Fix dynamic string usage as safe input

Test Plan:
  $ arc lint

Reviewers: epriestley

Reviewed By: epriestley

CC: aran, Korvin

Differential Revision: https://secure.phabricator.com/D4796

Author: vrana

src/applications/auth/view/PhabricatorOAuthFailureView.php

@@ -70,9 +70,10 @@ public function render() {
 
       $provider_key = $provider->getProviderKey();
       $diagnose = hsprintf(
-        '<a href="/oauth/'.$provider_key.'/diagnose/" class="button green">'.
+        '<a href="/oauth/%s/diagnose/" class="button green">'.
           'Diagnose %s OAuth Problems'.
         '</a>',
+        $provider_key,
         $provider_name);
     }
 

src/applications/diffusion/view/DiffusionBrowseTableView.php

@@ -96,22 +96,21 @@ private static function loadLintMessagesCount(DiffusionRequest $drequest) {
 
     $conn = $drequest->getRepository()->establishConnection('r');
 
-    $where = '';
+    $path = '/'.$drequest->getPath();
+    $where = (substr($path, -1) == '/'
+      ? qsprintf($conn, 'AND path LIKE %>', $path)
+      : qsprintf($conn, 'AND path = %s', $path));
+
     if ($drequest->getLint()) {
-      $where = qsprintf(
-        $conn,
-        'AND code = %s',
-        $drequest->getLint());
+      $where .= qsprintf($conn, ' AND code = %s', $drequest->getLint());
     }
 
-    $like = (substr($drequest->getPath(), -1) == '/' ? 'LIKE %>' : '= %s');
     return head(queryfx_one(
       $conn,
-      'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q AND path '.$like,
+      'SELECT COUNT(*) FROM %T WHERE branchID = %d %Q',
       PhabricatorRepository::TABLE_LINTMESSAGE,
       $branch->getID(),
-      $where,
-      '/'.$drequest->getPath()));
+      $where));
   }
 
   public function render() {

src/applications/search/engine/PhabricatorSearchEngineMySQL.php

@@ -161,7 +161,8 @@ public function executeSearch(PhabricatorSearchQuery $query) {
     if (strlen($q)) {
      $join[] = qsprintf(
         $conn_r,
-        "{$t_field} field ON field.phid = document.phid");
+        '%T field ON field.phid = document.phid',
+        $t_field);
       $where[] = qsprintf(
         $conn_r,
         'MATCH(corpus) AGAINST (%s IN BOOLEAN MODE)',

src/infrastructure/celerity/CelerityResourceTransformer.php

@@ -74,7 +74,7 @@ public function transformResource($path, $data) {
         $bin = $root.'/externals/javelin/support/jsxmin/jsxmin';
 
         if (@file_exists($bin)) {
-          $future = new ExecFuture("{$bin} __DEV__:0");
+          $future = new ExecFuture('%s __DEV__:0', $bin);
           $future->write($data);
           list($err, $result) = $future->resolve();
           if (!$err) {

src/infrastructure/lint/linter/PhabricatorJavelinLinter.php

@@ -187,9 +187,7 @@ private function loadSymbols($path) {
   }
 
   private function newSymbolsFuture($path) {
-    $javelinsymbols = 'javelinsymbols';
-
-    $future = new ExecFuture($javelinsymbols.' # '.escapeshellarg($path));
+    $future = new ExecFuture('javelinsymbols # %s', $path);
     $future->write($this->getData($path));
     return $future;
   }