diff --git a/src/applications/auth/controller/login/PhabricatorLoginController.php b/src/applications/auth/controller/login/PhabricatorLoginController.php
index f0c8f54d5f..0cfffcc5ad 100644
--- a/src/applications/auth/controller/login/PhabricatorLoginController.php
+++ b/src/applications/auth/controller/login/PhabricatorLoginController.php
@@ -198,14 +198,16 @@ class PhabricatorLoginController extends PhabricatorAuthController {
if ($provider->isProviderRegistrationEnabled()) {
$title = "Login or Register with {$provider_name}";
- $body = "Login or register for Phabricator using your ".
- "{$provider_name} account.";
+ $body = 'Login or register for Phabricator using your '.
+ phutil_escape_html($provider_name).' account.';
$button = "Login or Register with {$provider_name}";
} else {
$title = "Login with {$provider_name}";
- $body = "Login to your existing Phabricator account using your ".
- "{$provider_name} account.
You can not use ".
- "{$provider_name} to register a new account.";
+ $body = 'Login to your existing Phabricator account using your '.
+ phutil_escape_html($provider_name).' account.
'.
+ 'You can not use '.
+ phutil_escape_html($provider_name).' to register a new '.
+ 'account.';
$button = "Login with {$provider_name}";
}
diff --git a/src/applications/auth/controller/login/__init__.php b/src/applications/auth/controller/login/__init__.php
index 9eb25e964c..489302687f 100644
--- a/src/applications/auth/controller/login/__init__.php
+++ b/src/applications/auth/controller/login/__init__.php
@@ -21,6 +21,7 @@ phutil_require_module('phabricator', 'view/form/control/text');
phutil_require_module('phabricator', 'view/form/error');
phutil_require_module('phabricator', 'view/layout/panel');
+phutil_require_module('phutil', 'markup');
phutil_require_module('phutil', 'parser/uri');
phutil_require_module('phutil', 'utils');
diff --git a/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php
index 85989967ef..a0207e650b 100644
--- a/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php
+++ b/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php
@@ -41,7 +41,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
return new Aphront400Response();
}
- $provider_name = $provider->getProviderName();
+ $provider_name = phutil_escape_html($provider->getProviderName());
$provider_key = $provider->getProviderKey();
$request = $this->getRequest();
@@ -113,7 +113,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController {
if (!$request->isDialogFormPost()) {
$dialog = new AphrontDialogView();
$dialog->setUser($current_user);
- $dialog->setTitle('Link '.$provider_name.' Account');
+ $dialog->setTitle('Link '.$provider->getProviderName().' Account');
$dialog->appendChild(
'
Link your '.$provider_name.' account to your Phabricator '. 'account?
'); @@ -184,7 +184,8 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController { if (!$provider->isProviderRegistrationEnabled()) { $dialog = new AphrontDialogView(); $dialog->setUser($current_user); - $dialog->setTitle('No Account Registration With '.$provider_name); + $dialog->setTitle('No Account Registration With '. + $provider->getProviderName()); $dialog->appendChild( 'You can not register a new account using '.$provider_name.'; '. 'you can only use your '.$provider_name.' account to log into an '. diff --git a/src/applications/auth/controller/oauth/__init__.php b/src/applications/auth/controller/oauth/__init__.php index 034e422097..f0c1759213 100644 --- a/src/applications/auth/controller/oauth/__init__.php +++ b/src/applications/auth/controller/oauth/__init__.php @@ -18,6 +18,7 @@ phutil_require_module('phabricator', 'applications/people/storage/useroauthinfo' phutil_require_module('phabricator', 'infrastructure/env'); phutil_require_module('phabricator', 'view/dialog'); +phutil_require_module('phutil', 'markup'); phutil_require_module('phutil', 'parser/uri'); phutil_require_module('phutil', 'symbols'); phutil_require_module('phutil', 'utils'); diff --git a/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php b/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php index dcf0248f06..d94c9af343 100644 --- a/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php +++ b/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php @@ -1,7 +1,7 @@ getProviderName(); $provider_key = $provider->getProviderKey(); $oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere( diff --git a/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php b/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php index c25d571e65..5808c2358b 100644 --- a/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php +++ b/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php @@ -1,7 +1,7 @@ request; $provider = $this->provider; - $provider_name = $provider->getProviderName(); + $provider_name = phutil_escape_html($provider->getProviderName()); $diagnose = null; $view = new AphrontRequestFailureView(); - $view->setHeader($provider_name.' Auth Failed'); + $view->setHeader($provider->getProviderName().' Auth Failed'); if ($this->request) { $view->appendChild( '
'. diff --git a/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php b/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php index b406a08a35..54444dcaa3 100644 --- a/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php +++ b/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php @@ -52,9 +52,9 @@ class PhabricatorUserOAuthSettingsPanelController $form ->appendChild( '
There is currently no '. - $provider_name.' account linked to your Phabricator account. You '. - 'can link an account, which will allow you to use it to log into '. - 'Phabricator.
'); + phutil_escape_html($provider_name).' account linked to your '. + 'Phabricator account. You can link an account, which will allow you '. + 'to use it to log into Phabricator.'); $auth_uri = $provider->getAuthURI(); $client_id = $provider->getClientID(); @@ -80,8 +80,9 @@ class PhabricatorUserOAuthSettingsPanelController $form ->appendChild( 'Your account is linked with '. - 'a '.$provider_name.' account. You may use your '.$provider_name.' '. - 'credentials to log into Phabricator.
') + 'a '.phutil_escape_html($provider_name).' account. You may use your '. + phutil_escape_html($provider_name).' credentials to log into '. + 'Phabricator.') ->appendChild( id(new AphrontFormStaticControl()) ->setLabel($provider_name.' ID') @@ -102,8 +103,9 @@ class PhabricatorUserOAuthSettingsPanelController ->setUser($user) ->appendChild( 'You may unlink this account '. - 'from your '.$provider_name.' account. This will prevent you from '. - 'logging in with your '.$provider_name.' credentials.
') + 'from your '.phutil_escape_html($provider_name).' account. This '. + 'will prevent you from logging in with your '. + phutil_escape_html($provider_name).' credentials.') ->appendChild( id(new AphrontFormSubmitControl()) ->addCancelButton('/oauth/'.$provider_key.'/unlink/', $unlink)); diff --git a/src/applications/people/controller/settings/panels/oauth/__init__.php b/src/applications/people/controller/settings/panels/oauth/__init__.php index ff727a2068..ab67b72259 100644 --- a/src/applications/people/controller/settings/panels/oauth/__init__.php +++ b/src/applications/people/controller/settings/panels/oauth/__init__.php @@ -15,6 +15,7 @@ phutil_require_module('phabricator', 'view/layout/panel'); phutil_require_module('phabricator', 'view/null'); phutil_require_module('phabricator', 'view/utils'); +phutil_require_module('phutil', 'markup'); phutil_require_module('phutil', 'utils');