From 059920c2dac57147116a706a7205c51c69d3ff3a Mon Sep 17 00:00:00 2001 From: vrana Date: Wed, 6 Feb 2013 16:53:49 -0800 Subject: [PATCH] Convert AphrontErrorView to safe HTML Summary: Done by searching for `AphrontErrorView` and then `appendChild()`. Test Plan: Looked at Commit Detail. Looked at Revision Detail. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4843 --- ...AphrontDefaultApplicationConfiguration.php | 2 +- .../response/AphrontRedirectResponse.php | 5 +-- .../PhabricatorMustVerifyEmailController.php | 9 +++-- .../PhabricatorConduitConsoleController.php | 14 +++----- .../PhabricatorConfigEditController.php | 4 +-- .../PhabricatorWorkerTaskDetailController.php | 6 ++-- .../DifferentialRevisionViewController.php | 23 +++++++------ .../DifferentialLintFieldSpecification.php | 14 ++++---- .../DifferentialUnitFieldSpecification.php | 14 ++++---- .../view/DifferentialAddCommentView.php | 15 --------- .../DiffusionBrowseFileController.php | 5 ++- .../controller/DiffusionCommitController.php | 13 ++++---- .../DiffusionExternalController.php | 12 ++++--- .../view/DiffusionEmptyResultView.php | 17 +++++----- .../PhabricatorFactHomeController.php | 7 ++-- .../controller/HeraldTranscriptController.php | 6 ++-- .../PhabricatorMetaMTASendController.php | 16 +++++---- ...habricatorNotificationStatusController.php | 7 ++-- ...PhabricatorEmailVerificationController.php | 33 +++++++++++-------- .../PhabricatorPeopleEditController.php | 7 ++-- .../controller/PhrictionEditController.php | 5 +-- .../PhabricatorRepositoryController.php | 22 ++++++------- .../PhabricatorRepositoryEditController.php | 3 +- .../panel/PhabricatorSettingsPanelAccount.php | 3 +- .../panel/PhabricatorSettingsPanelConduit.php | 8 +++-- ...abricatorSettingsPanelEmailPreferences.php | 3 +- .../PhabricatorSettingsPanelPassword.php | 3 +- .../panel/PhabricatorSettingsPanelProfile.php | 3 +- src/view/form/AphrontErrorView.php | 10 +++--- .../layout/PhabricatorObjectItemListView.php | 2 +- src/view/layout/PhabricatorPinboardView.php | 2 +- 31 files changed, 152 insertions(+), 141 deletions(-) diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php index c50f278672..4d18f54528 100644 --- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php +++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php @@ -211,7 +211,7 @@ class AphrontDefaultApplicationConfiguration if ($ex instanceof AphrontUsageException) { $error = new AphrontErrorView(); $error->setTitle(phutil_escape_html($ex->getTitle())); - $error->appendChild(phutil_escape_html($ex->getMessage())); + $error->appendChild($ex->getMessage()); $view = new PhabricatorStandardPageView(); $view->setRequest($this->getRequest()); diff --git a/src/aphront/response/AphrontRedirectResponse.php b/src/aphront/response/AphrontRedirectResponse.php index 254073390d..b01cc3644d 100644 --- a/src/aphront/response/AphrontRedirectResponse.php +++ b/src/aphront/response/AphrontRedirectResponse.php @@ -49,10 +49,11 @@ class AphrontRedirectResponse extends AphrontResponse { ), 'Continue to: '.$this->getURI()); - $error->appendChild( + $error->appendChild(hsprintf( '

You were stopped here because debug.stop-on-redirect '. 'is set in your configuration.

'. - '

'.$link.'

'); + '

%s

', + $link)); $view->appendChild($error); diff --git a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php index 7aa356f9e6..183954eebe 100644 --- a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php +++ b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php @@ -31,9 +31,12 @@ final class PhabricatorMustVerifyEmailController $sent = new AphrontErrorView(); $sent->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $sent->setTitle(pht('Email Sent')); - $sent->appendChild('

'. - pht('Another verification email was sent to %s.', - phutil_escape_html($email_address)).'

