Convert AphrontDialogView to safe HTML

vrana · vrana · commit 58b6e2cac641 · 2013-02-09T15:11:35.000-08:00
Summary: Done by searching for `AphrontDialogView` and then `appendChild()`. Also added some `pht()`. Test Plan: None. Reviewers: epriestley Reviewed By: epriestley CC: aran, Korvin Differential Revision: https://secure.phabricator.com/D4882
diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php
@@ -227,7 +227,7 @@ public function handleException(Exception $ex) {
     phlog($ex);
 
     $class    = get_class($ex);
-    $message  = phutil_escape_html($ex->getMessage());
+    $message  = $ex->getMessage();
 
     if ($ex instanceof AphrontQuerySchemaException) {
       $message .=
@@ -243,11 +243,13 @@ public function handleException(Exception $ex) {
       $trace = null;
     }
 
-    $content =
+    $content = hsprintf(
       '<div class="aphront-unhandled-exception">'.
-        '<div class="exception-message">'.$message.'</div>'.
-        $trace.
-      '</div>';
+        '<div class="exception-message">%s</div>'.
+        '%s'.
+      '</div>',
+      $message,
+      $trace);
 
     $dialog = new AphrontDialogView();
     $dialog
@@ -349,7 +351,7 @@ private function renderStackTrace($trace, PhabricatorUser $user) {
         }
         $file_name = $file_name.' : '.(int)$part['line'];
       } else {
-        $file_name = '<em>(Internal)</em>';
+        $file_name = phutil_tag('em', array(), '(Internal)');
       }
 
 
@@ -376,11 +378,12 @@ private function renderStackTrace($trace, PhabricatorUser $user) {
         'wide',
       ));
 
-    return
+    return hsprintf(
       '<div class="exception-trace">'.
         '<div class="exception-trace-header">Stack Trace</div>'.
-        $table->render().
-      '</div>';
+        '%s',
+      '</div>',
+      phutil_safe_html($table->render()));
   }
 
 }
diff --git a/src/applications/auth/controller/PhabricatorLDAPLoginController.php b/src/applications/auth/controller/PhabricatorLDAPLoginController.php
@@ -43,12 +43,11 @@ public function processRequest() {
               $dialog = new AphrontDialogView();
               $dialog->setUser($current_user);
               $dialog->setTitle(pht('Already Linked to Another Account'));
-              $dialog->appendChild(
-                '<p>'.pht('The LDAP account you just authorized is already '.
+              $dialog->appendChild(phutil_tag('p', array(), pht(
+                'The LDAP account you just authorized is already '.
                 'linked toanother Phabricator account. Before you can link it '.
                 'to a different LDAP account, you must unlink the old '.
-                'account.').'</p>'
-              );
+                'account.')));
               $dialog->addCancelButton('/settings/panel/ldap/');
 
               return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -62,10 +61,8 @@ public function processRequest() {
             $dialog = new AphrontDialogView();
             $dialog->setUser($current_user);
             $dialog->setTitle(pht('Link LDAP Account'));
-            $dialog->appendChild(
-              '<p>'.
-                pht('Link your LDAP account to your Phabricator account?').
-              '</p>');
+            $dialog->appendChild(phutil_tag('p', array(), pht(
+              'Link your LDAP account to your Phabricator account?')));
             $dialog->addHiddenInput('username', $request->getStr('username'));
             $dialog->addHiddenInput('password', $request->getStr('password'));
             $dialog->addSubmitButton(pht('Link Accounts'));
diff --git a/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php b/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php
@@ -18,9 +18,9 @@ public function processRequest() {
       $dialog = new AphrontDialogView();
       $dialog->setUser($user);
       $dialog->setTitle(pht('Really unlink account?'));
-      $dialog->appendChild(
-        '<p>'.pht('You will not be able to login using this account '.
-        'once you unlink it. Continue?').'</p>');
+      $dialog->appendChild(phutil_tag('p', array(), pht(
+        'You will not be able to login using this account '.
+        'once you unlink it. Continue?')));
       $dialog->addSubmitButton(pht('Unlink Account'));
       $dialog->addCancelButton('/settings/panel/ldap/');
 
diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php
@@ -29,7 +29,8 @@ public function processRequest() {
       $dialog = new AphrontDialogView();
       $dialog->setUser($user);
       $dialog->setTitle(pht('Login Required'));
-      $dialog->appendChild('<p>'.pht('You must login to continue.').'</p>');
+      $dialog->appendChild(phutil_tag('p', array(), pht(
+        'You must login to continue.')));
       $dialog->addSubmitButton(pht('Login'));
       $dialog->addCancelButton('/', pht('Cancel'));
 
diff --git a/src/applications/auth/controller/PhabricatorLogoutController.php b/src/applications/auth/controller/PhabricatorLogoutController.php
@@ -46,7 +46,8 @@ public function processRequest() {
       $dialog = id(new AphrontDialogView())
         ->setUser($user)
         ->setTitle(pht('Log out of Phabricator?'))
-        ->appendChild('<p>'.pht('Are you sure you want to log out?').'</p>')
+        ->appendChild(phutil_tag('p', array(), pht(
+          'Are you sure you want to log out?')))
         ->addSubmitButton(pht('Logout'))
         ->addCancelButton('/');
 
diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php
@@ -116,10 +116,9 @@ public function processRequest() {
         $dialog = new AphrontDialogView();
         $dialog->setUser($current_user);
         $dialog->setTitle(pht('Link %s Account', $provider_name));
-        $dialog->appendChild(
-          pht(
-            '<p>Link your %s account to your Phabricator account?</p>',
-            phutil_escape_html($provider_name)));
+        $dialog->appendChild(phutil_tag('p', array(), pht(
+          'Link your %s account to your Phabricator account?',
+          $provider_name)));
         $dialog->addHiddenInput('confirm_token', $provider->getAccessToken());
         $dialog->addHiddenInput('expires', $oauth_info->getTokenExpires());
         $dialog->addHiddenInput('state', $this->oauthState);
diff --git a/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php b/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php
@@ -34,9 +34,9 @@ public function processRequest() {
       $dialog = new AphrontDialogView();
       $dialog->setUser($user);
       $dialog->setTitle(pht('Really unlink account?'));
-      $dialog->appendChild(
-        '<p>'.pht('You will not be able to login using this account '.
-        'once you unlink it. Continue?').'</p>');
+      $dialog->appendChild(phutil_tag('p', array(), pht(
+        'You will not be able to login using this account '.
+        'once you unlink it. Continue?')));
       $dialog->addSubmitButton(pht('Unlink Account'));
       $dialog->addCancelButton($provider->getSettingsPanelURI());
 
diff --git a/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php b/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php
@@ -72,9 +72,8 @@ public function processRequest() {
       case 'retry':
         if ($can_retry) {
           $dialog->setTitle('Really retry task?');
-          $dialog->appendChild(
-            '<p>The task will be put back in the queue and executed '.
-            'again.</p>');
+          $dialog->appendChild(phutil_tag('p', array(), pht(
+            'The task will be put back in the queue and executed again.')));
           $dialog->addSubmitButton('Retry Task');
         } else {
           $dialog->setTitle('Can Not Retry');
diff --git a/src/applications/differential/controller/DifferentialCommentSaveController.php b/src/applications/differential/controller/DifferentialCommentSaveController.php
@@ -60,10 +60,9 @@ public function processRequest() {
 
       if (strlen($comment) || $has_inlines) {
         $dialog->addSubmitButton(pht('Post as Comment'));
-        $dialog->appendChild('<br />');
-        $dialog->appendChild(
-          '<p>'.pht('Do you want to post your feedback anyway, as a normal '.
-          'comment?').'</p>');
+        $dialog->appendChild(phutil_tag('br'));
+        $dialog->appendChild(phutil_tag('p', array(), pht(
+          'Do you want to post your feedback anyway, as a normal comment?')));
       }
 
