Convert setCaption() to safe HTML
Test Plan: /settings/panel/display/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4824
This commit is contained in:
vrana
@@ -177,9 +177,9 @@ final class PhabricatorLoginController
|
|||||||
id(new AphrontFormPasswordControl())
|
id(new AphrontFormPasswordControl())
|
||||||
->setLabel(pht('Password'))
|
->setLabel(pht('Password'))
|
||||||
->setName('password')
|
->setName('password')
|
||||||
->setCaption(
|
->setCaption(hsprintf(
|
||||||
'<a href="/login/email/">'.
|
'<a href="/login/email/">%s</a>',
|
||||||
pht('Forgot your password? / Email Login').'</a>'));
|
pht('Forgot your password? / Email Login'))));
|
||||||
|
|
||||||
if ($require_captcha) {
|
if ($require_captcha) {
|
||||||
$form->appendChild(
|
$form->appendChild(
|
||||||
|
|||||||
@@ -97,7 +97,7 @@ final class PhabricatorConduitConsoleController
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel($param)
|
->setLabel($param)
|
||||||
->setName("params[{$param}]")
|
->setName("params[{$param}]")
|
||||||
->setCaption(phutil_escape_html($desc)));
|
->setCaption($desc));
|
||||||
}
|
}
|
||||||
|
|
||||||
$form
|
$form
|
||||||
|
|||||||
@@ -97,11 +97,11 @@ final class PhabricatorCountdownEditController
|
|||||||
->setLabel('End date')
|
->setLabel('End date')
|
||||||
->setValue($display_datepoint)
|
->setValue($display_datepoint)
|
||||||
->setName('datepoint')
|
->setName('datepoint')
|
||||||
->setCaption(
|
->setCaption(hsprintf(
|
||||||
'Examples: '.
|
'Examples: '.
|
||||||
'<tt>2011-12-25</tt> or '.
|
'<tt>2011-12-25</tt> or '.
|
||||||
'<tt>3 hours</tt> or '.
|
'<tt>3 hours</tt> or '.
|
||||||
'<tt>June 8 2011, 5 PM</tt>.'))
|
'<tt>June 8 2011, 5 PM</tt>.')))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormSubmitControl())
|
id(new AphrontFormSubmitControl())
|
||||||
->addCancelButton('/countdown/')
|
->addCancelButton('/countdown/')
|
||||||
|
|||||||
@@ -149,9 +149,9 @@ final class PhabricatorDirectoryMainController
|
|||||||
|
|
||||||
$panel = new AphrontPanelView();
|
$panel = new AphrontPanelView();
|
||||||
$panel->setHeader('Needs Triage');
|
$panel->setHeader('Needs Triage');
|
||||||
$panel->setCaption(
|
$panel->setCaption(hsprintf(
|
||||||
'Open tasks with "Needs Triage" priority in '.
|
'Open tasks with "Needs Triage" priority in '.
|
||||||
'<a href="/project/">projects you are a member of</a>.');
|
'<a href="/project/">projects you are a member of</a>.'));
|
||||||
|
|
||||||
$panel->addButton(
|
$panel->addButton(
|
||||||
phutil_tag(
|
phutil_tag(
|
||||||
|
|||||||
@@ -99,7 +99,7 @@ final class PhabricatorFileUploadController extends PhabricatorFileController {
|
|||||||
$limit = phabricator_parse_bytes($limit);
|
$limit = phabricator_parse_bytes($limit);
|
||||||
if ($limit) {
|
if ($limit) {
|
||||||
$formatted = phabricator_format_bytes($limit);
|
$formatted = phabricator_format_bytes($limit);
|
||||||
return 'Maximum file size: '.phutil_escape_html($formatted);
|
return 'Maximum file size: '.$formatted;
|
||||||
}
|
}
|
||||||
|
|
||||||
$doc_href = PhabricatorEnv::getDocLink(
|
$doc_href = PhabricatorEnv::getDocLink(
|
||||||
@@ -112,7 +112,7 @@ final class PhabricatorFileUploadController extends PhabricatorFileController {
|
|||||||
),
|
),
|
||||||
'Configuring File Upload Limits');
|
'Configuring File Upload Limits');
|
||||||
|
|
||||||
return 'Upload limit is not configured, see '.$doc_link.'.';
|
return hsprintf('Upload limit is not configured, see %s.', $doc_link);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -245,12 +245,13 @@ final class ManiphestReportController extends ManiphestController {
|
|||||||
|
|
||||||
if ($handle) {
|
if ($handle) {
|
||||||
$header = "Task Burn Rate for Project ".$handle->renderLink();
|
$header = "Task Burn Rate for Project ".$handle->renderLink();
|
||||||
$caption = "<p>NOTE: This table reflects tasks <em>currently</em> in ".
|
$caption = hsprintf(
|
||||||
|
"<p>NOTE: This table reflects tasks <em>currently</em> in ".
|
||||||
"the project. If a task was opened in the past but added to ".
|
"the project. If a task was opened in the past but added to ".
|
||||||
"the project recently, it is counted on the day it was ".
|
"the project recently, it is counted on the day it was ".
|
||||||
"opened, not the day it was categorized. If a task was part ".
|
"opened, not the day it was categorized. If a task was part ".
|
||||||
"of this project in the past but no longer is, it is not ".
|
"of this project in the past but no longer is, it is not ".
|
||||||
"counted at all.</p>";
|
"counted at all.</p>");
|
||||||
} else {
|
} else {
|
||||||
$header = "Task Burn Rate for All Tasks";
|
$header = "Task Burn Rate for All Tasks";
|
||||||
$caption = null;
|
$caption = null;
|
||||||
|
|||||||
@@ -478,8 +478,9 @@ final class ManiphestTaskEditController extends ManiphestController {
|
|||||||
$email_create = PhabricatorEnv::getEnvConfig(
|
$email_create = PhabricatorEnv::getEnvConfig(
|
||||||
'metamta.maniphest.public-create-email');
|
'metamta.maniphest.public-create-email');
|
||||||
if (!$task->getID() && $email_create) {
|
if (!$task->getID() && $email_create) {
|
||||||
$email_hint = pht('You can also create tasks by sending an email to: ').
|
$email_hint = pht(
|
||||||
'<tt>'.phutil_escape_html($email_create).'</tt>';
|
'You can also create tasks by sending an email to: %s',
|
||||||
|
phutil_tag('tt', array(), $email_create));
|
||||||
$description_control->setCaption($email_hint);
|
$description_control->setCaption($email_hint);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -57,7 +57,10 @@ final class PhabricatorMetaMTAReceiveController
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel(pht('To'))
|
->setLabel(pht('To'))
|
||||||
->setName('obj')
|
->setName('obj')
|
||||||
->setCaption(pht('e.g. <tt>D1234</tt> or <tt>T1234</tt>')))
|
->setCaption(pht(
|
||||||
|
'e.g. %s or %s',
|
||||||
|
phutil_tag('tt', array(), 'D1234'),
|
||||||
|
phutil_tag('tt', array(), 'T1234'))))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormTextAreaControl())
|
id(new AphrontFormTextAreaControl())
|
||||||
->setLabel(pht('Body'))
|
->setLabel(pht('Body'))
|
||||||
|
|||||||
@@ -116,8 +116,10 @@ final class PhabricatorMetaMTASendController
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel(pht('Mail Tags'))
|
->setLabel(pht('Mail Tags'))
|
||||||
->setName('mailtags')
|
->setName('mailtags')
|
||||||
->setCaption(
|
->setCaption(pht(
|
||||||
pht('Example:').' <tt>differential-cc, differential-comment</tt>'))
|
'Example: %s',
|
||||||
|
phutil_tag('tt', array(), 'differential-cc, differential-comment'))
|
||||||
|
))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormDragAndDropUploadControl())
|
id(new AphrontFormDragAndDropUploadControl())
|
||||||
->setLabel(pht('Attach Files'))
|
->setLabel(pht('Attach Files'))
|
||||||
@@ -144,8 +146,7 @@ final class PhabricatorMetaMTASendController
|
|||||||
'1',
|
'1',
|
||||||
pht('Send immediately. (Do not enqueue for daemons.)'),
|
pht('Send immediately. (Do not enqueue for daemons.)'),
|
||||||
PhabricatorEnv::getEnvConfig('metamta.send-immediately'))
|
PhabricatorEnv::getEnvConfig('metamta.send-immediately'))
|
||||||
->setCaption(pht('Daemons can be started with %s.', $phdlink))
|
->setCaption(pht('Daemons can be started with %s.', $phdlink)))
|
||||||
)
|
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormSubmitControl())
|
id(new AphrontFormSubmitControl())
|
||||||
->setValue(pht('Send Mail')));
|
->setValue(pht('Send Mail')));
|
||||||
|
|||||||
@@ -150,8 +150,7 @@ final class PhameBlogEditController
|
|||||||
->setLabel('Custom Domain')
|
->setLabel('Custom Domain')
|
||||||
->setName('custom_domain')
|
->setName('custom_domain')
|
||||||
->setValue($blog->getDomain())
|
->setValue($blog->getDomain())
|
||||||
->setCaption('Must include at least one dot (.), e.g. '.
|
->setCaption('Must include at least one dot (.), e.g. blog.example.com')
|
||||||
'blog.example.com')
|
|
||||||
->setError($e_custom_domain)
|
->setError($e_custom_domain)
|
||||||
)
|
)
|
||||||
->appendChild(
|
->appendChild(
|
||||||
|
|||||||
@@ -83,7 +83,8 @@ final class PhabricatorRepositoryArcanistProjectEditController
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel('Indexed Languages')
|
->setLabel('Indexed Languages')
|
||||||
->setName('symbolIndexLanguages')
|
->setName('symbolIndexLanguages')
|
||||||
->setCaption('Separate with commas, for example: <tt>php, py</tt>')
|
->setCaption(
|
||||||
|
hsprintf('Separate with commas, for example: <tt>php, py</tt>'))
|
||||||
->setValue($langs))
|
->setValue($langs))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormTokenizerControl())
|
id(new AphrontFormTokenizerControl())
|
||||||
|
|||||||
@@ -456,7 +456,8 @@ final class PhabricatorRepositoryEditController
|
|||||||
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
|
->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT)
|
||||||
->setValue($repository->getDetail('ssh-key'))
|
->setValue($repository->getDetail('ssh-key'))
|
||||||
->setError($e_ssh_key)
|
->setError($e_ssh_key)
|
||||||
->setCaption('Specify the entire private key, <em>or</em>...'))
|
->setCaption(
|
||||||
|
hsprintf('Specify the entire private key, <em>or</em>...')))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setName('ssh-keyfile')
|
->setName('ssh-keyfile')
|
||||||
@@ -552,10 +553,10 @@ final class PhabricatorRepositoryEditController
|
|||||||
->setName('branch-filter')
|
->setName('branch-filter')
|
||||||
->setLabel('Track Only')
|
->setLabel('Track Only')
|
||||||
->setValue($branch_filter_str)
|
->setValue($branch_filter_str)
|
||||||
->setCaption(
|
->setCaption(hsprintf(
|
||||||
'Optional list of branches to track. Other branches will be '.
|
'Optional list of branches to track. Other branches will be '.
|
||||||
'completely ignored. If left empty, all branches are tracked. '.
|
'completely ignored. If left empty, all branches are tracked. '.
