From 5459af3bdda78e2d761dff68b12bb134d6c822c3 Mon Sep 17 00:00:00 2001
From: vrana <jakubv@fb.com>
Date: Sat, 2 Feb 2013 13:27:42 -0800
Subject: [PATCH] Fix dynamic string usage as safe input

Test Plan:
  $ arc lint

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4796
---
 .../auth/view/PhabricatorOAuthFailureView.php   |  3 ++-
 .../diffusion/view/DiffusionBrowseTableView.php | 17 ++++++++---------
 .../engine/PhabricatorSearchEngineMySQL.php     |  3 ++-
 .../celerity/CelerityResourceTransformer.php    |  2 +-
 .../lint/linter/PhabricatorJavelinLinter.php    |  4 +---
 5 files changed, 14 insertions(+), 15 deletions(-)

diff --git a/src/applications/auth/view/PhabricatorOAuthFailureView.php b/src/applications/auth/view/PhabricatorOAuthFailureView.php
index b8fa2afd2f..a1e4549745 100644
--- a/src/applications/auth/view/PhabricatorOAuthFailureView.php
+++ b/src/applications/auth/view/PhabricatorOAuthFailureView.php
@@ -70,9 +70,10 @@ final class PhabricatorOAuthFailureView extends AphrontView {
 
       $provider_key = $provider->getProviderKey();
       $diagnose = hsprintf(
-        '<a href="/oauth/'.$provider_key.'/diagnose/" class="button green">'.
+        '<a href="/oauth/%s/diagnose/" class="button green">'.
           'Diagnose %s OAuth Problems'.
         '</a>',
+        $provider_key,
         $provider_name);
     }
 
diff --git a/src/applications/diffusion/view/DiffusionBrowseTableView.php b/src/applications/diffusion/view/DiffusionBrowseTableView.php
index 004faf0a21..a7ada70a8e 100644
--- a/src/applications/diffusion/view/DiffusionBrowseTableView.php
+++ b/src/applications/diffusion/view/DiffusionBrowseTableView.php
@@ -96,22 +96,21 @@ final class DiffusionBrowseTableView extends DiffusionView {
 
     $conn = $drequest->getRepository()->establishConnection('r');
 
-    $where = '';
+    $path = '/'.$drequest->getPath();
+    $where = (substr($path, -1) == '/'
+      ? qsprintf($conn, 'AND path LIKE %>', $path)
+      : qsprintf($conn, 'AND path = %s', $path));
+
     if ($drequest->getLint()) {
-      $where = qsprintf(
-        $conn,
-        'AND code = %s',
-        $drequest->getLint());
+      $where .= qsprintf($conn, ' AND code = %s', $drequest->getLint());
     }
 
-    $like = (substr($drequest->getPath(), -1) == '/' ? 'LIKE %>' : '= %s');
     return head(queryfx_one(
       $conn,
-      'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q AND path '.$like,
+      'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q',
       PhabricatorRepository::TABLE_LINTMESSAGE,
       $branch->getID(),
-      $where,
-      '/'.$drequest->getPath()));
+      $where));
   }
 
   public function render() {
diff --git a/src/applications/search/engine/PhabricatorSearchEngineMySQL.php b/src/applications/search/engine/PhabricatorSearchEngineMySQL.php
index cdc95be54e..65f3b6b4da 100644
--- a/src/applications/search/engine/PhabricatorSearchEngineMySQL.php
+++ b/src/applications/search/engine/PhabricatorSearchEngineMySQL.php
@@ -161,7 +161,8 @@ final class PhabricatorSearchEngineMySQL extends PhabricatorSearchEngine {
     if (strlen($q)) {
      $join[] = qsprintf(
         $conn_r,
-        "{$t_field} field ON field.phid = document.phid");
+        '%T field ON field.phid = document.phid',
+        $t_field);
       $where[] = qsprintf(
         $conn_r,
         'MATCH(corpus) AGAINST (%s IN BOOLEAN MODE)',
diff --git a/src/infrastructure/celerity/CelerityResourceTransformer.php b/src/infrastructure/celerity/CelerityResourceTransformer.php
index d650a91b4b..180de4941b 100644
--- a/src/infrastructure/celerity/CelerityResourceTransformer.php
+++ b/src/infrastructure/celerity/CelerityResourceTransformer.php
@@ -74,7 +74,7 @@ final class CelerityResourceTransformer {
         $bin = $root.'/externals/javelin/support/jsxmin/jsxmin';
 
         if (@file_exists($bin)) {
-          $future = new ExecFuture("{$bin} __DEV__:0");
+          $future = new ExecFuture('%s __DEV__:0', $bin);
           $future->write($data);
           list($err, $result) = $future->resolve();
           if (!$err) {
diff --git a/src/infrastructure/lint/linter/PhabricatorJavelinLinter.php b/src/infrastructure/lint/linter/PhabricatorJavelinLinter.php
index e2d39c3680..dc1a09957e 100644
--- a/src/infrastructure/lint/linter/PhabricatorJavelinLinter.php
+++ b/src/infrastructure/lint/linter/PhabricatorJavelinLinter.php
@@ -187,9 +187,7 @@ final class PhabricatorJavelinLinter extends ArcanistLinter {
   }
 
   private function newSymbolsFuture($path) {
-    $javelinsymbols = 'javelinsymbols';
-
-    $future = new ExecFuture($javelinsymbols.' # '.escapeshellarg($path));
+    $future = new ExecFuture('javelinsymbols # %s', $path);
     $future->write($this->getData($path));
     return $future;
   }