Convert setCaption() to safe HTML · recaptime.dev/phorge@be4662e

+3 -3

src/applications/auth/controller/PhabricatorLoginController.php

··· 177 177 id(new AphrontFormPasswordControl()) 178 178 ->setLabel(pht('Password')) 179 179 ->setName('password') 180 - ->setCaption( 181 - '<a href="/login/email/">'. 182 - pht('Forgot your password? / Email Login').'</a>')); 180 + ->setCaption(hsprintf( 181 + '<a href="/login/email/">%s</a>', 182 + pht('Forgot your password? / Email Login')))); 183 183 184 184 if ($require_captcha) { 185 185 $form->appendChild(

+1 -1

src/applications/conduit/controller/PhabricatorConduitConsoleController.php

··· 97 97 id(new AphrontFormTextControl()) 98 98 ->setLabel($param) 99 99 ->setName("params[{$param}]") 100 - ->setCaption(phutil_escape_html($desc))); 100 + ->setCaption($desc)); 101 101 } 102 102 103 103 $form

+2 -2

src/applications/countdown/controller/PhabricatorCountdownEditController.php

··· 97 97 ->setLabel('End date') 98 98 ->setValue($display_datepoint) 99 99 ->setName('datepoint') 100 - ->setCaption( 100 + ->setCaption(hsprintf( 101 101 'Examples: '. 102 102 '<tt>2011-12-25</tt> or '. 103 103 '<tt>3 hours</tt> or '. 104 - '<tt>June 8 2011, 5 PM</tt>.')) 104 + '<tt>June 8 2011, 5 PM</tt>.'))) 105 105 ->appendChild( 106 106 id(new AphrontFormSubmitControl()) 107 107 ->addCancelButton('/countdown/')

+2 -2

src/applications/directory/controller/PhabricatorDirectoryMainController.php

··· 149 149 150 150 $panel = new AphrontPanelView(); 151 151 $panel->setHeader('Needs Triage'); 152 - $panel->setCaption( 152 + $panel->setCaption(hsprintf( 153 153 'Open tasks with "Needs Triage" priority in '. 154 - '<a href="/project/">projects you are a member of</a>.'); 154 + '<a href="/project/">projects you are a member of</a>.')); 155 155 156 156 $panel->addButton( 157 157 phutil_tag(

+2 -2

src/applications/files/controller/PhabricatorFileUploadController.php

··· 99 99 $limit = phabricator_parse_bytes($limit); 100 100 if ($limit) { 101 101 $formatted = phabricator_format_bytes($limit); 102 - return 'Maximum file size: '.phutil_escape_html($formatted); 102 + return 'Maximum file size: '.$formatted; 103 103 } 104 104 105 105 $doc_href = PhabricatorEnv::getDocLink( ··· 112 112 ), 113 113 'Configuring File Upload Limits'); 114 114 115 - return 'Upload limit is not configured, see '.$doc_link.'.'; 115 + return hsprintf('Upload limit is not configured, see %s.', $doc_link); 116 116 } 117 117 118 118 }

+7 -6

src/applications/maniphest/controller/ManiphestReportController.php

··· 245 245 246 246 if ($handle) { 247 247 $header = "Task Burn Rate for Project ".$handle->renderLink(); 248 - $caption = "<p>NOTE: This table reflects tasks <em>currently</em> in ". 249 - "the project. If a task was opened in the past but added to ". 250 - "the project recently, it is counted on the day it was ". 251 - "opened, not the day it was categorized. If a task was part ". 252 - "of this project in the past but no longer is, it is not ". 253 - "counted at all.</p>"; 248 + $caption = hsprintf( 249 + "<p>NOTE: This table reflects tasks <em>currently</em> in ". 250 + "the project. If a task was opened in the past but added to ". 251 + "the project recently, it is counted on the day it was ". 252 + "opened, not the day it was categorized. If a task was part ". 253 + "of this project in the past but no longer is, it is not ". 254 + "counted at all.</p>"); 254 255 } else { 255 256 $header = "Task Burn Rate for All Tasks"; 256 257 $caption = null;