'); + $sent->appendChild(phutil_tag( + 'p', + array(), + pht( + 'Another verification email was sent to %s.', + phutil_tag('strong', array(), $email_address)))); } $error_view = new AphrontRequestFailureView(); diff --git a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php index 61248cbbf1..43a645e4d1 100644 --- a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php +++ b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php @@ -35,20 +35,16 @@ final class PhabricatorConduitConsoleController case ConduitAPIMethod::METHOD_STATUS_DEPRECATED: $status_view->setTitle('Deprecated Method'); $status_view->appendChild( - phutil_escape_html( - nonempty( - $reason, - "This method is deprecated."))); + nonempty($reason, "This method is deprecated.")); break; case ConduitAPIMethod::METHOD_STATUS_UNSTABLE: $status_view->setSeverity(AphrontErrorView::SEVERITY_WARNING); $status_view->setTitle('Unstable Method'); $status_view->appendChild( - phutil_escape_html( - nonempty( - $reason, - "This method is new and unstable. Its interface is subject ". - "to change."))); + nonempty( + $reason, + "This method is new and unstable. Its interface is subject ". + "to change.")); break; } } diff --git a/src/applications/config/controller/PhabricatorConfigEditController.php b/src/applications/config/controller/PhabricatorConfigEditController.php index 57ee007a08..c02e20f3cb 100644 --- a/src/applications/config/controller/PhabricatorConfigEditController.php +++ b/src/applications/config/controller/PhabricatorConfigEditController.php @@ -108,7 +108,7 @@ final class PhabricatorConfigEditController $error_view = id(new AphrontErrorView()) ->setTitle(pht('Configuration Hidden')) ->setSeverity(AphrontErrorView::SEVERITY_WARNING) - ->appendChild('

'.phutil_escape_html($msg).'

'); + ->appendChild(phutil_tag('p', array(), $msg)); } else if ($option->getLocked()) { $msg = pht( "This configuration is locked and can not be edited from the web ". @@ -117,7 +117,7 @@ final class PhabricatorConfigEditController $error_view = id(new AphrontErrorView()) ->setTitle(pht('Configuration Locked')) ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) - ->appendChild('

'.phutil_escape_html($msg).'

'); + ->appendChild(phutil_tag('p', array(), $msg)); } if ($option->getHidden()) { diff --git a/src/applications/daemon/controller/PhabricatorWorkerTaskDetailController.php b/src/applications/daemon/controller/PhabricatorWorkerTaskDetailController.php index 75f391c5a2..3444d66dfc 100644 --- a/src/applications/daemon/controller/PhabricatorWorkerTaskDetailController.php +++ b/src/applications/daemon/controller/PhabricatorWorkerTaskDetailController.php @@ -23,8 +23,10 @@ final class PhabricatorWorkerTaskDetailController $error_view = new AphrontErrorView(); $error_view->setTitle('No Such Task'); - $error_view->appendChild( - '

This task may have recently been garbage collected.

'); + $error_view->appendChild(phutil_tag( + 'p', + array(), + 'This task may have recently been garbage collected.')); $error_view->setSeverity(AphrontErrorView::SEVERITY_NODATA); $content = $error_view; diff --git a/src/applications/differential/controller/DifferentialRevisionViewController.php b/src/applications/differential/controller/DifferentialRevisionViewController.php index 5dc9211297..1e572ab334 100644 --- a/src/applications/differential/controller/DifferentialRevisionViewController.php +++ b/src/applications/differential/controller/DifferentialRevisionViewController.php @@ -180,21 +180,20 @@ final class DifferentialRevisionViewController extends DifferentialController { $warning = new AphrontErrorView(); $warning->setTitle('Very Large Diff'); $warning->setSeverity(AphrontErrorView::SEVERITY_WARNING); - $warning->appendChild( + $warning->appendChild(hsprintf( + '%s %s', pht( 'This diff is very large and affects %s files. Load each file '. 'individually.', - new PhutilNumber($count)). - " ". - phutil_tag( - 'a', - array( - 'href' => $request_uri - ->alter('large', 'true') - ->setFragment('toc'), - ), - pht('Show All Files Inline')). - ""); + new PhutilNumber($count)), + phutil_tag( + 'a', + array( + 'href' => $request_uri + ->alter('large', 'true') + ->setFragment('toc'), + ), + pht('Show All Files Inline')))); $warning = $warning->render(); $my_inlines = id(new DifferentialInlineComment())->loadAllWhere( diff --git a/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php b/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php index 8cf2bfab8d..8c9e7b9639 100644 --- a/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php @@ -245,24 +245,24 @@ final class DifferentialLintFieldSpecification if ($status == DifferentialLintStatus::LINT_SKIP) { $content = - "

