diff --git a/src/aphront/AphrontRequest.php b/src/aphront/AphrontRequest.php index 42c80f5f6f..1d940c32d1 100644 --- a/src/aphront/AphrontRequest.php +++ b/src/aphront/AphrontRequest.php @@ -9,7 +9,7 @@ final class AphrontRequest { // NOTE: These magic request-type parameters are automatically included in - // certain requests (e.g., by phabricator_form(), JX.Request, + // certain requests (e.g., by phabricator_render_form(), JX.Request, // JX.Workflow, and ConduitClient) and help us figure out what sort of // response the client expects. diff --git a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php index 44de55a4d3..1981ee4428 100644 --- a/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php +++ b/src/aphront/configuration/AphrontDefaultApplicationConfiguration.php @@ -210,7 +210,7 @@ class AphrontDefaultApplicationConfiguration if ($ex instanceof AphrontUsageException) { $error = new AphrontErrorView(); - $error->setTitle($ex->getTitle()); + $error->setTitle(phutil_escape_html($ex->getTitle())); $error->appendChild($ex->getMessage()); $view = new PhabricatorStandardPageView(); @@ -227,8 +227,8 @@ class AphrontDefaultApplicationConfiguration // Always log the unhandled exception. phlog($ex); - $class = get_class($ex); - $message = $ex->getMessage(); + $class = phutil_escape_html(get_class($ex)); + $message = phutil_escape_html($ex->getMessage()); if ($ex instanceof AphrontQuerySchemaException) { $message .= @@ -244,13 +244,11 @@ class AphrontDefaultApplicationConfiguration $trace = null; } - $content = hsprintf( + $content = '
'. - '
%s
'. - '%s'. - '
', - $message, - $trace); + '
'.$message.'
'. + $trace. + ''; $dialog = new AphrontDialogView(); $dialog @@ -350,17 +348,17 @@ class AphrontDefaultApplicationConfiguration ), $relative); } - $file_name = hsprintf('%s : %d', $file_name, $part['line']); + $file_name = $file_name.' : '.(int)$part['line']; } else { - $file_name = phutil_tag('em', array(), '(Internal)'); + $file_name = '(Internal)'; } $rows[] = array( $depth--, - $lib, + phutil_escape_html($lib), $file_name, - $where, + phutil_escape_html($where), ); } $table = new AphrontTableView($rows); @@ -379,12 +377,11 @@ class AphrontDefaultApplicationConfiguration 'wide', )); - return hsprintf( + return '
'. '
Stack Trace
'. - '%s', - '
', - $table->render()); + $table->render(). + ''; } } diff --git a/src/aphront/console/plugin/DarkConsoleErrorLogPlugin.php b/src/aphront/console/plugin/DarkConsoleErrorLogPlugin.php index e0d3cd5f8e..98df6d113c 100644 --- a/src/aphront/console/plugin/DarkConsoleErrorLogPlugin.php +++ b/src/aphront/console/plugin/DarkConsoleErrorLogPlugin.php @@ -36,7 +36,7 @@ final class DarkConsoleErrorLogPlugin extends DarkConsolePlugin { $data = $this->getData(); $rows = array(); - $details = array(); + $details = ''; foreach ($data as $index => $row) { $file = $row['file']; @@ -50,11 +50,11 @@ final class DarkConsoleErrorLogPlugin extends DarkConsolePlugin { $row['str'].' at ['.basename($file).':'.$line.']'); $rows[] = array($tag); - $details[] = hsprintf( - '
'. - "%s\nStack trace:\n", - $index, - $row['details']); + $details .= + '
'. + phutil_escape_html($row['details'])."\n". + 'Stack trace:'."\n"; foreach ($row['trace'] as $key => $entry) { $line = ''; @@ -73,16 +73,16 @@ final class DarkConsoleErrorLogPlugin extends DarkConsolePlugin { } } - $details[] = phutil_tag( + $details .= phutil_tag( 'a', array( 'href' => $href, ), $line); - $details[] = "\n"; + $details .= "\n"; } - $details[] = hsprintf('
'); + $details .= '
'; } $table = new AphrontTableView($rows); @@ -90,13 +90,11 @@ final class DarkConsoleErrorLogPlugin extends DarkConsolePlugin { $table->setHeaders(array('Error')); $table->setNoDataString('No errors.'); - return hsprintf( - '
'. - '
%s
'. - '
%s
'. - '
', - $table->render(), - phutil_implode_html('', $details)); + return '
'. + '
'.$table->render().'
'. + '
'.
+      $details.'
'. + '
'; } } diff --git a/src/aphront/console/plugin/DarkConsoleEventPlugin.php b/src/aphront/console/plugin/DarkConsoleEventPlugin.php index 3b9236b4a2..8a855bb3f8 100644 --- a/src/aphront/console/plugin/DarkConsoleEventPlugin.php +++ b/src/aphront/console/plugin/DarkConsoleEventPlugin.php @@ -42,14 +42,17 @@ final class DarkConsoleEventPlugin extends DarkConsolePlugin { $out = array(); - $out[] = hsprintf( + $out[] = '
'. '

Registered Event Listeners

'. - '
'); + ''; $rows = array(); foreach ($data['listeners'] as $listener) { - $rows[] = array($listener['id'], $listener['class']); + $rows[] = array( + phutil_escape_html($listener['id']), + phutil_escape_html($listener['class']), + ); } $table = new AphrontTableView($rows); @@ -66,15 +69,15 @@ final class DarkConsoleEventPlugin extends DarkConsolePlugin { $out[] = $table->render(); - $out[] = hsprintf( + $out[] = '
'. '

Event Log

'. - '
'); + ''; $rows = array(); foreach ($data['events'] as $event) { $rows[] = array( - $event['type'], + phutil_escape_html($event['type']), $event['stopped'] ? 'STOPPED' : null, ); } @@ -93,6 +96,6 @@ final class DarkConsoleEventPlugin extends DarkConsolePlugin { $out[] = $table->render(); - return phutil_implode_html("\n", $out); + return implode("\n", $out); } } diff --git a/src/aphront/console/plugin/DarkConsoleRequestPlugin.php b/src/aphront/console/plugin/DarkConsoleRequestPlugin.php index 0d04d58dc0..7a59df8493 100644 --- a/src/aphront/console/plugin/DarkConsoleRequestPlugin.php +++ b/src/aphront/console/plugin/DarkConsoleRequestPlugin.php @@ -43,8 +43,8 @@ final class DarkConsoleRequestPlugin extends DarkConsolePlugin { $rows = array(); foreach ($map as $key => $value) { $rows[] = array( - $key, - (is_array($value) ? json_encode($value) : $value), + phutil_escape_html($key), + phutil_escape_html(is_array($value) ? json_encode($value) : $value), ); } @@ -62,6 +62,6 @@ final class DarkConsoleRequestPlugin extends DarkConsolePlugin { $out[] = $table->render(); } - return phutil_implode_html("\n", $out); + return implode("\n", $out); } } diff --git a/src/aphront/console/plugin/DarkConsoleServicesPlugin.php b/src/aphront/console/plugin/DarkConsoleServicesPlugin.php index a43a83c785..094abea57d 100644 --- a/src/aphront/console/plugin/DarkConsoleServicesPlugin.php +++ b/src/aphront/console/plugin/DarkConsoleServicesPlugin.php @@ -149,21 +149,20 @@ final class DarkConsoleServicesPlugin extends DarkConsolePlugin { $log = $data['log']; $results = array(); - $results[] = hsprintf( + $results[] = '
'. - '%s'. + phutil_tag( + 'a', + array( + 'href' => $data['analyzeURI'], + 'class' => $data['didAnalyze'] + ? 'disabled button' + : 'green button', + ), + 'Analyze Query Plans'). '

Calls to External Services

'. '
'. - '
', - phutil_tag( - 'a', - array( - 'href' => $data['analyzeURI'], - 'class' => $data['didAnalyze'] - ? 'disabled button' - : 'green button', - ), - 'Analyze Query Plans')); + ''; $page_total = $data['end'] - $data['start']; $totals = array(); @@ -225,18 +224,23 @@ final class DarkConsoleServicesPlugin extends DarkConsolePlugin { $row['explain']['reason']); } + $info = phutil_escape_html($info); break; case 'connect': $info = $row['host'].':'.$row['database']; + $info = phutil_escape_html($info); break; case 'exec': $info = $row['command']; + $info = phutil_escape_html($info); break; case 'conduit': $info = $row['method']; + $info = phutil_escape_html($info); break; case 'http': $info = $row['uri']; + $info = phutil_escape_html($info); break; default: $info = '-'; @@ -244,7 +248,7 @@ final class DarkConsoleServicesPlugin extends DarkConsolePlugin { } $rows[] = array( - $row['type'], + phutil_escape_html($row['type']), '+'.number_format(1000 * ($row['begin'] - $data['start'])).' ms', number_format(1000000 * $row['duration']).' us', $info, @@ -272,7 +276,7 @@ final class DarkConsoleServicesPlugin extends DarkConsolePlugin { $results[] = $table->render(); - return phutil_implode_html("\n", $results); + return implode("\n", $results); } } diff --git a/src/aphront/console/plugin/DarkConsoleXHProfPlugin.php b/src/aphront/console/plugin/DarkConsoleXHProfPlugin.php index 9649c11244..0cae8541d2 100644 --- a/src/aphront/console/plugin/DarkConsoleXHProfPlugin.php +++ b/src/aphront/console/plugin/DarkConsoleXHProfPlugin.php @@ -51,52 +51,48 @@ final class DarkConsoleXHProfPlugin extends DarkConsolePlugin { 'class' => 'bright-link', ), 'Installation Guide'); - return hsprintf( + return '
'. 'The "xhprof" PHP extension is not available. Install xhprof '. 'to enable the XHProf console plugin. You can find instructions in '. - 'the %s.'. - '
', - $install_guide); + 'the '.$install_guide.'.'. + ''; } $result = array(); - $header = hsprintf( + $header = '
'. - '%s'. + phutil_tag( + 'a', + array( + 'href' => $profile_uri, + 'class' => $run + ? 'disabled button' + : 'green button', + ), + 'Profile Page'). '

