Skip to content

Commit

Permalink
Homepage|Build Repository|Fixed: HTML-like markup tags were being str…
Browse files Browse the repository at this point in the history 
…ipped from commit messages
  • Loading branch information
@danij-deng
danij-deng committed Mar 17, 2012
1 parent 0453bae commit 4cbcd20
Show file tree
Hide file tree
Showing 6 changed files with 85 additions and 53 deletions.
32 changes: 29 additions & 3 deletions web/includes/utilities.inc.php
View file
Expand Up @@ -138,14 +138,12 @@ function array_casekey_exists($key, $search)

function clean_text($text, $length = 0)
{
$html = html_entity_decode($text, ENT_QUOTES, 'UTF-8');
$text = strip_tags($html);
$text = html_entity_decode($text, ENT_QUOTES, 'UTF-8');
if($length > 0 && strlen($text) > $length)
{
$cut_point = strrpos(substr($text, 0, $length), ' ');
$text = substr($text, 0, $cut_point) . '…';
}
$text = htmlentities($text, ENT_QUOTES, 'UTF-8');
return $text;
}

Expand Down Expand Up @@ -229,3 +227,31 @@ function json_encode_clean(&$array, $flags=0, $indent_level=0)

return $result;
}

function generateHyperlinkHTML($uri, $maxLength=40, $cssClass=NULL)
{
$uri = strval($uri);
$maxLength = (integer)$maxLength;
if($maxLength < 0) $maxLength = 0;
if(!is_null($cssClass))
{
$cssClass = strval($cssClass);
}
else
{
$cssClass = '';
}

if($maxLength > 0 && strlen($uri) > $maxLength)
$shortUri = substr($uri, 0, $maxLength).'...';
else
$shortUri = $uri;

$html = '<a';
if(strlen($cssClass) > 0)
{
$html .= " class={$cssClass}";
}
$html .= " href=\"{$uri}\">". htmlspecialchars($shortUri) .'</a>';
return $html;
}
10 changes: 5 additions & 5 deletions web/plugins/addonrepository/addonrepository.php
View file
Expand Up @@ -99,20 +99,20 @@ private function outputAddonListElement(&$addon)

if($addon->hasDownloadUri())
{
?><a href="<?php echo $addon->downloadUri(); ?>" title="Download <?php echo $addonFullTitle; ?>" rel="nofollow"><?php echo $addonFullTitle; ?></a><?php
?><a href="<?php echo $addon->downloadUri(); ?>" title="Download <?php echo htmlspecialchars($addonFullTitle); ?>" rel="nofollow"><?php echo htmlspecialchars($addonFullTitle); ?></a><?php
}
else if($addon->hasHomepageUri())
{
?><a href="<?php echo $addon->homepageUri(); ?>" title="Visit homepage for <?php echo $addonFullTitle; ?>" rel="nofollow"><?php echo $addonFullTitle; ?></a><?php
?><a href="<?php echo $addon->homepageUri(); ?>" title="Visit homepage for <?php echo htmlspecialchars($addonFullTitle); ?>" rel="nofollow"><?php echo htmlspecialchars($addonFullTitle); ?></a><?php
}
else
{
echo $addonFullTitle;
echo htmlspecialchars($addonFullTitle);
}

?></td>
<td><?php if($addon->hasDescription()) echo $addon->description(); ?></td>
<td><?php if($addon->hasNotes()) echo $addon->notes(); ?></td></tr><?
<td><?php if($addon->hasDescription()) echo htmlspecialchars($addon->description()); ?></td>
<td><?php if($addon->hasNotes()) echo htmlspecialchars($addon->notes()); ?></td></tr><?
}

/**
Expand Down
30 changes: 16 additions & 14 deletions web/plugins/addonrepository/baseaddon.class.php
View file
Expand Up @@ -232,28 +232,30 @@ public function genDownloadBadge()
if($this->hasDownloadUri())
{
$downloadUri = htmlspecialchars($this->downloadUri);
$title = htmlspecialchars($this->title);

