mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-10 14:51:06 +01:00
Minor, fix XSS in task description change notifications.
This commit is contained in:
parent
a705f336a3
commit
bedc9acf98
1 changed files with 14 additions and 25 deletions
|
@ -26,13 +26,13 @@ final class PhabricatorFeedStoryManiphest
|
||||||
$this->getStoryData()->getAuthorPHID(),
|
$this->getStoryData()->getAuthorPHID(),
|
||||||
$data->getValue('taskPHID'),
|
$data->getValue('taskPHID'),
|
||||||
$data->getValue('ownerPHID'),
|
$data->getValue('ownerPHID'),
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getRequiredObjectPHIDs() {
|
public function getRequiredObjectPHIDs() {
|
||||||
return array(
|
return array(
|
||||||
$this->getStoryData()->getAuthorPHID(),
|
$this->getStoryData()->getAuthorPHID(),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function renderView() {
|
public function renderView() {
|
||||||
|
@ -78,44 +78,33 @@ final class PhabricatorFeedStoryManiphest
|
||||||
}
|
}
|
||||||
|
|
||||||
private function getLineForData($data) {
|
private function getLineForData($data) {
|
||||||
$actor_phid = $data->getAuthorPHID();
|
|
||||||
$owner_phid = $data->getValue('ownerPHID');
|
|
||||||
$task_phid = $data->getValue('taskPHID');
|
|
||||||
$action = $data->getValue('action');
|
$action = $data->getValue('action');
|
||||||
$description = $data->getValue('description');
|
|
||||||
$comments = phutil_escape_html(
|
|
||||||
phutil_utf8_shorten(
|
|
||||||
$data->getValue('comments'),
|
|
||||||
140));
|
|
||||||
|
|
||||||
|
$actor_phid = $data->getAuthorPHID();
|
||||||
$actor_link = $this->linkTo($actor_phid);
|
$actor_link = $this->linkTo($actor_phid);
|
||||||
|
|
||||||
|
$task_phid = $data->getValue('taskPHID');
|
||||||
$task_link = $this->linkTo($task_phid);
|
$task_link = $this->linkTo($task_phid);
|
||||||
|
|
||||||
|
$owner_phid = $data->getValue('ownerPHID');
|
||||||
$owner_link = $this->linkTo($owner_phid);
|
$owner_link = $this->linkTo($owner_phid);
|
||||||
|
|
||||||
$verb = ManiphestAction::getActionPastTenseVerb($action);
|
$verb = ManiphestAction::getActionPastTenseVerb($action);
|
||||||
|
|
||||||
if (($action == ManiphestAction::ACTION_ASSIGN
|
|
||||||
|| $action == ManiphestAction::ACTION_REASSIGN)
|
|
||||||
&& !$owner_phid) {
|
|
||||||
//double assignment since the action is diff in this case
|
|
||||||
$verb = $action = 'placed up for grabs';
|
|
||||||
}
|
|
||||||
$one_line = "{$actor_link} {$verb} {$task_link}";
|
|
||||||
|
|
||||||
switch ($action) {
|
switch ($action) {
|
||||||
case ManiphestAction::ACTION_ASSIGN:
|
case ManiphestAction::ACTION_ASSIGN:
|
||||||
case ManiphestAction::ACTION_REASSIGN:
|
case ManiphestAction::ACTION_REASSIGN:
|
||||||
$one_line .= " to {$owner_link}";
|
if ($owner_phid) {
|
||||||
|
$one_line = "{$actor_link} {$verb} to {$owner_link}";
|
||||||
|
} else {
|
||||||
|
$one_line = "{$actor_link} placed {$task_link} up for grabs";
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case ManiphestAction::ACTION_DESCRIPTION:
|
default:
|
||||||
$one_line .= " to {$description}";
|
$one_line = "{$actor_link} {$verb} {$task_link}";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($comments) {
|
|
||||||
$one_line .= " \"{$comments}\"";
|
|
||||||
}
|
|
||||||
|
|
||||||
return $one_line;
|
return $one_line;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue