1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 21:10:56 +01:00

Escape result of PhabricatorOAuthProvider::getProviderName()

Test Plan: /settings/page/facebook/

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, epriestley

Differential Revision: https://secure.phabricator.com/D1556
This commit is contained in:
vrana 2012-02-02 17:06:02 -08:00
parent 339369dc36
commit fe4d717cc7
8 changed files with 27 additions and 20 deletions

View file

@ -198,14 +198,16 @@ class PhabricatorLoginController extends PhabricatorAuthController {
if ($provider->isProviderRegistrationEnabled()) {
$title = "Login or Register with {$provider_name}";
$body = "Login or register for Phabricator using your ".
"{$provider_name} account.";
$body = 'Login or register for Phabricator using your '.
phutil_escape_html($provider_name).' account.';
$button = "Login or Register with {$provider_name}";
} else {
$title = "Login with {$provider_name}";
$body = "Login to your existing Phabricator account using your ".
"{$provider_name} account.<br /><br /><strong>You can not use ".
"{$provider_name} to register a new account.</strong>";
$body = 'Login to your existing Phabricator account using your '.
phutil_escape_html($provider_name).' account.<br /><br />'.
'<strong>You can not use '.
phutil_escape_html($provider_name).' to register a new '.
'account.</strong>';
$button = "Login with {$provider_name}";
}

View file

@ -21,6 +21,7 @@ phutil_require_module('phabricator', 'view/form/control/text');
phutil_require_module('phabricator', 'view/form/error');
phutil_require_module('phabricator', 'view/layout/panel');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils');

View file

@ -41,7 +41,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
return new Aphront400Response();
}
$provider_name = $provider->getProviderName();
$provider_name = phutil_escape_html($provider->getProviderName());
$provider_key = $provider->getProviderKey();
$request = $this->getRequest();
@ -113,7 +113,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle('Link '.$provider_name.' Account');
$dialog->setTitle('Link '.$provider->getProviderName().' Account');
$dialog->appendChild(
'<p>Link your '.$provider_name.' account to your Phabricator '.
'account?</p>');
@ -184,7 +184,8 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
if (!$provider->isProviderRegistrationEnabled()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
$dialog->setTitle('No Account Registration With '.$provider_name);
$dialog->setTitle('No Account Registration With '.
$provider->getProviderName());
$dialog->appendChild(
'<p>You can not register a new account using '.$provider_name.'; '.
'you can only use your '.$provider_name.' account to log into an '.

View file

@ -18,6 +18,7 @@ phutil_require_module('phabricator', 'applications/people/storage/useroauthinfo'
phutil_require_module('phabricator', 'infrastructure/env');
phutil_require_module('phabricator', 'view/dialog');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'symbols');
phutil_require_module('phutil', 'utils');

View file

@ -1,7 +1,7 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
* Copyright 2012 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -35,7 +35,6 @@ class PhabricatorOAuthUnlinkController extends PhabricatorAuthController {
"You may not unlink accounts from this OAuth provider.");
}
$provider_name = $provider->getProviderName();
$provider_key = $provider->getProviderKey();
$oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere(

View file

@ -1,7 +1,7 @@
<?php
/*
* Copyright 2011 Facebook, Inc.
* Copyright 2012 Facebook, Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
@ -34,12 +34,12 @@ class PhabricatorOAuthFailureView extends AphrontView {
public function render() {
$request = $this->request;
$provider = $this->provider;
$provider_name = $provider->getProviderName();
$provider_name = phutil_escape_html($provider->getProviderName());
$diagnose = null;
$view = new AphrontRequestFailureView();
$view->setHeader($provider_name.' Auth Failed');
$view->setHeader($provider->getProviderName().' Auth Failed');
if ($this->request) {
$view->appendChild(
'<p>'.

View file

@ -52,9 +52,9 @@ class PhabricatorUserOAuthSettingsPanelController
$form
->appendChild(
'<p class="aphront-form-instructions">There is currently no '.
$provider_name.' account linked to your Phabricator account. You '.
'can link an account, which will allow you to use it to log into '.
'Phabricator.</p>');
phutil_escape_html($provider_name).' account linked to your '.
'Phabricator account. You can link an account, which will allow you '.
'to use it to log into Phabricator.</p>');
$auth_uri = $provider->getAuthURI();
$client_id = $provider->getClientID();
@ -80,8 +80,9 @@ class PhabricatorUserOAuthSettingsPanelController
$form
->appendChild(
'<p class="aphront-form-instructions">Your account is linked with '.
'a '.$provider_name.' account. You may use your '.$provider_name.' '.
'credentials to log into Phabricator.</p>')
'a '.phutil_escape_html($provider_name).' account. You may use your '.
phutil_escape_html($provider_name).' credentials to log into '.
'Phabricator.</p>')
->appendChild(
id(new AphrontFormStaticControl())
->setLabel($provider_name.' ID')
@ -102,8 +103,9 @@ class PhabricatorUserOAuthSettingsPanelController
->setUser($user)
->appendChild(
'<p class="aphront-form-instructions">You may unlink this account '.
'from your '.$provider_name.' account. This will prevent you from '.
'logging in with your '.$provider_name.' credentials.</p>')
'from your '.phutil_escape_html($provider_name).' account. This '.
'will prevent you from logging in with your '.
phutil_escape_html($provider_name).' credentials.</p>')
->appendChild(
id(new AphrontFormSubmitControl())
->addCancelButton('/oauth/'.$provider_key.'/unlink/', $unlink));

View file

@ -15,6 +15,7 @@ phutil_require_module('phabricator', 'view/layout/panel');
phutil_require_module('phabricator', 'view/null');
phutil_require_module('phabricator', 'view/utils');
phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'utils');