1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 09:12:41 +01:00

Convert AphrontDialogView to safe HTML

Summary:
Done by searching for `AphrontDialogView` and then `appendChild()`.

Also added some `pht()`.

Test Plan: None.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4882
This commit is contained in:
vrana 2013-02-09 10:31:09 -08:00
parent e4736bf977
commit 58b6e2cac6
32 changed files with 152 additions and 153 deletions

View file

@ -227,7 +227,7 @@ class AphrontDefaultApplicationConfiguration
phlog($ex);
$class = get_class($ex);
$message = phutil_escape_html($ex->getMessage());
$message = $ex->getMessage();
if ($ex instanceof AphrontQuerySchemaException) {
$message .=
@ -243,11 +243,13 @@ class AphrontDefaultApplicationConfiguration
$trace = null;
}
$content =
$content = hsprintf(
'<div class="aphront-unhandled-exception">'.
'<div class="exception-message">'.$message.'</div>'.
$trace.
'</div>';
'<div class="exception-message">%s</div>'.
'%s'.
'</div>',
$message,
$trace);
$dialog = new AphrontDialogView();
$dialog
@ -349,7 +351,7 @@ class AphrontDefaultApplicationConfiguration
}
$file_name = $file_name.' : '.(int)$part['line'];
} else {
$file_name = '<em>(Internal)</em>';
$file_name = phutil_tag('em', array(), '(Internal)');
}
@ -376,11 +378,12 @@ class AphrontDefaultApplicationConfiguration
'wide',
));
return
return hsprintf(
'<div class="exception-trace">'.
'<div class="exception-trace-header">Stack Trace</div>'.
$table->render().
'</div>';
'%s',
'</div>',
phutil_safe_html($table->render()));
}
}

View file

@ -43,12 +43,11 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Already Linked to Another Account'));
$dialog->appendChild(
'<p>'.pht('The LDAP account you just authorized is already '.
$dialog->appendChild(phutil_tag('p', array(), pht(
'The LDAP account you just authorized is already '.
'linked toanother Phabricator account. Before you can link it '.
'to a different LDAP account, you must unlink the old '.
'account.').'</p>'
);
'account.')));
$dialog->addCancelButton('/settings/panel/ldap/');
return id(new AphrontDialogResponse())->setDialog($dialog);
@ -62,10 +61,8 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Link LDAP Account'));
$dialog->appendChild(
'<p>'.
pht('Link your LDAP account to your Phabricator account?').
'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Link your LDAP account to your Phabricator account?')));
$dialog->addHiddenInput('username', $request->getStr('username'));
$dialog->addHiddenInput('password', $request->getStr('password'));
$dialog->addSubmitButton(pht('Link Accounts'));

View file

@ -18,9 +18,9 @@ final class PhabricatorLDAPUnlinkController extends PhabricatorAuthController {
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle(pht('Really unlink account?'));
$dialog->appendChild(
'<p>'.pht('You will not be able to login using this account '.
'once you unlink it. Continue?').'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'You will not be able to login using this account '.
'once you unlink it. Continue?')));
$dialog->addSubmitButton(pht('Unlink Account'));
$dialog->addCancelButton('/settings/panel/ldap/');

View file

@ -29,7 +29,8 @@ final class PhabricatorLoginController
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle(pht('Login Required'));
$dialog->appendChild('<p>'.pht('You must login to continue.').'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'You must login to continue.')));
$dialog->addSubmitButton(pht('Login'));
$dialog->addCancelButton('/', pht('Cancel'));

View file

@ -46,7 +46,8 @@ final class PhabricatorLogoutController
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Log out of Phabricator?'))
->appendChild('<p>'.pht('Are you sure you want to log out?').'</p>')
->appendChild(phutil_tag('p', array(), pht(
'Are you sure you want to log out?')))
->addSubmitButton(pht('Logout'))
->addCancelButton('/');

View file

@ -116,10 +116,9 @@ final class PhabricatorOAuthLoginController
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle(pht('Link %s Account', $provider_name));
$dialog->appendChild(
pht(
'<p>Link your %s account to your Phabricator account?</p>',
phutil_escape_html($provider_name)));
$dialog->appendChild(phutil_tag('p', array(), pht(
'Link your %s account to your Phabricator account?',
$provider_name)));
$dialog->addHiddenInput('confirm_token', $provider->getAccessToken());
$dialog->addHiddenInput('expires', $oauth_info->getTokenExpires());
$dialog->addHiddenInput('state', $this->oauthState);