XHProf Profiler

'. - '
', - phutil_tag( - 'a', - array( - 'href' => $profile_uri, - 'class' => $run - ? 'disabled button' - : 'green button', - ), - 'Profile Page')); + ''; $result[] = $header; if ($run) { - $result[] = hsprintf( - 'Profile Permalink'. - '', - $run, - $run); + ''; } else { - $result[] = hsprintf( + $result[] = '
'. 'Profiling was not enabled for this page. Use the button above '. 'to enable it.'. - '
'); + ''; } - return phutil_implode_html("\n", $result); + return implode("\n", $result); } diff --git a/src/aphront/response/Aphront403Response.php b/src/aphront/response/Aphront403Response.php index 33103ae197..350c0e3a38 100644 --- a/src/aphront/response/Aphront403Response.php +++ b/src/aphront/response/Aphront403Response.php @@ -26,7 +26,7 @@ final class Aphront403Response extends AphrontHTMLResponse { } $failure = new AphrontRequestFailureView(); $failure->setHeader('403 Forbidden'); - $failure->appendChild(phutil_tag('p', array(), $forbidden_text)); + $failure->appendChild('

'.$forbidden_text.'

'); $view = new PhabricatorStandardPageView(); $view->setTitle('403 Forbidden'); diff --git a/src/aphront/response/Aphront404Response.php b/src/aphront/response/Aphront404Response.php index fbfa41a0da..2821012fc4 100644 --- a/src/aphront/response/Aphront404Response.php +++ b/src/aphront/response/Aphront404Response.php @@ -12,8 +12,7 @@ final class Aphront404Response extends AphrontHTMLResponse { public function buildResponseString() { $failure = new AphrontRequestFailureView(); $failure->setHeader('404 Not Found'); - $failure->appendChild(phutil_tag('p', array(), pht( - 'The page you requested was not found.'))); + $failure->appendChild('

The page you requested was not found.

'); $view = new PhabricatorStandardPageView(); $view->setTitle('404 Not Found'); diff --git a/src/aphront/response/AphrontWebpageResponse.php b/src/aphront/response/AphrontWebpageResponse.php index 9bc2a54e83..4083b1be88 100644 --- a/src/aphront/response/AphrontWebpageResponse.php +++ b/src/aphront/response/AphrontWebpageResponse.php @@ -13,7 +13,7 @@ final class AphrontWebpageResponse extends AphrontHTMLResponse { } public function buildResponseString() { - return hsprintf('%s', $this->content); + return $this->content; } } diff --git a/src/applications/audit/controller/PhabricatorAuditListController.php b/src/applications/audit/controller/PhabricatorAuditListController.php index d776fe12fd..d858dec6bf 100644 --- a/src/applications/audit/controller/PhabricatorAuditListController.php +++ b/src/applications/audit/controller/PhabricatorAuditListController.php @@ -335,7 +335,7 @@ final class PhabricatorAuditListController extends PhabricatorAuditController { } if ($handle) { - $handle_name = $handle->getName(); + $handle_name = phutil_escape_html($handle->getName()); } else { $handle_name = null; } @@ -435,7 +435,7 @@ final class PhabricatorAuditListController extends PhabricatorAuditController { } if ($handle) { - $handle_name = $handle->getName(); + $handle_name = phutil_escape_html($handle->getName()); } else { $handle_name = null; } diff --git a/src/applications/audit/view/PhabricatorAuditCommitListView.php b/src/applications/audit/view/PhabricatorAuditCommitListView.php index dc674cec8b..6987fa117e 100644 --- a/src/applications/audit/view/PhabricatorAuditCommitListView.php +++ b/src/applications/audit/view/PhabricatorAuditCommitListView.php @@ -70,10 +70,10 @@ final class PhabricatorAuditCommitListView extends AphrontView { $rows[] = array( $commit_name, $author_name, - $commit->getCommitData()->getSummary(), + phutil_escape_html($commit->getCommitData()->getSummary()), PhabricatorAuditCommitStatusConstants::getStatusName( $commit->getAuditStatus()), - phutil_implode_html(', ', $auditors), + implode(', ', $auditors), phabricator_datetime($commit->getEpoch(), $this->user), ); } diff --git a/src/applications/audit/view/PhabricatorAuditListView.php b/src/applications/audit/view/PhabricatorAuditListView.php index 5a7ef11a1f..2bac041aa1 100644 --- a/src/applications/audit/view/PhabricatorAuditListView.php +++ b/src/applications/audit/view/PhabricatorAuditListView.php @@ -129,7 +129,10 @@ final class PhabricatorAuditListView extends AphrontView { } $reasons = $audit->getAuditReasons(); - $reasons = phutil_implode_html(phutil_tag('br'), $reasons); + foreach ($reasons as $key => $reason) { + $reasons[$key] = phutil_escape_html($reason); + } + $reasons = implode('
', $reasons); $status_code = $audit->getAuditStatus(); $status = PhabricatorAuditStatusConstants::getStatusName($status_code); @@ -137,10 +140,10 @@ final class PhabricatorAuditListView extends AphrontView { $auditor_handle = $this->getHandle($audit->getAuditorPHID()); $rows[] = array( $commit_name, - $commit_desc, + phutil_escape_html($commit_desc), $committed, $auditor_handle->renderLink(), - $status, + phutil_escape_html($status), $reasons, ); diff --git a/src/applications/auth/controller/PhabricatorDisabledUserController.php b/src/applications/auth/controller/PhabricatorDisabledUserController.php index 364a9a61ec..dcd1e36abc 100644 --- a/src/applications/auth/controller/PhabricatorDisabledUserController.php +++ b/src/applications/auth/controller/PhabricatorDisabledUserController.php @@ -16,8 +16,8 @@ final class PhabricatorDisabledUserController $failure_view = new AphrontRequestFailureView(); $failure_view->setHeader(pht('Account Disabled')); - $failure_view->appendChild(phutil_tag('p', array(), pht( - 'Your account has been disabled.'))); + $failure_view->appendChild( + '

'.pht('Your account has been disabled.').'

'); return $this->buildStandardPageResponse( $failure_view, diff --git a/src/applications/auth/controller/PhabricatorEmailLoginController.php b/src/applications/auth/controller/PhabricatorEmailLoginController.php index 3875de3c62..e6cc6372df 100644 --- a/src/applications/auth/controller/PhabricatorEmailLoginController.php +++ b/src/applications/auth/controller/PhabricatorEmailLoginController.php @@ -98,8 +98,10 @@ EOBODY; $view = new AphrontRequestFailureView(); $view->setHeader(pht('Check Your Email')); - $view->appendChild(phutil_tag('p', array(), pht( - 'An email has been sent with a link you can use to login.'))); + $view->appendChild( + '

'.pht( + 'An email has been sent with a link you can use to login.' + ).'

'); return $this->buildStandardPageResponse( $view, array( @@ -138,8 +140,8 @@ EOBODY; $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); - $panel->appendChild(phutil_tag('h1', array(), pht( - 'Forgot Password / Email Login'))); + $panel->appendChild(' +

'.pht('Forgot Password / Email Login').'

'); $panel->appendChild($email_auth); $panel->setNoBackground(); diff --git a/src/applications/auth/controller/PhabricatorEmailTokenController.php b/src/applications/auth/controller/PhabricatorEmailTokenController.php index 16a828f7de..855caa37af 100644 --- a/src/applications/auth/controller/PhabricatorEmailTokenController.php +++ b/src/applications/auth/controller/PhabricatorEmailTokenController.php @@ -50,16 +50,17 @@ final class PhabricatorEmailTokenController $view = new AphrontRequestFailureView(); $view->setHeader(pht('Unable to Login')); - $view->appendChild(phutil_tag('p', array(), pht( - 'The authentication information in the link you clicked is '. + $view->appendChild( + '

'.pht('The authentication information in the link you clicked is '. 'invalid or out of date. Make sure you are copy-and-pasting the '. 'entire link into your browser. You can try again, or request '. - 'a new email.'))); - $view->appendChild(hsprintf( + 'a new email.').'

'); + $view->appendChild( '
'. - '%s'. - '
', - pht('Send Another Email'))); + ''. + pht('Send Another Email'). + ''. + ''); return $this->buildStandardPageResponse( $view, diff --git a/src/applications/auth/controller/PhabricatorLDAPLoginController.php b/src/applications/auth/controller/PhabricatorLDAPLoginController.php index bbe64ccbd6..4dafe831f7 100644 --- a/src/applications/auth/controller/PhabricatorLDAPLoginController.php +++ b/src/applications/auth/controller/PhabricatorLDAPLoginController.php @@ -43,11 +43,12 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController { $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('Already Linked to Another Account')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'The LDAP account you just authorized is already '. + $dialog->appendChild( + '

'.pht('The LDAP account you just authorized is already '. 'linked toanother Phabricator account. Before you can link it '. 'to a different LDAP account, you must unlink the old '. - 'account.'))); + 'account.').'

