diff --git a/src/applications/auth/controller/login/PhabricatorLoginController.php b/src/applications/auth/controller/login/PhabricatorLoginController.php index f0c8f54d5f..0cfffcc5ad 100644 --- a/src/applications/auth/controller/login/PhabricatorLoginController.php +++ b/src/applications/auth/controller/login/PhabricatorLoginController.php @@ -198,14 +198,16 @@ class PhabricatorLoginController extends PhabricatorAuthController { if ($provider->isProviderRegistrationEnabled()) { $title = "Login or Register with {$provider_name}"; - $body = "Login or register for Phabricator using your ". - "{$provider_name} account."; + $body = 'Login or register for Phabricator using your '. + phutil_escape_html($provider_name).' account.'; $button = "Login or Register with {$provider_name}"; } else { $title = "Login with {$provider_name}"; - $body = "Login to your existing Phabricator account using your ". - "{$provider_name} account.

You can not use ". - "{$provider_name} to register a new account."; + $body = 'Login to your existing Phabricator account using your '. + phutil_escape_html($provider_name).' account.

'. + 'You can not use '. + phutil_escape_html($provider_name).' to register a new '. + 'account.'; $button = "Login with {$provider_name}"; } diff --git a/src/applications/auth/controller/login/__init__.php b/src/applications/auth/controller/login/__init__.php index 9eb25e964c..489302687f 100644 --- a/src/applications/auth/controller/login/__init__.php +++ b/src/applications/auth/controller/login/__init__.php @@ -21,6 +21,7 @@ phutil_require_module('phabricator', 'view/form/control/text'); phutil_require_module('phabricator', 'view/form/error'); phutil_require_module('phabricator', 'view/layout/panel'); +phutil_require_module('phutil', 'markup'); phutil_require_module('phutil', 'parser/uri'); phutil_require_module('phutil', 'utils'); diff --git a/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php index 85989967ef..a0207e650b 100644 --- a/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php +++ b/src/applications/auth/controller/oauth/PhabricatorOAuthLoginController.php @@ -41,7 +41,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController { return new Aphront400Response(); } - $provider_name = $provider->getProviderName(); + $provider_name = phutil_escape_html($provider->getProviderName()); $provider_key = $provider->getProviderKey(); $request = $this->getRequest(); @@ -113,7 +113,7 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController { if (!$request->isDialogFormPost()) { $dialog = new AphrontDialogView(); $dialog->setUser($current_user); - $dialog->setTitle('Link '.$provider_name.' Account'); + $dialog->setTitle('Link '.$provider->getProviderName().' Account'); $dialog->appendChild( '

Link your '.$provider_name.' account to your Phabricator '. 'account?

'); @@ -184,7 +184,8 @@ class PhabricatorOAuthLoginController extends PhabricatorAuthController { if (!$provider->isProviderRegistrationEnabled()) { $dialog = new AphrontDialogView(); $dialog->setUser($current_user); - $dialog->setTitle('No Account Registration With '.$provider_name); + $dialog->setTitle('No Account Registration With '. + $provider->getProviderName()); $dialog->appendChild( '

You can not register a new account using '.$provider_name.'; '. 'you can only use your '.$provider_name.' account to log into an '. diff --git a/src/applications/auth/controller/oauth/__init__.php b/src/applications/auth/controller/oauth/__init__.php index 034e422097..f0c1759213 100644 --- a/src/applications/auth/controller/oauth/__init__.php +++ b/src/applications/auth/controller/oauth/__init__.php @@ -18,6 +18,7 @@ phutil_require_module('phabricator', 'applications/people/storage/useroauthinfo' phutil_require_module('phabricator', 'infrastructure/env'); phutil_require_module('phabricator', 'view/dialog'); +phutil_require_module('phutil', 'markup'); phutil_require_module('phutil', 'parser/uri'); phutil_require_module('phutil', 'symbols'); phutil_require_module('phutil', 'utils'); diff --git a/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php b/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php index dcf0248f06..d94c9af343 100644 --- a/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php +++ b/src/applications/auth/controller/unlink/PhabricatorOAuthUnlinkController.php @@ -1,7 +1,7 @@ getProviderName(); $provider_key = $provider->getProviderKey(); $oauth_info = id(new PhabricatorUserOAuthInfo())->loadOneWhere( diff --git a/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php b/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php index c25d571e65..5808c2358b 100644 --- a/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php +++ b/src/applications/auth/view/oauthfailure/PhabricatorOAuthFailureView.php @@ -1,7 +1,7 @@ request; $provider = $this->provider; - $provider_name = $provider->getProviderName(); + $provider_name = phutil_escape_html($provider->getProviderName()); $diagnose = null; $view = new AphrontRequestFailureView(); - $view->setHeader($provider_name.' Auth Failed'); + $view->setHeader($provider->getProviderName().' Auth Failed'); if ($this->request) { $view->appendChild( '

'. diff --git a/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php b/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php index b406a08a35..54444dcaa3 100644 --- a/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php +++ b/src/applications/people/controller/settings/panels/oauth/PhabricatorUserOAuthSettingsPanelController.php @@ -52,9 +52,9 @@ class PhabricatorUserOAuthSettingsPanelController $form ->appendChild( '

There is currently no '. - $provider_name.' account linked to your Phabricator account. You '. - 'can link an account, which will allow you to use it to log into '. - 'Phabricator.

'); + phutil_escape_html($provider_name).' account linked to your '. + 'Phabricator account. You can link an account, which will allow you '. + 'to use it to log into Phabricator.

'); $auth_uri = $provider->getAuthURI(); $client_id = $provider->getClientID(); @@ -80,8 +80,9 @@ class PhabricatorUserOAuthSettingsPanelController $form ->appendChild( '

Your account is linked with '. - 'a '.$provider_name.' account. You may use your '.$provider_name.' '. - 'credentials to log into Phabricator.

') + 'a '.phutil_escape_html($provider_name).' account. You may use your '. + phutil_escape_html($provider_name).' credentials to log into '. + 'Phabricator.

') ->appendChild( id(new AphrontFormStaticControl()) ->setLabel($provider_name.' ID') @@ -102,8 +103,9 @@ class PhabricatorUserOAuthSettingsPanelController ->setUser($user) ->appendChild( '

You may unlink this account '. - 'from your '.$provider_name.' account. This will prevent you from '. - 'logging in with your '.$provider_name.' credentials.

') + 'from your '.phutil_escape_html($provider_name).' account. This '. + 'will prevent you from logging in with your '. + phutil_escape_html($provider_name).' credentials.

') ->appendChild( id(new AphrontFormSubmitControl()) ->addCancelButton('/oauth/'.$provider_key.'/unlink/', $unlink)); diff --git a/src/applications/people/controller/settings/panels/oauth/__init__.php b/src/applications/people/controller/settings/panels/oauth/__init__.php index ff727a2068..ab67b72259 100644 --- a/src/applications/people/controller/settings/panels/oauth/__init__.php +++ b/src/applications/people/controller/settings/panels/oauth/__init__.php @@ -15,6 +15,7 @@ phutil_require_module('phabricator', 'view/layout/panel'); phutil_require_module('phabricator', 'view/null'); phutil_require_module('phabricator', 'view/utils'); +phutil_require_module('phutil', 'markup'); phutil_require_module('phutil', 'utils');