From da27b448fa318ce145000e266168d708fb06dcb0 Mon Sep 17 00:00:00 2001 From: epriestley Date: Mon, 28 Jan 2013 18:46:04 -0800 Subject: [PATCH] render_tag -> tag: DifferentialResultsTableView Summary: Fix lint and unit results escaping. Test Plan: Looked at lint/unit results. Clicked show/hide: {F30680} Reviewers: vrana Reviewed By: vrana CC: aran Maniphest Tasks: T2432 Differential Revision: https://secure.phabricator.com/D4693 --- .../DifferentialLintFieldSpecification.php | 15 ++++++++----- .../DifferentialUnitFieldSpecification.php | 6 ++--- .../view/DifferentialResultsTableView.php | 22 +++++++++---------- 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php b/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php index 2c0164a255..b773e38580 100644 --- a/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialLintFieldSpecification.php @@ -43,7 +43,7 @@ final class DifferentialLintFieldSpecification $rows[] = array( 'style' => 'star', - 'name' => $lstar, + 'name' => phutil_safe_html($lstar), 'value' => $lmsg, 'show' => true, ); @@ -53,7 +53,7 @@ final class DifferentialLintFieldSpecification $rows[] = array( 'style' => 'excuse', 'name' => 'Excuse', - 'value' => nl2br(phutil_escape_html($excuse)), + 'value' => phutil_safe_html(nl2br(phutil_escape_html($excuse))), 'show' => true, ); } @@ -67,7 +67,7 @@ final class DifferentialLintFieldSpecification $rows[] = array( 'style' => 'section', - 'name' => phutil_escape_html($path), + 'name' => $path, 'show' => $show_limit, ); @@ -108,7 +108,7 @@ final class DifferentialLintFieldSpecification $rows[] = array( 'style' => $this->getSeverityStyle($severity), - 'name' => phutil_escape_html(ucwords($severity)), + 'name' => ucwords($severity), 'value' => hsprintf( "(%s) %s at {$line_link}", $code, @@ -130,7 +130,10 @@ final class DifferentialLintFieldSpecification if (strlen($description)) { $rows[] = array( 'style' => 'details', - 'value' => nl2br(phutil_escape_html($description)), + 'value' => + phutil_safe_html( + nl2br( + phutil_escape_html($description))), 'show' => false, ); if (empty($hidden['details'])) { @@ -148,7 +151,7 @@ final class DifferentialLintFieldSpecification $rows[] = array( 'style' => $this->getPostponedStyle(), 'name' => 'Postponed', - 'value' => phutil_escape_html($linter), + 'value' => $linter, 'show' => false, ); if (empty($hidden['postponed'])) { diff --git a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php index 348964045c..b19ae2f798 100644 --- a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php @@ -37,7 +37,7 @@ final class DifferentialUnitFieldSpecification $rows[] = array( 'style' => 'star', - 'name' => $ustar, + 'name' => phutil_safe_html($ustar), 'value' => $umsg, 'show' => true, ); @@ -47,7 +47,7 @@ final class DifferentialUnitFieldSpecification $rows[] = array( 'style' => 'excuse', 'name' => 'Excuse', - 'value' => nl2br(phutil_escape_html($excuse)), + 'value' => phutil_safe_html(nl2br(phutil_escape_html($excuse))), 'show' => true, ); } @@ -105,7 +105,7 @@ final class DifferentialUnitFieldSpecification } $rows[] = array( 'style' => $this->getResultStyle($result), - 'name' => phutil_escape_html(ucwords($result)), + 'name' => ucwords($result), 'value' => $value, 'show' => $show, ); diff --git a/src/applications/differential/view/DifferentialResultsTableView.php b/src/applications/differential/view/DifferentialResultsTableView.php index 46c8595968..519c9319f1 100644 --- a/src/applications/differential/view/DifferentialResultsTableView.php +++ b/src/applications/differential/view/DifferentialResultsTableView.php @@ -25,7 +25,7 @@ final class DifferentialResultsTableView extends AphrontView { $style = idx($row, 'style'); switch ($style) { case 'section': - $cells = phutil_render_tag( + $cells = phutil_tag( 'th', array( 'colspan' => 2, @@ -33,23 +33,23 @@ final class DifferentialResultsTableView extends AphrontView { idx($row, 'name')); break; default: - $name = phutil_render_tag( + $name = phutil_tag( 'th', array( ), idx($row, 'name')); - $value = phutil_render_tag( + $value = phutil_tag( 'td', array( ), idx($row, 'value')); - $cells = $name.$value; + $cells = array($name, $value); break; } $show = idx($row, 'show'); - $rows[] = javelin_render_tag( + $rows[] = javelin_tag( 'tr', array( 'style' => $show ? null : 'display: none', @@ -64,7 +64,7 @@ final class DifferentialResultsTableView extends AphrontView { } if ($any_hidden) { - $show_more = javelin_render_tag( + $show_more = javelin_tag( 'a', array( 'href' => '#', @@ -72,7 +72,7 @@ final class DifferentialResultsTableView extends AphrontView { ), $this->showMoreString); - $hide_more = javelin_render_tag( + $hide_more = javelin_tag( 'a', array( 'href' => '#', @@ -80,22 +80,22 @@ final class DifferentialResultsTableView extends AphrontView { ), 'Hide'); - $rows[] = javelin_render_tag( + $rows[] = javelin_tag( 'tr', array( 'class' => 'differential-results-row-show', 'sigil' => 'differential-results-row-show', ), - ''.$show_more.''); + phutil_tag('th', array('colspan' => 2), $show_more)); - $rows[] = javelin_render_tag( + $rows[] = javelin_tag( 'tr', array( 'class' => 'differential-results-row-show', 'sigil' => 'differential-results-row-hide', 'style' => 'display: none', ), - ''.$hide_more.''); + phutil_tag('th', array('colspan' => 2), $hide_more)); Javelin::initBehavior('differential-show-field-details'); }