' + ); $dialog->addCancelButton('/settings/panel/ldap/'); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -61,8 +62,10 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController { $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('Link LDAP Account')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Link your LDAP account to your Phabricator account?'))); + $dialog->appendChild( + '

'. + pht('Link your LDAP account to your Phabricator account?'). + '

'); $dialog->addHiddenInput('username', $request->getStr('username')); $dialog->addHiddenInput('password', $request->getStr('password')); $dialog->addSubmitButton(pht('Link Accounts')); @@ -131,10 +134,9 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController { $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); - $panel->appendChild(phutil_tag('h1', array(), pht('LDAP login'))); + $panel->appendChild('

'.pht('LDAP login').'

'); $panel->appendChild($ldap_form); - $error_view = null; if (isset($errors) && count($errors) > 0) { $error_view = new AphrontErrorView(); $error_view->setTitle(pht('Login Failed')); @@ -143,7 +145,7 @@ final class PhabricatorLDAPLoginController extends PhabricatorAuthController { return $this->buildStandardPageResponse( array( - $error_view, + isset($error_view) ? $error_view : null, $panel, ), array( diff --git a/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php b/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php index c2c7aaf34b..44cad5a398 100644 --- a/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php +++ b/src/applications/auth/controller/PhabricatorLDAPUnlinkController.php @@ -18,9 +18,9 @@ final class PhabricatorLDAPUnlinkController extends PhabricatorAuthController { $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Really unlink account?')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'You will not be able to login using this account '. - 'once you unlink it. Continue?'))); + $dialog->appendChild( + '

'.pht('You will not be able to login using this account '. + 'once you unlink it. Continue?').'

'); $dialog->addSubmitButton(pht('Unlink Account')); $dialog->addCancelButton('/settings/panel/ldap/'); diff --git a/src/applications/auth/controller/PhabricatorLoginController.php b/src/applications/auth/controller/PhabricatorLoginController.php index f4bb0ab57a..23de5e7f2d 100644 --- a/src/applications/auth/controller/PhabricatorLoginController.php +++ b/src/applications/auth/controller/PhabricatorLoginController.php @@ -29,8 +29,7 @@ final class PhabricatorLoginController $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Login Required')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'You must login to continue.'))); + $dialog->appendChild('

'.pht('You must login to continue.').'

'); $dialog->addSubmitButton(pht('Login')); $dialog->addCancelButton('/', pht('Cancel')); @@ -247,7 +246,8 @@ final class PhabricatorLoginController $title = pht("Login or Register with %s", $provider_name); $body = pht('Login or register for Phabricator using your %s account.', $provider_name); - $button = pht("Login or Register with %s", $provider_name); + $button = pht("Login or Register with %s", + phutil_escape_html($provider_name)); } else { $title = pht("Login with %s", $provider_name); $body = hsprintf( @@ -258,7 +258,7 @@ final class PhabricatorLoginController pht( 'You can not use %s to register a new account.', $provider_name)); - $button = pht("Log in with %s", $provider_name); + $button = pht("Log in with %s", phutil_escape_html($provider_name)); } $auth_form = new AphrontFormView(); @@ -299,7 +299,7 @@ final class PhabricatorLoginController return $this->buildApplicationPage( array( $error_view, - phutil_safe_html($login_message), + $login_message, $panel, ), array( diff --git a/src/applications/auth/controller/PhabricatorLoginValidateController.php b/src/applications/auth/controller/PhabricatorLoginValidateController.php index 04b08b43f4..a365618bd8 100644 --- a/src/applications/auth/controller/PhabricatorLoginValidateController.php +++ b/src/applications/auth/controller/PhabricatorLoginValidateController.php @@ -49,18 +49,14 @@ final class PhabricatorLoginValidateController $view = new AphrontRequestFailureView(); $view->setHeader(pht('Login Failed')); - $view->appendChild(hsprintf( - '

%s

%s

%s

', - pht('Login failed:'), - $list, - pht( - 'Clear your cookies and try again.', - hsprintf('')))); - $view->appendChild(hsprintf( + $view->appendChild( + '

'.pht('Login failed:').'

'. + $list. + '

'.pht('Clear your cookies and try again.').'

'); + $view->appendChild( '
'. - '%s'. - '
', - pht('Try Again'))); + ''.pht('Try Again').''. + ''); return $this->buildStandardPageResponse( $view, array( diff --git a/src/applications/auth/controller/PhabricatorLogoutController.php b/src/applications/auth/controller/PhabricatorLogoutController.php index f75b4c601d..e2cc5410fa 100644 --- a/src/applications/auth/controller/PhabricatorLogoutController.php +++ b/src/applications/auth/controller/PhabricatorLogoutController.php @@ -46,8 +46,7 @@ final class PhabricatorLogoutController $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle(pht('Log out of Phabricator?')) - ->appendChild(phutil_tag('p', array(), pht( - 'Are you sure you want to log out?'))) + ->appendChild('

'.pht('Are you sure you want to log out?').'

') ->addSubmitButton(pht('Logout')) ->addCancelButton('/'); diff --git a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php index 67a253b406..b08f7432cc 100644 --- a/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php +++ b/src/applications/auth/controller/PhabricatorMustVerifyEmailController.php @@ -41,26 +41,31 @@ final class PhabricatorMustVerifyEmailController $error_view = new AphrontRequestFailureView(); $error_view->setHeader(pht('Check Your Email')); - $error_view->appendChild(phutil_tag('p', array(), pht( - 'You must verify your email address to login. You should have a new '. + $error_view->appendChild( + '

'. + pht('You must verify your email address to login. You should have a new '. 'email message from Phabricator with verification instructions in your '. - 'inbox (%s).', phutil_tag('strong', array(), $email_address)))); - $error_view->appendChild(phutil_tag('p', array(), pht( - 'If you did not receive an email, you can click the button below '. - 'to try sending another one.'))); - $error_view->appendChild(hsprintf( - '

%s
', - phabricator_form( - $user, - array( - 'action' => '/login/mustverify/', - 'method' => 'POST', - ), - phutil_tag( - 'button', + 'inbox (%s).', phutil_tag('strong', array(), $email_address)). + '

'); + $error_view->appendChild( + '

'. + pht('If you did not receive an email, you can click the button below '. + 'to try sending another one.'). + '

'); + $error_view->appendChild( + '
'. + phabricator_form( + $user, array( + 'action' => '/login/mustverify/', + 'method' => 'POST', ), - pht('Send Another Email'))))); + phutil_tag( + 'button', + array( + ), + pht('Send Another Email'))). + '
'); return $this->buildApplicationPage( diff --git a/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php b/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php index 03330b8138..94ef4b23aa 100644 --- a/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php +++ b/src/applications/auth/controller/PhabricatorOAuthDiagnosticsController.php @@ -21,11 +21,11 @@ final class PhabricatorOAuthDiagnosticsController $client_id = $provider->getClientID(); $client_secret = $provider->getClientSecret(); $key = $provider->getProviderKey(); - $name = $provider->getProviderName(); + $name = phutil_escape_html($provider->getProviderName()); - $res_ok = hsprintf('OK'); - $res_no = hsprintf('NO'); - $res_na = hsprintf('N/A'); + $res_ok = 'OK'; + $res_no = 'NO'; + $res_na = 'N/A'; $results = array(); $auth_key = $key . '.auth-enabled'; @@ -159,10 +159,10 @@ final class PhabricatorOAuthDiagnosticsController $rows = array(); foreach ($results as $key => $result) { $rows[] = array( - $key, + phutil_escape_html($key), $result[0], - $result[1], - $result[2], + phutil_escape_html($result[1]), + phutil_escape_html($result[2]), ); } @@ -186,11 +186,11 @@ final class PhabricatorOAuthDiagnosticsController $panel_view = new AphrontPanelView(); $panel_view->setHeader($title); - $panel_view->appendChild(hsprintf( + $panel_view->appendChild( '

These tests may be able to '. - 'help diagnose the root cause of problems you experience with %s '. - 'Authentication. Reload the page to run the tests again.

', - $provider->getProviderName())); + 'help diagnose the root cause of problems you experience with '. + $provider->getProviderName() . + ' Authentication. Reload the page to run the tests again.

'); $panel_view->appendChild($table_view); return $this->buildStandardPageResponse( diff --git a/src/applications/auth/controller/PhabricatorOAuthLoginController.php b/src/applications/auth/controller/PhabricatorOAuthLoginController.php index a226f5e9cf..dbfcc81810 100644 --- a/src/applications/auth/controller/PhabricatorOAuthLoginController.php +++ b/src/applications/auth/controller/PhabricatorOAuthLoginController.php @@ -116,9 +116,10 @@ final class PhabricatorOAuthLoginController $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle(pht('Link %s Account', $provider_name)); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Link your %s account to your Phabricator account?', - $provider_name))); + $dialog->appendChild( + pht( + '

Link your %s account to your Phabricator account?

