magento
diff --git a/‎app/code/Magento/AdminNotification/Model/Feed.php
Lines changed: 20 additions & 7 deletions b/‎app/code/Magento/AdminNotification/Model/Feed.php
Lines changed: 20 additions & 7 deletions
diff --git a/‎app/code/Magento/Backend/Test/Mftf/Section/AdminHeaderSection.xml
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Backend/Test/Mftf/Section/AdminHeaderSection.xml
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Bundle/Test/Mftf/Test/AdminProductBundleCreationTest.xml
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Bundle/Test/Mftf/Test/AdminProductBundleCreationTest.xml
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Bundle/Test/Mftf/Test/StorefrontBundleProductDetailsTest.xml
Lines changed: 2 additions & 0 deletions b/‎app/code/Magento/Bundle/Test/Mftf/Test/StorefrontBundleProductDetailsTest.xml
Lines changed: 2 additions & 0 deletions
diff --git a/‎app/code/Magento/Bundle/view/frontend/templates/sales/order/creditmemo/items/renderer.phtml
Lines changed: 1 addition & 1 deletion b/‎app/code/Magento/Bundle/view/frontend/templates/sales/order/creditmemo/items/renderer.phtml
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
Lines changed: 45 additions & 1 deletion b/‎app/code/Magento/Catalog/Block/Adminhtml/Product/Edit.php
Lines changed: 45 additions & 1 deletion
diff --git a/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminFillProductAttributePropertiesActionGroup.xml
Lines changed: 18 additions & 0 deletions b/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminFillProductAttributePropertiesActionGroup.xml
Lines changed: 18 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenAttributeSetByNameActionGroup.xml
Lines changed: 17 additions & 0 deletions b/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenAttributeSetByNameActionGroup.xml
Lines changed: 17 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenAttributeSetGridPageActionGroup.xml
Lines changed: 14 additions & 0 deletions b/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenAttributeSetGridPageActionGroup.xml
Lines changed: 14 additions & 0 deletions
diff --git a/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenProductAttributePageActionGroup.xml
Lines changed: 14 additions & 0 deletions b/‎app/code/Magento/Catalog/Test/Mftf/ActionGroup/AdminOpenProductAttributePageActionGroup.xml
Lines changed: 14 additions & 0 deletions
@@ -5,6 +5,8 @@
  */
 namespace Magento\AdminNotification\Model;
 
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Config\ConfigOptionsListConstants;
 
 /**
@@ -25,6 +27,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +84,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,21 +98,26 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
-        $this->_backendConfig    = $backendConfig;
-        $this->_inboxFactory     = $inboxFactory;
-        $this->curlFactory       = $curlFactory;
+        $this->_backendConfig = $backendConfig;
+        $this->_inboxFactory = $inboxFactory;
+        $this->curlFactory = $curlFactory;
         $this->_deploymentConfig = $deploymentConfig;
-        $this->productMetadata   = $productMetadata;
-        $this->urlBuilder        = $urlBuilder;
+        $this->productMetadata = $productMetadata;
+        $this->urlBuilder = $urlBuilder;
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(
+            Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -252,6 +265,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }
@@ -13,5 +13,7 @@
         <element name="adminUserAccountText" type="text" selector=".page-header .admin-user-account-text" />
         <!-- Legacy heading section. Mostly used for admin 404 and 403 pages -->
         <element name="pageHeading" type="text" selector=".page-content .page-heading"/>
+        <!-- Used for page not found error -->
+        <element name="pageNotFoundTitle" type="text" selector=".page-title span"/>
     </section>
 </sections>
@@ -31,6 +31,8 @@
             <deleteData createDataKey="createPreReqCategory" stepKey="deletePreReqCategory"/>
             <deleteData createDataKey="simpleProduct1" stepKey="deleteSimpleProduct1"/>
             <deleteData createDataKey="simpleProduct2" stepKey="deleteSimpleProduct2"/>
+            <actionGroup ref="AdminOpenProductIndexPageActionGroup" stepKey="navigateToProductIndexPage"/>
+            <actionGroup ref="deleteProductsIfTheyExist" stepKey="deleteAllProducts"/>
             <actionGroup ref="logout" stepKey="logout"/>
         </after>
         <!-- go to bundle product creation page-->
 
@@ -32,6 +32,8 @@
             <deleteData createDataKey="createPreReqCategory" stepKey="deletePreReqCategory"/>
             <deleteData createDataKey="simpleProduct1" stepKey="deleteSimpleProduct1"/>
             <deleteData createDataKey="simpleProduct2" stepKey="deleteSimpleProduct2"/>
+            <actionGroup ref="AdminOpenProductIndexPageActionGroup" stepKey="navigateToProductIndexPage"/>
+            <actionGroup ref="deleteProductsIfTheyExist" stepKey="deleteAllProducts"/>
             <actionGroup ref="logout" stepKey="logout"/>
         </after>
         <!-- go to bundle product creation page-->
 
@@ -67,7 +67,7 @@
     </td>
     <td class="col discount" data-th="<?= $block->escapeHtml(__('Discount Amount')) ?>">
         <?php if ($block->canShowPriceInfo($_item)) : ?>
-            <?= $block->escapeHtml($block->getOrder()->formatPrice(-$_item->getDiscountAmount())) ?>
+            <?= $block->escapeHtml($block->getOrder()->formatPrice(-$_item->getDiscountAmount()), ['span']) ?>
         <?php else : ?>
             &nbsp;
         <?php endif; ?>
 
@@ -12,8 +12,18 @@
  */
 namespace Magento\Catalog\Block\Adminhtml\Product;
 