+3 -2

src/applications/maniphest/controller/ManiphestTaskEditController.php

··· 478 478 $email_create = PhabricatorEnv::getEnvConfig( 479 479 'metamta.maniphest.public-create-email'); 480 480 if (!$task->getID() && $email_create) { 481 - $email_hint = pht('You can also create tasks by sending an email to: '). 482 - '<tt>'.phutil_escape_html($email_create).'</tt>'; 481 + $email_hint = pht( 482 + 'You can also create tasks by sending an email to: %s', 483 + phutil_tag('tt', array(), $email_create)); 483 484 $description_control->setCaption($email_hint); 484 485 } 485 486

+4 -1

src/applications/metamta/controller/PhabricatorMetaMTAReceiveController.php

··· 57 57 id(new AphrontFormTextControl()) 58 58 ->setLabel(pht('To')) 59 59 ->setName('obj') 60 - ->setCaption(pht('e.g. <tt>D1234</tt> or <tt>T1234</tt>'))) 60 + ->setCaption(pht( 61 + 'e.g. %s or %s', 62 + phutil_tag('tt', array(), 'D1234'), 63 + phutil_tag('tt', array(), 'T1234')))) 61 64 ->appendChild( 62 65 id(new AphrontFormTextAreaControl()) 63 66 ->setLabel(pht('Body'))

+5 -4

src/applications/metamta/controller/PhabricatorMetaMTASendController.php

··· 116 116 id(new AphrontFormTextControl()) 117 117 ->setLabel(pht('Mail Tags')) 118 118 ->setName('mailtags') 119 - ->setCaption( 120 - pht('Example:').' <tt>differential-cc, differential-comment</tt>')) 119 + ->setCaption(pht( 120 + 'Example: %s', 121 + phutil_tag('tt', array(), 'differential-cc, differential-comment')) 122 + )) 121 123 ->appendChild( 122 124 id(new AphrontFormDragAndDropUploadControl()) 123 125 ->setLabel(pht('Attach Files')) ··· 144 146 '1', 145 147 pht('Send immediately. (Do not enqueue for daemons.)'), 146 148 PhabricatorEnv::getEnvConfig('metamta.send-immediately')) 147 - ->setCaption(pht('Daemons can be started with %s.', $phdlink)) 148 - ) 149 + ->setCaption(pht('Daemons can be started with %s.', $phdlink))) 149 150 ->appendChild( 150 151 id(new AphrontFormSubmitControl()) 151 152 ->setValue(pht('Send Mail')));

+1 -2

src/applications/phame/controller/blog/PhameBlogEditController.php

··· 150 150 ->setLabel('Custom Domain') 151 151 ->setName('custom_domain') 152 152 ->setValue($blog->getDomain()) 153 - ->setCaption('Must include at least one dot (.), e.g. '. 154 - 'blog.example.com') 153 + ->setCaption('Must include at least one dot (.), e.g. blog.example.com') 155 154 ->setError($e_custom_domain) 156 155 ) 157 156 ->appendChild(

+2 -1

src/applications/repository/controller/PhabricatorRepositoryArcanistProjectEditController.php

··· 83 83 id(new AphrontFormTextControl()) 84 84 ->setLabel('Indexed Languages') 85 85 ->setName('symbolIndexLanguages') 86 - ->setCaption('Separate with commas, for example: <tt>php, py</tt>') 86 + ->setCaption( 87 + hsprintf('Separate with commas, for example: <tt>php, py</tt>')) 87 88 ->setValue($langs)) 88 89 ->appendChild( 89 90 id(new AphrontFormTokenizerControl())