View file

@ -34,9 +34,9 @@ final class PhabricatorOAuthUnlinkController extends PhabricatorAuthController {
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle(pht('Really unlink account?'));
$dialog->appendChild(
'<p>'.pht('You will not be able to login using this account '.
'once you unlink it. Continue?').'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'You will not be able to login using this account '.
'once you unlink it. Continue?')));
$dialog->addSubmitButton(pht('Unlink Account'));
$dialog->addCancelButton($provider->getSettingsPanelURI());

View file

@ -72,9 +72,8 @@ final class PhabricatorWorkerTaskUpdateController
case 'retry':
if ($can_retry) {
$dialog->setTitle('Really retry task?');
$dialog->appendChild(
'<p>The task will be put back in the queue and executed '.
'again.</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'The task will be put back in the queue and executed again.')));
$dialog->addSubmitButton('Retry Task');
} else {
$dialog->setTitle('Can Not Retry');

View file

@ -60,10 +60,9 @@ final class DifferentialCommentSaveController extends DifferentialController {
if (strlen($comment) || $has_inlines) {
$dialog->addSubmitButton(pht('Post as Comment'));
$dialog->appendChild('<br />');
$dialog->appendChild(
'<p>'.pht('Do you want to post your feedback anyway, as a normal '.
'comment?').'</p>');
$dialog->appendChild(phutil_tag('br'));
$dialog->appendChild(phutil_tag('p', array(), pht(
'Do you want to post your feedback anyway, as a normal comment?')));
}
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -43,7 +43,7 @@ final class DifferentialSubscribeController extends DifferentialController {
$dialog
->setUser($user)
->setTitle($title)
->appendChild('<p>'.$prompt.'</p>')
->appendChild(phutil_tag('p', array(), $prompt))
->setSubmitURI($request->getRequestURI())
->addSubmitButton($button)
->addCancelButton('/D'.$revision->getID());

View file

@ -24,8 +24,8 @@ final class DrydockLeaseReleaseController extends DrydockController {
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Lease Not Active'))
->appendChild(
'<p>'.pht('You can only release "active" leases.').'</p>')
->appendChild(phutil_tag('p', array(), pht(
'You can only release "active" leases.')))
->addCancelButton($lease_uri);
return id(new AphrontDialogResponse())->setDialog($dialog);
@ -35,11 +35,10 @@ final class DrydockLeaseReleaseController extends DrydockController {
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Really release lease?'))
->appendChild(
'<p>'.pht(
->appendChild(phutil_tag('p', array(), pht(
'Releasing a lease may cause trouble for the lease holder and '.
'trigger cleanup of the underlying resource. It can not be '.
'undone. Continue?').'</p>')
'undone. Continue?')))
->addSubmitButton(pht('Release Lease'))
->addCancelButton($lease_uri);

View file

@ -24,8 +24,8 @@ final class DrydockResourceCloseController extends DrydockController {
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Resource Not Open'))
->appendChild(
'<p>'.pht('You can only close "open" resources.').'</p>')
->appendChild(phutil_tag('p', array(), pht(
'You can only close "open" resources.')))
->addCancelButton($resource_uri);
return id(new AphrontDialogResponse())->setDialog($dialog);
@ -35,10 +35,9 @@ final class DrydockResourceCloseController extends DrydockController {
$dialog = id(new AphrontDialogView())
->setUser($user)
->setTitle(pht('Really close resource?'))
->appendChild(
'<p>'.pht(
->appendChild(phutil_tag('p', array(), pht(
'Closing a resource releases all leases and destroys the '.
'resource. It can not be undone. Continue?').'</p>')
'resource. It can not be undone. Continue?')))
->addSubmitButton(pht('Close Resource'))
->addCancelButton($resource_uri);

View file

@ -37,10 +37,10 @@ final class PhabricatorHelpKeyboardShortcutController
));
}
$table =
'<table class="keyboard-shortcut-help">'.
implode('', $rows).
'</table>';
$table = phutil_tag(
'table',
array('class' => 'keyboard-shortcut-help'),
$rows);
$dialog = id(new AphrontDialogView())
->setUser($user)

View file

@ -43,10 +43,10 @@ final class PhabricatorMacroDisableController
$dialog
->setUser($request->getUser())
->setTitle(pht('Really disable macro?'))
->appendChild(
'<p>'.pht('Really disable the much-beloved image macro %s? '.
'It will be sorely missed.', phutil_escape_html($macro->getName())).
'</p>')
->appendChild(phutil_tag('p', array(), pht(
'Really disable the much-beloved image macro %s? '.
'It will be sorely missed.',
$macro->getName())))
->setSubmitURI($this->getApplicationURI('/disable/'.$this->id.'/'))
->addSubmitButton(pht('Disable'))
->addCancelButton($view_uri);

View file

@ -28,7 +28,7 @@ final class ManiphestExportController extends ManiphestController {
$dialog->setUser($user);
$dialog->setTitle('Excel Export Not Configured');
$dialog->appendChild(
$dialog->appendChild(hsprintf(
'<p>This system does not have PHPExcel installed. This software '.
'component is required to export tasks to Excel. Have your system '.
'administrator install it from:</p>'.
@ -38,7 +38,7 @@ final class ManiphestExportController extends ManiphestController {
'</p>'.
'<br />'.
'<p>Your PHP "include_path" needs to be updated to include the '.
'PHPExcel Classes/ directory.</p>');
'PHPExcel Classes/ directory.</p>'));
$dialog->addCancelButton('/maniphest/');
return id(new AphrontDialogResponse())->setDialog($dialog);
@ -59,8 +59,8 @@ final class ManiphestExportController extends ManiphestController {
$dialog->setUser($user);
$dialog->setTitle('Export Tasks to Excel');
$dialog->appendChild(
'<p>Do you want to export the query results to Excel?</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Do you want to export the query results to Excel?')));
$dialog->addCancelButton('/maniphest/');
$dialog->addSubmitButton('Export to Excel');

View file

@ -37,9 +37,8 @@ extends PhabricatorOAuthClientBaseController {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle($title);
$dialog->appendChild(
'<p>Are you sure you want to delete this client?</p>'
);
$dialog->appendChild(phutil_tag('p', array(), pht(
'Are you sure you want to delete this client?')));
$dialog->addSubmitButton();
$dialog->addCancelButton($client->getEditURI());
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -46,9 +46,8 @@ extends PhabricatorOAuthClientAuthorizationBaseController {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle($title);
$dialog->appendChild(
'<p>Are you sure you want to delete this client authorization?</p>'
);
$dialog->appendChild(phutil_tag('p', array(), pht(
'Are you sure you want to delete this client authorization?')));
$dialog->addSubmitButton();
$dialog->addCancelButton($authorization->getEditURI());
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -41,7 +41,7 @@ final class PhameBlogDeleteController extends PhameController {
->appendChild(
pht(
'Really delete the blog "%s"? It will be gone forever.',
phutil_escape_html($blog->getName())))
$blog->getName()))
->addSubmitButton(pht('Delete'))
->addCancelButton($cancel_uri);

View file

@ -41,7 +41,7 @@ final class PhamePostDeleteController extends PhameController {
->appendChild(
pht(
'Really delete the post "%s"? It will be gone forever.',
phutil_escape_html($post->getTitle())))
$post->getTitle()))
->addSubmitButton(pht('Delete'))
->addCancelButton($cancel_uri);

View file

@ -25,16 +25,16 @@ final class PhamePostNotLiveController extends PhameController {
$reasons = array();
if (!$post->getBlog()) {
$reasons[] =
'<p>'.pht('You can not view the live version of this post because it '.
$reasons[] = phutil_tag('p', array(), pht(
'You can not view the live version of this post because it '.
'is not associated with a blog. Move the post to a blog in order to '.
'view it live.').'</p>';
'view it live.'));
}
if ($post->isDraft()) {
$reasons[] =
'<p>'.pht('You can not view the live version of this post because it '.
'is still a draft. Use "Preview/Publish" to publish the post.').'</p>';
$reasons[] = phutil_tag('p', array(), pht(
'You can not view the live version of this post because it '.
'is still a draft. Use "Preview/Publish" to publish the post.'));
}
if ($reasons) {

View file

@ -45,7 +45,7 @@ final class PhamePostUnpublishController extends PhameController {
pht(
'The post "%s" will no longer be visible to other users until you '.
'republish it.',
phutil_escape_html($post->getTitle())))
$post->getTitle()))
->addSubmitButton(pht('Unpublish'))
->addCancelButton($cancel_uri);