This diff was created without running lint. Make sure you are ". - "OK with that before you accept this diff.

"; + "This diff was created without running lint. Make sure you are ". + "OK with that before you accept this diff."; } else if ($status == DifferentialLintStatus::LINT_POSTPONED) { $severity = AphrontErrorView::SEVERITY_WARNING; $content = - "

Postponed linters didn't finish yet. Make sure you are OK with ". - "that before you accept this diff.

"; + "Postponed linters didn't finish yet. Make sure you are OK with ". + "that before you accept this diff."; } else { $content = - "

This diff has Lint Problems. Make sure you are OK with them ". - "before you accept this diff.

"; + "This diff has Lint Problems. Make sure you are OK with them ". + "before you accept this diff."; } return id(new AphrontErrorView()) ->setSeverity($severity) - ->appendChild($content) + ->appendChild(phutil_tag('p', array(), $content)) ->setTitle(idx($titles, $status, 'Warning')); } diff --git a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php index 0e442314a6..ae189573ff 100644 --- a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php @@ -200,21 +200,21 @@ final class DifferentialUnitFieldSpecification ); if ($diff->getUnitStatus() == DifferentialUnitStatus::UNIT_POSTPONED) { $content = - "

This diff has postponed unit tests. The results should be ". + "This diff has postponed unit tests. The results should be ". "coming in soon. You should probably wait for them before accepting ". - "this diff.

"; + "this diff."; } else if ($diff->getUnitStatus() == DifferentialUnitStatus::UNIT_SKIP) { $content = - "

Unit tests were skipped when this diff was created. Make sure ". - "you are OK with that before you accept this diff.

"; + "Unit tests were skipped when this diff was created. Make sure ". + "you are OK with that before you accept this diff."; } else { $content = - "

This diff has Unit Test Problems. Make sure you are OK with ". - "them before you accept this diff.

