Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Technical review issues #2

Open
wants to merge 11 commits into
base: master
Choose a base branch
from
Open

Technical review issues #2

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
92399db
update coding standard and phpcs
eug-L Sep 30, 2024
69357a7
add escaper and remove deprecated `escapeHtml` & `escapeJs`
eug-L Oct 24, 2024
add5d6f
add db_schema for table setup
eug-L Oct 24, 2024
c18243e
update db_schema and add data patch
eug-L Oct 30, 2024
48dfc25
fix parse_url warning
eug-L Oct 30, 2024
bdc341d
fix lint issues for data patch
eug-L Oct 30, 2024
c4c5b2a
update db schema data types & use escapeUrl
eug-L Oct 30, 2024
2455124
set escaper scope to protected
eug-L Oct 30, 2024
e55aee6
use `escapeUrl` for page Id and widget Id
eug-L Oct 30, 2024
c5a01c2
fix db schema type text no length
eug-L Nov 19, 2024
5adea92
use `$escaper` local variable in phtml
eug-L Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .php-version
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
8.2.20
4 changes: 1 addition & 3 deletions .phpcs.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
<exclude-pattern>vendor</exclude-pattern>
<exclude-pattern>node_modules</exclude-pattern>
<exclude-pattern>registration.php</exclude-pattern>
<exclude-pattern>tmp</exclude-pattern>

<arg value="ps"/>
<arg name="colors"/>
Expand All @@ -14,9 +15,6 @@

<rule ref="Magento2">
<exclude name="PSR12.Properties.ConstantVisibility.NotFound" />

<!-- TODO: Upgrade obsolete migration scripts to Declarative Schema and Data Patches -->
<exclude name="Magento2.Legacy.InstallUpgrade" />
</rule>
<rule ref="PHPCompatibility"/>
</ruleset>
38 changes: 36 additions & 2 deletions Block/Adminhtml/SelectWidgetBlock.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

namespace Tawk\Widget\Block\Adminhtml;

use Magento\Framework\Escaper;
use Magento\Backend\Block\Template;
use Tawk\Widget\Model\WidgetFactory;

Expand Down Expand Up @@ -51,19 +52,32 @@ class SelectWidgetBlock extends Template
*/
private static $validPatternList;

/**
* Escaper instance
*
* @var Escaper $escaper
*/
protected $escaper;

/**
* Constructor
*
* @param Template\Context $context Template context
* @param WidgetFactory $modelFactory Tawk.to Widget Model instance
* @param Escaper $escaper Escaper instance
* @param array $data Template data
*/
public function __construct(Template\Context $context, WidgetFactory $modelFactory, array $data = [])
{
public function __construct(
Template\Context $context,
WidgetFactory $modelFactory,
Escaper $escaper,
array $data = []
) {
parent::__construct($context, $data);
$this->logger = $context->getLogger();
$this->modelWidgetFactory = $modelFactory;
$this->request = $context->getRequest();
$this->escaper = $escaper;
}

/**
Expand Down Expand Up @@ -256,4 +270,24 @@ private function getCurrentValuesFor($id)

return [];
}

/**
* Escapes URL
*
* @param string $url URL to escape
*/
public function escaperEscapeUrl($url)
{
return $this->escaper->escapeUrl($url);
}

/**
* Escapes JavaScript
*
* @param string $js JavaScript to escape
*/
public function escaperEscapeJs($js)
{
return $this->escaper->escapeJs($js);
}
}
35 changes: 33 additions & 2 deletions Block/Embed.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
namespace Tawk\Widget\Block;

use Magento\Framework\View\Element\Template;
use Magento\Framework\Escaper;
eug-L marked this conversation as resolved.
Show resolved Hide resolved
use Magento\Customer\Model\SessionFactory;

use Tawk\Modules\UrlPatternMatcher;
Expand Down Expand Up @@ -68,18 +69,27 @@ class Embed extends Template
*/
protected $modelSessionFactory;

/**
* Escaper instance
*
* @var Escaper $escaper
*/
protected $escaper;

/**
* Constructor
*
* @param SessionFactory $sessionFactory Session Factory instance
* @param WidgetFactory $modelFactory Tawk.to Widget Model instance
* @param Template\Context $context Template Context
* @param Escaper $escaper Escaper instance
* @param array $data Template data
*/
public function __construct(
SessionFactory $sessionFactory,
WidgetFactory $modelFactory,
Template\Context $context,
Escaper $escaper,
array $data = []
) {
parent::__construct($context, $data);
Expand All @@ -89,6 +99,7 @@ public function __construct(
$this->model = $this->getWidgetModel();
$this->request = $context->getRequest();
$this->modelSessionFactory = $sessionFactory->create();
$this->escaper = $escaper;
}

/**
Expand All @@ -99,8 +110,8 @@ public function __construct(
public function getEmbedUrl()
{
return 'https://embed.tawk.to'.
'/'.htmlspecialchars($this->model->getPageId()).
'/'.htmlspecialchars($this->model->getWidgetId());
'/'.$this->escaper->escapeUrl($this->model->getPageId()).
'/'.$this->escaper->escapeUrl($this->model->getWidgetId());
eug-L marked this conversation as resolved.
Show resolved Hide resolved
}

/**
Expand Down Expand Up @@ -227,4 +238,24 @@ protected function _toHtml()
return '';
}
}

/**
* Escapes URL
*
* @param string $url URL to escape
*/
public function escaperEscapeUrl($url)
{
return $this->escaper->escapeUrl($url);
}

/**
* Escapes JavaScript
*
* @param string $js JavaScript to escape
*/
public function escaperEscapeJs($js)
{
return $this->escaper->escapeJs($js);
}
eug-L marked this conversation as resolved.
Show resolved Hide resolved
}
103 changes: 0 additions & 103 deletions Setup/InstallSchema.php
View file
Open in desktop

This file was deleted.

Loading