recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Fix dynamic string usage as safe input

Test Plan:
$ arc lint

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4796

vrana 5459af3b a808133b

+14 -15
+2 -1
src/applications/auth/view/PhabricatorOAuthFailureView.php
··· 70 70 71 71 $provider_key = $provider->getProviderKey(); 72 72 $diagnose = hsprintf( 73 - '<a href="/oauth/'.$provider_key.'/diagnose/" class="button green">'. 73 + '<a href="/oauth/%s/diagnose/" class="button green">'. 74 74 'Diagnose %s OAuth Problems'. 75 75 '</a>', 76 + $provider_key, 76 77 $provider_name); 77 78 } 78 79
+8 -9
src/applications/diffusion/view/DiffusionBrowseTableView.php
··· 96 96 97 97 $conn = $drequest->getRepository()->establishConnection('r'); 98 98 99 - $where = ''; 99 + $path = '/'.$drequest->getPath(); 100 + $where = (substr($path, -1) == '/' 101 + ? qsprintf($conn, 'AND path LIKE %>', $path) 102 + : qsprintf($conn, 'AND path = %s', $path)); 103 + 100 104 if ($drequest->getLint()) { 101 - $where = qsprintf( 102 - $conn, 103 - 'AND code = %s', 104 - $drequest->getLint()); 105 + $where .= qsprintf($conn, ' AND code = %s', $drequest->getLint()); 105 106 } 106 107 107 - $like = (substr($drequest->getPath(), -1) == '/' ? 'LIKE %>' : '= %s'); 108 108 return head(queryfx_one( 109 109 $conn, 110 - 'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q AND path '.$like, 110 + 'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q', 111 111 PhabricatorRepository::TABLE_LINTMESSAGE, 112 112 $branch->getID(), 113 - $where, 114 - '/'.$drequest->getPath())); 113 + $where)); 115 114 } 116 115 117 116 public function render() {
+2 -1
src/applications/search/engine/PhabricatorSearchEngineMySQL.php
··· 161 161 if (strlen($q)) { 162 162 $join[] = qsprintf( 163 163 $conn_r, 164 - "{$t_field} field ON field.phid = document.phid"); 164 + '%T field ON field.phid = document.phid', 165 + $t_field); 165 166 $where[] = qsprintf( 166 167 $conn_r, 167 168 'MATCH(corpus) AGAINST (%s IN BOOLEAN MODE)',
+1 -1
src/infrastructure/celerity/CelerityResourceTransformer.php
··· 74 74 $bin = $root.'/externals/javelin/support/jsxmin/jsxmin'; 75 75 76 76 if (@file_exists($bin)) { 77 - $future = new ExecFuture("{$bin} __DEV__:0"); 77 + $future = new ExecFuture('%s __DEV__:0', $bin); 78 78 $future->write($data); 79 79 list($err, $result) = $future->resolve(); 80 80 if (!$err) {
+1 -3
src/infrastructure/lint/linter/PhabricatorJavelinLinter.php
··· 187 187 } 188 188 189 189 private function newSymbolsFuture($path) { 190 - $javelinsymbols = 'javelinsymbols'; 191 - 192 - $future = new ExecFuture($javelinsymbols.' # '.escapeshellarg($path)); 190 + $future = new ExecFuture('javelinsymbols # %s', $path); 193 191 $future->write($this->getData($path)); 194 192 return $future; 195 193 }