       return id(new AphrontDialogResponse())->setDialog($dialog);
diff --git a/src/applications/differential/controller/DifferentialSubscribeController.php b/src/applications/differential/controller/DifferentialSubscribeController.php
@@ -43,7 +43,7 @@ public function processRequest() {
       $dialog
         ->setUser($user)
         ->setTitle($title)
-        ->appendChild('<p>'.$prompt.'</p>')
+        ->appendChild(phutil_tag('p', array(), $prompt))
         ->setSubmitURI($request->getRequestURI())
         ->addSubmitButton($button)
         ->addCancelButton('/D'.$revision->getID());
diff --git a/src/applications/drydock/controller/DrydockLeaseReleaseController.php b/src/applications/drydock/controller/DrydockLeaseReleaseController.php
@@ -24,8 +24,8 @@ public function processRequest() {
       $dialog = id(new AphrontDialogView())
         ->setUser($user)
         ->setTitle(pht('Lease Not Active'))
-        ->appendChild(
-          '<p>'.pht('You can only release "active" leases.').'</p>')
+        ->appendChild(phutil_tag('p', array(), pht(
+          'You can only release "active" leases.')))
         ->addCancelButton($lease_uri);
 
       return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -35,11 +35,10 @@ public function processRequest() {
       $dialog = id(new AphrontDialogView())
         ->setUser($user)
         ->setTitle(pht('Really release lease?'))
-        ->appendChild(
-          '<p>'.pht(
-            'Releasing a lease may cause trouble for the lease holder and '.
-            'trigger cleanup of the underlying resource. It can not be '.
-            'undone. Continue?').'</p>')
+        ->appendChild(phutil_tag('p', array(), pht(
+          'Releasing a lease may cause trouble for the lease holder and '.
+          'trigger cleanup of the underlying resource. It can not be '.
+          'undone. Continue?')))
         ->addSubmitButton(pht('Release Lease'))
         ->addCancelButton($lease_uri);
 
diff --git a/src/applications/drydock/controller/DrydockResourceCloseController.php b/src/applications/drydock/controller/DrydockResourceCloseController.php
@@ -24,8 +24,8 @@ public function processRequest() {
       $dialog = id(new AphrontDialogView())
         ->setUser($user)
         ->setTitle(pht('Resource Not Open'))
-        ->appendChild(
-          '<p>'.pht('You can only close "open" resources.').'</p>')
+        ->appendChild(phutil_tag('p', array(), pht(
+          'You can only close "open" resources.')))
         ->addCancelButton($resource_uri);
 
       return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -35,10 +35,9 @@ public function processRequest() {
       $dialog = id(new AphrontDialogView())
         ->setUser($user)
         ->setTitle(pht('Really close resource?'))
-        ->appendChild(
-          '<p>'.pht(
-            'Closing a resource releases all leases and destroys the '.
-            'resource. It can not be undone. Continue?').'</p>')
+        ->appendChild(phutil_tag('p', array(), pht(
+          'Closing a resource releases all leases and destroys the '.
+          'resource. It can not be undone. Continue?')))
         ->addSubmitButton(pht('Close Resource'))
         ->addCancelButton($resource_uri);
 
diff --git a/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php b/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php
@@ -37,10 +37,10 @@ public function processRequest() {
         ));
     }
 
-    $table =
-      '<table class="keyboard-shortcut-help">'.
-        implode('', $rows).
-      '</table>';
+    $table = phutil_tag(
+      'table',
+      array('class' => 'keyboard-shortcut-help'),
+      $rows);
 
     $dialog = id(new AphrontDialogView())
       ->setUser($user)
diff --git a/src/applications/macro/controller/PhabricatorMacroDisableController.php b/src/applications/macro/controller/PhabricatorMacroDisableController.php
@@ -43,10 +43,10 @@ public function processRequest() {
     $dialog
       ->setUser($request->getUser())
       ->setTitle(pht('Really disable macro?'))
-      ->appendChild(
-        '<p>'.pht('Really disable the much-beloved image macro %s? '.
-        'It will be sorely missed.', phutil_escape_html($macro->getName())).
-        '</p>')
+      ->appendChild(phutil_tag('p', array(), pht(
+        'Really disable the much-beloved image macro %s? '.
+          'It will be sorely missed.',
+        $macro->getName())))
       ->setSubmitURI($this->getApplicationURI('/disable/'.$this->id.'/'))
       ->addSubmitButton(pht('Disable'))
       ->addCancelButton($view_uri);
diff --git a/src/applications/maniphest/controller/ManiphestExportController.php b/src/applications/maniphest/controller/ManiphestExportController.php
@@ -28,7 +28,7 @@ public function processRequest() {
       $dialog->setUser($user);
 
