From 4a32df7ef593ae995628817e5660347eefbae359 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:23:34 +1100 Subject: [PATCH 1/7] Remove seemingly useless method Left over from Spree, it looks like a weird way to cast somehing to a string --- app/helpers/spree/admin/navigation_helper.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/helpers/spree/admin/navigation_helper.rb b/app/helpers/spree/admin/navigation_helper.rb index dcdf00a2e7..d39ac5b3cc 100644 --- a/app/helpers/spree/admin/navigation_helper.rb +++ b/app/helpers/spree/admin/navigation_helper.rb @@ -133,7 +133,7 @@ module Spree if html_options[:icon] html_options[:class] += " #{html_options[:icon]}" end - link_to(text_for_button_link(text, html_options), url, html_options) + link_to(text, url, html_options) end end From 84a8c6b31a6007c39640d0eac33e0fb008706798 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:27:56 +1100 Subject: [PATCH 2/7] Remove `raw` from email template --- .../producer_mailer/order_cycle_report.html.haml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/app/views/producer_mailer/order_cycle_report.html.haml b/app/views/producer_mailer/order_cycle_report.html.haml index e24d37fc1a..68a199c85c 100644 --- a/app/views/producer_mailer/order_cycle_report.html.haml +++ b/app/views/producer_mailer/order_cycle_report.html.haml @@ -40,9 +40,9 @@ #{line_items.first.variant.sku} - if @distributors_pickup_times.many? %td - #{raw(line_items.first.product.supplier.name)} + #{line_items.first.product.supplier.name} %td - #{raw(product_and_full_name)} + #{product_and_full_name} %td.text-right #{line_items.sum(&:quantity)} %td.text-right @@ -88,15 +88,15 @@ #{line_item[:sku]} - if @distributors_pickup_times.many? %td - #{raw(line_item[:supplier_name])} + #{(line_item[:supplier_name]} %td - #{raw(line_item[:product_and_full_name])} + #{line_item[:product_and_full_name]} %td.text-right #{line_item[:quantity]} %td - #{raw(line_item[:first_name])} + #{line_item[:first_name]} %td - #{raw(line_item[:last_name])} + #{line_item[:last_name]} %p = t :producer_mail_text_after %p From 031cc45992002bfd8de1098b1b38a918342312fb Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:39:08 +1100 Subject: [PATCH 3/7] Sanitize home_page_alert_html It still allows some specific tag so we can have link and some formatting. --- app/views/shared/_page_alert.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/shared/_page_alert.html.haml b/app/views/shared/_page_alert.html.haml index d57ef18d99..2a97684da4 100644 --- a/app/views/shared/_page_alert.html.haml +++ b/app/views/shared/_page_alert.html.haml @@ -1,6 +1,6 @@ - if ContentConfig.home_page_alert_html.present? .alert-cta - %h6= raw ContentConfig.home_page_alert_html + %h6= sanitize(@comment.body, tags: %w(strong em a i span), attributes: %w(href target)) - else = render "shared/register_call" From 28f3161bf88c4a7f8531a7d90b1d27ccac6f272d Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:54:22 +1100 Subject: [PATCH 4/7] Removing `raw` from invoice template --- .../spree/admin/orders/_invoice/_line_item_name.html.haml | 6 +++--- app/views/spree/admin/orders/_invoice_table.html.haml | 4 ++-- app/views/spree/admin/orders/_invoice_table2.html.haml | 4 ++-- app/views/spree/admin/orders/_invoice_table4.html.haml | 4 ++-- app/views/spree/order_mailer/_order_summary.html.haml | 4 ++-- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/app/views/spree/admin/orders/_invoice/_line_item_name.html.haml b/app/views/spree/admin/orders/_invoice/_line_item_name.html.haml index 015f48a54d..37dc28e3a1 100644 --- a/app/views/spree/admin/orders/_invoice/_line_item_name.html.haml +++ b/app/views/spree/admin/orders/_invoice/_line_item_name.html.haml @@ -1,6 +1,6 @@ %h5.inline-header - = "#{raw(line_item.variant.product.name)}" + = line_item.variant.product.name - unless