From be4662e6670dfc17280653922a5cbcaa150a958e Mon Sep 17 00:00:00 2001 From: vrana Date: Tue, 5 Feb 2013 13:23:05 -0800 Subject: [PATCH] Convert setCaption() to safe HTML Test Plan: /settings/panel/display/ Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4824 --- .../auth/controller/PhabricatorLoginController.php | 6 +++--- .../PhabricatorConduitConsoleController.php | 2 +- .../PhabricatorCountdownEditController.php | 4 ++-- .../PhabricatorDirectoryMainController.php | 4 ++-- .../controller/PhabricatorFileUploadController.php | 4 ++-- .../controller/ManiphestReportController.php | 13 +++++++------ .../controller/ManiphestTaskEditController.php | 5 +++-- .../PhabricatorMetaMTAReceiveController.php | 5 ++++- .../PhabricatorMetaMTASendController.php | 9 +++++---- .../controller/blog/PhameBlogEditController.php | 3 +-- ...atorRepositoryArcanistProjectEditController.php | 3 ++- .../PhabricatorRepositoryEditController.php | 9 +++++---- .../PhabricatorSettingsPanelDisplayPreferences.php | 14 +++++++------- src/view/form/control/AphrontFormControl.php | 8 ++++---- src/view/layout/AphrontPanelView.php | 8 ++++---- 15 files changed, 52 insertions(+), 45 deletions(-) diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php index c4bda38a77..7918b1cff8 100644 --- a/src/applications/auth/controller/PhabricatorLoginController.php +++ b/src/applications/auth/controller/PhabricatorLoginController.php @@ -177,9 +177,9 @@ final class PhabricatorLoginController id(new AphrontFormPasswordControl()) ->setLabel(pht('Password')) ->setName('password') - ->setCaption( - ''. - pht('Forgot your password? / Email Login').'')); + ->setCaption(hsprintf( + '%s', + pht('Forgot your password? / Email Login')))); if ($require_captcha) { $form->appendChild( diff --git a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php index 5020173b88..a50e713c0c 100644 --- a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php +++ b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php @@ -97,7 +97,7 @@ final class PhabricatorConduitConsoleController id(new AphrontFormTextControl()) ->setLabel($param) ->setName("params[{$param}]") - ->setCaption(phutil_escape_html($desc))); + ->setCaption($desc)); } $form diff --git a/src/applications/countdown/controller/PhabricatorCountdownEditController.php b/src/applications/countdown/controller/PhabricatorCountdownEditController.php index d4bab9ad35..76b49ab63a 100644 --- a/src/applications/countdown/controller/PhabricatorCountdownEditController.php +++ b/src/applications/countdown/controller/PhabricatorCountdownEditController.php @@ -97,11 +97,11 @@ final class PhabricatorCountdownEditController ->setLabel('End date') ->setValue($display_datepoint) ->setName('datepoint') - ->setCaption( + ->setCaption(hsprintf( 'Examples: '. '2011-12-25 or '. '3 hours or '. - 'June 8 2011, 5 PM.')) + 'June 8 2011, 5 PM.'))) ->appendChild( id(new AphrontFormSubmitControl()) ->addCancelButton('/countdown/') diff --git a/src/applications/directory/controller/PhabricatorDirectoryMainController.php b/src/applications/directory/controller/PhabricatorDirectoryMainController.php index e61cf16b48..9201d2c838 100644 --- a/src/applications/directory/controller/PhabricatorDirectoryMainController.php +++ b/src/applications/directory/controller/PhabricatorDirectoryMainController.php @@ -149,9 +149,9 @@ final class PhabricatorDirectoryMainController $panel = new AphrontPanelView(); $panel->setHeader('Needs Triage'); - $panel->setCaption( + $panel->setCaption(hsprintf( 'Open tasks with "Needs Triage" priority in '. - 'projects you are a member of.'); + 'projects you are a member of.')); $panel->addButton( phutil_tag( diff --git a/src/applications/files/controller/PhabricatorFileUploadController.php b/src/applications/files/controller/PhabricatorFileUploadController.php index 74c5455e84..94a1130ca5 100644 --- a/src/applications/files/controller/PhabricatorFileUploadController.php +++ b/src/applications/files/controller/PhabricatorFileUploadController.php @@ -99,7 +99,7 @@ final class PhabricatorFileUploadController extends PhabricatorFileController { $limit = phabricator_parse_bytes($limit); if ($limit) { $formatted = phabricator_format_bytes($limit); - return 'Maximum file size: '.phutil_escape_html($formatted); + return 'Maximum file size: '.$formatted; } $doc_href = PhabricatorEnv::getDocLink( @@ -112,7 +112,7 @@ final class PhabricatorFileUploadController extends PhabricatorFileController { ), 'Configuring File Upload Limits'); - return 'Upload limit is not configured, see '.$doc_link.'.'; + return hsprintf('Upload limit is not configured, see %s.', $doc_link); } } diff --git a/src/applications/maniphest/controller/ManiphestReportController.php b/src/applications/maniphest/controller/ManiphestReportController.php index b8ce9c7e5d..34c2b30494 100644 --- a/src/applications/maniphest/controller/ManiphestReportController.php +++ b/src/applications/maniphest/controller/ManiphestReportController.php @@ -245,12 +245,13 @@ final class ManiphestReportController extends ManiphestController { if ($handle) { $header = "Task Burn Rate for Project ".$handle->renderLink(); - $caption = "

NOTE: This table reflects tasks currently in ". - "the project. If a task was opened in the past but added to ". - "the project recently, it is counted on the day it was ". - "opened, not the day it was categorized. If a task was part ". - "of this project in the past but no longer is, it is not ". - "counted at all.