$html .= '<div class="icon">
<a href="'. $downloadUri
.'" title="'. ("Download $this->title")
.'">
<img src="images/packageicon.png" alt="Package icon" /></a></div>';
$html .= "<div class=\"icon\">"
."<a href=\"{$downloadUri}\""
." title=\"Download {$title}\">"
."<img src=\"images/packageicon.png\" alt=\"Package icon\" /></a></div>";

$html .= '<a href="'. $downloadUri
.'" title="'. ("Download $this->title")
.'">';
$html .= "<a href=\"{$downloadUri}\""
." title=\"Download {$title}\">";
}
else if($this->hasHomepageUri())
{
$html .= '<a href="'. htmlspecialchars($this->homepageUri())
.'" title="'. ("Visit $this->title homepage")
.'">';
$title = htmlspecialchars($this->title);
$homepageUri = htmlspecialchars($this->homepageUri());
$homepageUriLabel = htmlspecialchars("Visit {$this->title} homepage");

$html .= "<a href=\"{$homepageUri}\""
." title=\"{$homepageUriLabel}\">";
}

$html .= '<span class="name">'. htmlspecialchars($this->title()) .'</span>';
if($this->hasDescription())
{
$html .= '<span class="description">'. $this->description() .'</span>';
$html .= '<span class="description">'. htmlspecialchars($this->description()) .'</span>';
}

if($this->hasDownloadUri() || $this->hasHomepageUri())
Expand All @@ -265,7 +267,7 @@ public function genDownloadBadge()

if($this->hasDownloadUri())
{
$html .= '<span class="version">Version: '. $this->version() .'</span>';
$html .= '<span class="version">Version: '. htmlspecialchars($this->version()) .'</span>';

if(!isset($this->games))
{
Expand All @@ -285,7 +287,7 @@ public function genDownloadBadge()
}
else
{
$gameString = '<label title="For use with these games only">'. implode_keys('|', $this->games) .'</label>';
$gameString = '<label title="For use with these games only">'. htmlspecialchars(implode_keys('|', $this->games)) .'</label>';
}
$html .= '<br /><span class="games">Games: '. $gameString .'</span>';
}
Expand Down
2 changes: 1 addition & 1 deletion web/plugins/buildrepository/buildevent.class.php
View file
Expand Up @@ -140,7 +140,7 @@ public function genFancyBadge()

$name = "Build$this->uniqueId";
$inspectBuildUri = $name;
$inspectBuildLabel = "Read more about {$releaseType['nicename']} {$name}";
$inspectBuildLabel = htmlspecialchars("Read more about {$releaseType['nicename']} {$name}");

$cssClass = 'buildevent_badge';
if($this->releaseTypeId !== RT_UNKNOWN)
Expand Down
62 changes: 33 additions & 29 deletions web/plugins/buildrepository/buildrepository.php
View file
Expand Up @@ -152,7 +152,7 @@ function mustUpdateCachedBuildLog(&$buildLogUri, &$cacheName)
}
catch(Exception $e)
{
/// \todo Store error so users can query.
/// @todo Store error so users can query.
//setError($e->getMessage());
return FALSE;
}
Expand Down Expand Up @@ -202,25 +202,28 @@ function groupBuildCommits(&$build, &$groups)
function make_pretty_hyperlink($matches)
{
$uri = implode('', array_slice($matches, 1));
return genHyperlinkHTML($uri, 40, 'link-external');
}

if(strlen($uri) > 40)
$shortUri = substr($uri, 0, 40).'...';
else
$shortUri = $uri;
function formatCommitMessageHTML($msg)
{
if(strcasecmp(gettype($msg), 'string')) return $msg;

/// @fixme Do not assume all links are external ones.
return '<a class="link-external" href="'.$uri.'">'.$shortUri.'</a>';
// Process the commit message, replacing web URIs with clickable links.
htmlspecialchars($msg);
$msg = preg_replace_callback("/([^A-z0-9])(http|ftp|https)([\:\/\/])([^\\s]+)/",
"make_pretty_hyperlink", $msg);
$msg = nl2br($msg);
return $msg;
}

function outputCommitHTML(&$commit)
{
if(!is_array($commit))
throw new Exception('Invalid commit argument, array expected');

