerified */ echo $block->getDependencyJsObject() ?>', function (<?php /* @escapeNotVerified */ echo $block->getDependencyJsObject() ?>) {
<?php endif; ?>

<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?> = new varienGrid('<?php /* @escapeNotVerified */ echo $block->getId() ?>', '<?php /* @escapeNotVerified */ echo $block->getGridUrl() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameSort() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameDir() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameFilter() ?>');
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?> = new varienGrid(<?php /* @noEscape */ echo $this->helper('Magento\Framework\Json\Helper\Data')->jsonEncode($block->getId()) ?>, '<?php /* @escapeNotVerified */ echo $block->getGridUrl() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNamePage() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameSort() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameDir() ?>', '<?php /* @escapeNotVerified */ echo $block->getVarNameFilter() ?>');
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.useAjax = '<?php /* @escapeNotVerified */ echo $block->getUseAjax() ?>';
<?php if ($block->getRowClickCallback()): ?>
<?php /* @escapeNotVerified */ echo $block->getJsObjectName() ?>.rowClickCallback = <?php /* @escapeNotVerified */ echo $block->getRowClickCallback() ?>;
Expand Down
9 changes: 6 additions & 3 deletions app/code/Magento/Bundle/Controller/Adminhtml/Bundle/Selection/Grid.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,13 +13,16 @@ class Grid extends \Magento\Backend\App\Action
*/
public function execute()
{
$index = $this->getRequest()->getParam('index');
if (!preg_match('/^[a-z0-9_.]*$/i', $index)) {
throw new \InvalidArgumentException('Invalid parameter "index"');
}

return $this->getResponse()->setBody(
$this->_view->getLayout()->createBlock(
'Magento\Bundle\Block\Adminhtml\Catalog\Product\Edit\Tab\Bundle\Option\Search\Grid',
'adminhtml.catalog.product.edit.tab.bundle.option.search.grid'
)->setIndex(
$this->getRequest()->getParam('index')
)->toHtml()
)->setIndex($index)->toHtml()
);
}
}
11 changes: 11 additions & 0 deletions app/code/Magento/Bundle/Test/Unit/Controller/Adminhtml/Bundle/Selection/GridTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,4 +90,15 @@ public function testExecute()

$this->assertEquals($this->response, $this->controller->execute());
}

/**
* @expectedException \InvalidArgumentException
* @expectedExceptionMessage Invalid parameter "index"
*/
public function testExecuteWithException()
{
$this->request->expects($this->once())->method('getParam')->with('index')->willReturn('<index"');

$this->controller->execute();
}
}
Loading

0 comments on commit 4df90a4

Please sign in to comment.