+5 -4

src/applications/repository/controller/PhabricatorRepositoryEditController.php

··· 456 456 ->setHeight(AphrontFormTextAreaControl::HEIGHT_VERY_SHORT) 457 457 ->setValue($repository->getDetail('ssh-key')) 458 458 ->setError($e_ssh_key) 459 - ->setCaption('Specify the entire private key, <em>or</em>...')) 459 + ->setCaption( 460 + hsprintf('Specify the entire private key, <em>or</em>...'))) 460 461 ->appendChild( 461 462 id(new AphrontFormTextControl()) 462 463 ->setName('ssh-keyfile') ··· 552 553 ->setName('branch-filter') 553 554 ->setLabel('Track Only') 554 555 ->setValue($branch_filter_str) 555 - ->setCaption( 556 + ->setCaption(hsprintf( 556 557 'Optional list of branches to track. Other branches will be '. 557 558 'completely ignored. If left empty, all branches are tracked. '. 558 - 'Example: <tt>master, release</tt>')); 559 + 'Example: <tt>master, release</tt>'))); 559 560 } 560 561 561 562 $inset ··· 651 652 ->setName('uuid') 652 653 ->setLabel('UUID') 653 654 ->setValue($repository->getUUID()) 654 - ->setCaption('Repository UUID from <tt>svn info</tt>.')); 655 + ->setCaption(hsprintf('Repository UUID from <tt>svn info</tt>.'))); 655 656 } 656 657 657 658 $form->appendChild($inset);

+7 -7

src/applications/settings/panel/PhabricatorSettingsPanelDisplayPreferences.php

··· 67 67 'User Guide: Configuring an External Editor'); 68 68 69 69 $font_default = PhabricatorEnv::getEnvConfig('style.monospace'); 70 - $font_default = phutil_escape_html($font_default); 71 70 72 71 $pref_monospaced_textareas_value = $preferences 73 72 ->getPreference($pref_monospaced_textareas); ··· 97 96 id(new AphrontFormTextControl()) 98 97 ->setLabel('Editor Link') 99 98 ->setName($pref_editor) 100 - ->setCaption( 99 + ->setCaption(hsprintf( 101 100 'Link to edit files in external editor. '. 102 - '%f is replaced by filename, %l by line number, %r by repository '. 103 - 'callsign, %% by literal %. '. 104 - "For documentation, see {$editor_doc_link}.") 101 + '%%f is replaced by filename, %%l by line number, %%r by repository '. 102 + 'callsign, %%%% by literal %%. For documentation, see %s.', 103 + $editor_doc_link)) 105 104 ->setValue($preferences->getPreference($pref_editor))) 106 105 ->appendChild( 107 106 id(new AphrontFormSelectControl()) ··· 116 115 id(new AphrontFormTextControl()) 117 116 ->setLabel('Monospaced Font') 118 117 ->setName($pref_monospaced) 119 - ->setCaption( 118 + ->setCaption(hsprintf( 120 119 'Overrides default fonts in tools like Differential.<br />'. 121 - '(Default: '.$font_default.')') 120 + '(Default: %s)', 121 + $font_default)) 122 122 ->setValue($preferences->getPreference($pref_monospaced))) 123 123 ->appendChild( 124 124 id(new AphrontFormMarkupControl())

+4 -4

src/view/form/control/AphrontFormControl.php

··· 140 140 } 141 141 142 142 if (strlen($this->getCaption())) { 143 - $caption = 144 - '<div class="aphront-form-caption">'. 145 - $this->getCaption(). 146 - '</div>'; 143 + $caption = phutil_tag( 144 + 'div', 145 + array('class' => 'aphront-form-caption'), 146 + $this->getCaption()); 147 147 } else { 148 148 $caption = null; 149 149 }

+4 -4

src/view/layout/AphrontPanelView.php

··· 69 69 } 70 70 71 71 if ($this->caption !== null) { 72 - $caption = 73 - '<div class="aphront-panel-view-caption">'. 74 - $this->caption. 75 - '</div>'; 72 + $caption = phutil_tag( 73 + 'div', 74 + array('class' => 'aphront-panel-view-caption'), 75 + $this->caption); 76 76 } else { 77 77 $caption = null; 78 78 }

Configure Feed

Configure Feed