line_item.variant.product.name.include? line_item.name_to_display - %span= "- #{raw(line_item.name_to_display)}" + %span= "- #{line_item.name_to_display}" - if line_item.unit_price_price_and_unit - = raw("(#{line_item.unit_price_price_and_unit})") \ No newline at end of file + = raw("(#{line_item.unit_price_price_and_unit})") diff --git a/app/views/spree/admin/orders/_invoice_table.html.haml b/app/views/spree/admin/orders/_invoice_table.html.haml index 7ed12adca1..04ac30e81a 100644 --- a/app/views/spree/admin/orders/_invoice_table.html.haml +++ b/app/views/spree/admin/orders/_invoice_table.html.haml @@ -16,7 +16,7 @@ = render 'spree/shared/line_item_name', line_item: item %br %small - %em= raw(item.variant.product.supplier.name) + %em= item.variant.product.supplier.name %td{:align => "right"} = item.quantity %td{:align => "right"} @@ -28,7 +28,7 @@ - taxable = adjustment.adjustable_type == "Spree::Shipment" ? adjustment.adjustable : adjustment %tr %td - %strong= "#{raw(adjustment.label)}" + %strong= adjustment.label %td{:align => "right"} 1 %td{:align => "right"} diff --git a/app/views/spree/admin/orders/_invoice_table2.html.haml b/app/views/spree/admin/orders/_invoice_table2.html.haml index ff24582867..789737bdad 100644 --- a/app/views/spree/admin/orders/_invoice_table2.html.haml +++ b/app/views/spree/admin/orders/_invoice_table2.html.haml @@ -19,7 +19,7 @@ = render 'spree/shared/line_item_name', line_item: item %br %small - %em= raw(item.variant.product.supplier.name) + %em= item.variant.product.supplier.name %td{:align => "right"} = item.quantity %td{:align => "right"} @@ -33,7 +33,7 @@ - checkout_adjustments_for(@order, exclude: [:line_item]).reverse_each do |adjustment| %tr %td - %strong= "#{raw(adjustment.label)}" + %strong= adjustment.label %td{:align => "right"} %td{:align => "right"} %td{:align => "right"} diff --git a/app/views/spree/admin/orders/_invoice_table4.html.haml b/app/views/spree/admin/orders/_invoice_table4.html.haml index 82a7c57d28..a19f7aa20c 100644 --- a/app/views/spree/admin/orders/_invoice_table4.html.haml +++ b/app/views/spree/admin/orders/_invoice_table4.html.haml @@ -22,7 +22,7 @@ = render 'spree/admin/orders/_invoice/line_item_name', line_item: item %br %small - %em= raw(item.variant.product.supplier.name) + %em= item.variant.product.supplier.name %td{:align => "right"} = item.quantity %td{:align => "right"} @@ -51,7 +51,7 @@ - @order.checkout_adjustments(exclude: [:line_item, :shipment]).reverse_each do |adjustment| %tr %td - %strong= "#{raw(adjustment.label)}" + %strong= adjustment.label %td{:align => "right"} %td{:align => "right"} %td{:align => "right"} diff --git a/app/views/spree/order_mailer/_order_summary.html.haml b/app/views/spree/order_mailer/_order_summary.html.haml index af0ba5433a..55e0e67cc3 100644 --- a/app/views/spree/order_mailer/_order_summary.html.haml +++ b/app/views/spree/order_mailer/_order_summary.html.haml @@ -20,7 +20,7 @@ = render 'spree/shared/line_item_name', line_item: item %br %small - %em= raw(item.variant.product.supplier.name) + %em= item.variant.product.supplier.name %td - if item.variant.sku.blank? \- @@ -43,7 +43,7 @@ - checkout_adjustments_for(@order, exclude: [:line_item]).reverse_each do |adjustment| %tr %td{align: "right", colspan: "3"} - = "#{raw(adjustment.label)}:" + = "#{adjustment.label}:" %td{align: "right"} = adjustment.display_amount %tr From 085629fae136be77b189a1c32953e54e1e27b248 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 13 Nov 2023 15:59:02 +1100 Subject: [PATCH 5/7] Remove `raw` --- app/views/spree/shared/_line_item_name.html.haml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/spree/shared/_line_item_name.html.haml b/app/views/spree/shared/_line_item_name.html.haml index 12a32772a4..8b1e75de55 100644 --- a/app/views/spree/shared/_line_item_name.html.haml +++ b/app/views/spree/shared/_line_item_name.html.haml @@ -1,6 +1,6 @@ %h5.inline-header - = "#{raw(line_item.product.name)}" + = "#{line_item.product.name}" - unless line_item.product.name.include? line_item.name_to_display - %span= "- #{raw(line_item.name_to_display)}" + %span= "- #{line_item.name_to_display}" - if line_item.options_text - = "(#{raw(line_item.options_text)})" + = "(#{line_item.options_text})" From eb4115ceed1c83fc3d440dc38b122e66a53ec058 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 20 Nov 2023 11:13:40 +1100 Subject: [PATCH 6/7] Per review, use existing TrixScrubber to sanitize content --- app/views/shared/_page_alert.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/shared/_page_alert.html.haml b/app/views/shared/_page_alert.html.haml index 2a97684da4..b13a0710fa 100644 --- a/app/views/shared/_page_alert.html.haml +++ b/app/views/shared/_page_alert.html.haml @@ -1,6 +1,6 @@ - if ContentConfig.home_page_alert_html.present? .alert-cta - %h6= sanitize(@comment.body, tags: %w(strong em a i span), attributes: %w(href target)) + %h6= sanitize(ContentConfig.home_page_alert_html, scrubber: TrixScrubber.new) - else = render "shared/register_call" From 502df3d78f67c25286344f4ba81519491b7c3907 Mon Sep 17 00:00:00 2001 From: Gaetan Craig-Riou Date: Mon, 20 Nov 2023 11:40:35 +1100 Subject: [PATCH 7/7] Remove a bunch of non needed string interpolation --- .../order_cycle_report.html.haml | 45 ++++++++++--------- 1 file changed, 23 insertions(+), 22 deletions(-) diff --git a/app/views/producer_mailer/order_cycle_report.html.haml b/app/views/producer_mailer/order_cycle_report.html.haml index 68a199c85c..c44742a4b1 100644 --- a/app/views/producer_mailer/order_cycle_report.html.haml +++ b/app/views/producer_mailer/order_cycle_report.html.haml @@ -37,20 +37,20 @@ - @grouped_line_items.each_pair do |product_and_full_name, line_items| %tr %td - #{line_items.first.variant.sku} + = line_items.first.variant.sku - if @distributors_pickup_times.many? %td - #{line_items.first.product.supplier.name} + = line_items.first.product.supplier.name %td - #{product_and_full_name} + = product_and_full_name %td.text-right - #{line_items.sum(&:quantity)} + = line_items.sum(&:quantity) %td.text-right - #{line_items.first.single_money} + = line_items.first.single_money %td.text-right - #{Spree::Money.new(line_items.sum(&:total), currency: line_items.first.currency) } + = Spree::Money.new(line_items.sum(&:total), currency: line_items.first.currency) %td.tax.text-right - #{Spree::Money.new(line_items.sum(&:included_tax), currency: line_items.first.currency) } + = Spree::Money.new(line_items.sum(&:included_tax), currency: line_items.first.currency) %tr.total-row %td - if @distributors_pickup_times.many? @@ -59,9 +59,9 @@ %td %td %td.text-right - #{@total} + = @total %td.text-right - #{@tax_total} + = @tax_total - if @customer_line_items %p = t :producer_mail_order_customer_text @@ -85,33 +85,34 @@ - @customer_line_items.each do |line_item| %tr %td - #{line_item[:sku]} + = line_item[:sku] - if @distributors_pickup_times.many? %td - #{(line_item[:supplier_name]} + = line_item[:supplier_name] %td - #{line_item[:product_and_full_name]} + = line_item[:product_and_full_name] %td.text-right - #{line_item[:quantity]} + = line_item[:quantity] %td - #{line_item[:first_name]} + = line_item[:first_name] %td - #{line_item[:last_name]} + = line_item[:last_name] %p = t :producer_mail_text_after %p - #{t(:producer_mail_signoff)}, + = t(:producer_mail_signoff) + , %em %p - #{@coordinator.name} + = @coordinator.name %p %br - #{@coordinator.address.address1} + = @coordinator.address.address1 %br - #{@coordinator.address.city} + = @coordinator.address.city %br - #{@coordinator.address.zipcode} + = @coordinator.address.zipcode %p - #{@coordinator.phone} + = @coordinator.phone %p - #{@coordinator.contact.email} + = @coordinator.contact.email