"; + "This diff has Unit Test Problems. Make sure you are OK with ". + "them before you accept this diff."; } $unit_warning = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_ERROR) - ->appendChild($content) + ->appendChild(phutil_tag('p', array(), $content)) ->setTitle(idx($titles, $diff->getUnitStatus(), 'Warning')); } return $unit_warning; diff --git a/src/applications/differential/view/DifferentialAddCommentView.php b/src/applications/differential/view/DifferentialAddCommentView.php index 881b8de3d6..0670a062ca 100644 --- a/src/applications/differential/view/DifferentialAddCommentView.php +++ b/src/applications/differential/view/DifferentialAddCommentView.php @@ -46,21 +46,6 @@ final class DifferentialAddCommentView extends AphrontView { return $this; } - private function generateWarningView( - $status, - array $titles, - $id, - $content) { - - $warning = new AphrontErrorView(); - $warning->setSeverity(AphrontErrorView::SEVERITY_ERROR); - $warning->setID($id); - $warning->appendChild($content); - $warning->setTitle(idx($titles, $status, 'Warning')); - - return $warning; - } - public function render() { require_celerity_resource('differential-revision-add-comment-css'); diff --git a/src/applications/diffusion/controller/DiffusionBrowseFileController.php b/src/applications/diffusion/controller/DiffusionBrowseFileController.php index 93caaab144..474605c44c 100644 --- a/src/applications/diffusion/controller/DiffusionBrowseFileController.php +++ b/src/applications/diffusion/controller/DiffusionBrowseFileController.php @@ -96,9 +96,8 @@ final class DiffusionBrowseFileController extends DiffusionController { $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('File Renamed'); $notice->appendChild( - "File history passes through a rename from '". - phutil_escape_html($drequest->getPath())."' to '". - phutil_escape_html($renamed)."'."); + "File history passes through a rename from '".$drequest->getPath(). + "' to '".$renamed."'."); $content[] = $notice; } diff --git a/src/applications/diffusion/controller/DiffusionCommitController.php b/src/applications/diffusion/controller/DiffusionCommitController.php index 65e47e3af1..8726c5a91c 100644 --- a/src/applications/diffusion/controller/DiffusionCommitController.php +++ b/src/applications/diffusion/controller/DiffusionCommitController.php @@ -62,8 +62,8 @@ final class DiffusionCommitController extends DiffusionController { $error_panel->appendChild( "This Diffusion repository is configured to track only one ". "subdirectory of the entire Subversion repository, and this commit ". - "didn't affect the tracked subdirectory ('". - phutil_escape_html($subpath)."'), so no information is available."); + "didn't affect the tracked subdirectory ('".$subpath."'), so no ". + "information is available."); $content[] = $error_panel; $content[] = $top_anchor; } else { @@ -162,8 +162,7 @@ final class DiffusionCommitController extends DiffusionController { if ($bad_commit) { $error_panel = new AphrontErrorView(); $error_panel->setTitle('Bad Commit'); - $error_panel->appendChild( - phutil_escape_html($bad_commit['description'])); + $error_panel->appendChild($bad_commit['description']); $content[] = $error_panel; } else if ($is_foreign) { @@ -207,8 +206,10 @@ final class DiffusionCommitController extends DiffusionController { $warning_view = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_WARNING) ->setTitle('Very Large Commit') - ->appendChild( - "

This commit is very large. Load each file individually.

"); + ->appendChild(phutil_tag( + 'p', + array(), + "This commit is very large. Load each file individually.")); $change_panel->appendChild($warning_view); $change_panel->addButton($show_all_button); diff --git a/src/applications/diffusion/controller/DiffusionExternalController.php b/src/applications/diffusion/controller/DiffusionExternalController.php index 738cee81fd..c20e11cb82 100644 --- a/src/applications/diffusion/controller/DiffusionExternalController.php +++ b/src/applications/diffusion/controller/DiffusionExternalController.php @@ -60,17 +60,19 @@ final class DiffusionExternalController extends DiffusionController { if (empty($commits)) { $desc = null; if ($uri) { - $desc = phutil_escape_html($uri).', at '; + $desc = $uri.', at '; } - $desc .= phutil_escape_html($id); + $desc .= $id; $content = id(new AphrontErrorView()) ->setTitle('Unknown External') ->setSeverity(AphrontErrorView::SEVERITY_WARNING) - ->appendChild( - "

This external ({$desc}) does not appear in any tracked ". + ->appendChild(phutil_tag( + 'p', + array(), + "This external ({$desc}) does not appear in any tracked ". "repository. It may exist in an untracked repository that ". - "Diffusion does not know about.