"; + $caption = hsprintf( + "

NOTE: This table reflects tasks currently in ". + "the project. If a task was opened in the past but added to ". + "the project recently, it is counted on the day it was ". + "opened, not the day it was categorized. If a task was part ". + "of this project in the past but no longer is, it is not ". + "counted at all.

"); } else { $header = "Task Burn Rate for All Tasks"; $caption = null; diff --git a/src/applications/maniphest/controller/ManiphestTaskEditController.php b/src/applications/maniphest/controller/ManiphestTaskEditController.php index 103e342842..5b258baf8f 100644 --- a/src/applications/maniphest/controller/ManiphestTaskEditController.php +++ b/src/applications/maniphest/controller/ManiphestTaskEditController.php @@ -478,8 +478,9 @@ final class ManiphestTaskEditController extends ManiphestController { $email_create = PhabricatorEnv::getEnvConfig( 'metamta.maniphest.public-create-email'); if (!$task->getID() && $email_create) { - $email_hint = pht('You can also create tasks by sending an email to: '). - ''.phutil_escape_html($email_create).''; + $email_hint = pht( + 'You can also create tasks by sending an email to: %s', + phutil_tag('tt', array(), $email_create)); $description_control->setCaption($email_hint); } diff --git a/src/applications/metamta/controller/PhabricatorMetaMTAReceiveController.php b/src/applications/metamta/controller/PhabricatorMetaMTAReceiveController.php index 2d4591408c..ccf1410f39 100644 --- a/src/applications/metamta/controller/PhabricatorMetaMTAReceiveController.php +++ b/src/applications/metamta/controller/PhabricatorMetaMTAReceiveController.php @@ -57,7 +57,10 @@ final class PhabricatorMetaMTAReceiveController id(new AphrontFormTextControl()) ->setLabel(pht('To')) ->setName('obj') - ->setCaption(pht('e.g. D1234 or T1234'))) + ->setCaption(pht( + 'e.g. %s or %s', + phutil_tag('tt', array(), 'D1234'), + phutil_tag('tt', array(), 'T1234')))) ->appendChild( id(new AphrontFormTextAreaControl()) ->setLabel(pht('Body')) diff --git a/src/applications/metamta/controller/PhabricatorMetaMTASendController.php b/src/applications/metamta/controller/PhabricatorMetaMTASendController.php index 3c1d6a6a99..c2a0b58452 100644 --- a/src/applications/metamta/controller/PhabricatorMetaMTASendController.php +++ b/src/applications/metamta/controller/PhabricatorMetaMTASendController.php @@ -116,8 +116,10 @@ final class PhabricatorMetaMTASendController id(new AphrontFormTextControl()) ->setLabel(pht('Mail Tags')) ->setName('mailtags') - ->setCaption( - pht('Example:').' differential-cc, differential-comment')) + ->setCaption(pht( + 'Example: %s', + phutil_tag('tt', array(), 'differential-cc, differential-comment')) + )) ->appendChild( id(new AphrontFormDragAndDropUploadControl()) ->setLabel(pht('Attach Files')) @@ -144,8 +146,7 @@ final class PhabricatorMetaMTASendController '1', pht('Send immediately. (Do not enqueue for daemons.)'), PhabricatorEnv::getEnvConfig('metamta.send-immediately')) - ->setCaption(pht('Daemons can be started with %s.', $phdlink)) - ) + ->setCaption(pht('Daemons can be started with %s.', $phdlink))) ->appendChild( id(new AphrontFormSubmitControl()) ->setValue(pht('Send Mail'))); diff --git a/src/applications/phame/controller/blog/PhameBlogEditController.php b/src/applications/phame/controller/blog/PhameBlogEditController.php index 6a9f952726..368e2e7118 100644 --- a/src/applications/phame/controller/blog/PhameBlogEditController.php +++ b/src/applications/phame/controller/blog/PhameBlogEditController.php @@ -150,8 +150,7 @@ final class PhameBlogEditController ->setLabel('Custom Domain') ->setName('custom_domain') ->setValue($blog->getDomain()) - ->setCaption('Must include at least one dot (.), e.g. '. - 'blog.example.com') + ->setCaption('Must include at least one dot (.), e.g. blog.example.com') ->setError($e_custom_domain) ) ->appendChild( diff --git a/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectEditController.php b/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectEditController.php index 00fe0a6df1..61f68daa18 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectEditController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryArcanistProjectEditController.php @@ -83,7 +83,8 @@ final class