Permalink
Browse files

Always escape before passing to __() with %s placeholders.

  • Loading branch information...
paragonie-security committed Jul 1, 2016
1 parent 4e14bc5 commit 315dc7905ff1cd7c89d8e4779420057de47a0cde
@@ -4,6 +4,7 @@
use \Airship\Cabin\Bridge\Blueprint\Author;
use \Airship\Cabin\Bridge\Landing\Proto\FileManager;
use \Airship\Engine\Security\Util;
require_once __DIR__.'/init_gear.php';
@@ -162,7 +163,7 @@ protected function loadAuthorInfo(int $authorId)
'header',
\__(
'Files for Author "%s"', 'default',
$this->author->getName($authorId)
Util::noHTML($this->author->getName($authorId))
)
);
$this->root_dir = 'author/' . $this->authorSlug;
@@ -3,6 +3,7 @@
namespace Airship\Cabin\Bridge\Landing;
use \Airship\Cabin\Bridge\Filter\GadgetsFilter;
use \Airship\Engine\Security\Util;
require_once __DIR__.'/init_gear.php';
@@ -56,7 +57,7 @@ public function manageForCabin(string $cabinName = '')
[
'cabins' => $cabins,
'gadgets' => $gadgets,
'title' => \__('Gadgets for %s', 'default', $cabinName)
'title' => \__('Gadgets for %s', 'default', Util::noHTML($cabinName))
]
);
}
@@ -3,6 +3,7 @@
namespace Airship\Cabin\Bridge\Landing;
use \Airship\Cabin\Bridge\Filter\MotifsFilter;
use \Airship\Engine\Security\Util;
require_once __DIR__.'/init_gear.php';
@@ -58,7 +59,7 @@ public function manage(string $cabinName = '')
'cabin_name' => $cabinName,
'cabins' => $cabins,
'motifs' => $motifs,
'title' => \__('Motifs for %s', 'default', $cabinName)
'title' => \__('Motifs for %s', 'default', Util::noHTML($cabinName))
]
);
}
@@ -5,6 +5,7 @@
use \Airship\Alerts\Router\EmulatePageNotFound;
use \Airship\Cabin\Hull\Blueprint\Blog;
use \Airship\Cabin\Hull\Filter\BlogPosts\CommentFilter;
use \Airship\Engine\Security\Util;
require_once __DIR__.'/init_gear.php';
@@ -365,7 +366,7 @@ public function listByTag(string $slug, string $page = '')
$args = [
'blogroll' => $blogRoll,
'pageTitle' => \__('Blog Posts Tagged "%s"', 'default', $tag['name']),
'pageTitle' => \__('Blog Posts Tagged "%s"', 'default', Util::noHTML($tag['name'])),
'mathjax' => $mathJAX,
'pagination' => [
'base' => \Airship\LensFunctions\cabin_url() . 'blog/tag/' . $slug,
@@ -415,8 +416,8 @@ public function listMonth(string $year, string $month)
'mathjax' => $mathJAX,
'pageTitle' => \__(
'Blog Posts in %s %s (Page %d)', 'default',
$dt->format('F'),
$dt->format('Y'),
Util::noHTML($dt->format('F')),
Util::noHTML($dt->format('Y')),
$page
),
'pagination' => [
@@ -462,7 +463,7 @@ public function listYear(string $year)
'mathjax' => $mathJAX,
'pageTitle' => \__(
'Blog Posts in the Year %s (Page %d)', 'default',
$dt->format('Y'),
Util::noHTML($dt->format('Y')),
$page
),
'pagination' => [
@@ -6,7 +6,7 @@
<link rel="stylesheet" href="{{ "/static/Hull/base.css"|cachebust }}" type="text/css" />
{# #}{% set motifs = user_motif() %}{#
#}{% for css in motifs.config.css %}
<link rel="stylesheet" href="{{ ("/static/Hull/motif/" ~ motifs.config.name ~ "/" ~ css)|cachebust }}" type="text/css" />
<link rel="stylesheet" href="{{ ("/static/Hull/motif/" ~ motifs.config.name|e('url') ~ "/" ~ css)|cachebust }}" type="text/css" />
{% endfor %}
<link rel="icon" href="/img/airship_ico.png" type="image/png" />

0 comments on commit 315dc79

Please sign in to comment.