"); + "Diffusion does not know about.")); } else if (count($commits) == 1) { $commit = head($commits); $repo = $repositories[$commit->getRepositoryID()]; diff --git a/src/applications/diffusion/view/DiffusionEmptyResultView.php b/src/applications/diffusion/view/DiffusionEmptyResultView.php index 75997fafa0..7dcba04caf 100644 --- a/src/applications/diffusion/view/DiffusionEmptyResultView.php +++ b/src/applications/diffusion/view/DiffusionEmptyResultView.php @@ -43,8 +43,6 @@ final class DiffusionEmptyResultView extends DiffusionView { $deleted = $this->browseQuery->getDeletedAtCommit(); $existed = $this->browseQuery->getExistedAtCommit(); - $deleted = self::linkCommit($drequest->getRepository(), $deleted); - $browse = $this->linkBrowse( $drequest->getPath(), array( @@ -54,11 +52,14 @@ final class DiffusionEmptyResultView extends DiffusionView { ) ); - $existed = "r{$callsign}{$existed}"; - $title = 'Path Was Deleted'; - $body = "This path does not exist at {$commit}. It was deleted in ". - "{$deleted} and last {$browse} at {$existed}."; + $body = hsprintf( + "This path does not exist at %s. It was deleted in %s and last %s ". + "at %s.", + $commit, + self::linkCommit($drequest->getRepository(), $deleted), + $browse, + "r{$callsign}{$existed}"); $severity = AphrontErrorView::SEVERITY_WARNING; break; case DiffusionBrowseQuery::REASON_IS_UNTRACKED_PARENT: @@ -66,7 +67,7 @@ final class DiffusionEmptyResultView extends DiffusionView { $title = 'Directory Not Tracked'; $body = "This repository is configured to track only one subdirectory ". - "of the entire repository ('".phutil_escape_html($subdir)."'), ". + "of the entire repository ('{$subdir}'), ". "but you aren't looking at something in that subdirectory, so no ". "information is available."; $severity = AphrontErrorView::SEVERITY_WARNING; @@ -78,7 +79,7 @@ final class DiffusionEmptyResultView extends DiffusionView { $error_view = new AphrontErrorView(); $error_view->setSeverity($severity); $error_view->setTitle($title); - $error_view->appendChild('

'.$body.'

'); + $error_view->appendChild(phutil_tag('p', array(), $body)); return $error_view->render(); } diff --git a/src/applications/fact/controller/PhabricatorFactHomeController.php b/src/applications/fact/controller/PhabricatorFactHomeController.php index 4f079392b9..82ce96baa1 100644 --- a/src/applications/fact/controller/PhabricatorFactHomeController.php +++ b/src/applications/fact/controller/PhabricatorFactHomeController.php @@ -94,9 +94,10 @@ final class PhabricatorFactHomeController extends PhabricatorFactController { return id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) ->setTitle(pht('No Chartable Facts')) - ->appendChild( - '

'.pht( - 'There are no facts that can be plotted yet.').'

'); + ->appendChild(phutil_tag( + 'p', + array(), + pht('There are no facts that can be plotted yet.'))); } $form = id(new AphrontFormView()) diff --git a/src/applications/herald/controller/HeraldTranscriptController.php b/src/applications/herald/controller/HeraldTranscriptController.php index 7008b49c6a..0b80cdf3b4 100644 --- a/src/applications/herald/controller/HeraldTranscriptController.php +++ b/src/applications/herald/controller/HeraldTranscriptController.php @@ -35,8 +35,10 @@ final class HeraldTranscriptController extends HeraldController { $notice = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) ->setTitle('Old Transcript') - ->appendChild( - '

Details of this transcript have been garbage collected.

'); + ->appendChild(phutil_tag( + 'p', + array(), + 'Details of this transcript have been garbage collected.')); $nav->appendChild($notice); } else { $filter = $this->getFilterPHIDs(); diff --git a/src/applications/metamta/controller/PhabricatorMetaMTASendController.php b/src/applications/metamta/controller/PhabricatorMetaMTASendController.php index c2a0b58452..bd423186cd 100644 --- a/src/applications/metamta/controller/PhabricatorMetaMTASendController.php +++ b/src/applications/metamta/controller/PhabricatorMetaMTASendController.php @@ -67,12 +67,16 @@ final class PhabricatorMetaMTASendController $warning = new AphrontErrorView(); $warning->setTitle('Email is Disabled'); $warning->setSeverity(AphrontErrorView::SEVERITY_WARNING); - $warning->appendChild( - '

'.pht('This installation of Phabricator is currently set to use '. - 'PhabricatorMailImplementationTestAdapter to deliver '. - 'outbound email. This completely disables outbound email! All '. - 'outbound email will be thrown in a deep, dark hole until you '. - 'configure a real adapter.').'