       $dialog->setTitle('Excel Export Not Configured');
-      $dialog->appendChild(
+      $dialog->appendChild(hsprintf(
         '<p>This system does not have PHPExcel installed. This software '.
         'component is required to export tasks to Excel. Have your system '.
         'administrator install it from:</p>'.
@@ -38,7 +38,7 @@ public function processRequest() {
         '</p>'.
         '<br />'.
         '<p>Your PHP "include_path" needs to be updated to include the '.
-        'PHPExcel Classes/ directory.</p>');
+        'PHPExcel Classes/ directory.</p>'));
 
       $dialog->addCancelButton('/maniphest/');
       return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -59,8 +59,8 @@ public function processRequest() {
       $dialog->setUser($user);
 
       $dialog->setTitle('Export Tasks to Excel');
-      $dialog->appendChild(
-        '<p>Do you want to export the query results to Excel?</p>');
+      $dialog->appendChild(phutil_tag('p', array(), pht(
+        'Do you want to export the query results to Excel?')));
 
       $dialog->addCancelButton('/maniphest/');
       $dialog->addSubmitButton('Export to Excel');
diff --git a/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php b/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php
@@ -37,9 +37,8 @@ public function processRequest() {
     $dialog = new AphrontDialogView();
     $dialog->setUser($current_user);
     $dialog->setTitle($title);
-    $dialog->appendChild(
-      '<p>Are you sure you want to delete this client?</p>'
-    );
+    $dialog->appendChild(phutil_tag('p', array(), pht(
+      'Are you sure you want to delete this client?')));
     $dialog->addSubmitButton();
     $dialog->addCancelButton($client->getEditURI());
     return id(new AphrontDialogResponse())->setDialog($dialog);
diff --git a/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php b/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php
@@ -46,9 +46,8 @@ public function processRequest() {
     $dialog = new AphrontDialogView();
     $dialog->setUser($current_user);
     $dialog->setTitle($title);
-    $dialog->appendChild(
-      '<p>Are you sure you want to delete this client authorization?</p>'
-    );
+    $dialog->appendChild(phutil_tag('p', array(), pht(
+      'Are you sure you want to delete this client authorization?')));
     $dialog->addSubmitButton();
     $dialog->addCancelButton($authorization->getEditURI());
     return id(new AphrontDialogResponse())->setDialog($dialog);
diff --git a/src/applications/phame/controller/blog/PhameBlogDeleteController.php b/src/applications/phame/controller/blog/PhameBlogDeleteController.php
@@ -41,7 +41,7 @@ public function processRequest() {
       ->appendChild(
         pht(
           'Really delete the blog "%s"? It will be gone forever.',
-          phutil_escape_html($blog->getName())))
+          $blog->getName()))
       ->addSubmitButton(pht('Delete'))
       ->addCancelButton($cancel_uri);
 
diff --git a/src/applications/phame/controller/post/PhamePostDeleteController.php b/src/applications/phame/controller/post/PhamePostDeleteController.php
@@ -41,7 +41,7 @@ public function processRequest() {
       ->appendChild(
         pht(
           'Really delete the post "%s"? It will be gone forever.',
-          phutil_escape_html($post->getTitle())))
+          $post->getTitle()))
       ->addSubmitButton(pht('Delete'))
       ->addCancelButton($cancel_uri);
 
diff --git a/src/applications/phame/controller/post/PhamePostNotLiveController.php b/src/applications/phame/controller/post/PhamePostNotLiveController.php
@@ -25,16 +25,16 @@ public function processRequest() {
 