', + phutil_escape_html($provider_name))); $dialog->addHiddenInput('confirm_token', $provider->getAccessToken()); $dialog->addHiddenInput('expires', $oauth_info->getTokenExpires()); $dialog->addHiddenInput('state', $this->oauthState); diff --git a/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php b/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php index 97be2b7b8c..bff01b251b 100644 --- a/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php +++ b/src/applications/auth/controller/PhabricatorOAuthUnlinkController.php @@ -34,9 +34,9 @@ final class PhabricatorOAuthUnlinkController extends PhabricatorAuthController { $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Really unlink account?')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'You will not be able to login using this account '. - 'once you unlink it. Continue?'))); + $dialog->appendChild( + '

'.pht('You will not be able to login using this account '. + 'once you unlink it. Continue?').'

'); $dialog->addSubmitButton(pht('Unlink Account')); $dialog->addCancelButton($provider->getSettingsPanelURI()); diff --git a/src/applications/auth/view/PhabricatorOAuthFailureView.php b/src/applications/auth/view/PhabricatorOAuthFailureView.php index 97b3447b9b..a1e4549745 100644 --- a/src/applications/auth/view/PhabricatorOAuthFailureView.php +++ b/src/applications/auth/view/PhabricatorOAuthFailureView.php @@ -77,12 +77,11 @@ final class PhabricatorOAuthFailureView extends AphrontView { $provider_name); } - $view->appendChild(hsprintf( + $view->appendChild( '
'. - '%s%s'. - '
', - $diagnose, - pht('Continue'))); + $diagnose. + ''.pht('Continue').''. + ''); return $view->render(); } diff --git a/src/applications/base/controller/PhabricatorController.php b/src/applications/base/controller/PhabricatorController.php index 9dbb9cb765..e3d5d15196 100644 --- a/src/applications/base/controller/PhabricatorController.php +++ b/src/applications/base/controller/PhabricatorController.php @@ -203,9 +203,10 @@ abstract class PhabricatorController extends AphrontController { $view = new PhabricatorStandardPageView(); $view->setRequest($request); $view->setController($this); - $view->appendChild(hsprintf( - '
%s
', - $response->buildResponseString())); + $view->appendChild( + '
'. + $response->buildResponseString(). + '
'); $response = new AphrontWebpageResponse(); $response->setContent($view->render()); return $response; @@ -276,7 +277,7 @@ abstract class PhabricatorController extends AphrontController { $items[] = $this->getHandle($phid)->renderLink(); } - return phutil_implode_html($style_map[$style], $items); + return array_interleave($style_map[$style], $items); } protected function buildApplicationMenu() { diff --git a/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php b/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php index 9c4aaf4b4f..ad2b5e9863 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarBrowseController.php @@ -55,7 +55,9 @@ final class PhabricatorCalendarBrowseController $nav->appendChild( array( $this->getNoticeView(), - hsprintf('
%s
', $month_view->render()), + '
', + $month_view, + '
', )); return $this->buildApplicationPage( diff --git a/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php b/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php index 6a7913e182..9f96fd070a 100644 --- a/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php +++ b/src/applications/calendar/controller/PhabricatorCalendarViewStatusController.php @@ -94,7 +94,7 @@ final class PhabricatorCalendarViewStatusController } else { $no_data = pht('%s does not have any upcoming status events.', - $this->getHandle($this->phid)->getName()); + phutil_escape_html($this->getHandle($this->phid)->getName())); } return $no_data; } @@ -115,7 +115,7 @@ final class PhabricatorCalendarViewStatusController } else { $page_title = pht( 'Upcoming Statuses for %s', - $this->getHandle($this->phid)->getName() + phutil_escape_html($this->getHandle($this->phid)->getName()) ); } return $page_title; diff --git a/src/applications/calendar/view/AphrontCalendarMonthView.php b/src/applications/calendar/view/AphrontCalendarMonthView.php index 540ffba176..3367c01d88 100644 --- a/src/applications/calendar/view/AphrontCalendarMonthView.php +++ b/src/applications/calendar/view/AphrontCalendarMonthView.php @@ -48,10 +48,9 @@ final class AphrontCalendarMonthView extends AphrontView { $markup = array(); - $empty_box = phutil_tag( - 'div', - array('class' => 'aphront-calendar-day aphront-calendar-empty'), - ''); + $empty_box = + '
'. + '
'; for ($ii = 0; $ii < $empty; $ii++) { $markup[] = $empty_box; @@ -80,10 +79,9 @@ final class AphrontCalendarMonthView extends AphrontView { } else { $show_events = array_fill_keys( array_keys($show_events), - hsprintf( - '
'. - ' '. - '
')); + '
'. + ' '. + '
'); } foreach ($events as $event) { @@ -102,42 +100,38 @@ final class AphrontCalendarMonthView extends AphrontView { $holiday_markup = null; if ($holiday) { - $name = $holiday->getName(); - $holiday_markup = phutil_tag( - 'div', - array( - 'class' => 'aphront-calendar-holiday', - 'title' => $name, - ), - $name); + $name = phutil_escape_html($holiday->getName()); + $holiday_markup = + '
'. + $name. + '
'; } - $markup[] = hsprintf( - '
'. - '
%s
'. - '%s%s'. - '
', - $class, - $day_number, - $holiday_markup, - phutil_implode_html("\n", $show_events)); + $markup[] = + '
'. + '
'. + $day_number. + '
'. + $holiday_markup. + implode("\n", $show_events). + '
'; } $table = array(); $rows = array_chunk($markup, 7); foreach ($rows as $row) { - $table[] = hsprintf(''); + $table[] = ''; while (count($row) < 7) { $row[] = $empty_box; } foreach ($row as $cell) { - $table[] = phutil_tag('p', array(), $cell); + $table[] = ''.$cell.''; } - $table[] = hsprintf(''); + $table[] = ''; } - $table = hsprintf( + $table = ''. - '%s'. + $this->renderCalendarHeader($first). ''. ''. ''. @@ -147,10 +141,8 @@ final class AphrontCalendarMonthView extends AphrontView { ''. ''. ''. - '%s'. - '
SunMonFriSat
', - $this->renderCalendarHeader($first), - phutil_implode_html("\n", $table)); + implode("\n", $table). + ''; return $table; } @@ -181,15 +173,16 @@ final class AphrontCalendarMonthView extends AphrontView { "\xE2\x86\x92" ); - $left_th = phutil_tag('th', array(), $prev_link); - $right_th = phutil_tag('th', array(), $next_link); + $left_th = ''.$prev_link.''; + $right_th = ''.$next_link.''; } - return hsprintf( - '%s%s%s', - $left_th, - phutil_tag('th', array('colspan' => $colspan), $date->format('F Y')), - $right_th); + return + ''. + $left_th. + ''.$date->format('F Y').''. + $right_th. + ''; } private function getNextYearAndMonth() { diff --git a/src/applications/chatlog/controller/PhabricatorChatLogChannelLogController.php b/src/applications/chatlog/controller/PhabricatorChatLogChannelLogController.php index 26dcadf1f8..581d3544ae 100644 --- a/src/applications/chatlog/controller/PhabricatorChatLogChannelLogController.php +++ b/src/applications/chatlog/controller/PhabricatorChatLogChannelLogController.php @@ -94,6 +94,7 @@ final class PhabricatorChatLogChannelLogController require_celerity_resource('phabricator-chatlog-css'); $out = array(); + $out[] = ''; foreach ($blocks as $block) { $author = $block['author']; $author = phutil_utf8_shorten($author, 18); @@ -121,6 +122,7 @@ final class PhabricatorChatLogChannelLogController ), array($author, $message, $timestamp)); } + $out[] = '
'; $form = id(new AphrontFormView()) ->setUser($user) @@ -138,11 +140,12 @@ final class PhabricatorChatLogChannelLogController return $this->buildStandardPageResponse( array( - hsprintf( - '
%s
%s%s
', - $form, - phutil_tag('table', array('class' => 'phabricator-chat-log'), $out), - $pager), + '
', + $form, + '
', + implode("\n", $out), + $pager, + '
', ), array( 'title' => 'Channel Log', diff --git a/src/applications/conduit/controller/PhabricatorConduitAPIController.php b/src/applications/conduit/controller/PhabricatorConduitAPIController.php index 412ee74f47..b31ae55f2a 100644 --- a/src/applications/conduit/controller/PhabricatorConduitAPIController.php +++ b/src/applications/conduit/controller/PhabricatorConduitAPIController.php @@ -346,7 +346,7 @@ final class PhabricatorConduitAPIController if ($request) { foreach ($request->getAllParameters() as $key => $value) { $param_rows[] = array( - $key, + phutil_escape_html($key), $this->renderAPIValue($value), ); } @@ -362,7 +362,7 @@ final class PhabricatorConduitAPIController $result_rows = array(); foreach ($result as $key => $value) { $result_rows[] = array( - $key, + phutil_escape_html($key), $this->renderAPIValue($value), ); } diff --git a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php index 68f4fb4935..8e7f2bec39 100644 --- a/src/applications/conduit/controller/PhabricatorConduitConsoleController.php +++ b/src/applications/conduit/controller/PhabricatorConduitConsoleController.php @@ -109,7 +109,7 @@ final class PhabricatorConduitConsoleController ->setValue('Call Method')); $panel = new AphrontPanelView(); - $panel->setHeader('Conduit API: '.