From 7dd19ba93fb60001b859f070359c640bc340af7c Mon Sep 17 00:00:00 2001 From: vrana Date: Thu, 7 Feb 2013 15:18:34 -0800 Subject: [PATCH] Convert AphrontFormLayoutView to safe HTML Summary: Searched for `AphrontFormLayoutView` and then `appendChild()`. Test Plan: /V1 Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4856 --- .../PhabricatorFlagEditController.php | 7 +-- .../ponder/view/PonderAddCommentView.php | 2 +- .../PhabricatorSlowvotePollController.php | 50 ++++++++++--------- src/view/form/AphrontFormLayoutView.php | 4 +- src/view/form/AphrontFormView.php | 6 +-- 5 files changed, 36 insertions(+), 33 deletions(-) diff --git a/src/applications/flag/controller/PhabricatorFlagEditController.php b/src/applications/flag/controller/PhabricatorFlagEditController.php index 17adca8be9..e8f02dc951 100644 --- a/src/applications/flag/controller/PhabricatorFlagEditController.php +++ b/src/applications/flag/controller/PhabricatorFlagEditController.php @@ -52,9 +52,10 @@ final class PhabricatorFlagEditController extends PhabricatorFlagController { if ($is_new) { $form - ->appendChild( - "

You can flag this {$type_name} if you want to remember to look ". - "at it later.


"); + ->appendChild(hsprintf( + "

You can flag this %s if you want to remember to look ". + "at it later.


", + $type_name)); } $radio = new AphrontFormRadioButtonControl(); diff --git a/src/applications/ponder/view/PonderAddCommentView.php b/src/applications/ponder/view/PonderAddCommentView.php index f23f624df7..ba26fe961e 100644 --- a/src/applications/ponder/view/PonderAddCommentView.php +++ b/src/applications/ponder/view/PonderAddCommentView.php @@ -45,7 +45,7 @@ final class PonderAddCommentView extends AphrontView { $view = id(new AphrontMoreView()) ->setSome('') - ->setMore(phutil_safe_html($form->render())) + ->setMore($form->render()) ->setExpandText('Add Comment'); return $view->render(); diff --git a/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php b/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php index 95938fa958..44b3a06d5d 100644 --- a/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php +++ b/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php @@ -208,19 +208,19 @@ final class PhabricatorSlowvotePollController require_celerity_resource('phabricator-remarkup-css'); - $comment_markup[] = + $comment_markup[] = hsprintf( ''. ''. - $handle->renderLink(). - '
'. - phabricator_datetime($comment->getDateCreated(), $viewer). - '
'. + '%s'. + '
%s
'. + ''. ''. - '
'. - $markup. - '
'. + '
%s
'. ''. - ''; + '', + $handle->renderLink(), + phabricator_datetime($comment->getDateCreated(), $viewer), + $markup); } if ($comment_markup) { @@ -229,7 +229,7 @@ final class PhabricatorSlowvotePollController array( 'class' => 'phabricator-slowvote-comments', ), - new PhutilSafeHTML(implode("\n", $comment_markup))); + $comment_markup); } else { $comment_markup = null; } @@ -373,7 +373,7 @@ final class PhabricatorSlowvotePollController } $result_markup = id(new AphrontFormLayoutView()) - ->appendChild('

Ongoing Deliberation

'); + ->appendChild(phutil_tag('h1', array(), 'Ongoing Deliberation')); if (!$can_see_responses) { if ($need_vote) { @@ -382,8 +382,9 @@ final class PhabricatorSlowvotePollController $reason = "The results are not public."; } $result_markup - ->appendChild( - '

'.$reason.'

'); + ->appendChild(hsprintf( + '

%s

', + $reason)); return $result_markup; } @@ -414,7 +415,6 @@ final class PhabricatorSlowvotePollController 'src' => $profile_image, ))); } - $user_markup = implode('', $user_markup); } else { $user_markup = 'This option has failed to appeal to anyone.'; } @@ -428,18 +428,20 @@ final class PhabricatorSlowvotePollController $choices, $chosen); - $result_markup->appendChild( + $result_markup->appendChild(hsprintf( '
'. - '
'. - $vote_count. - '
'. - '

'.phutil_escape_html($option->getName()).'

'. + '
%s
'. + '

%s

'. '
'. - $user_markup. - '
'. + '%s'. + '
'. '
'. - $comment_markup. - '
'); + '%s'. + '
', + $vote_count, + $option->getName(), + phutil_tag('div', array(), $user_markup), + $comment_markup)); } if ($poll->getMethod() == PhabricatorSlowvotePoll::METHOD_APPROVAL && @@ -448,7 +450,7 @@ final class PhabricatorSlowvotePollController $comments, $handles); $result_markup->appendChild( - '

Motions Proposed for Consideration

'); + phutil_tag('h1', array(), 'Motions Proposed for Consideration')); $result_markup->appendChild($comment_markup); } diff --git a/src/view/form/AphrontFormLayoutView.php b/src/view/form/AphrontFormLayoutView.php index 5780353475..300c7370e0 100644 --- a/src/view/form/AphrontFormLayoutView.php +++ b/src/view/form/AphrontFormLayoutView.php @@ -33,11 +33,11 @@ final class AphrontFormLayoutView extends AphrontView { $classes = implode(' ', $classes); - return phutil_render_tag( + return phutil_tag( 'div', array( 'class' => $classes, ), - $this->renderChildren()); + $this->renderHTMLChildren()); } } diff --git a/src/view/form/AphrontFormView.php b/src/view/form/AphrontFormView.php index 8b0041f00a..76342830b8 100644 --- a/src/view/form/AphrontFormView.php +++ b/src/view/form/AphrontFormView.php @@ -68,7 +68,7 @@ final class AphrontFormView extends AphrontView { $layout ->appendChild($this->renderDataInputs()) - ->appendChild($this->renderChildren()); + ->appendChild($this->renderHTMLChildren()); if (!$this->user) { throw new Exception('You must pass the user to AphrontFormView.'); @@ -79,7 +79,7 @@ final class AphrontFormView extends AphrontView { $sigils[] = 'workflow'; } - return phabricator_render_form( + return phabricator_form( $this->user, array( 'class' => $this->flexible ? 'phabricator-form-view' : null, @@ -106,7 +106,7 @@ final class AphrontFormView extends AphrontView { 'value' => $value, )); } - return implode("\n", $inputs); + return $inputs; } }