mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-23 07:12:41 +01:00
Convert AphrontFormInsetView to safe HTML
Summary: Done by searching for `AphrontFormInsetView` and verifying all method calls. Test Plan: /repository/edit/1/tracking/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4845
This commit is contained in:
parent
059920c2da
commit
85961c8eca
2 changed files with 44 additions and 38 deletions
|
@ -401,28 +401,30 @@ final class PhabricatorRepositoryEditController
|
|||
$uri_label = 'Repository URI';
|
||||
if ($has_local) {
|
||||
if ($is_git) {
|
||||
$instructions =
|
||||
$instructions = hsprintf(
|
||||
'Enter the URI to clone this repository from. It should look like '.
|
||||
'<tt>git@github.com:example/example.git</tt>, '.
|
||||
'<tt>ssh://user@host.com/git/example.git</tt>, or '.
|
||||
'<tt>file:///local/path/to/repo</tt>';
|
||||
'<tt>file:///local/path/to/repo</tt>');
|
||||
} else if ($is_mercurial) {
|
||||
$instructions =
|
||||
$instructions = hsprintf(
|
||||
'Enter the URI to clone this repository from. It should look '.
|
||||
'something like <tt>ssh://user@host.com/hg/example</tt>';
|
||||
'something like <tt>ssh://user@host.com/hg/example</tt>');
|
||||
}
|
||||
$inset->appendChild(
|
||||
'<p class="aphront-form-instructions">'.$instructions.'</p>');
|
||||
$inset->appendChild(hsprintf(
|
||||
'<p class="aphront-form-instructions">%s</p>',
|
||||
$instructions));
|
||||
} else if ($is_svn) {
|
||||
$instructions =
|
||||
$instructions = hsprintf(
|
||||
'Enter the <strong>Repository Root</strong> for this SVN repository. '.
|
||||
'You can figure this out by running <tt>svn info</tt> and looking at '.
|
||||
'the value in the <tt>Repository Root</tt> field. It should be a URI '.
|
||||
'and look like <tt>http://svn.example.org/svn/</tt>, '.
|
||||
'<tt>svn+ssh://svn.example.com/svnroot/</tt>, or '.
|
||||
'<tt>svn://svn.example.net/svn/</tt>';
|
||||
$inset->appendChild(
|
||||
'<p class="aphront-form-instructions">'.$instructions.'</p>');
|
||||
'<tt>svn://svn.example.net/svn/</tt>');
|
||||
$inset->appendChild(hsprintf(
|
||||
'<p class="aphront-form-instructions">%s</p>',
|
||||
$instructions));
|
||||
$uri_label = 'Repository Root';
|
||||
}
|
||||
|
||||
|
@ -435,12 +437,12 @@ final class PhabricatorRepositoryEditController
|
|||
->setValue($repository->getDetail('remote-uri'))
|
||||
->setError($e_uri));
|
||||
|
||||
$inset->appendChild(
|
||||
$inset->appendChild(hsprintf(
|
||||
'<div class="aphront-form-instructions">'.
|
||||
'If you want to connect to this repository over SSH, enter the '.
|
||||
'username and private key to use. You can leave these fields blank if '.
|
||||
'the repository does not use SSH.'.
|
||||
'</div>');
|
||||
'</div>'));
|
||||
|
||||
$inset
|
||||
->appendChild(
|
||||
|
@ -469,14 +471,14 @@ final class PhabricatorRepositoryEditController
|
|||
|
||||
if ($has_auth_support) {
|
||||
$inset
|
||||
->appendChild(
|
||||
->appendChild(hsprintf(
|
||||
'<div class="aphront-form-instructions">'.
|
||||
'If you want to connect to this repository with a username and '.
|
||||
'password, such as over HTTP Basic Auth or SVN with SASL, '.
|
||||
'enter the username and password to use. You can leave these '.
|
||||
'fields blank if the repository does not use a username and '.
|
||||
'password for authentication.'.
|
||||
'</div>')
|
||||
'</div>'))
|
||||
->appendChild(
|
||||
id(new AphrontFormTextControl())
|
||||
->setName('http-login')
|
||||
|
@ -490,18 +492,18 @@ final class PhabricatorRepositoryEditController
|
|||
}
|
||||
|
||||
$inset
|
||||
->appendChild(
|
||||
->appendChild(hsprintf(
|
||||
'<div class="aphront-form-important">'.
|
||||
'To test your authentication configuration, <strong>save this '.
|
||||
'form</strong> and then run this script:'.
|
||||
'<code>'.
|
||||
'phabricator/ $ ./scripts/repository/test_connection.php '.
|
||||
phutil_escape_html($repository->getCallsign()).
|
||||
'phabricator/ $ ./scripts/repository/test_connection.php %s'.
