mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 04:50:55 +01:00
Fix XSS in Differential
Test Plan: Display a revision with file copied to ##<b>hack</b>##. Reviewers: epriestley Reviewed By: epriestley CC: aran, epriestley Differential Revision: https://secure.phabricator.com/D1411
This commit is contained in:
parent
59380582d8
commit
49a59bd885
2 changed files with 9 additions and 7 deletions
|
@ -1618,7 +1618,9 @@ class DifferentialChangesetParser {
|
||||||
case DifferentialChangeType::TYPE_COPY_HERE:
|
case DifferentialChangeType::TYPE_COPY_HERE:
|
||||||
$message =
|
$message =
|
||||||
"This {$files[$file]} was {$verb} ".
|
"This {$files[$file]} was {$verb} ".
|
||||||
"<strong>{$changeset->getOldFile()}</strong>.";
|
"<strong>".
|
||||||
|
phutil_escape_html($changeset->getOldFile()).
|
||||||
|
"</strong>.";
|
||||||
break;
|
break;
|
||||||
case DifferentialChangeType::TYPE_MOVE_AWAY:
|
case DifferentialChangeType::TYPE_MOVE_AWAY:
|
||||||
case DifferentialChangeType::TYPE_COPY_AWAY:
|
case DifferentialChangeType::TYPE_COPY_AWAY:
|
||||||
|
@ -1627,11 +1629,11 @@ class DifferentialChangesetParser {
|
||||||
if (count($paths) > 1) {
|
if (count($paths) > 1) {
|
||||||
$message =
|
$message =
|
||||||
"This {$files[$file]} was {$verb}: ".
|
"This {$files[$file]} was {$verb}: ".
|
||||||
"<strong>".implode(', ', $paths)."</strong>.";
|
"<strong>".phutil_escape_html(implode(', ', $paths))."</strong>.";
|
||||||
} else {
|
} else {
|
||||||
$message =
|
$message =
|
||||||
"This {$files[$file]} was {$verb} ".
|
"This {$files[$file]} was {$verb} ".
|
||||||
"<strong>".reset($paths)."</strong>.";
|
"<strong>".phutil_escape_html(reset($paths))."</strong>.";
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case DifferentialChangeType::TYPE_CHANGE:
|
case DifferentialChangeType::TYPE_CHANGE:
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Copyright 2011 Facebook, Inc.
|
* Copyright 2012 Facebook, Inc.
|
||||||
*
|
*
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||||
* you may not use this file except in compliance with the License.
|
* you may not use this file except in compliance with the License.
|
||||||
|
@ -75,14 +75,14 @@ final class DifferentialDiffTableOfContentsView extends AphrontView {
|
||||||
$meta[] = 'Copied to multiple locations:';
|
$meta[] = 'Copied to multiple locations:';
|
||||||
}
|
}
|
||||||
foreach ($away as $path) {
|
foreach ($away as $path) {
|
||||||
$meta[] = $path;
|
$meta[] = phutil_escape_html($path);
|
||||||
}
|
}
|
||||||
$meta = implode('<br />', $meta);
|
$meta = implode('<br />', $meta);
|
||||||
} else {
|
} else {
|
||||||
if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) {
|
if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) {
|
||||||
$meta = 'Moved to '.reset($away);
|
$meta = 'Moved to '.phutil_escape_html(reset($away));
|
||||||
} else {
|
} else {
|
||||||
$meta = 'Copied to '.reset($away);
|
$meta = 'Copied to '.phutil_escape_html(reset($away));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue