1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 16:22:43 +01:00

PhutilRemarkupHexColorCodeRule: Do not assume that parameter is a string

Summary:
Check type before potentially mangling HTML in a PhutilSafeHTML element.
For now, do not try to apply this renderer when not dealing with a plain string.

Closes T15802

Test Plan: After deleting the corresponding MarkupCache via `DELETE FROM phabricator_cache.cache_markupcache WHERE cacheData LIKE "%whatever description on the page%";` check the description of a page, e.g. of `/config/edit/security.require-https/` or `/config/edit/storage.default-namespace/`.

Reviewers: O1 Blessed Committers, valerio.bozzolan

Reviewed By: O1 Blessed Committers, valerio.bozzolan

Subscribers: tobiaswiese, valerio.bozzolan, Matthew, Cigaryno

Maniphest Tasks: T15802

Differential Revision: https://we.phorge.it/D25605
This commit is contained in:
Andre Klapper 2024-04-30 09:24:47 +02:00
parent 3367fe0017
commit 6ab2b56a1a
2 changed files with 13 additions and 4 deletions

View file

@ -9,10 +9,13 @@ final class PhutilRemarkupHexColorCodeRule
public function apply($text) { public function apply($text) {
// Match {#FFFFFF} // Match {#FFFFFF}
return preg_replace_callback( if (is_string($text)) {
'@\B\{(#([0-9a-fA-F]{3}){1,2})\}@', return preg_replace_callback(
array($this, 'markupHexColorCodedText'), '@\B\{(#([0-9a-fA-F]{3}){1,2})\}@',
$text); array($this, 'markupHexColorCodedText'),
$text);
}
return $text;
} }
protected function contrastingColor($color_code) { protected function contrastingColor($color_code) {

View file

@ -18,6 +18,12 @@ abstract class PhutilRemarkupRule extends Phobject {
return 500.0; return 500.0;
} }
/**
* Check input whether to apply RemarkupRule. If true, apply formatting.
* @param string|PhutilSafeHTML String to check and potentially format.
* @return string|PhutilSafeHTML Unchanged input if no match, or input after
* matching the formatting rule and applying the formatting.
*/
abstract public function apply($text); abstract public function apply($text);
public function getPostprocessKey() { public function getPostprocessKey() {