1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-23 07:12:41 +01:00

Convert AphrontFormInsetView to safe HTML

Summary: Done by searching for `AphrontFormInsetView` and verifying all method calls.

Test Plan: /repository/edit/1/tracking/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4845
This commit is contained in:
vrana 2013-02-06 17:13:50 -08:00
parent 059920c2da
commit 85961c8eca
2 changed files with 44 additions and 38 deletions

View file

@ -401,28 +401,30 @@ final class PhabricatorRepositoryEditController
$uri_label = 'Repository URI';
if ($has_local) {
if ($is_git) {
$instructions =
$instructions = hsprintf(
'Enter the URI to clone this repository from. It should look like '.
'<tt>git@github.com:example/example.git</tt>, '.
'<tt>ssh://user@host.com/git/example.git</tt>, or '.
'<tt>file:///local/path/to/repo</tt>';
'<tt>file:///local/path/to/repo</tt>');
} else if ($is_mercurial) {
$instructions =
$instructions = hsprintf(
'Enter the URI to clone this repository from. It should look '.
'something like <tt>ssh://user@host.com/hg/example</tt>';
'something like <tt>ssh://user@host.com/hg/example</tt>');
}
$inset->appendChild(
'<p class="aphront-form-instructions">'.$instructions.'</p>');
$inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">%s</p>',
$instructions));
} else if ($is_svn) {
$instructions =
$instructions = hsprintf(
'Enter the <strong>Repository Root</strong> for this SVN repository. '.
'You can figure this out by running <tt>svn info</tt> and looking at '.
'the value in the <tt>Repository Root</tt> field. It should be a URI '.
'and look like <tt>http://svn.example.org/svn/</tt>, '.
'<tt>svn+ssh://svn.example.com/svnroot/</tt>, or '.
'<tt>svn://svn.example.net/svn/</tt>';
$inset->appendChild(
'<p class="aphront-form-instructions">'.$instructions.'</p>');
'<tt>svn://svn.example.net/svn/</tt>');
$inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">%s</p>',
$instructions));
$uri_label = 'Repository Root';
}
@ -435,12 +437,12 @@ final class PhabricatorRepositoryEditController
->setValue($repository->getDetail('remote-uri'))
->setError($e_uri));
$inset->appendChild(
$inset->appendChild(hsprintf(
'<div class="aphront-form-instructions">'.
'If you want to connect to this repository over SSH, enter the '.
'username and private key to use. You can leave these fields blank if '.
'the repository does not use SSH.'.
'</div>');
'</div>'));
$inset
->appendChild(
@ -469,14 +471,14 @@ final class PhabricatorRepositoryEditController
if ($has_auth_support) {
$inset
->appendChild(
->appendChild(hsprintf(
'<div class="aphront-form-instructions">'.
'If you want to connect to this repository with a username and '.
'password, such as over HTTP Basic Auth or SVN with SASL, '.
'enter the username and password to use. You can leave these '.
'fields blank if the repository does not use a username and '.
'password for authentication.'.
'</div>')
'</div>'))
->appendChild(
id(new AphrontFormTextControl())
->setName('http-login')
@ -490,18 +492,18 @@ final class PhabricatorRepositoryEditController
}
$inset
->appendChild(
->appendChild(hsprintf(
'<div class="aphront-form-important">'.
'To test your authentication configuration, <strong>save this '.
'form</strong> and then run this script:'.
'<code>'.
'phabricator/ $ ./scripts/repository/test_connection.php '.
phutil_escape_html($repository->getCallsign()).
'phabricator/ $ ./scripts/repository/test_connection.php %s'.
'</code>'.
'This will verify that your configuration is correct and the '.
'daemons can connect to the remote repository and pull changes '.
'from it.'.
'</div>');
'</div>',
$repository->getCallsign()));
$form->appendChild($inset);
@ -515,12 +517,14 @@ final class PhabricatorRepositoryEditController
if (!$repository->getDetail('remote-uri') && $default) {
$default_local_path = $default.strtolower($repository->getCallsign());
}
$inset->appendChild(
$inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">Select a path on local disk '.
'which the daemons should <tt>'.$clone_command.'</tt> the repository '.
'into. This must be readable and writable by the daemons, and '.
'readable by the webserver. The daemons will <tt>'.$fetch_command.
'</tt> and keep this repository up to date.</p>');
'which the daemons should <tt>%s</tt> the repository into. This must '.
'be readable and writable by the daemons, and readable by the '.
'webserver. The daemons will <tt>%s</tt> and keep this repository up '.
'to date.</p>',
$clone_command,
$fetch_command));
$inset->appendChild(
id(new AphrontFormTextControl())
->setName('path')
@ -528,12 +532,12 @@ final class PhabricatorRepositoryEditController
->setValue($repository->getDetail('local-path', $default_local_path))
->setError($e_path));
} else if ($is_svn) {
$inset->appendChild(
$inset->appendChild(hsprintf(
'<p class="aphront-form-instructions">If you only want to parse one '.
'subpath of the repository, specify it here, relative to the '.
'repository root (e.g., <tt>trunk/</tt> or <tt>projects/wheel/</tt>). '.
'If you want to parse multiple subdirectories, create a separate '.
'Phabricator repository for each one.</p>');
'Phabricator repository for each one.</p>'));
$inset->appendChild(
id(new AphrontFormTextControl())
->setName('svn-subpath')

View file

@ -48,11 +48,7 @@ final class AphrontFormInsetView extends AphrontView {
public function render() {
$title = $hidden_inputs = $right_button = $desc = $content = '';
if ($this->title) {
$title = '<h1>'.phutil_escape_html($this->title).'</h1>';
}
$right_button = $desc = '';
$hidden_inputs = array();
foreach ($this->hidden as $inp) {
@ -65,7 +61,6 @@ final class AphrontFormInsetView extends AphrontView {
'value' => $value,
));
}
$hidden_inputs = implode("\n", $hidden_inputs);
if ($this->rightButton) {
$right_button = phutil_tag(
@ -83,7 +78,7 @@ final class AphrontFormInsetView extends AphrontView {
$this->description);
if ($right_button) {
$desc .= '<div style="clear: both;"></div>';
$desc = hsprintf('%s<div style="clear: both;"></div>', $desc);
}
}
@ -95,13 +90,20 @@ final class AphrontFormInsetView extends AphrontView {
$div_attributes['class'] = implode(' ', $classes);
if ($this->content) {
$content = $this->content;
$content = $hidden_inputs;
$content[] = $right_button;
$content[] = $desc;
if ($this->title != '') {
array_unshift($content, phutil_tag('h1', array(), $this->title));
}
return $title.phutil_render_tag(
'div',
$div_attributes,
$hidden_inputs.$right_button.$desc.$content.$this->renderChildren());
if ($this->content) {
$content[] = $this->content;
}
$content = array_merge($content, $this->renderHTMLChildren());
return phutil_tag('div', $div_attributes, $content);
}
}