archive/phabricator
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Avoid double escaping in error view title

Browse Source 
Summary: Searched for `AphrontErrorView` and then for `setTitle()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4880
This commit is contained in:
vrana
2013-02-09 09:23:02 -08:00
parent 7ec8e885e1
commit e4736bf977
5 changed files with 4 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
View File

@@ -209,7 +209,7 @@ class AphrontDefaultApplicationConfiguration
if ($ex instanceof AphrontUsageException) { if ($ex instanceof AphrontUsageException) {
$error = new AphrontErrorView(); $error = new AphrontErrorView();
$error->setTitle(phutil_escape_html($ex->getTitle())); $error->setTitle($ex->getTitle());
$error->appendChild($ex->getMessage()); $error->appendChild($ex->getMessage());
$view = new PhabricatorStandardPageView(); $view = new PhabricatorStandardPageView();
@@ -226,7 +226,7 @@ class AphrontDefaultApplicationConfiguration
// Always log the unhandled exception. // Always log the unhandled exception.
phlog($ex); phlog($ex);
$class = phutil_escape_html(get_class($ex)); $class = get_class($ex);
$message = phutil_escape_html($ex->getMessage()); $message = phutil_escape_html($ex->getMessage());
if ($ex instanceof AphrontQuerySchemaException) { if ($ex instanceof AphrontQuerySchemaException) {

3
src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php
View File

@@ -32,8 +32,7 @@ extends PhabricatorOAuthClientBaseController {
->setURI('/oauthserver/client/?deleted=1'); ->setURI('/oauthserver/client/?deleted=1');
} }
$client_name = phutil_escape_html($client->getName()); $title .= ' '.$client->getName();
$title .= ' '.$client_name;
$dialog = new AphrontDialogView(); $dialog = new AphrontDialogView();
$dialog->setUser($current_user); $dialog->setUser($current_user);

2
src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php
View File

@@ -113,10 +113,8 @@ extends PhabricatorOAuthClientBaseController {
$new = $this->getRequest()->getStr('new'); $new = $this->getRequest()->getStr('new');
$deleted = $this->getRequest()->getBool('deleted'); $deleted = $this->getRequest()->getBool('deleted');
if ($edited) { if ($edited) {
$edited = phutil_escape_html($edited);
$title = 'Successfully edited client with id '.$edited.'.'; $title = 'Successfully edited client with id '.$edited.'.';
} else if ($new) { } else if ($new) {
$new = phutil_escape_html($new);
$title = 'Successfully created client with id '.$new.'.'; $title = 'Successfully created client with id '.$new.'.';
} else if ($deleted) { } else if ($deleted) {
$title = 'Successfully deleted client.'; $title = 'Successfully deleted client.';

4
src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php
View File

@@ -37,12 +37,10 @@ extends PhabricatorOAuthClientAuthorizationBaseController {
->loadOneWhere('phid = %s', ->loadOneWhere('phid = %s',
$client_phid); $client_phid);
if ($client) { if ($client) {
$client_name = phutil_escape_html($client->getName()); $title .= ' for '.$client->getName();
$title .= ' for '.$client_name;
} else { } else {
// the client does not exist so token is dead already (but // the client does not exist so token is dead already (but
// let's let the user clean this up anyway in that case) // let's let the user clean this up anyway in that case)
$client_name = '';
} }
$dialog = new AphrontDialogView(); $dialog = new AphrontDialogView();

1
src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php
View File

@@ -137,7 +137,6 @@ extends PhabricatorOAuthClientAuthorizationBaseController {
$edited = $this->getRequest()->getStr('edited'); $edited = $this->getRequest()->getStr('edited');
$deleted = $this->getRequest()->getBool('deleted'); $deleted = $this->getRequest()->getBool('deleted');
if ($edited) { if ($edited) {
$edited = phutil_escape_html($edited);
$title = 'Successfully edited client authorization.'; $title = 'Successfully edited client authorization.';
} else if ($deleted) { } else if ($deleted) {
$title = 'Successfully deleted client authorization.'; $title = 'Successfully deleted client authorization.';