Commit 059920c2 authored by vrana's avatar vrana
Browse files

Convert AphrontErrorView to safe HTML

Summary: Done by searching for `AphrontErrorView` and then `appendChild()`.

Test Plan:
Looked at Commit Detail.
Looked at Revision Detail.

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Maniphest Tasks: T2432

Differential Revision: https://secure.phabricator.com/D4843
parent 11bb8db9
......@@ -211,7 +211,7 @@ class AphrontDefaultApplicationConfiguration
if ($ex instanceof AphrontUsageException) {
$error = new AphrontErrorView();
$error->setTitle(phutil_escape_html($ex->getTitle()));
$error->appendChild(phutil_escape_html($ex->getMessage()));
$error->appendChild($ex->getMessage());
$view = new PhabricatorStandardPageView();
$view->setRequest($this->getRequest());
......
......@@ -49,10 +49,11 @@ class AphrontRedirectResponse extends AphrontResponse {
),
'Continue to: '.$this->getURI());
$error->appendChild(
$error->appendChild(hsprintf(
'<p>You were stopped here because <tt>debug.stop-on-redirect</tt> '.
'is set in your configuration.</p>'.
'<p>'.$link.'</p>');
'<p>%s</p>',
$link));
$view->appendChild($error);
......
......@@ -31,9 +31,12 @@ final class PhabricatorMustVerifyEmailController
$sent = new AphrontErrorView();
$sent->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
$sent->setTitle(pht('Email Sent'));
$sent->appendChild('<p>'.
pht('Another verification email was sent to <strong>%s</strong>.',
phutil_escape_html($email_address)).'</p>');
$sent->appendChild(phutil_tag(
'p',
array(),
pht(
'Another verification email was sent to %s.',
phutil_tag('strong', array(), $email_address))));
}
$error_view = new AphrontRequestFailureView();
......
......@@ -35,20 +35,16 @@ final class PhabricatorConduitConsoleController
case ConduitAPIMethod::METHOD_STATUS_DEPRECATED:
$status_view->setTitle('Deprecated Method');
$status_view->appendChild(
phutil_escape_html(
nonempty(
$reason,
"This method is deprecated.")));
nonempty($reason, "This method is deprecated."));
break;
case ConduitAPIMethod::METHOD_STATUS_UNSTABLE:
$status_view->setSeverity(AphrontErrorView::SEVERITY_WARNING);
$status_view->setTitle('Unstable Method');
$status_view->appendChild(
phutil_escape_html(
nonempty(
$reason,
"This method is new and unstable. Its interface is subject ".
"to change.")));
nonempty(
$reason,
"This method is new and unstable. Its interface is subject ".
"to change."));
break;
}
}
......
......@@ -108,7 +108,7 @@ final class PhabricatorConfigEditController
$error_view = id(new AphrontErrorView())
->setTitle(pht('Configuration Hidden'))
->setSeverity(AphrontErrorView::SEVERITY_WARNING)
->appendChild('<p>'.phutil_escape_html($msg).'</p>');
->appendChild(phutil_tag('p', array(), $msg));
} else if ($option->getLocked()) {
$msg = pht(
"This configuration is locked and can not be edited from the web ".
......@@ -117,7 +117,7 @@ final class PhabricatorConfigEditController
$error_view = id(new AphrontErrorView())
->setTitle(pht('Configuration Locked'))
->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
->appendChild('<p>'.phutil_escape_html($msg).'</p>');
->appendChild(phutil_tag('p', array(), $msg));
}
if ($option->getHidden()) {
......
......@@ -23,8 +23,10 @@ final class PhabricatorWorkerTaskDetailController
$error_view = new AphrontErrorView();
$error_view->setTitle('No Such Task');
$error_view->appendChild(
'<p>This task may have recently been garbage collected.</p>');
$error_view->appendChild(phutil_tag(
'p',
array(),
'This task may have recently been garbage collected.'));
$error_view->setSeverity(AphrontErrorView::SEVERITY_NODATA);
$content = $error_view;
......
......@@ -180,21 +180,20 @@ final class DifferentialRevisionViewController extends DifferentialController {
$warning = new AphrontErrorView();
$warning->setTitle('Very Large Diff');
$warning->setSeverity(AphrontErrorView::SEVERITY_WARNING);
$warning->appendChild(
$warning->appendChild(hsprintf(
'%s <strong>%s</strong>',
pht(
'This diff is very large and affects %s files. Load each file '.
'individually.',
new PhutilNumber($count)).