'); + $warning->appendChild(phutil_tag( + 'p', + array(), + pht( + 'This installation of Phabricator is currently set to use %s to '. + 'deliver outbound email. This completely disables outbound email! '. + 'All outbound email will be thrown in a deep, dark hole until you '. + 'configure a real adapter.', + phutil_tag('tt', array(), 'PhabricatorMailImplementationTestAdapter')) + )); } $phdlink_href = PhabricatorEnv::getDoclink( diff --git a/src/applications/notification/controller/PhabricatorNotificationStatusController.php b/src/applications/notification/controller/PhabricatorNotificationStatusController.php index 31a0de4552..5c28923b9f 100644 --- a/src/applications/notification/controller/PhabricatorNotificationStatusController.php +++ b/src/applications/notification/controller/PhabricatorNotificationStatusController.php @@ -24,13 +24,14 @@ final class PhabricatorNotificationStatusController } catch (Exception $ex) { $status = new AphrontErrorView(); $status->setTitle("Notification Server Issue"); - $status->appendChild( + $status->appendChild(hsprintf( 'Unable to determine server status. This probably means the server '. 'is not in great shape. The specific issue encountered was:'. '
'. '
'. - ''.phutil_escape_html(get_class($ex)).' '. - nl2br(phutil_escape_html($ex->getMessage()))); + '%s %s', + get_class($ex), + phutil_escape_html_newlines($ex->getMessage()))); } return $this->buildStandardPageResponse( diff --git a/src/applications/people/controller/PhabricatorEmailVerificationController.php b/src/applications/people/controller/PhabricatorEmailVerificationController.php index 221df9d2a5..80432f15b0 100644 --- a/src/applications/people/controller/PhabricatorEmailVerificationController.php +++ b/src/applications/people/controller/PhabricatorEmailVerificationController.php @@ -30,7 +30,9 @@ final class PhabricatorEmailVerificationController 'href' => '/', ), 'Continue to Phabricator'); - $home_link = '

'.$home_link.'

'; + $home_link = hsprintf( + '

%s

', + $home_link); $settings_link = phutil_tag( 'a', @@ -38,23 +40,26 @@ final class PhabricatorEmailVerificationController 'href' => '/settings/panel/email/', ), 'Return to Email Settings'); - $settings_link = '

'.$settings_link.'

'; - + $settings_link = hsprintf( + '

%s

', + $settings_link); if (!$email) { $content = id(new AphrontErrorView()) ->setTitle('Unable To Verify') - ->appendChild( - '

The verification code is incorrect, the email address has '. - 'been removed, or the email address is owned by another user. Make '. - 'sure you followed the link in the email correctly.

'); + ->appendChild(phutil_tag( + 'p', + array(), + 'The verification code is incorrect, the email address has been '. + 'removed, or the email address is owned by another user. Make '. + 'sure you followed the link in the email correctly.')); } else if ($email->getIsVerified()) { $content = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) ->setTitle('Address Already Verified') - ->appendChild( - '

This email address has already been verified.

'. - $settings_link); + ->appendChild(hsprintf( + '

This email address has already been verified.

%s', + $settings_link)); } else { $guard = AphrontWriteGuard::beginScopedUnguardedWrites(); @@ -65,10 +70,10 @@ final class PhabricatorEmailVerificationController $content = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NOTICE) ->setTitle('Address Verified') - ->appendChild( - '

This email address has now been verified. Thanks!

'. - $home_link. - $settings_link); + ->appendChild(hsprintf( + '

This email address has now been verified. Thanks!

%s%s', + $home_link, + $settings_link)); } return $this->buildApplicationPage( diff --git a/src/applications/people/controller/PhabricatorPeopleEditController.php b/src/applications/people/controller/PhabricatorPeopleEditController.php index d5e0ca8f0c..bedf1b43fa 100644 --- a/src/applications/people/controller/PhabricatorPeopleEditController.php +++ b/src/applications/people/controller/PhabricatorPeopleEditController.php @@ -54,7 +54,8 @@ final class PhabricatorPeopleEditController $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('Changes Saved'); - $notice->appendChild('

Your changes were saved.