+use Magento\Framework\Escaper;
+
+/**
+ * Class Edit
+ */
 class Edit extends \Magento\Backend\Block\Widget
 {
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * @var string
      */
@@ -47,6 +57,7 @@ class Edit extends \Magento\Backend\Block\Widget
      * @param \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory
      * @param \Magento\Framework\Registry $registry
      * @param \Magento\Catalog\Helper\Product $productHelper
+     * @param Escaper $escaper
      * @param array $data
      */
     public function __construct(
@@ -55,16 +66,20 @@ public function __construct(
         \Magento\Eav\Model\Entity\Attribute\SetFactory $attributeSetFactory,
         \Magento\Framework\Registry $registry,
         \Magento\Catalog\Helper\Product $productHelper,
+        Escaper $escaper,
         array $data = []
     ) {
         $this->_productHelper = $productHelper;
         $this->_attributeSetFactory = $attributeSetFactory;
         $this->_coreRegistry = $registry;
         $this->jsonEncoder = $jsonEncoder;
+        $this->escaper = $escaper;
         parent::__construct($context, $data);
     }
 
     /**
+     * Edit Product constructor
+     *
      * @return void
      */
     protected function _construct()
@@ -144,6 +159,8 @@ protected function _prepareLayout()
     }
 
     /**
+     * Retrieve back button html
+     *
      * @return string
      */
     public function getBackButtonHtml()
@@ -152,6 +169,8 @@ public function getBackButtonHtml()
     }
 
     /**
+     * Retrieve cancel button html
+     *
      * @return string
      */
     public function getCancelButtonHtml()
@@ -160,6 +179,8 @@ public function getCancelButtonHtml()
     }
 
     /**
+     * Retrieve save button html
+     *
      * @return string
      */
     public function getSaveButtonHtml()
@@ -168,6 +189,8 @@ public function getSaveButtonHtml()
     }
 
     /**
+     * Retrieve save and edit button html
+     *
      * @return string
      */
     public function getSaveAndEditButtonHtml()
@@ -176,6 +199,8 @@ public function getSaveAndEditButtonHtml()
     }
 
     /**
+     * Retrieve delete button html
+     *
      * @return string
      */
     public function getDeleteButtonHtml()
@@ -194,6 +219,8 @@ public function getSaveSplitButtonHtml()
     }
 
     /**
+     * Retrieve validation url
+     *
      * @return string
      */
     public function getValidationUrl()
@@ -202,6 +229,8 @@ public function getValidationUrl()
     }
 
     /**
+     * Retrieve save url
+     *
      * @return string
      */
     public function getSaveUrl()
@@ -210,6 +239,8 @@ public function getSaveUrl()
     }
 
     /**
+     * Retrieve save and continue url
+     *
      * @return string
      */
     public function getSaveAndContinueUrl()
@@ -221,6 +252,8 @@ public function getSaveAndContinueUrl()
     }
 
     /**
+     * Retrieve product id
+     *
      * @return mixed
      */
     public function getProductId()
@@ -229,6 +262,8 @@ public function getProductId()
     }
 
     /**
+     * Retrieve product set id
+     *
      * @return mixed
      */
     public function getProductSetId()
@@ -241,6 +276,8 @@ public function getProductSetId()
     }
 
     /**
+     * Retrieve duplicate url
+     *
      * @return string
      */
     public function getDuplicateUrl()
@@ -249,6 +286,8 @@ public function getDuplicateUrl()
     }
 
     /**
+     * Retrieve product header
+     *
      * @deprecated 101.1.0
      * @return string
      */
@@ -263,6 +302,8 @@ public function getHeader()
     }
 
     /**
+     * Get product attribute set name
+     *
      * @return string
      */
     public function getAttributeSetName()
@@ -275,11 +316,14 @@ public function getAttributeSetName()
     }
 
     /**
+     * Retrieve id of selected tab
+     *
      * @return string
      */
     public function getSelectedTabId()
     {
-        return addslashes(htmlspecialchars($this->getRequest()->getParam('tab')));
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return addslashes($this->escaper->escapeHtml($this->getRequest()->getParam('tab')));
     }
 
     /**
 
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminFillProductAttributePropertiesActionGroup">
+        <arguments>
+            <argument name="attributeName" type="string"/>
+            <argument name="attributeType" type="string"/>
+        </arguments>
+        <fillField selector="{{AttributePropertiesSection.DefaultLabel}}" userInput="{{attributeName}}" stepKey="fillDefaultLabel"/>
+        <selectOption selector="{{AttributePropertiesSection.InputType}}" userInput="{{attributeType}}" stepKey="selectInputType"/>
+    </actionGroup>
+</actionGroups>
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminOpenAttributeSetByNameActionGroup">
+        <arguments>
+            <argument name="attributeSetName" type="string" defaultValue="Default"/>
+        </arguments>
+        <click selector="{{AdminProductAttributeSetGridSection.AttributeSetName(attributeSetName)}}" stepKey="chooseAttributeSet"/>
+        <waitForPageLoad stepKey="waitForAttributeSetPageLoad"/>
+    </actionGroup>
+</actionGroups>
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminOpenAttributeSetGridPageActionGroup">
+        <amOnPage url="{{AdminProductAttributeSetGridPage.url}}" stepKey="goToAttributeSetPage"/>
+        <waitForPageLoad stepKey="waitForAttributeSetPageLoad"/>
+    </actionGroup>
+</actionGroups>
@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminOpenProductAttributePageActionGroup">
+        <amOnPage url="{{AdminProductAttributeGridPage.url}}" stepKey="goToAttributePage"/>
+        <waitForPageLoad stepKey="waitForAttributePageLoad"/>
+    </actionGroup>
+</actionGroups>