" <strong>".
phutil_tag(
'a',
array(
'href' => $request_uri
->alter('large', 'true')
->setFragment('toc'),
),
pht('Show All Files Inline')).
"</strong>");
new PhutilNumber($count)),
phutil_tag(
'a',
array(
'href' => $request_uri
->alter('large', 'true')
->setFragment('toc'),
),
pht('Show All Files Inline'))));
$warning = $warning->render();
$my_inlines = id(new DifferentialInlineComment())->loadAllWhere(
......
......@@ -245,24 +245,24 @@ final class DifferentialLintFieldSpecification
if ($status == DifferentialLintStatus::LINT_SKIP) {
$content =
"<p>This diff was created without running lint. Make sure you are ".
"OK with that before you accept this diff.</p>";
"This diff was created without running lint. Make sure you are ".
"OK with that before you accept this diff.";
} else if ($status == DifferentialLintStatus::LINT_POSTPONED) {
$severity = AphrontErrorView::SEVERITY_WARNING;
$content =
"<p>Postponed linters didn't finish yet. Make sure you are OK with ".
"that before you accept this diff.</p>";
"Postponed linters didn't finish yet. Make sure you are OK with ".
"that before you accept this diff.";
} else {
$content =
"<p>This diff has Lint Problems. Make sure you are OK with them ".
"before you accept this diff.</p>";
"This diff has Lint Problems. Make sure you are OK with them ".
"before you accept this diff.";
}
return id(new AphrontErrorView())
->setSeverity($severity)
->appendChild($content)
->appendChild(phutil_tag('p', array(), $content))
->setTitle(idx($titles, $status, 'Warning'));
}
......
......@@ -200,21 +200,21 @@ final class DifferentialUnitFieldSpecification
);
if ($diff->getUnitStatus() == DifferentialUnitStatus::UNIT_POSTPONED) {
$content =
"<p>This diff has postponed unit tests. The results should be ".
"This diff has postponed unit tests. The results should be ".
"coming in soon. You should probably wait for them before accepting ".
"this diff.</p>";
"this diff.";
} else if ($diff->getUnitStatus() == DifferentialUnitStatus::UNIT_SKIP) {
$content =
"<p>Unit tests were skipped when this diff was created. Make sure ".
"you are OK with that before you accept this diff.</p>";
"Unit tests were skipped when this diff was created. Make sure ".
"you are OK with that before you accept this diff.";
} else {
$content =
"<p>This diff has Unit Test Problems. Make sure you are OK with ".
"them before you accept this diff.</p>";
"This diff has Unit Test Problems. Make sure you are OK with ".
"them before you accept this diff.";
}
$unit_warning = id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_ERROR)
->appendChild($content)
->appendChild(phutil_tag('p', array(), $content))
->setTitle(idx($titles, $diff->getUnitStatus(), 'Warning'));
}
return $unit_warning;
......
......@@ -46,21 +46,6 @@ final class DifferentialAddCommentView extends AphrontView {
return $this;
}
private function generateWarningView(
$status,
array $titles,
$id,
$content) {
$warning = new AphrontErrorView();
$warning->setSeverity(AphrontErrorView::SEVERITY_ERROR);
$warning->setID($id);
$warning->appendChild($content);
$warning->setTitle(idx($titles, $status, 'Warning'));
return $warning;
}
public function render() {
require_celerity_resource('differential-revision-add-comment-css');
......
......@@ -96,9 +96,8 @@ final class DiffusionBrowseFileController extends DiffusionController {
$notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
$notice->setTitle('File Renamed');
$notice->appendChild(
"File history passes through a rename from '".
phutil_escape_html($drequest->getPath())."' to '".
phutil_escape_html($renamed)."'.");
"File history passes through a rename from '".$drequest->getPath().
"' to '".$renamed."'.");
$content[] = $notice;
}
......
......@@ -62,8 +62,8 @@ final class DiffusionCommitController extends DiffusionController {
$error_panel->appendChild(
"This Diffusion repository is configured to track only one ".
"subdirectory of the entire Subversion repository, and this commit ".
"didn't affect the tracked subdirectory ('".
phutil_escape_html($subpath)."'), so no information is available.");
"didn't affect the tracked subdirectory ('".$subpath."'), so no ".