View file

@ -108,8 +108,8 @@ final class PhrictionEditController
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle(pht('No Edits'));
$dialog->appendChild(
'<p>'.pht('You did not make any changes to the document.').'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'You did not make any changes to the document.')));
$dialog->addCancelButton($request->getRequestURI());
return id(new AphrontDialogResponse())->setDialog($dialog);
@ -122,8 +122,8 @@ final class PhrictionEditController
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle(pht('Empty Page'));
$dialog->appendChild(
'<p>'.pht('You can not create an empty document.').'</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'You can not create an empty document.')));
$dialog->addCancelButton($request->getRequestURI());
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -23,7 +23,8 @@ final class PonderAnswerSaveController extends PonderController {
$dialog = new AphrontDialogView();
$dialog->setUser($request->getUser());
$dialog->setTitle('Empty answer');
$dialog->appendChild('<p>Your answer must not be empty.</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Your answer must not be empty.')));
$dialog->addCancelButton('/Q'.$question_id);
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -32,7 +32,8 @@ final class PonderCommentSaveController extends PonderController {
$dialog = new AphrontDialogView();
$dialog->setUser($request->getUser());
$dialog->setTitle('Empty comment');
$dialog->appendChild('<p>Your comment must not be empty.</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Your comment must not be empty.')));
$dialog->addCancelButton('/Q'.$question_id);
return id(new AphrontDialogResponse())->setDialog($dialog);

View file

@ -62,9 +62,9 @@ final class PhabricatorProjectUpdateController
$dialog = new AphrontDialogView();
$dialog->setUser($user);
$dialog->setTitle('Really leave project?');
$dialog->appendChild(
'<p>Your tremendous contributions to this project will be sorely '.
'missed. Are you sure you want to leave?</p>');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Your tremendous contributions to this project will be sorely '.
'missed. Are you sure you want to leave?')));
$dialog->addCancelButton($project_uri);
$dialog->addSubmitButton('Leave Project');
break;

View file

@ -26,9 +26,9 @@ final class PhabricatorSettingsPanelConduit
$dialog->setSubmitURI($this->getPanelURI());
$dialog->addSubmitButton('Regenerate');
$dialog->addCancelbutton($this->getPanelURI());
$dialog->appendChild(
'<p>Really destroy the old certificate? Any established '.
'sessions will be terminated.');
$dialog->appendChild(phutil_tag('p', array(), pht(
'Really destroy the old certificate? Any established '.
'sessions will be terminated.')));
return id(new AphrontDialogResponse())
->setDialog($dialog);

View file

@ -191,9 +191,9 @@ final class PhabricatorSettingsPanelEmailAddresses
->setUser($user)
->addHiddenInput('new', 'verify')
->setTitle('Verification Email Sent')
->appendChild(
'<p>A verification email has been sent. Click the link in the '.
'email to verify your address.</p>')
->appendChild(phutil_tag('p', array(), pht(
'A verification email has been sent. Click the link in the '.
'email to verify your address.')))
->setSubmitURI($uri)
->addSubmitButton('Done');
@ -264,9 +264,9 @@ final class PhabricatorSettingsPanelEmailAddresses
->setUser($user)
->addHiddenInput('delete', $email_id)
->setTitle("Really delete address '{$address}'?")
->appendChild(
'<p>Are you sure you want to delete this address? You will no '.
'longer be able to use it to login.</p>')
->appendChild(phutil_tag('p', array(), pht(
'Are you sure you want to delete this address? You will no '.
'longer be able to use it to login.')))
->addSubmitButton('Delete')
->addCancelButton($uri);

View file

@ -240,7 +240,7 @@ final class PhabricatorSettingsPanelSSHKeys
$user = $request->getUser();
$name = phutil_escape_html($key->getName());
$name = phutil_tag('strong', array(), $key->getName());
if ($request->isDialogFormPost()) {
$key->delete();
@ -252,10 +252,10 @@ final class PhabricatorSettingsPanelSSHKeys
->setUser($user)
->addHiddenInput('delete', $key->getID())
->setTitle('Really delete SSH Public Key?')
->appendChild(
'<p>The key "<strong>'.$name.'</strong>" will be permanently deleted, '.
'and you will not longer be able to use the corresponding private key '.
'to authenticate.</p>')
->appendChild(phutil_tag('p', array(), pht(
'The key "%s" will be permanently deleted, and you will not longer be '.
'able to use the corresponding private key to authenticate.',
$name)))
->addSubmitButton('Delete Public Key')
->addCancelButton($this->getPanelURI());

View file

@ -57,7 +57,8 @@ final class PhabricatorApplicationTransactionNoEffectResponse
->setTitle($title);
foreach ($xactions as $xaction) {
$dialog->appendChild('<p>'.$xaction->getNoEffectDescription().'</p>');
$dialog->appendChild(
phutil_tag('p', array(), $xaction->getNoEffectDescription()));
}
$dialog->appendChild($tail);