PhabricatorRepositoryArcanistProjectEditController id(new AphrontFormTextControl()) ->setLabel('Indexed Languages') ->setName('symbolIndexLanguages') - ->setCaption('Separate with commas, for example: php, py') + ->setCaption( + hsprintf('Separate with commas, for example: php, py')) ->setValue($langs)) ->appendChild( id(new AphrontFormTokenizerControl()) diff --git a/src/applications/repository/controller/PhabricatorRepositoryEditController.php b/src/applications/repository/controller/PhabricatorRepositoryEditController.php index bd6b43daac..cbf2574e4c 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryEditController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryEditController.php @@ -456,7 +456,8 @@ final class PhabricatorRepositoryEditController ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT) ->setValue($repository->getDetail('ssh-key')) ->setError($e_ssh_key) - ->setCaption('Specify the entire private key, or...')) + ->setCaption( + hsprintf('Specify the entire private key, or...'))) ->appendChild( id(new AphrontFormTextControl()) ->setName('ssh-keyfile') @@ -552,10 +553,10 @@ final class PhabricatorRepositoryEditController ->setName('branch-filter') ->setLabel('Track Only') ->setValue($branch_filter_str) - ->setCaption( + ->setCaption(hsprintf( 'Optional list of branches to track. Other branches will be '. 'completely ignored. If left empty, all branches are tracked. '. - 'Example: master, release')); + 'Example: master, release'))); } $inset @@ -651,7 +652,7 @@ final class PhabricatorRepositoryEditController ->setName('uuid') ->setLabel('UUID') ->setValue($repository->getUUID()) - ->setCaption('Repository UUID from svn info.')); + ->setCaption(hsprintf('Repository UUID from svn info.'))); } $form->appendChild($inset); diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php b/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php index 9c77817262..97b1a21c4b 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php @@ -67,7 +67,6 @@ EXAMPLE; 'User Guide: Configuring an External Editor'); $font_default = PhabricatorEnv::getEnvConfig('style.monospace'); - $font_default = phutil_escape_html($font_default); $pref_monospaced_textareas_value = $preferences ->getPreference($pref_monospaced_textareas); @@ -97,11 +96,11 @@ EXAMPLE; id(new AphrontFormTextControl()) ->setLabel('Editor Link') ->setName($pref_editor) - ->setCaption( + ->setCaption(hsprintf( 'Link to edit files in external editor. '. - '%f is replaced by filename, %l by line number, %r by repository '. - 'callsign, %% by literal %. '. - "For documentation, see {$editor_doc_link}.") + '%%f is replaced by filename, %%l by line number, %%r by repository '. + 'callsign, %%%% by literal %%. For documentation, see %s.', + $editor_doc_link)) ->setValue($preferences->getPreference($pref_editor))) ->appendChild( id(new AphrontFormSelectControl()) @@ -116,9 +115,10 @@ EXAMPLE; id(new AphrontFormTextControl()) ->setLabel('Monospaced Font') ->setName($pref_monospaced) - ->setCaption( + ->setCaption(hsprintf( 'Overrides default fonts in tools like Differential.
'. - '(Default: '.$font_default.')') + '(Default: %s)', + $font_default)) ->setValue($preferences->getPreference($pref_monospaced))) ->appendChild( id(new AphrontFormMarkupControl()) diff --git a/src/view/form/control/AphrontFormControl.php b/src/view/form/control/AphrontFormControl.php index 69786d2902..6bbdfe853e 100644 --- a/src/view/form/control/AphrontFormControl.php +++ b/src/view/form/control/AphrontFormControl.php @@ -140,10 +140,10 @@ abstract class AphrontFormControl extends AphrontView { } if (strlen($this->getCaption())) { - $caption = - '
'. - $this->getCaption(). - '
'; + $caption = phutil_tag( + 'div', + array('class' => 'aphront-form-caption'), + $this->getCaption()); } else { $caption = null; } diff --git a/src/view/layout/AphrontPanelView.php b/src/view/layout/AphrontPanelView.php index 2d2e313977..651e2a0e80 100644 --- a/src/view/layout/AphrontPanelView.php +++ b/src/view/layout/AphrontPanelView.php @@ -69,10 +69,10 @@ final class AphrontPanelView extends AphrontView { } if ($this->caption !== null) { - $caption = - '
'. - $this->caption. - '
'; + $caption = phutil_tag( + 'div', + array('class' => 'aphront-panel-view-caption'), + $this->caption); } else { $caption = null; }