"information is available.");
$content[] = $error_panel;
$content[] = $top_anchor;
} else {
......@@ -162,8 +162,7 @@ final class DiffusionCommitController extends DiffusionController {
if ($bad_commit) {
$error_panel = new AphrontErrorView();
$error_panel->setTitle('Bad Commit');
$error_panel->appendChild(
phutil_escape_html($bad_commit['description']));
$error_panel->appendChild($bad_commit['description']);
$content[] = $error_panel;
} else if ($is_foreign) {
......@@ -207,8 +206,10 @@ final class DiffusionCommitController extends DiffusionController {
$warning_view = id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_WARNING)
->setTitle('Very Large Commit')
->appendChild(
"<p>This commit is very large. Load each file individually.</p>");
->appendChild(phutil_tag(
'p',
array(),
"This commit is very large. Load each file individually."));
$change_panel->appendChild($warning_view);
$change_panel->addButton($show_all_button);
......
......@@ -60,17 +60,19 @@ final class DiffusionExternalController extends DiffusionController {
if (empty($commits)) {
$desc = null;
if ($uri) {
$desc = phutil_escape_html($uri).', at ';
$desc = $uri.', at ';
}
$desc .= phutil_escape_html($id);
$desc .= $id;
$content = id(new AphrontErrorView())
->setTitle('Unknown External')
->setSeverity(AphrontErrorView::SEVERITY_WARNING)
->appendChild(
"<p>This external ({$desc}) does not appear in any tracked ".
->appendChild(phutil_tag(
'p',
array(),
"This external ({$desc}) does not appear in any tracked ".
"repository. It may exist in an untracked repository that ".
"Diffusion does not know about.</p>");
"Diffusion does not know about."));
} else if (count($commits) == 1) {
$commit = head($commits);
$repo = $repositories[$commit->getRepositoryID()];
......
......@@ -43,8 +43,6 @@ final class DiffusionEmptyResultView extends DiffusionView {
$deleted = $this->browseQuery->getDeletedAtCommit();
$existed = $this->browseQuery->getExistedAtCommit();
$deleted = self::linkCommit($drequest->getRepository(), $deleted);
$browse = $this->linkBrowse(
$drequest->getPath(),
array(
......@@ -54,11 +52,14 @@ final class DiffusionEmptyResultView extends DiffusionView {
)
);
$existed = "r{$callsign}{$existed}";
$title = 'Path Was Deleted';
$body = "This path does not exist at {$commit}. It was deleted in ".
"{$deleted} and last {$browse} at {$existed}.";
$body = hsprintf(
"This path does not exist at %s. It was deleted in %s and last %s ".
"at %s.",
$commit,
self::linkCommit($drequest->getRepository(), $deleted),
$browse,
"r{$callsign}{$existed}");
$severity = AphrontErrorView::SEVERITY_WARNING;
break;
case DiffusionBrowseQuery::REASON_IS_UNTRACKED_PARENT:
......@@ -66,7 +67,7 @@ final class DiffusionEmptyResultView extends DiffusionView {
$title = 'Directory Not Tracked';
$body =
"This repository is configured to track only one subdirectory ".
"of the entire repository ('".phutil_escape_html($subdir)."'), ".
"of the entire repository ('{$subdir}'), ".
"but you aren't looking at something in that subdirectory, so no ".
"information is available.";
$severity = AphrontErrorView::SEVERITY_WARNING;
......@@ -78,7 +79,7 @@ final class DiffusionEmptyResultView extends DiffusionView {
$error_view = new AphrontErrorView();
$error_view->setSeverity($severity);
$error_view->setTitle($title);
$error_view->appendChild('<p>'.$body.'</p>');
$error_view->appendChild(phutil_tag('p', array(), $body));
return $error_view->render();
}
......
......@@ -94,9 +94,10 @@ final class PhabricatorFactHomeController extends PhabricatorFactController {
return id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
->setTitle(pht('No Chartable Facts'))
->appendChild(
'<p>'.pht(
'There are no facts that can be plotted yet.').'</p>');
->appendChild(phutil_tag(
'p',
array(),
pht('There are no facts that can be plotted yet.')));
}
$form = id(new AphrontFormView())
......
......@@ -35,8 +35,10 @@ final class HeraldTranscriptController extends HeraldController {
$notice = id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
->setTitle('Old Transcript')
->appendChild(
'<p>Details of this transcript have been garbage collected.</p>');
->appendChild(phutil_tag(
'p',
array(),
'Details of this transcript have been garbage collected.'));
$nav->appendChild($notice);
} else {
$filter = $this->getFilterPHIDs();
......
......@@ -67,12 +67,16 @@ final class PhabricatorMetaMTASendController
$warning = new AphrontErrorView();
$warning->setTitle('Email is Disabled');
$warning->setSeverity(AphrontErrorView::SEVERITY_WARNING);
$warning->appendChild(
'<p>'.pht('This installation of Phabricator is currently set to use '.