|
||||||
'Example: <tt>master, release</tt>'));
|
'Example: <tt>master, release</tt>')));
|
||||||
}
|
}
|
||||||
|
|
||||||
$inset
|
$inset
|
||||||
@@ -651,7 +652,7 @@ final class PhabricatorRepositoryEditController
|
|||||||
->setName('uuid')
|
->setName('uuid')
|
||||||
->setLabel('UUID')
|
->setLabel('UUID')
|
||||||
->setValue($repository->getUUID())
|
->setValue($repository->getUUID())
|
||||||
->setCaption('Repository UUID from <tt>svn info</tt>.'));
|
->setCaption(hsprintf('Repository UUID from <tt>svn info</tt>.')));
|
||||||
}
|
}
|
||||||
|
|
||||||
$form->appendChild($inset);
|
$form->appendChild($inset);
|
||||||
|
|||||||
@@ -67,7 +67,6 @@ EXAMPLE;
|
|||||||
'User Guide: Configuring an External Editor');
|
'User Guide: Configuring an External Editor');
|
||||||
|
|
||||||
$font_default = PhabricatorEnv::getEnvConfig('style.monospace');
|
$font_default = PhabricatorEnv::getEnvConfig('style.monospace');
|
||||||
$font_default = phutil_escape_html($font_default);
|
|
||||||
|
|
||||||
$pref_monospaced_textareas_value = $preferences
|
$pref_monospaced_textareas_value = $preferences
|
||||||
->getPreference($pref_monospaced_textareas);
|
->getPreference($pref_monospaced_textareas);
|
||||||
@@ -97,11 +96,11 @@ EXAMPLE;
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel('Editor Link')
|
->setLabel('Editor Link')
|
||||||
->setName($pref_editor)
|
->setName($pref_editor)
|
||||||
->setCaption(
|
->setCaption(hsprintf(
|
||||||
'Link to edit files in external editor. '.
|
'Link to edit files in external editor. '.
|
||||||
'%f is replaced by filename, %l by line number, %r by repository '.
|
'%%f is replaced by filename, %%l by line number, %%r by repository '.
|
||||||
'callsign, %% by literal %. '.
|
'callsign, %%%% by literal %%. For documentation, see %s.',
|
||||||
"For documentation, see {$editor_doc_link}.")
|
$editor_doc_link))
|
||||||
->setValue($preferences->getPreference($pref_editor)))
|
->setValue($preferences->getPreference($pref_editor)))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormSelectControl())
|
id(new AphrontFormSelectControl())
|
||||||
@@ -116,9 +115,10 @@ EXAMPLE;
|
|||||||
id(new AphrontFormTextControl())
|
id(new AphrontFormTextControl())
|
||||||
->setLabel('Monospaced Font')
|
->setLabel('Monospaced Font')
|
||||||
->setName($pref_monospaced)
|
->setName($pref_monospaced)
|
||||||
->setCaption(
|
->setCaption(hsprintf(
|
||||||
'Overrides default fonts in tools like Differential.<br />'.
|
'Overrides default fonts in tools like Differential.<br />'.
|
||||||
'(Default: '.$font_default.')')
|
'(Default: %s)',
|
||||||
|
$font_default))
|
||||||
->setValue($preferences->getPreference($pref_monospaced)))
|
->setValue($preferences->getPreference($pref_monospaced)))
|
||||||
->appendChild(
|
->appendChild(
|
||||||
id(new AphrontFormMarkupControl())
|
id(new AphrontFormMarkupControl())
|
||||||
|
|||||||
@@ -140,10 +140,10 @@ abstract class AphrontFormControl extends AphrontView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (strlen($this->getCaption())) {
|
if (strlen($this->getCaption())) {
|
||||||
$caption =
|
$caption = phutil_tag(
|
||||||
'<div class="aphront-form-caption">'.
|
'div',
|
||||||
$this->getCaption().
|
array('class' => 'aphront-form-caption'),
|
||||||
'</div>';
|
$this->getCaption());
|
||||||
} else {
|
} else {
|
||||||
$caption = null;
|
$caption = null;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -69,10 +69,10 @@ final class AphrontPanelView extends AphrontView {
|
|||||||
}
|
}
|
||||||
|
|
||||||
if ($this->caption !== null) {
|
if ($this->caption !== null) {
|
||||||
$caption =
|
$caption = phutil_tag(
|
||||||
'<div class="aphront-panel-view-caption">'.
|
'div',
|
||||||
$this->caption.
|
array('class' => 'aphront-panel-view-caption'),
|
||||||
'</div>';
|
$this->caption);
|
||||||
} else {
|
} else {
|
||||||
$caption = null;
|
$caption = null;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user