'); + $notice->appendChild( + phutil_tag('p', array(), 'Your changes were saved.')); $content[] = $notice; } @@ -578,10 +579,10 @@ final class PhabricatorPeopleEditController if ($user->getPHID() == $admin->getPHID()) { $error = new AphrontErrorView(); $error->setTitle('You Shall Journey No Farther'); - $error->appendChild( + $error->appendChild(hsprintf( '

As you stare into the gaping maw of the abyss, something holds '. 'you back.

'. - '

You can not delete your own account.

'); + '

You can not delete your own account.

')); return $error; } diff --git a/src/applications/phriction/controller/PhrictionEditController.php b/src/applications/phriction/controller/PhrictionEditController.php index 43b8c3824a..502feaa9e1 100644 --- a/src/applications/phriction/controller/PhrictionEditController.php +++ b/src/applications/phriction/controller/PhrictionEditController.php @@ -183,8 +183,9 @@ final class PhrictionEditController $draft_note = new AphrontErrorView(); $draft_note->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $draft_note->setTitle('Recovered Draft'); - $draft_note->appendChild( - '

Showing a saved draft of your edits, you can '.$discard.'.

'); + $draft_note->appendChild(hsprintf( + '

Showing a saved draft of your edits, you can %s.

', + $discard)); } else { $content_text = $content->getContent(); $draft_note = null; diff --git a/src/applications/repository/controller/PhabricatorRepositoryController.php b/src/applications/repository/controller/PhabricatorRepositoryController.php index 1f58eca9a4..cf4f986d60 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryController.php @@ -41,10 +41,10 @@ abstract class PhabricatorRepositoryController extends PhabricatorController { ), 'Diffusion User Guide'); - $common = + $common = hsprintf( "Without this daemon, Phabricator will not be able to import or update ". - "repositories. For instructions on starting the daemon, see ". - "{$documentation}."; + "repositories. For instructions on starting the daemon, see %s.", + phutil_tag('strong', array(), $documentation)); try { $daemon_running = $this->isPullDaemonRunning(); @@ -52,17 +52,17 @@ abstract class PhabricatorRepositoryController extends PhabricatorController { return null; } $title = "Repository Daemon Not Running"; - $message = - "

The repository daemon is not running on this machine. ". - "{$common}

"; + $message = hsprintf( + "

The repository daemon is not running on this machine. %s

", + $common); } catch (Exception $ex) { $title = "Unable To Verify Repository Daemon"; - $message = + $message = hsprintf( "

Unable to determine if the repository daemon is running on this ". - "machine. {$common}

". - "

Exception: ". - phutil_escape_html($ex->getMessage()). - "

"; + "machine. %s

". + "

Exception: %s

", + $common, + $ex->getMessage()); } $view = new AphrontErrorView(); diff --git a/src/applications/repository/controller/PhabricatorRepositoryEditController.php b/src/applications/repository/controller/PhabricatorRepositoryEditController.php index cbf2574e4c..4a6074a7e8 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryEditController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryEditController.php @@ -94,8 +94,7 @@ final class PhabricatorRepositoryEditController $error_view = new AphrontErrorView(); $error_view->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $error_view->setTitle('Changes Saved'); - $error_view->appendChild( - 'Repository changes were saved.'); + $error_view->appendChild('Repository changes were saved.'); } $encoding_doc_link = PhabricatorEnv::getDoclink( diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelAccount.php b/src/applications/settings/panel/PhabricatorSettingsPanelAccount.php index 72b58dae2a..a913330530 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelAccount.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelAccount.php @@ -51,7 +51,8 @@ final class PhabricatorSettingsPanelAccount $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('Changes Saved'); - $notice->appendChild('

Your changes have been saved.

'); + $notice->appendChild( + phutil_tag('p', array(), 'Your changes have been saved.')); $notice = $notice->render(); } } else { diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php b/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php index bdcfd8cada..a80a32d222 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php @@ -53,10 +53,12 @@ final class PhabricatorSettingsPanelConduit $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('Certificate Regenerated'); - $notice->appendChild( - '

Your old certificate has been destroyed and you have been issued '. + $notice->appendChild(phutil_tag( + 'p', + array(), + 'Your old certificate has been destroyed and you have been issued '. 'a new certificate. Sessions established under the old certificate '. - 'are no longer valid.