// Process the commit message, replacing web URIs with clickable links.
$message = preg_replace_callback("/([^A-z0-9])(http|ftp|https)([\:\/\/])([^\\s]+)/",
"make_pretty_hyperlink", $commit['message']);
$message = nl2br($message);
// Format the commit message for HTML output.
$message = $commit['message'];
$haveMessage = (bool)(strlen($message) > 0);

// Compose the supplementary tag list.
Expand All @@ -236,17 +239,18 @@ function outputCommitHTML(&$commit)
// Do not output guessed tags (mainly used for grouping).
if(is_array($value) && isset($value['guessed']) && $value['guessed'] !== 0) continue;

$tagList .= '<div class="tag"><label title="Tagged \''.$tag.'\'">'.$tag.'</label></div>';
$cleanTag = htmlspecialchars($tag);
$tagList .= '<div class="tag"><label title="Tagged \''.$cleanTag.'\'">'.$cleanTag.'</label></div>';
}
}
$tagList .= '</div>';

$repoLinkTitle = 'Show changes in the repository for this commit submitted on '. date(DATE_RFC2822, $commit['submitDate']) .'.';

// Ouput HTML for the commit.
?><span class="metadata"><a href="<?php echo $commit['repositoryUri']; ?>" class="link-external" title="<?php echo $repoLinkTitle; ?>"><?php echo date('Y-m-d', $commit['submitDate']); ?></a></span><?php
?><span class="metadata"><a href="<?php echo $commit['repositoryUri']; ?>" class="link-external" title="<?php echo htmlspecialchars($repoLinkTitle); ?>"><?php echo htmlspecialchars(date('Y-m-d', $commit['submitDate'])); ?></a></span><?php

?><p class="heading <?php if($haveMessage) echo 'collapsible'; ?>" <?php if($haveMessage) echo 'title="Toggle commit message display"'; ?>><strong><span class="title"><?php echo $commit['title']; ?></span></strong> by <em><?php echo $commit['author']; ?></em></p><?php echo $tagList;
?><p class="heading <?php if($haveMessage) echo 'collapsible'; ?>" <?php if($haveMessage) echo 'title="Toggle commit message display"'; ?>><strong><span class="title"><?php echo htmlspecialchars($commit['title']); ?></span></strong> by <em><?php echo htmlspecialchars($commit['author']); ?></em></p><?php echo $tagList;

if($haveMessage)
{
Expand All @@ -264,7 +268,7 @@ function outputCommitJumpList2(&$groups)
{
$tagLinkTitle = "Jump to commits tagged '$groupName'";

?><li><a href="#<?php echo $groupName; ?>" title="<?php echo $tagLinkTitle; ?>"><?php echo htmlspecialchars($groupName); ?></a></li><?php
?><li><a href="#<?php echo $groupName; ?>" title="<?php echo htmlspecialchars($tagLinkTitle); ?>"><?php echo htmlspecialchars($groupName); ?></a></li><?php
}
?></ol><?php
}
Expand Down Expand Up @@ -339,7 +343,7 @@ function outputCommitLogHTML(&$build)

if($groupCount > 1)
{
?><strong><label title="<?php echo ("Commits with primary tag '$groupName'"); ?>"><span class="tag"><?php echo htmlspecialchars($groupName); ?></span></label></strong><a name="<?php echo $groupName; ?>"></a><a class="jump" href="#commitindex" title="Back to Commits index">index</a><br /><ol><?php
?><strong><label title="<?php echo htmlspecialchars("Commits with primary tag '$groupName'"); ?>"><span class="tag"><?php echo htmlspecialchars($groupName); ?></span></label></strong><a name="<?php echo htmlspecialchars($groupName); ?>"></a><a class="jump" href="#commitindex" title="Back to Commits index">index</a><br /><ol><?php
}