$this->method); + $panel->setHeader('Conduit API: '.phutil_escape_html($this->method)); $panel->appendChild($form); $panel->setWidth(AphrontPanelView::WIDTH_FULL); diff --git a/src/applications/conduit/controller/PhabricatorConduitListController.php b/src/applications/conduit/controller/PhabricatorConduitListController.php index e80a6fcba6..617ca48288 100644 --- a/src/applications/conduit/controller/PhabricatorConduitListController.php +++ b/src/applications/conduit/controller/PhabricatorConduitListController.php @@ -59,11 +59,11 @@ final class PhabricatorConduitListController $utils = new AphrontPanelView(); $utils->setHeader('Utilities'); - $utils->appendChild(hsprintf( + $utils->appendChild( '')); + ''); $utils->setWidth(AphrontPanelView::WIDTH_FULL); $this->setShowSideNav(false); diff --git a/src/applications/conduit/controller/PhabricatorConduitLogController.php b/src/applications/conduit/controller/PhabricatorConduitLogController.php index c752714dda..a6bcbf74d7 100644 --- a/src/applications/conduit/controller/PhabricatorConduitLogController.php +++ b/src/applications/conduit/controller/PhabricatorConduitLogController.php @@ -65,9 +65,9 @@ final class PhabricatorConduitLogController } $rows[] = array( $call->getConnectionID(), - $conn->getUserName(), - $call->getMethod(), - $call->getError(), + phutil_escape_html($conn->getUserName()), + phutil_escape_html($call->getMethod()), + phutil_escape_html($call->getError()), number_format($call->getDuration()).' us', phabricator_datetime($call->getDateCreated(), $user), ); diff --git a/src/applications/config/controller/PhabricatorConfigAllController.php b/src/applications/config/controller/PhabricatorConfigAllController.php index 69daa9a760..60f95b2263 100644 --- a/src/applications/config/controller/PhabricatorConfigAllController.php +++ b/src/applications/config/controller/PhabricatorConfigAllController.php @@ -14,12 +14,13 @@ final class PhabricatorConfigAllController $key = $option->getKey(); if ($option->getMasked()) { - $value = phutil_tag('em', array(), pht('Masked')); + $value = ''.pht('Masked').''; } else if ($option->getHidden()) { - $value = phutil_tag('em', array(), pht('Hidden')); + $value = ''.pht('Hidden').''; } else { $value = PhabricatorEnv::getEnvConfig($key); $value = PhabricatorConfigJSON::prettyPrintJSON($value); + $value = phutil_escape_html($value); } $rows[] = array( diff --git a/src/applications/config/response/PhabricatorConfigResponse.php b/src/applications/config/response/PhabricatorConfigResponse.php index 923313bb2a..479df39cd1 100644 --- a/src/applications/config/response/PhabricatorConfigResponse.php +++ b/src/applications/config/response/PhabricatorConfigResponse.php @@ -23,18 +23,20 @@ final class PhabricatorConfigResponse extends AphrontHTMLResponse { $view = $this->view->render(); - return hsprintf( - ''. - ''. - ''. - ''. - 'Phabricator Setup'. - '%s'. - ''. - '%s'. - '', - $resources, - $view); + $template = << + + + Phabricator Setup + {$resources} + + + {$view} + + +EOTEMPLATE; + + return $template; } private function buildResources() { @@ -47,12 +49,11 @@ final class PhabricatorConfigResponse extends AphrontHTMLResponse { $resources = array(); foreach ($css as $path) { - $resources[] = phutil_tag( - 'style', - array('type' => 'text/css'), - Filesystem::readFile($webroot.'/rsrc/css/'.$path)); + $resources[] = ''; } - return phutil_implode_html("\n", $resources); + return implode("\n", $resources); } diff --git a/src/applications/config/view/PhabricatorSetupIssueView.php b/src/applications/config/view/PhabricatorSetupIssueView.php index 6912054f67..203a62b81b 100644 --- a/src/applications/config/view/PhabricatorSetupIssueView.php +++ b/src/applications/config/view/PhabricatorSetupIssueView.php @@ -44,7 +44,7 @@ final class PhabricatorSetupIssueView extends AphrontView { ), array( phutil_tag('p', array(), $run_these), - phutil_tag('pre', array(), phutil_implode_html("\n", $commands)), + phutil_tag('pre', array(), array_interleave("\n", $commands)), )); } @@ -114,7 +114,7 @@ final class PhabricatorSetupIssueView extends AphrontView { array( 'class' => 'setup-issue', ), - $this->renderSingleView( + $this->renderHTMLView( array( $name, $description, @@ -155,7 +155,7 @@ final class PhabricatorSetupIssueView extends AphrontView { 'phabricator/ $ ./bin/config set %s value', $key); } - $update = phutil_tag('pre', array(), phutil_implode_html("\n", $update)); + $update = phutil_tag('pre', array(), array_interleave("\n", $update)); } else { $update = array(); foreach ($configs as $config) { @@ -187,7 +187,7 @@ final class PhabricatorSetupIssueView extends AphrontView { array( 'class' => 'setup-issue-config', ), - self::renderSingleView( + self::renderHTMLView( array( $table_info, $table, @@ -293,7 +293,7 @@ final class PhabricatorSetupIssueView extends AphrontView { array( 'class' => 'setup-issue-config', ), - $this->renderSingleView( + $this->renderHTMLView( array( $table_info, $table, diff --git a/src/applications/conpherence/controller/ConpherenceController.php b/src/applications/conpherence/controller/ConpherenceController.php index 67fecfe264..006049b9c7 100644 --- a/src/applications/conpherence/controller/ConpherenceController.php +++ b/src/applications/conpherence/controller/ConpherenceController.php @@ -159,7 +159,8 @@ abstract class ConpherenceController extends PhabricatorController { $item->addClass('hide-unread-count'); } - $nav->addCustomBlock($item->render()); + // TODO: [HTML] Clean this up when we clean up HTML stuff in Conpherence. + $nav->addCustomBlock(phutil_safe_html($item->render())); } if (empty($conpherences) || $read) { $nav->addCustomBlock($this->getNoConpherencesBlock()); diff --git a/src/applications/conpherence/controller/ConpherenceViewController.php b/src/applications/conpherence/controller/ConpherenceViewController.php index 65eee271f9..66f80ba133 100644 --- a/src/applications/conpherence/controller/ConpherenceViewController.php +++ b/src/applications/conpherence/controller/ConpherenceViewController.php @@ -149,7 +149,7 @@ final class ConpherenceViewController extends ->setMarkupEngine($engine) ->render(); } - $transactions = phutil_implode_html(' ', $rendered_transactions); + $transactions = implode(' ', $rendered_transactions); $form = id(new AphrontFormView()) @@ -283,7 +283,7 @@ final class ConpherenceViewController extends 'src' => $thumb ), ''), - $file->getName(), + phutil_escape_html($file->getName()), ); } $header = id(new PhabricatorHeaderView()) @@ -292,7 +292,7 @@ final class ConpherenceViewController extends ->setNoDataString(pht('No files attached to conpherence.')) ->setHeaders(array('', pht('Name'))) ->setColumnClasses(array('', 'wide')); - return hsprintf('%s%s', $header->render(), $table->render()); + return new PhutilSafeHTML($header->render() . $table->render()); } private function renderTaskWidgetPaneContent() { @@ -328,7 +328,7 @@ final class ConpherenceViewController extends ->setColumnClasses(array('', 'wide')); $content[] = $table->render(); } - return phutil_implode_html('', $content); + return new PhutilSafeHTML(implode('', $content)); } private function renderCalendarWidgetPaneContent() { @@ -416,7 +416,7 @@ final class ConpherenceViewController extends } } - return phutil_implode_html('', $content); + return new PhutilSafeHTML(implode('', $content)); } private function getCalendarWidgetWeekTimestamps() { diff --git a/src/applications/conpherence/storage/ConpherenceTransaction.php b/src/applications/conpherence/storage/ConpherenceTransaction.php index b2ff0f97c0..64afcf9157 100644 --- a/src/applications/conpherence/storage/ConpherenceTransaction.php +++ b/src/applications/conpherence/storage/ConpherenceTransaction.php @@ -50,18 +50,18 @@ final class ConpherenceTransaction extends PhabricatorApplicationTransaction { $title = pht( '%s renamed this conpherence from "%s" to "%s".', $this->renderHandleLink($author_phid), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); } else if ($old) { $title = pht( '%s deleted the conpherence name "%s".', $this->renderHandleLink($author_phid), - $old); + phutil_escape_html($old)); } else { $title = pht( '%s named this conpherence "%s".', $this->renderHandleLink($author_phid), - $new); + phutil_escape_html($new)); } return $title; case ConpherenceTransactionType::TYPE_FILES: diff --git a/src/applications/conpherence/view/ConpherenceMenuItemView.php b/src/applications/conpherence/view/ConpherenceMenuItemView.php index 539a107122..c69d7c502d 100644 --- a/src/applications/conpherence/view/ConpherenceMenuItemView.php +++ b/src/applications/conpherence/view/ConpherenceMenuItemView.php @@ -139,7 +139,7 @@ final class ConpherenceMenuItemView extends AphrontTagView { (int)$this->unreadCount); } - return $this->renderSingleView( + return $this->renderHTMLView( array( $image, $title, diff --git a/src/applications/conpherence/view/ConpherenceTransactionView.php b/src/applications/conpherence/view/ConpherenceTransactionView.php index 13238c04ec..2d785dc225 100644 --- a/src/applications/conpherence/view/ConpherenceTransactionView.php +++ b/src/applications/conpherence/view/ConpherenceTransactionView.php @@ -87,7 +87,7 @@ final class ConpherenceTransactionView extends AphrontView { array( 'class' => $content_class ), - $this->renderSingleView($content)) + $this->renderHTMLView($content)) ); return $transaction_view->render(); diff --git a/src/applications/countdown/controller/PhabricatorCountdownListController.php b/src/applications/countdown/controller/PhabricatorCountdownListController.php index b503d241d3..93e4a916b7 100644 --- a/src/applications/countdown/controller/PhabricatorCountdownListController.php +++ b/src/applications/countdown/controller/PhabricatorCountdownListController.php @@ -46,7 +46,7 @@ final class PhabricatorCountdownListController 'Delete'); } $rows[] = array( - $timer->getID(), + phutil_escape_html($timer->getID()), $handles[$timer->getAuthorPHID()]->renderLink(), phutil_tag( 'a', diff --git a/src/applications/daemon/controller/PhabricatorDaemonConsoleController.php b/src/applications/daemon/controller/PhabricatorDaemonConsoleController.php index f9a6d4615b..26059e4ce2 100644 --- a/src/applications/daemon/controller/PhabricatorDaemonConsoleController.php +++ b/src/applications/daemon/controller/PhabricatorDaemonConsoleController.php @@ -30,7 +30,7 @@ final class PhabricatorDaemonConsoleController $rows = array(); foreach ($completed_info as $class => $info) { $rows[] = array( - $class, + phutil_escape_html($class), number_format($info['n']), number_format((int)($info['duration'] / $info['n'])).' us', ); @@ -127,7 +127,7 @@ final class PhabricatorDaemonConsoleController $rows = array(); foreach ($queued as $row) { $rows[] = array( - $row['taskClass'], + phutil_escape_html($row['taskClass']), number_format($row['N']), ); } diff --git a/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php b/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php index 811ef354be..72f9e256aa 100644 --- a/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php +++ b/src/applications/daemon/controller/PhabricatorWorkerTaskUpdateController.php @@ -72,40 +72,41 @@ final class PhabricatorWorkerTaskUpdateController case 'retry': if ($can_retry) { $dialog->setTitle('Really retry task?'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'The task will be put back in the queue and executed again.'))); + $dialog->appendChild( + '