     $reasons = array();
     if (!$post->getBlog()) {
-      $reasons[] =
-        '<p>'.pht('You can not view the live version of this post because it '.
+      $reasons[] = phutil_tag('p', array(), pht(
+        'You can not view the live version of this post because it '.
         'is not associated with a blog. Move the post to a blog in order to '.
-        'view it live.').'</p>';
+        'view it live.'));
     }
 
     if ($post->isDraft()) {
-      $reasons[] =
-        '<p>'.pht('You can not view the live version of this post because it '.
-        'is still a draft. Use "Preview/Publish" to publish the post.').'</p>';
+      $reasons[] = phutil_tag('p', array(), pht(
+        'You can not view the live version of this post because it '.
+        'is still a draft. Use "Preview/Publish" to publish the post.'));
     }
 
     if ($reasons) {
diff --git a/src/applications/phame/controller/post/PhamePostUnpublishController.php b/src/applications/phame/controller/post/PhamePostUnpublishController.php
@@ -45,7 +45,7 @@ public function processRequest() {
         pht(
           'The post "%s" will no longer be visible to other users until you '.
           'republish it.',
-          phutil_escape_html($post->getTitle())))
+          $post->getTitle()))
       ->addSubmitButton(pht('Unpublish'))
       ->addCancelButton($cancel_uri);
 
diff --git a/src/applications/phriction/controller/PhrictionEditController.php b/src/applications/phriction/controller/PhrictionEditController.php
@@ -108,8 +108,8 @@ public function processRequest() {
           $dialog = new AphrontDialogView();
           $dialog->setUser($user);
           $dialog->setTitle(pht('No Edits'));
-          $dialog->appendChild(
-            '<p>'.pht('You did not make any changes to the document.').'</p>');
+          $dialog->appendChild(phutil_tag('p', array(), pht(
+            'You did not make any changes to the document.')));
           $dialog->addCancelButton($request->getRequestURI());
 
           return id(new AphrontDialogResponse())->setDialog($dialog);
@@ -122,8 +122,8 @@ public function processRequest() {
         $dialog = new AphrontDialogView();
         $dialog->setUser($user);
         $dialog->setTitle(pht('Empty Page'));
-        $dialog->appendChild(
-          '<p>'.pht('You can not create an empty document.').'</p>');
+        $dialog->appendChild(phutil_tag('p', array(), pht(
+          'You can not create an empty document.')));
         $dialog->addCancelButton($request->getRequestURI());
 
         return id(new AphrontDialogResponse())->setDialog($dialog);
diff --git a/src/applications/ponder/controller/PonderAnswerSaveController.php b/src/applications/ponder/controller/PonderAnswerSaveController.php
@@ -23,7 +23,8 @@ public function processRequest() {
       $dialog = new AphrontDialogView();
       $dialog->setUser($request->getUser());
       $dialog->setTitle('Empty answer');
-      $dialog->appendChild('<p>Your answer must not be empty.</p>');
+      $dialog->appendChild(phutil_tag('p', array(), pht(
+        'Your answer must not be empty.')));
       $dialog->addCancelButton('/Q'.$question_id);
 
       return id(new AphrontDialogResponse())->setDialog($dialog);
diff --git a/src/applications/ponder/controller/PonderCommentSaveController.php b/src/applications/ponder/controller/PonderCommentSaveController.php
diff --git a/src/applications/project/controller/PhabricatorProjectUpdateController.php b/src/applications/project/controller/PhabricatorProjectUpdateController.php
diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php b/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php
diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php
diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php b/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php
diff --git a/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php b/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php
diff --git a/src/infrastructure/diff/PhabricatorInlineCommentController.php b/src/infrastructure/diff/PhabricatorInlineCommentController.php
diff --git a/src/view/AphrontDialogView.php b/src/view/AphrontDialogView.php
diff --git a/src/view/control/PhabricatorObjectSelectorDialog.php b/src/view/control/PhabricatorObjectSelectorDialog.php