'); + 'are no longer valid.')); $notice = $notice->render(); } else { $notice = null; diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelEmailPreferences.php b/src/applications/settings/panel/PhabricatorSettingsPanelEmailPreferences.php index dadca328a6..f3e3c55c2a 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelEmailPreferences.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelEmailPreferences.php @@ -72,7 +72,8 @@ final class PhabricatorSettingsPanelEmailPreferences $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('Changes Saved'); - $notice->appendChild('

Your changes have been saved.

'); + $notice->appendChild( + phutil_tag('p', array(), 'Your changes have been saved.')); } } else { $notice = new AphrontErrorView(); diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php b/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php index e7d6e69879..b6d79811ec 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelPassword.php @@ -114,7 +114,8 @@ final class PhabricatorSettingsPanelPassword $notice = new AphrontErrorView(); $notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $notice->setTitle('Changes Saved'); - $notice->appendChild('

Your password has been updated.

'); + $notice->appendChild( + phutil_tag('p', array(), 'Your password has been updated.')); } } else { $notice = new AphrontErrorView(); diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelProfile.php b/src/applications/settings/panel/PhabricatorSettingsPanelProfile.php index 358ab27438..d78cbbcd6a 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelProfile.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelProfile.php @@ -119,7 +119,8 @@ final class PhabricatorSettingsPanelProfile $error_view = new AphrontErrorView(); $error_view->setSeverity(AphrontErrorView::SEVERITY_NOTICE); $error_view->setTitle('Changes Saved'); - $error_view->appendChild('

Your changes have been saved.

'); + $error_view->appendChild( + phutil_tag('p', array(), 'Your changes have been saved.')); $error_view = $error_view->render(); } } diff --git a/src/view/form/AphrontErrorView.php b/src/view/form/AphrontErrorView.php index 06fa19ceb7..cd97ff6a2f 100644 --- a/src/view/form/AphrontErrorView.php +++ b/src/view/form/AphrontErrorView.php @@ -92,7 +92,10 @@ final class AphrontErrorView extends AphrontView { $classes[] = 'aphront-error-severity-'.$this->severity; $classes = implode(' ', $classes); - return phutil_render_tag( + $children = $this->renderHTMLChildren(); + $children[] = $list; + + return phutil_tag( 'div', array( 'id' => $this->id, @@ -100,13 +103,12 @@ final class AphrontErrorView extends AphrontView { ), array( $title, - phutil_render_tag( + phutil_tag( 'div', array( 'class' => 'aphront-error-view-body', ), - $this->renderChildren(). - $list), + $children), )); } } diff --git a/src/view/layout/PhabricatorObjectItemListView.php b/src/view/layout/PhabricatorObjectItemListView.php index 4ae41564ca..cc9abb01a4 100644 --- a/src/view/layout/PhabricatorObjectItemListView.php +++ b/src/view/layout/PhabricatorObjectItemListView.php @@ -53,7 +53,7 @@ final class PhabricatorObjectItemListView extends AphrontView { $string = nonempty($this->noDataString, pht('No data.')); $items = id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NODATA) - ->appendChild(phutil_escape_html($string)); + ->appendChild($string); } $pager = null; diff --git a/src/view/layout/PhabricatorPinboardView.php b/src/view/layout/PhabricatorPinboardView.php index a776025c20..f62a2be459 100644 --- a/src/view/layout/PhabricatorPinboardView.php +++ b/src/view/layout/PhabricatorPinboardView.php @@ -22,7 +22,7 @@ final class PhabricatorPinboardView extends AphrontView { $string = nonempty($this->noDataString, pht('No data.')); return id(new AphrontErrorView()) ->setSeverity(AphrontErrorView::SEVERITY_NODATA) - ->appendChild(phutil_escape_html($string)) + ->appendChild($string) ->render(); }