Skip to content

Commit

Permalink
Fix escaping issue, fixes #672
Browse files Browse the repository at this point in the history
  • Loading branch information
@Seldaek
Seldaek committed May 19, 2016
1 parent f30c10e commit 3db2399
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
10 changes: 5 additions & 5 deletions src/Packagist/WebBundle/Entity/Package.php
View file
Expand Up @@ -223,7 +223,7 @@ public function isRepositoryValid(ExecutionContextInterface $context)
->addViolation()
;
} elseif (is_string($this->vcsDriverError)) {
$context->buildViolation('Uncaught Exception: '.$this->vcsDriverError)
$context->buildViolation('Uncaught Exception: '.htmlentities($this->vcsDriverError, ENT_COMPAT, 'utf-8'))
->atPath($property)
->addViolation()
;
Expand Down Expand Up @@ -255,15 +255,15 @@ public function isRepositoryValid(ExecutionContextInterface $context)
}

if (!preg_match('{^[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*$}i', $information['name'])) {
$context->buildViolation('The package name '.$information['name'].' is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*".')
$context->buildViolation('The package name '.htmlentities($information['name'], ENT_COMPAT, 'utf-8').' is invalid, it should have a vendor name, a forward slash, and a package name. The vendor and package name can be words separated by -, . or _. The complete name should match "[a-z0-9]([_.-]?[a-z0-9]+)*/[a-z0-9]([_.-]?[a-z0-9]+)*".')
->atPath($property)
->addViolation()
;
return;
}

if (preg_match('{\.json$}', $information['name'])) {
$context->buildViolation('The package name '.$information['name'].' is invalid, package names can not end in .json, consider renaming it or perhaps using a -json suffix instead.')
$context->buildViolation('The package name '.htmlentities($information['name'], ENT_COMPAT, 'utf-8').' is invalid, package names can not end in .json, consider renaming it or perhaps using a -json suffix instead.')
->atPath($property)
->addViolation()
;
Expand All @@ -274,14 +274,14 @@ public function isRepositoryValid(ExecutionContextInterface $context)
$suggestName = preg_replace('{(?:([a-z])([A-Z])|([A-Z])([A-Z][a-z]))}', '\\1\\3-\\2\\4', $information['name']);
$suggestName = strtolower($suggestName);

$context->buildViolation('The package name '.$information['name'].' is invalid, it should not contain uppercase characters. We suggest using '.$suggestName.' instead.')
$context->buildViolation('The package name '.htmlentities($information['name'], ENT_COMPAT, 'utf-8').' is invalid, it should not contain uppercase characters. We suggest using '.$suggestName.' instead.')
->atPath($property)
->addViolation()
;
return;
}
} catch (\Exception $e) {
$context->buildViolation('We had problems parsing your composer.json file, the parser reports: '.$e->getMessage())
$context->buildViolation('We had problems parsing your composer.json file, the parser reports: '.htmlentities($e->getMessage(), ENT_COMPAT, 'utf-8'))
->atPath($property)
->addViolation()
;
Expand Down
2 changes: 1 addition & 1 deletion src/Packagist/WebBundle/Resources/public/js/submitPackage.js
View file
Expand Up @@ -8,7 +8,7 @@
$('#submit').removeClass('loading');
if (data.status === 'error') {
$.each(data.reason, function (k, v) {
html += '<li><div class="alert alert-warning">'+$('<div/>').text(v).html()+'</div></li>';
html += '<li><div class="alert alert-warning">'+v+'</div></li>';
});
$('#submit-package-form').prepend('<ul class="list-unstyled package-errors">'+html+'</ul>');
} else {
Expand Down

0 comments on commit 3db2399

Please sign in to comment.