McQueen/module-vendor-notes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix HTML rendering for vendor notes links

Browse Source 
Add proper HTML filtering to render mailto links and formatting in vendor notes.

- Create HtmlArraySerialized backend model to prevent HTML escaping
- Add filterOutputHtml() method to safely render HTML content
- Update template to use HTML filtering
- Decode HTML entities before display
This commit is contained in:
shopkeeperdev
2025-10-07 19:03:16 -04:00
parent fcc8697c75
commit 9d6112b703
4 changed files with 39 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Block/Adminhtml/Order/View/VendorNotes.php
View File

@@ -6,23 +6,27 @@ use Magento\Sales\Model\Order;
use Magento\Framework\App\Config\ScopeConfigInterface; use Magento\Framework\App\Config\ScopeConfigInterface;
use Magento\Store\Model\ScopeInterface; use Magento\Store\Model\ScopeInterface;
use Magento\Framework\Serialize\Serializer\Json; use Magento\Framework\Serialize\Serializer\Json;
use Magento\Framework\Filter\Template as FilterTemplate;
class VendorNotes extends Template class VendorNotes extends Template
{ {
protected $_order; protected $_order;
protected $_scopeConfig; protected $_scopeConfig;
protected $json; protected $json;
protected $filterTemplate;
public function __construct( public function __construct(
\Magento\Backend\Block\Template\Context $context, \Magento\Backend\Block\Template\Context $context,
\Magento\Sales\Model\Order $order, \Magento\Sales\Model\Order $order,
ScopeConfigInterface $scopeConfig, ScopeConfigInterface $scopeConfig,
Json $json, Json $json,
FilterTemplate $filterTemplate,
array $data = [] array $data = []
) { ) {
$this->_order = $order; $this->_order = $order;
$this->_scopeConfig = $scopeConfig; $this->_scopeConfig = $scopeConfig;
$this->json = $json; $this->json = $json;
$this->filterTemplate = $filterTemplate;
parent::__construct($context, $data); parent::__construct($context, $data);
} }

32
etc/Model/Config/Backend/HtmlArraySerialized.php Normal file
View File

@@ -0,0 +1,32 @@
<?php
namespace Shopkeeper\VendorNotes\Model\Config\Backend;
use Magento\Config\Model\Config\Backend\Serialized\ArraySerialized;
class HtmlArraySerialized extends ArraySerialized
{
/**
* Process data before saving
* Prevent HTML from being escaped in note fields
*
* @return $this
*/
public function beforeSave()
{
$value = $this->getValue();
if (is_array($value)) {
// Don't escape HTML in the note field
foreach ($value as &$row) {
if (isset($row['note'])) {
// Decode any previously encoded HTML entities
$row['note'] = html_entity_decode($row['note'], ENT_QUOTES, 'UTF-8');
}
}
unset($row);
}
$this->setValue($value);
return parent::beforeSave();
}
}

2
etc/adminhtml/system.xml
View File

@@ -32,7 +32,7 @@
<field id="vendor_mapping" translate="label" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1"> <field id="vendor_mapping" translate="label" sortOrder="10" showInDefault="1" showInWebsite="1" showInStore="1">
<label>Vendor Notes</label> <label>Vendor Notes</label>
<frontend_model>Shopkeeper\VendorNotes\Block\Adminhtml\Form\Field\VendorMapping</frontend_model> <frontend_model>Shopkeeper\VendorNotes\Block\Adminhtml\Form\Field\VendorMapping</frontend_model>
<backend_model>Magento\Config\Model\Config\Backend\Serialized\ArraySerialized</backend_model> <backend_model>Shopkeeper\VendorNotes\Model\Config\Backend\HtmlArraySerialized</backend_model>
<comment>Add vendor names and their corresponding notes. The vendor name must match exactly as it appears in the product attribute.</comment> <comment>Add vendor names and their corresponding notes. The vendor name must match exactly as it appears in the product attribute.</comment>
</field> </field>
</group> </group>

4
view/adminhtml/templates/order/view/vendor_notes.phtml
View File

@@ -15,7 +15,7 @@ $notes = $block->getVendorNotes();
<span class="title"><?php echo __('Vendor Note %1', $index + 1); ?></span> <span class="title"><?php echo __('Vendor Note %1', $index + 1); ?></span>
</div> </div>
<div class="vendor-note-content" style="padding: 10px 0; line-height: 1.6;"> <div class="vendor-note-content" style="padding: 10px 0; line-height: 1.6;">
<?php echo $note; // Output as HTML for links and multi-lines ?> <?php echo $this->filterOutputHtml($note); ?>
</div> </div>
</div> </div>
<?php if ($index < count($notes) - 1): ?> <?php if ($index < count($notes) - 1): ?>
@@ -25,4 +25,4 @@ $notes = $block->getVendorNotes();
</div> </div>
</div> </div>
</section> </section>
<?php endif; ?> <?php endif; ?>