View file

@ -71,7 +71,7 @@ abstract class PhabricatorInlineCommentController
$dialog->setTitle('Really delete this comment?');
$dialog->addHiddenInput('id', $this->getCommentID());
$dialog->addHiddenInput('op', 'delete');
$dialog->appendChild('<p>Delete this inline comment?</p>');
$dialog->appendChild(hsprintf('<p>Delete this inline comment?</p>'));
$dialog->addCancelButton('#');
$dialog->addSubmitButton('Delete');

View file

@ -99,7 +99,6 @@ final class AphrontDialogView extends AphrontView {
),
$this->cancelText);
}
$buttons = implode('', $buttons);
if (!$this->user) {
throw new Exception(
@ -131,6 +130,14 @@ final class AphrontDialogView extends AphrontView {
);
$hidden_inputs = array();
$hidden_inputs[] = phutil_tag(
'input',
array(
'type' => 'hidden',
'name' => '__dialog__',
'value' => '1',
));
foreach ($this->hidden as $desc) {
list($key, $value) = $desc;
$hidden_inputs[] = javelin_tag(
@ -142,37 +149,30 @@ final class AphrontDialogView extends AphrontView {
'sigil' => 'aphront-dialog-application-input'
));
}
$hidden_inputs = implode("\n", $hidden_inputs);
$hidden_inputs =
'<input type="hidden" name="__dialog__" value="1" />'.
$hidden_inputs;
if (!$this->renderAsForm) {
$buttons = phabricator_render_form(
$buttons = array(phabricator_form(
$this->user,
$form_attributes,
$hidden_inputs.$buttons);
array_merge($hidden_inputs, $buttons)));
}
$content =
hsprintf('<div class="aphront-dialog-head">%s</div>', $this->title).
'<div class="aphront-dialog-body">'.
$this->renderChildren().
'</div>'.
'<div class="aphront-dialog-tail">'.
$buttons.
'<div style="clear: both;"></div>'.
'</div>';
$buttons[] = phutil_tag('div', array('style' => 'clear: both;'), '');
$children = $this->renderHTMLChildren();
$content = hsprintf(
'%s%s%s',
phutil_tag('div', array('class' => 'aphront-dialog-head'), $this->title),
phutil_tag('div', array('class' => 'aphront-dialog-body'), $children),
phutil_tag('div', array('class' => 'aphront-dialog-tail'), $buttons));
if ($this->renderAsForm) {
return phabricator_render_form(
return phabricator_form(
$this->user,
$form_attributes + $attributes,
$hidden_inputs.
$content);
array($hidden_inputs, $content));
} else {
return javelin_render_tag(
return javelin_tag(
'div',
$attributes,
$content);

View file

@ -101,50 +101,51 @@ final class PhabricatorObjectSelectorDialog {
),
$label);
}
$options = implode("\n", $options);
$instructions = null;
if ($this->instructions) {
$instructions =
'<p class="phabricator-object-selector-instructions">'.
$this->instructions.
'</p>';
$instructions = phutil_tag(
'p',
array('class' => 'phabricator-object-selector-instructions'),
$this->instructions);
}
$search_box = phabricator_render_form(
$search_box = phabricator_form(
$user,
array(
'method' => 'POST',
'action' => $this->submitURI,
'id' => $search_id,
),
hsprintf(
'<table class="phabricator-object-selector-search">
<tr>
<td class="phabricator-object-selector-search-filter">
<select id="'.$filter_id.'">'.
$options.
'</select>
</td>
<td class="phabricator-object-selector-search-text">
<input type="text" id="'.$query_id.'" />
</td>
<td class="phabricator-object-selector-search-filter">%s</td>
<td class="phabricator-object-selector-search-text">%s</td>
</tr>
</table>');
$result_box =
'<div class="phabricator-object-selector-results" id="'.$results_id.'">'.
'</div>';
$attached_box =
</table>',
phutil_tag('select', array('id' => $filter_id), $options),
phutil_tag('input', array('id' => $query_id))));
$result_box = phutil_tag(
'div',
array(
'class' => 'phabricator-object-selector-results',
'id' => $results_id,
),
'');
$attached_box = hsprintf(
'<div class="phabricator-object-selector-current">'.
'<div class="phabricator-object-selector-currently-attached">'.
hsprintf(
'<div class="phabricator-object-selector-header">%s</div>',
$this->header).
'<div id="'.$current_id.'">'.
'<div class="phabricator-object-selector-header">%s</div>'.
'<div id="%s"></div>'.
'%s'.
'</div>'.
$instructions.
'</div>'.
'</div>';
'</div>',
$this->header,
$current_id,
$instructions);
$dialog = new AphrontDialogView();
$dialog