The task will be put back in the queue and executed '. + 'again.

'); $dialog->addSubmitButton('Retry Task'); } else { $dialog->setTitle('Can Not Retry'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Only archived, unsuccessful tasks can be retried.'))); + $dialog->appendChild( + '

Only archived, unsuccessful tasks can be retried.

'); } break; case 'cancel': if ($can_cancel) { $dialog->setTitle('Really cancel task?'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'The work this task represents will never be performed if you '. - 'cancel it. Are you sure you want to cancel it?'))); + $dialog->appendChild( + '

The work this task represents will never be performed if you '. + 'cancel it. Are you sure you want to cancel it?

'); $dialog->addSubmitButton('Cancel Task'); } else { $dialog->setTitle('Can Not Cancel'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Only active tasks can be cancelled.'))); + $dialog->appendChild( + '

Only active tasks can be cancelled.

'); } break; case 'release': if ($can_release) { $dialog->setTitle('Really free task lease?'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'If the process which owns the task lease is still doing work '. + $dialog->appendChild( + '

If the process which owns the task lease is still doing work '. 'on it, the work may be performed twice. Are you sure you '. - 'want to free the lease?'))); + 'want to free the lease?

'); $dialog->addSubmitButton('Free Lease'); } else { $dialog->setTitle('Can Not Free Lease'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Only active, leased tasks may have their leases freed.'))); + $dialog->appendChild( + '

Only active, leased tasks may have their leases freed.

'); } break; default: diff --git a/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php b/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php index 600dc50e14..e3cdc98779 100644 --- a/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php +++ b/src/applications/daemon/view/PhabricatorDaemonLogEventsView.php @@ -60,7 +60,7 @@ final class PhabricatorDaemonLogEventsView extends AphrontView { } $row = array( - $event->getLogType(), + phutil_escape_html($event->getLogType()), phabricator_date($event->getEpoch(), $this->user), phabricator_time($event->getEpoch(), $this->user), phutil_escape_html_newlines($message.$more), diff --git a/src/applications/daemon/view/PhabricatorDaemonLogListView.php b/src/applications/daemon/view/PhabricatorDaemonLogListView.php index 47353b948f..190e17c3cd 100644 --- a/src/applications/daemon/view/PhabricatorDaemonLogListView.php +++ b/src/applications/daemon/view/PhabricatorDaemonLogListView.php @@ -76,8 +76,8 @@ final class PhabricatorDaemonLogListView extends AphrontView { $rows[] = array( $running, - $log->getDaemon(), - $log->getHost(), + phutil_escape_html($log->getDaemon()), + phutil_escape_html($log->getHost()), $log->getPID(), phabricator_date($epoch, $this->user), phabricator_time($epoch, $this->user), diff --git a/src/applications/differential/controller/DifferentialCommentSaveController.php b/src/applications/differential/controller/DifferentialCommentSaveController.php index 6f84e33282..d49232bb37 100644 --- a/src/applications/differential/controller/DifferentialCommentSaveController.php +++ b/src/applications/differential/controller/DifferentialCommentSaveController.php @@ -60,9 +60,10 @@ final class DifferentialCommentSaveController extends DifferentialController { if (strlen($comment) || $has_inlines) { $dialog->addSubmitButton(pht('Post as Comment')); - $dialog->appendChild(phutil_tag('br')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Do you want to post your feedback anyway, as a normal comment?'))); + $dialog->appendChild('
'); + $dialog->appendChild( + '

'.pht('Do you want to post your feedback anyway, as a normal '. + 'comment?').'

'); } return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/differential/controller/DifferentialDiffViewController.php b/src/applications/differential/controller/DifferentialDiffViewController.php index 6503ec2087..afe4847c8c 100644 --- a/src/applications/differential/controller/DifferentialDiffViewController.php +++ b/src/applications/differential/controller/DifferentialDiffViewController.php @@ -25,21 +25,16 @@ final class DifferentialDiffViewController extends DifferentialController { 'href' => PhabricatorEnv::getURI('/D'.$diff->getRevisionID()), ), 'D'.$diff->getRevisionID()); - $top_panel->appendChild(phutil_tag( - 'h1', - array(), - pht('This diff belongs to revision %s', $link))); + $top_panel->appendChild( + "

".pht('This diff belongs to revision %s', $link)."

"); } else { $action_panel = new AphrontPanelView(); $action_panel->setHeader('Preview Diff'); $action_panel->setWidth(AphrontPanelView::WIDTH_WIDE); - $action_panel->appendChild(hsprintf( - '

%s

', - pht( - 'Review the diff for correctness. When you are satisfied, either '. - 'create a new revision or update '. - 'an existing revision.', - hsprintf('')))); + $action_panel->appendChild( + '

'.pht('Review the diff for '. + 'correctness. When you are satisfied, either create a new '. + 'revision or update an existing revision.')); // TODO: implmenent optgroup support in AphrontFormSelectControl? $select = array(); diff --git a/src/applications/differential/controller/DifferentialRevisionViewController.php b/src/applications/differential/controller/DifferentialRevisionViewController.php index 546a173607..1e572ab334 100644 --- a/src/applications/differential/controller/DifferentialRevisionViewController.php +++ b/src/applications/differential/controller/DifferentialRevisionViewController.php @@ -386,15 +386,14 @@ final class DifferentialRevisionViewController extends DifferentialController { $page_pane = id(new DifferentialPrimaryPaneView()) ->setID($pane_id) - ->appendChild(array( - $comment_view->render(), - $diff_history->render(), - $warning, - $local_view->render(), - $toc_view->render(), - $other_view, - $changeset_view->render(), - )); + ->appendChild( + $comment_view->render(). + $diff_history->render(). + $warning. + $local_view->render(). + $toc_view->render(). + $other_view. + $changeset_view->render()); if ($comment_form) { $page_pane->appendChild($comment_form->render()); } @@ -858,12 +857,13 @@ final class DifferentialRevisionViewController extends DifferentialController { $handles = $this->loadViewerHandles($phids); $view->setHandles($handles); - return hsprintf( - '%s

%s
', + return id(new PhabricatorHeaderView()) ->setHeader(pht('Open Revisions Affecting These Files')) - ->render(), - $view->render()); + ->render(). + '
'. + $view->render(). + '
'; } /** diff --git a/src/applications/differential/controller/DifferentialSubscribeController.php b/src/applications/differential/controller/DifferentialSubscribeController.php index 99fc019c3a..9d1ade910d 100644 --- a/src/applications/differential/controller/DifferentialSubscribeController.php +++ b/src/applications/differential/controller/DifferentialSubscribeController.php @@ -43,7 +43,7 @@ final class DifferentialSubscribeController extends DifferentialController { $dialog ->setUser($user) ->setTitle($title) - ->appendChild(phutil_tag('p', array(), $prompt)) + ->appendChild('

'.$prompt.'

