Skip to content

Commit 1a6e44e

Browse files
candemiralpkhushboo-singhvi
candemiralp
and
khushboo-singhvi
authored
[EPC-9644] Implement secure inline-script renderer to MOTO and Pay by Link views (#2929)
* [EPC-9644] Implement secure renderer for inline-scripts of admin order payment method * [EPC-9644] Remove unnecessary variable for the payment method code --------- Co-authored-by: Khushboo <khushboo.singhvi@adyen.com>
1 parent 44670b2 commit 1a6e44e

File tree

2 files changed

+42
-24
lines changed

2 files changed

+42
-24
lines changed

view/adminhtml/templates/form/moto.phtml

Lines changed: 29 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@
1313
/**
1414
* @var \Adyen\Payment\Block\Form\Moto $block
1515
*/
16-
$code = $block->escapeHtml($block->getMethodCode());
1716
$ccType = $block->getInfoData('cc_type');
1817
$ccExpMonth = $block->getInfoData('cc_exp_month');
1918
$ccExpYear = $block->getInfoData('cc_exp_year');
@@ -22,20 +21,20 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
2221
?>
2322

2423
<fieldset class="admin__fieldset payment-method"
25-
id="payment_form_<?= /* @noEscape */ $code; ?>"
24+
id="payment_form_adyen_moto"
2625
style="display:none">
2726

28-
<input name="payment[stateData]" id="<?= /* @noEscape */ $code; ?>-statedata" type="hidden">
29-
<input name="payment[motoMerchantAccount]" id="<?= /* @noEscape */ $code; ?>-merchant-account" type="hidden">
27+
<input name="payment[stateData]" id="adyen_moto-statedata" type="hidden">
28+
<input name="payment[motoMerchantAccount]" id="adyen_moto-merchant-account" type="hidden">
3029

31-
<label for="<?= /* @noEscape */ $code; ?>_merchant_accounts" class="admin__field-label">
30+
<label for="adyen_moto_merchant_accounts" class="admin__field-label">
3231
<span>
3332
<?= $escaper->escapeHtml(__('MOTO Merchant Account')) ?>
3433
</span>
3534
</label>
3635
<?php if ($motoMerchantAccounts): ?>
3736
<div class="admin__field-control">
38-
<select id="<?= /* @noEscape */ $code; ?>_merchant_accounts" class="required-entry admin__control-select">
37+
<select id="adyen_moto_merchant_accounts" class="required-entry admin__control-select">
3938
<option value=""><?= $escaper->escapeHtml(__('Please select...')) ?></option>
4039
<?php foreach ($motoMerchantAccounts as $key => $value): ?>
4140
<option value="<?= $escaper->escapeHtmlAttr($key) ?>" data-adyen-client-key="<?= $escaper->escapeHtmlAttr($value['clientkey']) ?>"><?= $escaper->escapeHtml($key) ?></option>
@@ -47,9 +46,17 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
4746
<?= $escaper->escapeHtml(__('No Adyen MOTO merchant account found. Please configure MOTO merchant accounts in the plugin configuration page.')) ?>
4847
</p>
4948
<?php endif ?>
50-
<div id="cardContainer-<?= /* @noEscape */ $code; ?>" style=""></div>
49+
<div id="cardContainer-adyen_moto" style=""></div>
5150