foreach($group as &$commit)
Expand Down Expand Up @@ -880,7 +884,7 @@ private function outputBuildStreamNavigation($prevEvent=NULL, $nextEvent=NULL)
// Older event link.
echo '<li>';
if(!is_null($prevEvent))
echo "<a href=\"$prevBuildUri\" title=\"View older ".$prevEvent->composeName()."\">";
echo "<a href=\"$prevBuildUri\" title=\"View older ".htmlspecialchars($prevEvent->composeName())."\">";
echo '&lt; Older';
if(!is_null($prevEvent))
echo '</a>';
Expand All @@ -892,7 +896,7 @@ private function outputBuildStreamNavigation($prevEvent=NULL, $nextEvent=NULL)
// Newer event link.
echo '<li>';
if(!is_null($nextEvent))
echo "<a href=\"$nextBuildUri\" title=\"View newer ".$nextEvent->composeName()."\">";
echo "<a href=\"$nextBuildUri\" title=\"View newer ".htmlspecialchars($nextEvent->composeName())."\">";
echo 'Newer &gt;';
if(!is_null($nextEvent))
echo '</a>';
Expand Down Expand Up @@ -980,7 +984,7 @@ private function outputEventList($maxEvents=10)
$eventHTML = $event->genBadge();

// Wrap the event in a div which has all if our stylings.
?><tr><td><?php echo $shortDate; ?></td><td><?php echo $eventHTML; ?></td></tr><?php
?><tr><td><?php echo htmlspecialchars($shortDate); ?></td><td><?php echo $eventHTML; ?></td></tr><?php

if(++$n >= $maxEvents)
break;
Expand Down Expand Up @@ -1068,7 +1072,7 @@ private function outputPackageRedirect(&$pack)
// Generate page content.
?><div id="builds"><?php

?><p>Redirecting to the download for <em><?php echo htmlspecialchars($pack->composeFullTitle()); ?></em>. Your package should begin to download automatically within a few seconds, if not please use this <a href="<?php echo $pack->directDownloadUri(); ?>" title="<?php echo ('Download '. $pack->composeFullTitle()); ?>">direct link</a> instead.</p><?php
?><p>Redirecting to the download for <em><?php echo htmlspecialchars($pack->composeFullTitle()); ?></em>. Your package should begin to download automatically within a few seconds, if not please use this <a href="<?php echo $pack->directDownloadUri(); ?>" title="<?php echo htmlspecialchars('Download '. $pack->composeFullTitle()); ?>">direct link</a> instead.</p><?php

?><p>Not what you wanted? Here are some alternatives:</p><?php

Expand Down Expand Up @@ -1189,8 +1193,8 @@ private function outputBuildEventMetadata(&$build)
<tr><th colspan="2">Event</th></tr>
<tr><td>Start date </td><td><?php echo htmlspecialchars(date(/*DATE_RFC850*/ "d-M-Y", $build->startDate())); ?></td></tr>
<tr><td>Start time </td><td><?php echo htmlspecialchars(date(/*DATE_RFC850*/ "H:i:s T", $build->startDate())); ?></td></tr>
<tr><td>Release type </td><td><a class="link-definition" href="<?php echo $releaseTypeLink; ?>" title="<?php echo $releaseTypeLinkTitle; ?>"><?php echo htmlspecialchars($releaseTypeLabel); ?></a></td></tr>
<tr><td>Build number </td><td><a class="link-definition" href="<?php echo $buildNumberLink; ?>" title="<?php echo $buildNumberLinkTitle; ?>"><?php echo htmlspecialchars(ucfirst($buildNumberLabel)); ?></a></td></tr><?php
<tr><td>Release type </td><td><a class="link-definition" href="<?php echo $releaseTypeLink; ?>" title="<?php echo htmlspecialchars($releaseTypeLinkTitle); ?>"><?php echo htmlspecialchars($releaseTypeLabel); ?></a></td></tr>
<tr><td>Build number </td><td><a class="link-definition" href="<?php echo $buildNumberLink; ?>" title="<?php echo htmlspecialchars($buildNumberLinkTitle); ?>"><?php echo htmlspecialchars(ucfirst($buildNumberLabel)); ?></a></td></tr><?php

