mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-23 14:00:56 +01:00
Reorganize escaping in DifferentialRevisionUpdateHistoryView
Summary: Escaped $id is compared with non-escaped $max_id. Escaped $id is escaped again in phutil_render_tag(). Note: $id is numeric :-). Test Plan: Display diff. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1580
This commit is contained in:
parent
4ee714d404
commit
1ab2a88605
1 changed files with 4 additions and 4 deletions
|
@ -89,8 +89,8 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView {
|
||||||
foreach ($data as $row) {
|
foreach ($data as $row) {
|
||||||
|
|
||||||
$diff = $row['obj'];
|
$diff = $row['obj'];
|
||||||
$name = phutil_escape_html($row['name']);
|
$name = $row['name'];
|
||||||
$id = phutil_escape_html($row['id']);
|
$id = $row['id'];
|
||||||
|
|
||||||
$old_class = null;
|
$old_class = null;
|
||||||
$new_class = null;
|
$new_class = null;
|
||||||
|
@ -172,8 +172,8 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView {
|
||||||
|
|
||||||
$rows[] =
|
$rows[] =
|
||||||
'<tr'.$class.'>'.
|
'<tr'.$class.'>'.
|
||||||
'<td class="revhistory-name">'.$name.'</td>'.
|
'<td class="revhistory-name">'.phutil_escape_html($name).'</td>'.
|
||||||
'<td class="revhistory-id">'.$id.'</td>'.
|
'<td class="revhistory-id">'.phutil_escape_html($id).'</td>'.
|
||||||
'<td class="revhistory-base">'.phutil_escape_html($base).'</td>'.
|
'<td class="revhistory-base">'.phutil_escape_html($base).'</td>'.
|
||||||
'<td class="revhistory-desc">'.phutil_escape_html($desc).'</td>'.
|
'<td class="revhistory-desc">'.phutil_escape_html($desc).'</td>'.
|
||||||
'<td class="revhistory-age">'.$age.'</td>'.
|
'<td class="revhistory-age">'.$age.'</td>'.
|
||||||
|
|
Loading…
Reference in a new issue