52-
<script>
51+
<?php
52+
$availableCcTypesByAlt = json_encode($block->getCcAvailableTypesByAlt());
53+
$countryCode = $block->getCountryId();
54+
$environment = $block->getCheckoutEnvironment();
55+
$locale = $block->getLocale();
56+
$amount = $block->getAmount();
57+
$formattedInstallments = $block->getFormattedInstallments();
58+
59+
$scriptString = <<<script
5360
define(
5461
'renderCheckoutComponent',
5562
[
@@ -65,8 +72,8 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
6572
return card;
6673
},
6774
init: function (clientKey, amount, installmentAmounts) {
68-
(async function () { // RequireJS does not support async callback
69-
var ccTypes = <?= /* @noEscape */ json_encode($block->getCcAvailableTypesByAlt()); ?>;
75+
(async function () {
76+
var ccTypes = $availableCcTypesByAlt;
7077
7178
// Get cc type by adyen cc type
7279
var getCcCodeByAltCode = function (altCode) {
@@ -77,12 +84,12 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
7784
return "";
7885
}
7986
80-
var cardNode = document.getElementById("cardContainer-<?= /* @noEscape */ $code; ?>");
87+
var cardNode = document.getElementById("cardContainer-adyen_moto");
8188
8289
var checkout = await AdyenCheckout({
8390
clientKey: clientKey,
84-
environment: "<?= /* @noEscape */ $block->getCheckoutEnvironment(); ?>",
85-
locale: "<?= /* @noEscape */ $block->getLocale(); ?>",
91+
environment: "$environment",
92+
locale: "$locale",
8693
risk: {
8794
enabled: false
8895
},
@@ -99,7 +106,7 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
99106
amount: amount,
100107
onChange: function (state) {
101108
if (state.isValid) {
102-
$('#<?= /* @noEscape */ $code; ?>-statedata').val(JSON.stringify(state.data));
109+
$('#adyen_moto-statedata').val(JSON.stringify(state.data));
103110
}
104111
}
105112
});
@@ -123,13 +130,13 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
123130
'renderCheckoutComponent',
124131
],
125132
function ($, renderCheckoutComponent) {
126-
$("#<?= /* @noEscape */ $code; ?>_merchant_accounts").on("change", function () {
133+
$("#adyen_moto_merchant_accounts").on("change", function () {
127134
if (renderCheckoutComponent.status() !== null) {
128135
renderCheckoutComponent.unmount();
129136
}
130137
131-
let amount = <?= /* @noEscape */ $block->getAmount(); ?>;
132-
let installmentAmounts = <?= /* @noEscape */ $block->getFormattedInstallments(); ?>;
138+
let amount = $amount;
139+
let installmentAmounts = $formattedInstallments;
133140
134141
let clientKey = $(this).find("option:selected").attr('data-adyen-client-key');
135142
let merchantAccount = $(this).find("option:selected").val();
@@ -138,10 +145,13 @@ $motoMerchantAccounts = $block->getMotoMerchantAccounts();
138145
return;
139146
}
140147
141-
$("#<?= /* @noEscape */ $code; ?>-merchant-account").val(merchantAccount);
148+
$("#adyen_moto-merchant-account").val(merchantAccount);
142149
renderCheckoutComponent.init(clientKey, amount, installmentAmounts);
143150
});
144151
}
145152
);
146-
</script>
153+
script;
154+
?>
155+
156+
<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>
147157
</fieldset>

view/adminhtml/templates/form/pay_by_link.phtml

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -20,20 +20,28 @@ if (!isset($escaper)) {
2020
}
2121
?>
2222

23-
<script>
23+
<?php
24+
$minData = $escaper->escapeHtml($block->getMinExpiryTimestamp());
25+
$maxData = $escaper->escapeHtml($block->getMaxExpiryTimestamp());
26+
$defaultExpiry = $block->escapeJs($block->getDefaultExpiryDate());
27+
28+
$scriptString = <<<script
2429
require(["jquery", "mage/calendar"],
2530
function ($) {
2631
$("#adyen_pbl_expires_at").calendar({
2732
changeYear: true,
2833
changeMonth: true,
2934
buttonText: 'Select Expiry Date',
3035
dateFormat: 'dd-mm-yy',
31-
minDate: new Date(<?=$escaper->escapeHtml($block->getMinExpiryTimestamp())?>),
32-
maxDate: new Date(<?=$escaper->escapeHtml($block->getMaxExpiryTimestamp())?>)
33-
}).val('<?= $block->escapeJs($block->getDefaultExpiryDate()) ?>');
36+
minDate: new Date($minData),
37+
maxDate: new Date($maxData)
38+
}).val('$defaultExpiry');
3439
3540
});
36-
</script>
41+
script;
42+
?>
43+
44+
<?= /* @noEscape */ $secureRenderer->renderTag('script', [], $scriptString, false) ?>
3745

3846
<fieldset
3947
class="admin__fieldset payment-method"

0 commit comments

Comments
 (0)