$installablesCount = $this->countInstallablePackages($build);
if($installablesCount > 0)
Expand Down Expand Up @@ -1241,17 +1245,17 @@ private function outputBuildPackageList(&$build)

// Ouput HTML for the package.
?><tr>
<td><?php if($pack->platformId() !== $lastPlatId) echo $plat['nicename']; ?></td>
<td><?php if($pack->platformId() !== $lastPlatId) echo htmlspecialchars($plat['nicename']); ?></td>
<td><?php

$packTitle = $pack->composeFullTitle(true/*include version*/, false/*do not include the platform name*/, false/*do not include build Id*/);
if($pack instanceof iDownloadable && $pack->hasDirectDownloadUri())
{
?><a href="<?php echo $pack->directDownloadUri(); ?>" title="Download <?php echo $pack->composeFullTitle(); ?>"><?php echo $packTitle; ?></a><?php
?><a href="<?php echo $pack->directDownloadUri(); ?>" title="Download <?php echo htmlspecialchars($pack->composeFullTitle()); ?>"><?php echo htmlspecialchars($packTitle); ?></a><?php
}
else
{
echo $packTitle;
echo htmlspecialchars($packTitle);
}

?></td><td><?php
Expand All @@ -1260,15 +1264,15 @@ private function outputBuildPackageList(&$build)
{
$logUri = $pack->compileLogUri();

?><a href="<?php echo $logUri; ?>" title="Download build logs for <?php echo $pack->composeFullTitle(); ?>">txt.gz</a><?php
?><a href="<?php echo $logUri; ?>" title="Download build logs for <?php echo htmlspecialchars($pack->composeFullTitle()); ?>">txt.gz</a><?php

}
else
{
?>txt.gz<?php
}

?></td><td class="issue_level <?php echo ($issueLevel.'_issue'); ?>"><?php echo $issues; ?></td>
?></td><td class="issue_level <?php echo htmlspecialchars($issueLevel.'_issue'); ?>"><?php echo htmlspecialchars($issues); ?></td>
</tr><?php

$lastPlatId = $pack->platformId();
Expand Down Expand Up @@ -1490,7 +1494,7 @@ private function outputEventMatrix(&$matrix)
if($latestBuild && $latestBuild->hasReleaseNotesUri())
{
$releaseTypeLink = $latestBuild->releaseNotesUri();
$releaseTypeLinkTitle = "Read the release notes for {$version}";
$releaseTypeLinkTitle = htmlspecialchars("Read the release notes for {$version}");

$releaseLabel = "<a href=\"{$releaseTypeLink}\" title=\"{$releaseTypeLinkTitle}\">{$releaseLabel}</a>";
}
Expand All @@ -1499,7 +1503,7 @@ private function outputEventMatrix(&$matrix)
{
// Add release notes for the symbolic event.
$releaseTypeLink = '';//$latestBuild->releaseNotesUri();
$releaseTypeLinkTitle = "Read the release notes for $version";
$releaseTypeLinkTitle = htmlspecialchars("Read the release notes for $version");
$releaseLabel = "<a href=\"{$releaseTypeLink}\" title=\"{$releaseTypeLinkTitle}\">{$releaseLabel}</a>";
}*/
Expand Down
2 changes: 1 addition & 1 deletion web/plugins/buildrepository/packages/abstractpackage.class.php
View file
Expand Up @@ -103,7 +103,7 @@ public function genDownloadBadge()
if($this->hasDirectDownloadUri())
{
$html = '<a href="'. htmlspecialchars($this->directDownloadUri)
.'" title="'. ("Download $fullTitle")
.'" title="'. htmlspecialchars("Download $fullTitle")
.'">'. htmlspecialchars($fullTitle) .'</a>';
}
else
Expand Down

0 comments on commit 4cbcd20

Please sign in to comment.