'<tt>PhabricatorMailImplementationTestAdapter</tt> to deliver '.
'outbound email. This completely disables outbound email! All '.
'outbound email will be thrown in a deep, dark hole until you '.
'configure a real adapter.').'</p>');
$warning->appendChild(phutil_tag(
'p',
array(),
pht(
'This installation of Phabricator is currently set to use %s to '.
'deliver outbound email. This completely disables outbound email! '.
'All outbound email will be thrown in a deep, dark hole until you '.
'configure a real adapter.',
phutil_tag('tt', array(), 'PhabricatorMailImplementationTestAdapter'))
));
}
$phdlink_href = PhabricatorEnv::getDoclink(
......
......@@ -24,13 +24,14 @@ final class PhabricatorNotificationStatusController
} catch (Exception $ex) {
$status = new AphrontErrorView();
$status->setTitle("Notification Server Issue");
$status->appendChild(
$status->appendChild(hsprintf(
'Unable to determine server status. This probably means the server '.
'is not in great shape. The specific issue encountered was:'.
'<br />'.
'<br />'.
'<strong>'.phutil_escape_html(get_class($ex)).'</strong> '.
nl2br(phutil_escape_html($ex->getMessage())));
'<strong>%s</strong> %s',
get_class($ex),
phutil_escape_html_newlines($ex->getMessage())));
}
return $this->buildStandardPageResponse(
......
......@@ -30,7 +30,9 @@ final class PhabricatorEmailVerificationController
'href' => '/',
),
'Continue to Phabricator');
$home_link = '<br /><p><strong>'.$home_link.'</strong></p>';
$home_link = hsprintf(
'<br /><p><strong>%s</strong></p>',
$home_link);
$settings_link = phutil_tag(
'a',
......@@ -38,23 +40,26 @@ final class PhabricatorEmailVerificationController
'href' => '/settings/panel/email/',
),
'Return to Email Settings');
$settings_link = '<br /><p><strong>'.$settings_link.'</strong></p>';
$settings_link = hsprintf(
'<br /><p><strong>%s</strong></p>',
$settings_link);
if (!$email) {
$content = id(new AphrontErrorView())
->setTitle('Unable To Verify')
->appendChild(
'<p>The verification code is incorrect, the email address has '.
'been removed, or the email address is owned by another user. Make '.
'sure you followed the link in the email correctly.</p>');
->appendChild(phutil_tag(
'p',
array(),
'The verification code is incorrect, the email address has been '.
'removed, or the email address is owned by another user. Make '.
'sure you followed the link in the email correctly.'));
} else if ($email->getIsVerified()) {
$content = id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
->setTitle('Address Already Verified')
->appendChild(
'<p>This email address has already been verified.</p>'.
$settings_link);
->appendChild(hsprintf(
'<p>This email address has already been verified.</p>%s',
$settings_link));
} else {
$guard = AphrontWriteGuard::beginScopedUnguardedWrites();
......@@ -65,10 +70,10 @@ final class PhabricatorEmailVerificationController
$content = id(new AphrontErrorView())
->setSeverity(AphrontErrorView::SEVERITY_NOTICE)
->setTitle('Address Verified')
->appendChild(
'<p>This email address has now been verified. Thanks!</p>'.
$home_link.
$settings_link);
->appendChild(hsprintf(
'<p>This email address has now been verified. Thanks!</p>%s%s',
$home_link,
$settings_link));
}
return $this->buildApplicationPage(
......
......@@ -54,7 +54,8 @@ final class PhabricatorPeopleEditController
$notice = new AphrontErrorView();
$notice->setSeverity(AphrontErrorView::SEVERITY_NOTICE);
$notice->setTitle('Changes Saved');
$notice->appendChild('<p>Your changes were saved.</p>');
$notice->appendChild(
phutil_tag('p', array(), 'Your changes were saved.'));
$content[] = $notice;
}
......@@ -578,10 +579,10 @@ final class PhabricatorPeopleEditController
if ($user->getPHID() == $admin->getPHID()) {
$error = new AphrontErrorView();
$error->setTitle('You Shall Journey No Farther');
$error->appendChild(
$error->appendChild(hsprintf(
'<p>As you stare into the gaping maw of the abyss, something holds '.
'you back.</p>'.
'<p>You can not delete your own account.</p>');
'<p>You can not delete your own account.</p>'));
return $error;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment