revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 07:12:41 +01:00
Code Issues Releases Wiki Activity

Convert AphrontFormInsetView to safe HTML

Browse source 
Summary: Done by searching for `AphrontFormInsetView` and verifying all method calls.

Test Plan: /repository/edit/1/tracking/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4845
This commit is contained in:
vrana 2013-02-06 17:13:50 -08:00
parent 059920c2da
commit 85961c8eca
2 changed files with 44 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
src/applications/repository/controller/PhabricatorRepositoryEditController.php
View file

@ -401,28 +401,30 @@ final class PhabricatorRepositoryEditController
$uri_label = 'Repository URI'; $uri_label = 'Repository URI';
if ($has_local) { if ($has_local) {
if ($is_git) { if ($is_git) {
$instructions = $instructions = hsprintf(
'Enter the URI to clone this repository from. It should look like '. 'Enter the URI to clone this repository from. It should look like '.
'<tt>git@github.com:example/example.git</tt>, '. '<tt>git@github.com:example/example.git</tt>, '.
'<tt>ssh://user@host.com/git/example.git</tt>, or '. '<tt>ssh://user@host.com/git/example.git</tt>, or '.
'<tt>file:///local/path/to/repo</tt>'; '<tt>file:///local/path/to/repo</tt>');
} else if ($is_mercurial) { } else if ($is_mercurial) {
$instructions = $instructions = hsprintf(
'Enter the URI to clone this repository from. It should look '. 'Enter the URI to clone this repository from. It should look '.
'something like <tt>ssh://user@host.com/hg/example</tt>'; 'something like <tt>ssh://user@host.com/hg/example</tt>');
} }
$inset->appendChild( $inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">'.$instructions.'</p>'); '<p class="aphront-form-instructions">%s</p>',
$instructions));
} else if ($is_svn) { } else if ($is_svn) {
$instructions = $instructions = hsprintf(
'Enter the <strong>Repository Root</strong> for this SVN repository. '. 'Enter the <strong>Repository Root</strong> for this SVN repository. '.
'You can figure this out by running <tt>svn info</tt> and looking at '. 'You can figure this out by running <tt>svn info</tt> and looking at '.
'the value in the <tt>Repository Root</tt> field. It should be a URI '. 'the value in the <tt>Repository Root</tt> field. It should be a URI '.
'and look like <tt>http://svn.example.org/svn/</tt>, '. 'and look like <tt>http://svn.example.org/svn/</tt>, '.
'<tt>svn+ssh://svn.example.com/svnroot/</tt>, or '. '<tt>svn+ssh://svn.example.com/svnroot/</tt>, or '.
'<tt>svn://svn.example.net/svn/</tt>'; '<tt>svn://svn.example.net/svn/</tt>');
$inset->appendChild( $inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">'.$instructions.'</p>'); '<p class="aphront-form-instructions">%s</p>',
$instructions));
$uri_label = 'Repository Root'; $uri_label = 'Repository Root';
} }
@ -435,12 +437,12 @@ final class PhabricatorRepositoryEditController
->setValue($repository->getDetail('remote-uri')) ->setValue($repository->getDetail('remote-uri'))
->setError($e_uri)); ->setError($e_uri));
$inset->appendChild( $inset->appendChild(hsprintf(
'<div class="aphront-form-instructions">'. '<div class="aphront-form-instructions">'.
'If you want to connect to this repository over SSH, enter the '. 'If you want to connect to this repository over SSH, enter the '.
'username and private key to use. You can leave these fields blank if '. 'username and private key to use. You can leave these fields blank if '.
'the repository does not use SSH.'. 'the repository does not use SSH.'.
'</div>'); '</div>'));
$inset $inset
->appendChild( ->appendChild(
@ -469,14 +471,14 @@ final class PhabricatorRepositoryEditController
if ($has_auth_support) { if ($has_auth_support) {
$inset $inset
->appendChild( ->appendChild(hsprintf(
'<div class="aphront-form-instructions">'. '<div class="aphront-form-instructions">'.
'If you want to connect to this repository with a username and '. 'If you want to connect to this repository with a username and '.
'password, such as over HTTP Basic Auth or SVN with SASL, '. 'password, such as over HTTP Basic Auth or SVN with SASL, '.
'enter the username and password to use. You can leave these '. 'enter the username and password to use. You can leave these '.
'fields blank if the repository does not use a username and '. 'fields blank if the repository does not use a username and '.
'password for authentication.'. 'password for authentication.'.
'</div>') '</div>'))
->appendChild( ->appendChild(
id(new AphrontFormTextControl()) id(new AphrontFormTextControl())
->setName('http-login') ->setName('http-login')
@ -490,18 +492,18 @@ final class PhabricatorRepositoryEditController
} }
$inset $inset
->appendChild( ->appendChild(hsprintf(
'<div class="aphront-form-important">'. '<div class="aphront-form-important">'.
'To test your authentication configuration, <strong>save this '. 'To test your authentication configuration, <strong>save this '.
'form</strong> and then run this script:'. 'form</strong> and then run this script:'.
'<code>'. '<code>'.
'phabricator/ $ ./scripts/repository/test_connection.php '. 'phabricator/ $ ./scripts/repository/test_connection.php %s'.
phutil_escape_html($repository->getCallsign()).
'</code>'. '</code>'.
'This will verify that your configuration is correct and the '. 'This will verify that your configuration is correct and the '.
'daemons can connect to the remote repository and pull changes '. 'daemons can connect to the remote repository and pull changes '.
'from it.'. 'from it.'.
'</div>'); '</div>',
$repository->getCallsign()));
$form->appendChild($inset); $form->appendChild($inset);
@ -515,12 +517,14 @@ final class PhabricatorRepositoryEditController
if (!$repository->getDetail('remote-uri') && $default) { if (!$repository->getDetail('remote-uri') && $default) {
$default_local_path = $default.strtolower($repository->getCallsign()); $default_local_path = $default.strtolower($repository->getCallsign());
} }
$inset->appendChild( $inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">Select a path on local disk '. '<p class="aphront-form-instructions">Select a path on local disk '.
'which the daemons should <tt>'.$clone_command.'</tt> the repository '. 'which the daemons should <tt>%s</tt> the repository into. This must '.
'into. This must be readable and writable by the daemons, and '. 'be readable and writable by the daemons, and readable by the '.
'readable by the webserver. The daemons will <tt>'.$fetch_command. 'webserver. The daemons will <tt>%s</tt> and keep this repository up '.
'</tt> and keep this repository up to date.</p>'); 'to date.</p>',
$clone_command,
$fetch_command));
$inset->appendChild( $inset->appendChild(
id(new AphrontFormTextControl()) id(new AphrontFormTextControl())
->setName('path') ->setName('path')
@ -528,12 +532,12 @@ final class PhabricatorRepositoryEditController
->setValue($repository->getDetail('local-path', $default_local_path)) ->setValue($repository->getDetail('local-path', $default_local_path))
->setError($e_path)); ->setError($e_path));
} else if ($is_svn) { } else if ($is_svn) {
$inset->appendChild( $inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">If you only want to parse one '. '<p class="aphront-form-instructions">If you only want to parse one '.
'subpath of the repository, specify it here, relative to the '. 'subpath of the repository, specify it here, relative to the '.
'repository root (e.g., <tt>trunk/</tt> or <tt>projects/wheel/</tt>). '. 'repository root (e.g., <tt>trunk/</tt> or <tt>projects/wheel/</tt>). '.
'If you want to parse multiple subdirectories, create a separate '. 'If you want to parse multiple subdirectories, create a separate '.
'Phabricator repository for each one.</p>'); 'Phabricator repository for each one.</p>'));
$inset->appendChild( $inset->appendChild(
id(new AphrontFormTextControl()) id(new AphrontFormTextControl())
->setName('svn-subpath') ->setName('svn-subpath')

28
src/view/form/AphrontFormInsetView.php
View file

@ -48,11 +48,7 @@ final class AphrontFormInsetView extends AphrontView {
public function render() { public function render() {
$title = $hidden_inputs = $right_button = $desc = $content = ''; $right_button = $desc = '';
if ($this->title) {
$title = '<h1>'.phutil_escape_html($this->title).'</h1>';
}
$hidden_inputs = array(); $hidden_inputs = array();
foreach ($this->hidden as $inp) { foreach ($this->hidden as $inp) {
@ -65,7 +61,6 @@ final class AphrontFormInsetView extends AphrontView {
'value' => $value, 'value' => $value,
)); ));
} }
$hidden_inputs = implode("\n", $hidden_inputs);
if ($this->rightButton) { if ($this->rightButton) {
$right_button = phutil_tag( $right_button = phutil_tag(
@ -83,7 +78,7 @@ final class AphrontFormInsetView extends AphrontView {
$this->description); $this->description);
if ($right_button) { if ($right_button) {
$desc .= '<div style="clear: both;"></div>'; $desc = hsprintf('%s<div style="clear: both;"></div>', $desc);
} }
} }
@ -95,13 +90,20 @@ final class AphrontFormInsetView extends AphrontView {
$div_attributes['class'] = implode(' ', $classes); $div_attributes['class'] = implode(' ', $classes);
if ($this->content) { $content = $hidden_inputs;
$content = $this->content; $content[] = $right_button;
$content[] = $desc;
if ($this->title != '') {
array_unshift($content, phutil_tag('h1', array(), $this->title));
} }
return $title.phutil_render_tag( if ($this->content) {
'div', $content[] = $this->content;
$div_attributes, }
$hidden_inputs.$right_button.$desc.$content.$this->renderChildren());
$content = array_merge($content, $this->renderHTMLChildren());
return phutil_tag('div', $div_attributes, $content);
} }
} }