1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Reorganize escaping in DifferentialRevisionUpdateHistoryView

Summary:
Escaped $id is compared with non-escaped $max_id.
Escaped $id is escaped again in phutil_render_tag().

Note: $id is numeric :-).

Test Plan: Display diff.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1580
This commit is contained in:
vrana 2012-02-06 10:55:55 -08:00
parent 4ee714d404
commit 1ab2a88605

View file

@ -89,8 +89,8 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView {
foreach ($data as $row) { foreach ($data as $row) {
$diff = $row['obj']; $diff = $row['obj'];
$name = phutil_escape_html($row['name']); $name = $row['name'];
$id = phutil_escape_html($row['id']); $id = $row['id'];
$old_class = null; $old_class = null;
$new_class = null; $new_class = null;
@ -172,8 +172,8 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView {
$rows[] = $rows[] =
'<tr'.$class.'>'. '<tr'.$class.'>'.
'<td class="revhistory-name">'.$name.'</td>'. '<td class="revhistory-name">'.phutil_escape_html($name).'</td>'.
'<td class="revhistory-id">'.$id.'</td>'. '<td class="revhistory-id">'.phutil_escape_html($id).'</td>'.
'<td class="revhistory-base">'.phutil_escape_html($base).'</td>'. '<td class="revhistory-base">'.phutil_escape_html($base).'</td>'.
'<td class="revhistory-desc">'.phutil_escape_html($desc).'</td>'. '<td class="revhistory-desc">'.phutil_escape_html($desc).'</td>'.
'<td class="revhistory-age">'.$age.'</td>'. '<td class="revhistory-age">'.$age.'</td>'.