|
||||
'</code>'.
|
||||
'This will verify that your configuration is correct and the '.
|
||||
'daemons can connect to the remote repository and pull changes '.
|
||||
'from it.'.
|
||||
'</div>');
|
||||
'</div>',
|
||||
$repository->getCallsign()));
|
||||
|
||||
$form->appendChild($inset);
|
||||
|
||||
|
@ -515,12 +517,14 @@ final class PhabricatorRepositoryEditController
|
|||
if (!$repository->getDetail('remote-uri') && $default) {
|
||||
$default_local_path = $default.strtolower($repository->getCallsign());
|
||||
}
|
||||
$inset->appendChild(
|
||||
$inset->appendChild(hsprintf(
|
||||
'<p class="aphront-form-instructions">Select a path on local disk '.
|
||||
'which the daemons should <tt>'.$clone_command.'</tt> the repository '.
|
||||
'into. This must be readable and writable by the daemons, and '.
|
||||
'readable by the webserver. The daemons will <tt>'.$fetch_command.
|
||||
'</tt> and keep this repository up to date.</p>');
|
||||
'which the daemons should <tt>%s</tt> the repository into. This must '.
|
||||
'be readable and writable by the daemons, and readable by the '.
|
||||
'webserver. The daemons will <tt>%s</tt> and keep this repository up '.
|
||||
'to date.</p>',
|
||||
$clone_command,
|
||||
$fetch_command));
|
||||
$inset->appendChild(
|
||||
id(new AphrontFormTextControl())
|
||||
->setName('path')
|
||||
|
@ -528,12 +532,12 @@ final class PhabricatorRepositoryEditController
|
|||
->setValue($repository->getDetail('local-path', $default_local_path))
|
||||
->setError($e_path));
|
||||
} else if ($is_svn) {
|
||||
$inset->appendChild(
|
||||
$inset->appendChild(hsprintf(
|
||||
'<p class="aphront-form-instructions">If you only want to parse one '.
|
||||
'subpath of the repository, specify it here, relative to the '.
|
||||
'repository root (e.g., <tt>trunk/</tt> or <tt>projects/wheel/</tt>). '.
|
||||
'If you want to parse multiple subdirectories, create a separate '.
|
||||
'Phabricator repository for each one.</p>');
|
||||
'Phabricator repository for each one.</p>'));
|
||||
$inset->appendChild(
|
||||
id(new AphrontFormTextControl())
|
||||
->setName('svn-subpath')
|
||||
|
|
|
@ -48,11 +48,7 @@ final class AphrontFormInsetView extends AphrontView {
|
|||
|
||||
public function render() {
|
||||
|
||||
$title = $hidden_inputs = $right_button = $desc = $content = '';
|
||||
|
||||
if ($this->title) {
|
||||
$title = '<h1>'.phutil_escape_html($this->title).'</h1>';
|
||||
}
|
||||
$right_button = $desc = '';
|
||||
|
||||
$hidden_inputs = array();
|
||||
foreach ($this->hidden as $inp) {
|
||||
|
@ -65,7 +61,6 @@ final class AphrontFormInsetView extends AphrontView {
|
|||
'value' => $value,
|
||||
));
|
||||
}
|
||||
$hidden_inputs = implode("\n", $hidden_inputs);
|
||||
|
||||
if ($this->rightButton) {
|
||||
$right_button = phutil_tag(
|
||||
|
@ -83,7 +78,7 @@ final class AphrontFormInsetView extends AphrontView {
|
|||
$this->description);
|
||||
|
||||
if ($right_button) {
|
||||
$desc .= '<div style="clear: both;"></div>';
|
||||
$desc = hsprintf('%s<div style="clear: both;"></div>', $desc);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -95,13 +90,20 @@ final class AphrontFormInsetView extends AphrontView {
|
|||
|
||||
$div_attributes['class'] = implode(' ', $classes);
|
||||
|
||||
if ($this->content) {
|
||||
$content = $this->content;
|
||||
$content = $hidden_inputs;
|
||||
$content[] = $right_button;
|
||||
$content[] = $desc;
|
||||
|
||||
if ($this->title != '') {
|
||||
array_unshift($content, phutil_tag('h1', array(), $this->title));
|
||||
}
|
||||
|
||||
return $title.phutil_render_tag(
|
||||
'div',
|
||||
$div_attributes,
|
||||
$hidden_inputs.$right_button.$desc.$content.$this->renderChildren());
|
||||
if ($this->content) {
|
||||
$content[] = $this->content;
|
||||
}
|
||||
|
||||
$content = array_merge($content, $this->renderHTMLChildren());
|
||||
|
||||
return phutil_tag('div', $div_attributes, $content);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue