Merge branch 'AC-12789' into cia-2.4.8-beta2-develop-bugfix-10072024

pawan-adobe-security · pawan-adobe-security · commit 1b9c883067a8 · 2024-10-07T11:22:16.000+05:30
diff --git a/app/code/Magento/Downloadable/view/adminhtml/templates/sales/items/column/downloadable/name.phtml b/app/code/Magento/Downloadable/view/adminhtml/templates/sales/items/column/downloadable/name.phtml
@@ -10,27 +10,28 @@
 
 <?php
 /** @var \Magento\Catalog\Helper\Data  $catalogHelper */
+/** @var \Magento\Framework\Escaper $escaper */
 $catalogHelper = $block->getData('catalogHelper');
 if ($_item = $block->getItem()): ?>
-    <div class="product-title"><?= $block->escapeHtml($_item->getName()) ?></div>
+    <div class="product-title"><?= $escaper->escapeHtml($_item->getName()) ?></div>
     <div class="product-sku-block">
-        <span><?= $block->escapeHtml(__('SKU')) ?>:</span>
-        <?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($block->getSku())) ?>
+        <span><?= $escaper->escapeHtml(__('SKU')) ?>:</span>
+        <?= /* @noEscape */ implode('<br />', $catalogHelper->splitSku($escaper->escapeHtml($block->getSku()))) ?>
     </div>
     <?php if ($block->getOrderOptions()): ?>
         <dl class="item-options">
         <?php foreach ($block->getOrderOptions() as $_option): ?>
-            <dt><?= $block->escapeHtml($_option['label']) ?>:</dt>
+            <dt><?= $escaper->escapeHtml($_option['label']) ?>:</dt>
             <dd>
             <?php if (isset($_option['custom_view']) && $_option['custom_view']): ?>
-                <?= $block->escapeHtml($_option['value']) ?>
+                <?= $escaper->escapeHtml($_option['value']) ?>
             <?php else: ?>
-                <?= $block->escapeHtml($block->truncateString($_option['value'], 55, '', $_remainder)) ?>
+                <?= $escaper->escapeHtml($block->truncateString($_option['value'], 55, '', $_remainder)) ?>
                 <?php if ($_remainder):?>
-                    ... <span id="<?= $block->escapeHtmlAttr($_id = 'id' . uniqid()) ?>">
-                        <?= $block->escapeHtml($_remainder) ?>
+                    ... <span id="<?= $escaper->escapeHtmlAttr($_id = 'id' . uniqid()) ?>">
+                        <?= $escaper->escapeHtml($_remainder) ?>
                     </span>
-                    <?php $escapedId = /* @noEscape */ $block->escapeJs($_id);
+                    <?php $escapedId = /* @noEscape */ $escaper->escapeJs($_id);
                     $scriptString = <<<script
                         require(['prototype'], function(){
                             $('{$escapedId}').hide();
@@ -48,14 +49,14 @@ script;
     <?php endif; ?>
     <?php if ($block->getLinks()): ?>
         <dl class="item-options">
-            <dt><?= $block->escapeHtml($block->getLinksTitle()) ?>:</dt>
+            <dt><?= $escaper->escapeHtml($block->getLinksTitle()) ?>:</dt>
             <?php foreach ($block->getLinks()->getPurchasedItems() as $_link): ?>
-                <dd><?= $block->escapeHtml($_link->getLinkTitle()) ?>
-                    (<?= $block->escapeHtml($_link->getNumberOfDownloadsUsed() . ' / ' .
+                <dd><?= $escaper->escapeHtml($_link->getLinkTitle()) ?>
+                    (<?= $escaper->escapeHtml($_link->getNumberOfDownloadsUsed() . ' / ' .
                         ($_link->getNumberOfDownloadsBought() ? $_link->getNumberOfDownloadsBought() : __('U'))) ?>)
                 </dd>
             <?php endforeach; ?>
         </dl>
     <?php endif; ?>
-    <?= $block->escapeHtml($_item->getDescription()) ?>
+    <?= $escaper->escapeHtml($_item->getDescription()) ?>
 <?php endif; ?>
