1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 04:50:55 +01:00

Fix XSS in Differential

Test Plan: Display a revision with file copied to ##<b>hack</b>##.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1411
This commit is contained in:
vrana 2012-01-15 22:25:53 -08:00
parent 59380582d8
commit 49a59bd885
2 changed files with 9 additions and 7 deletions

View file

@ -1618,7 +1618,9 @@ class DifferentialChangesetParser {
case DifferentialChangeType::TYPE_COPY_HERE:
$message =
"This {$files[$file]} was {$verb} ".
"<strong>{$changeset->getOldFile()}</strong>.";
"<strong>".
phutil_escape_html($changeset->getOldFile()).
"</strong>.";
break;
case DifferentialChangeType::TYPE_MOVE_AWAY:
case DifferentialChangeType::TYPE_COPY_AWAY:
@ -1627,11 +1629,11 @@ class DifferentialChangesetParser {
if (count($paths) > 1) {
$message =
"This {$files[$file]} was {$verb}: ".
"<strong>".implode(', ', $paths)."</strong>.";
"<strong>".phutil_escape_html(implode(', ', $paths))."</strong>.";
} else {
$message =
"This {$files[$file]} was {$verb} ".
"<strong>".reset($paths)."</strong>.";
"<strong>".phutil_escape_html(reset($paths))."</strong>.";
}
break;
case DifferentialChangeType::TYPE_CHANGE:

View file

@ -1,7 +1,7 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
* Copyright 2012 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -75,14 +75,14 @@ final class DifferentialDiffTableOfContentsView extends AphrontView {
$meta[] = 'Copied to multiple locations:';
}
foreach ($away as $path) {
$meta[] = $path;
$meta[] = phutil_escape_html($path);
}
$meta = implode('<br />', $meta);
} else {
if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) {
$meta = 'Moved to '.reset($away);
$meta = 'Moved to '.phutil_escape_html(reset($away));
} else {
$meta = 'Copied to '.reset($away);
$meta = 'Copied to '.phutil_escape_html(reset($away));
}
}
} else {