') ->setSubmitURI($request->getRequestURI()) ->addSubmitButton($button) ->addCancelButton('/D'.$revision->getID()); diff --git a/src/applications/differential/field/specification/DifferentialBlameRevisionFieldSpecification.php b/src/applications/differential/field/specification/DifferentialBlameRevisionFieldSpecification.php index a246aa1a31..11f7b5cf19 100644 --- a/src/applications/differential/field/specification/DifferentialBlameRevisionFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialBlameRevisionFieldSpecification.php @@ -49,7 +49,7 @@ final class DifferentialBlameRevisionFieldSpecification return null; } $engine = PhabricatorMarkupEngine::newDifferentialMarkupEngine(); - return $engine->markupText($this->value); + return phutil_safe_html($engine->markupText($this->value)); } public function shouldAppearOnConduitView() { diff --git a/src/applications/differential/field/specification/DifferentialCommitsFieldSpecification.php b/src/applications/differential/field/specification/DifferentialCommitsFieldSpecification.php index b5e6e2a37b..ae8339c05c 100644 --- a/src/applications/differential/field/specification/DifferentialCommitsFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialCommitsFieldSpecification.php @@ -26,7 +26,7 @@ final class DifferentialCommitsFieldSpecification $links[] = $this->getHandle($commit_phid)->renderLink(); } - return phutil_implode_html(phutil_tag('br'), $links); + return array_interleave(phutil_tag('br'), $links); } private function getCommitPHIDs() { diff --git a/src/applications/differential/field/specification/DifferentialDependenciesFieldSpecification.php b/src/applications/differential/field/specification/DifferentialDependenciesFieldSpecification.php index d32047ee22..43f387bb57 100644 --- a/src/applications/differential/field/specification/DifferentialDependenciesFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialDependenciesFieldSpecification.php @@ -26,7 +26,7 @@ final class DifferentialDependenciesFieldSpecification $links[] = $this->getHandle($revision_phids)->renderLink(); } - return phutil_implode_html(phutil_tag('br'), $links); + return array_interleave(phutil_tag('br'), $links); } private function getDependentRevisionPHIDs() { diff --git a/src/applications/differential/field/specification/DifferentialDependsOnFieldSpecification.php b/src/applications/differential/field/specification/DifferentialDependsOnFieldSpecification.php index b195641432..05c8ebef91 100644 --- a/src/applications/differential/field/specification/DifferentialDependsOnFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialDependsOnFieldSpecification.php @@ -26,7 +26,7 @@ final class DifferentialDependsOnFieldSpecification $links[] = $this->getHandle($revision_phids)->renderLink(); } - return phutil_implode_html(phutil_tag('br'), $links); + return array_interleave(phutil_tag('br'), $links); } private function getDependentRevisionPHIDs() { diff --git a/src/applications/differential/field/specification/DifferentialFieldSpecification.php b/src/applications/differential/field/specification/DifferentialFieldSpecification.php index 3521998248..d1b6dbdb3b 100644 --- a/src/applications/differential/field/specification/DifferentialFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialFieldSpecification.php @@ -283,7 +283,7 @@ abstract class DifferentialFieldSpecification { $links[] = $handle->renderLink(); } - return phutil_implode_html(', ', $links); + return array_interleave(', ', $links); } diff --git a/src/applications/differential/field/specification/DifferentialManiphestTasksFieldSpecification.php b/src/applications/differential/field/specification/DifferentialManiphestTasksFieldSpecification.php index 3112f0f379..38379da8f2 100644 --- a/src/applications/differential/field/specification/DifferentialManiphestTasksFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialManiphestTasksFieldSpecification.php @@ -29,7 +29,7 @@ final class DifferentialManiphestTasksFieldSpecification $links[] = $this->getHandle($task_phid)->renderLink(); } - return phutil_implode_html(phutil_tag('br'), $links); + return array_interleave(phutil_tag('br'), $links); } private function getManiphestTaskPHIDs() { diff --git a/src/applications/differential/field/specification/DifferentialReviewersFieldSpecification.php b/src/applications/differential/field/specification/DifferentialReviewersFieldSpecification.php index de6a89f05a..b519c3e955 100644 --- a/src/applications/differential/field/specification/DifferentialReviewersFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialReviewersFieldSpecification.php @@ -143,9 +143,10 @@ final class DifferentialReviewersFieldSpecification if ($other_reviewers) { $names = array(); foreach ($other_reviewers as $reviewer => $_) { - $names[] = $this->getHandle($reviewer)->getLinkName(); + $names[] = phutil_escape_html( + $this->getHandle($reviewer)->getLinkName()); } - $suffix = javelin_tag( + $suffix = ' '.javelin_tag( 'abbr', array( 'sigil' => 'has-tooltip', @@ -158,12 +159,9 @@ final class DifferentialReviewersFieldSpecification } else { $suffix = null; } - return hsprintf( - '%s %s', - $this->getHandle($primary_reviewer)->renderLink(), - $suffix); + return $this->getHandle($primary_reviewer)->renderLink().$suffix; } else { - return phutil_tag('em', array(), 'None'); + return 'None'; } } diff --git a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php index 6b91e90f43..ae189573ff 100644 --- a/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php +++ b/src/applications/differential/field/specification/DifferentialUnitFieldSpecification.php @@ -113,7 +113,7 @@ final class DifferentialUnitFieldSpecification $userdata = idx($test, 'userdata'); if ($userdata) { $engine = PhabricatorMarkupEngine::newDifferentialMarkupEngine(); - $userdata = $engine->markupText($userdata); + $userdata = phutil_safe_html($engine->markupText($userdata)); $rows[] = array( 'style' => 'details', 'value' => $userdata, diff --git a/src/applications/differential/parser/DifferentialChangesetParser.php b/src/applications/differential/parser/DifferentialChangesetParser.php index 479af1b778..7cd5e115f4 100644 --- a/src/applications/differential/parser/DifferentialChangesetParser.php +++ b/src/applications/differential/parser/DifferentialChangesetParser.php @@ -1092,7 +1092,7 @@ final class DifferentialChangesetParser { * indicator of how well tested a change is. */ public function renderModifiedCoverage() { - $na = phutil_tag('em', array(), '-'); + $na = '-'; $coverage = $this->getCoverage(); if (!$coverage) { diff --git a/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php b/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php index 3c8d90dcfd..3032e15cc1 100644 --- a/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php +++ b/src/applications/differential/render/DifferentialChangesetHTMLRenderer.php @@ -21,34 +21,27 @@ abstract class DifferentialChangesetHTMLRenderer return null; } } else { - $none = $none; switch ($change) { case DifferentialChangeType::TYPE_ADD: switch ($file) { case DifferentialChangeType::FILE_TEXT: - $message = pht('This file was added.', $none); + $message = pht('This file was added.'); break; case DifferentialChangeType::FILE_IMAGE: - $message = pht('This image was added.', $none); + $message = pht('This image was added.'); break; case DifferentialChangeType::FILE_DIRECTORY: - $message = pht( - 'This directory was added.', - $none); + $message = pht('This directory was added.'); break; case DifferentialChangeType::FILE_BINARY: - $message = pht( - 'This binary file was added.', - $none); + $message = pht('This binary file was added.'); break; case DifferentialChangeType::FILE_SYMLINK: - $message = pht('This symlink was added.', $none); + $message = pht('This symlink was added.'); break; case DifferentialChangeType::FILE_SUBMODULE: - $message = pht( - 'This submodule was added.', - $none); + $message = pht('This submodule was added.'); break; } break; @@ -56,30 +49,22 @@ abstract class DifferentialChangesetHTMLRenderer case DifferentialChangeType::TYPE_DELETE: switch ($file) { case DifferentialChangeType::FILE_TEXT: - $message = pht('This file was deleted.', $none); + $message = pht('This file was deleted.'); break; case DifferentialChangeType::FILE_IMAGE: - $message = pht('This image was deleted.', $none); + $message = pht('This image was deleted.'); break; case DifferentialChangeType::FILE_DIRECTORY: - $message = pht( - 'This directory was deleted.', - $none); + $message = pht('This directory was deleted.'); break; case DifferentialChangeType::FILE_BINARY: - $message = pht( - 'This binary file was deleted.', - $none); + $message = pht('This binary file was deleted.'); break; case DifferentialChangeType::FILE_SYMLINK: - $message = pht( - 'This symlink was deleted.', - $none); + $message = pht('This symlink was deleted.'); break; case DifferentialChangeType::FILE_SUBMODULE: - $message = pht( - 'This submodule was deleted.', - $none); + $message = pht('This submodule was deleted.'); break; } break; @@ -250,9 +235,10 @@ abstract class DifferentialChangesetHTMLRenderer } } - return hsprintf( - '
%s
', - $message); + return + '
'. + $message. + '
'; } protected function renderPropertyChangeHeader() { @@ -293,20 +279,15 @@ abstract class DifferentialChangesetHTMLRenderer } } - array_unshift($rows, hsprintf( - ''. - '%s'. - '%s'. - '%s'. - '', - pht('Property Changes'), - pht('Old Value'), - pht('New Value'))); - - return phutil_tag( - 'table', - array('class' => 'differential-property-table'), - $rows); + return + ''. + ''. + ''. + ''. + ''. + ''. + implode('', $rows). + '
'.pht('Property Changes').''.pht('Old Value').''.pht('New Value').'
'; } public function renderShield($message, $force = 'default') { @@ -371,6 +352,9 @@ abstract class DifferentialChangesetHTMLRenderer return null; } + // TODO: [HTML] After TwoUpRenderer gets refactored, fix this. + $content = phutil_safe_html($content); + return javelin_tag( 'table', array( diff --git a/src/applications/differential/render/DifferentialChangesetOneUpRenderer.php b/src/applications/differential/render/DifferentialChangesetOneUpRenderer.php index 567116db05..18f49f6eaa 100644 --- a/src/applications/differential/render/DifferentialChangesetOneUpRenderer.php +++ b/src/applications/differential/render/DifferentialChangesetOneUpRenderer.php @@ -20,32 +20,32 @@ final class DifferentialChangesetOneUpRenderer switch ($type) { case 'old': case 'new': - $out[] = hsprintf(''); + $out[] = ''; if ($type == 'old') { if ($p['htype']) { $class = 'left old'; } else { $class = 'left'; } - $out[] = hsprintf('%s', $p['line']); - $out[] = hsprintf(''); - $out[] = hsprintf('%s', $class, $p['render']); + $out[] = ''.$p['line'].''; + $out[] = ''; + $out[] = ''.$p['render'].''; } else if ($type == 'new') { if ($p['htype']) { $class = 'right new'; - $out[] = hsprintf(''); + $out[] = ''; } else { $class = 'right'; - $out[] = hsprintf('%s', $p['oline']); + $out[] = ''.$p['oline'].''; } - $out[] = hsprintf('%s', $p['line']); - $out[] = hsprintf('%s', $class, $p['render']); + $out[] = ''.$p['line'].''; + $out[] = ''.$p['render'].''; } - $out[] = hsprintf(''); + $out[] = ''; break; case 'inline': - $out[] = hsprintf(''); - $out[] = hsprintf(''); + $out[] = ''; + $out[] = ''; $inline = $this->buildInlineComment( $p['comment'], @@ -53,16 +53,16 @@ final class DifferentialChangesetOneUpRenderer $inline->setBuildScaffolding(false); $out[] = $inline->render(); - $out[] = hsprintf(''); + $out[] = ''; break; default: - $out[] = hsprintf('%s', $type); + $out[] = ''.$type.''; break; } } if ($out) { - return $this->wrapChangeInTable(phutil_implode_html('', $out)); + return $this->wrapChangeInTable(implode('', $out)); } return null; } diff --git a/src/applications/differential/render/DifferentialChangesetTwoUpRenderer.php b/src/applications/differential/render/DifferentialChangesetTwoUpRenderer.php index 698ef4113f..91cfbebabd 100644 --- a/src/applications/differential/render/DifferentialChangesetTwoUpRenderer.php +++ b/src/applications/differential/render/DifferentialChangesetTwoUpRenderer.php @@ -160,7 +160,7 @@ final class DifferentialChangesetTwoUpRenderer 'colspan' => 2, 'class' => 'show-more', ), - phutil_implode_html( + array_interleave( " \xE2\x80\xA2 ", // Bullet $contents)), phutil_tag( @@ -205,7 +205,7 @@ final class DifferentialChangesetTwoUpRenderer } } - $n_copy = hsprintf(''); + $n_copy = ''; $n_cov = null; $n_colspan = 2; $n_classes = ''; @@ -224,7 +224,7 @@ final class DifferentialChangesetTwoUpRenderer $cov_class = $coverage[$n_num - 1]; } $cov_class = 'cov-'.$cov_class; - $n_cov = hsprintf('', $cov_class); + $n_cov = ''; $n_colspan--; } @@ -242,7 +242,7 @@ final class DifferentialChangesetTwoUpRenderer $n_classes = $n_class; if ($new_lines[$ii]['type'] == '\\' || !isset($copy_lines[$n_num])) { - $n_copy = hsprintf('', $n_class); + $n_copy = ''; } else { list($orig_file, $orig_line, $orig_type) = $copy_lines[$n_num]; $title = ($orig_type == '-' ? 'Moved' : 'Copied').' from '; @@ -274,13 +274,13 @@ final class DifferentialChangesetTwoUpRenderer } if ($o_num && $left_id) { - $o_id = 'C'.$left_id.$left_char.'L'.$o_num; + $o_id = ' id="C'.$left_id.$left_char.'L'.$o_num.'"'; } else { $o_id = null; } if ($n_num && $right_id) { - $n_id = 'C'.$right_id.$right_char.'L'.$n_num; + $n_id = ' id="C'.$right_id.$right_char.'L'.$n_num.'"'; } else { $n_id = null; } @@ -288,26 +288,20 @@ final class DifferentialChangesetTwoUpRenderer // NOTE: The Javascript is sensitive to whitespace changes in this // block! - $html[] = hsprintf( + $html[] = ''. - '%s'. - '%s'. - '%s'. - '%s'. + ''.$o_num.''. + ''.$o_text.''. + ''.$n_num.''. + $n_copy. // NOTE: This is a unicode zero-width space, which we use as a hint // when intercepting 'copy' events to make sure sensible text ends // up on the clipboard. See the 'phabricator-oncopy' behavior. - ''. - "\xE2\x80\x8B%s". + ''. + "\xE2\x80\x8B".$n_text. ''. - '%s'. - '', - phutil_tag('th', array('id' => $o_id), $o_num), - $o_classes, $o_text, - phutil_tag('th', array('id' => $n_id), $n_num), - $n_copy, - $n_classes, $n_colspan, $n_text, - $n_cov); + $n_cov. + ''; if ($context_not_available && ($ii == $rows - 1)) { $html[] = $context_not_available; @@ -357,7 +351,7 @@ final class DifferentialChangesetTwoUpRenderer } } - return $this->wrapChangeInTable(phutil_implode_html('', $html)); + return $this->wrapChangeInTable(implode('', $html)); } public function renderFileChange($old_file = null, @@ -401,57 +395,51 @@ final class DifferentialChangesetTwoUpRenderer foreach ($this->getOldComments() as $on_line => $comment_group) { foreach ($comment_group as $comment) { $comment_html = $this->renderInlineComment($comment, $on_right = false); - $html_old[] = hsprintf( + $html_old[] = ''. ''. - '%s'. + ''.$comment_html.''. ''. ''. - '', - $comment_html); + ''; } } foreach ($this->getNewComments() as $lin_line => $comment_group) { foreach ($comment_group as $comment) { $comment_html = $this->renderInlineComment($comment, $on_right = true); - $html_new[] = hsprintf( + $html_new[] = ''. ''. ''. ''. - '%s'. - '', - $comment_html); + ''.$comment_html.''. + ''; } } if (!$old) { - $th_old = hsprintf(''); + $th_old = ''; } else { - $th_old = hsprintf('1', $vs); + $th_old = '1'; } if (!$new) { - $th_new = hsprintf(''); + $th_new = ''; } else { - $th_new = hsprintf('1', $id); + $th_new = '1'; } - $output = hsprintf( + $output = ''. - '%s'. - '%s'. - '%s'. - '%s'. + $th_old. + ''.$old.''. + $th_new. + ''. + $new. + ''. ''. - '%s'. - '%s', - $th_old, - $old, - $th_new, - $new, - phutil_implode_html('', $html_old), - phutil_implode_html('', $html_new)); + implode('', $html_old). + implode('', $html_new); $output = $this->wrapChangeInTable($output); diff --git a/src/applications/differential/view/DifferentialAddCommentView.php b/src/applications/differential/view/DifferentialAddCommentView.php index e73679b874..0670a062ca 100644 --- a/src/applications/differential/view/DifferentialAddCommentView.php +++ b/src/applications/differential/view/DifferentialAddCommentView.php @@ -155,35 +155,35 @@ final class DifferentialAddCommentView extends AphrontView { 'inline' => 'inline-comment-preview', )); - $warning_container = array(); + $warning_container = '
'; foreach ($warnings as $warning) { if ($warning) { - $warning_container[] = $warning->render(); + $warning_container .= $warning->render(); } } + $warning_container .= '
'; $header = id(new PhabricatorHeaderView()) ->setHeader($is_serious ? pht('Add Comment') : pht('Leap Into Action')); - return hsprintf( - '%s'. + return + id(new PhabricatorAnchorView()) + ->setAnchorName('comment') + ->setNavigationMarker(true) + ->render(). '
'. - '%s%s%s'. + $header->render(). + $form->render(). + $warning_container. '
'. '
'. - '%s'. + ''. + pht('Loading comment preview...'). + ''. '
'. '
'. '
'. '
'. - '
', - id(new PhabricatorAnchorView()) - ->setAnchorName('comment') - ->setNavigationMarker(true) - ->render(), - $header->render(), - $form->render(), - phutil_tag('div', array('id' => 'warnings'), $warning_container), - pht('Loading comment preview...')); + ''; } } diff --git a/src/applications/differential/view/DifferentialChangesetDetailView.php b/src/applications/differential/view/DifferentialChangesetDetailView.php index e010d4e539..f77b5377d3 100644 --- a/src/applications/differential/view/DifferentialChangesetDetailView.php +++ b/src/applications/differential/view/DifferentialChangesetDetailView.php @@ -92,7 +92,7 @@ final class DifferentialChangesetDetailView extends AphrontView { 'class' => $class, 'id' => $id, ), - $this->renderSingleView( + $this->renderHTMLView( array( id(new PhabricatorAnchorView()) ->setAnchorName($changeset->getAnchorName()) @@ -101,7 +101,7 @@ final class DifferentialChangesetDetailView extends AphrontView { $buttons, phutil_tag('h1', array(), $display_filename), phutil_tag('div', array('style' => 'clear: both'), ''), - $this->renderChildren(), + $this->renderHTMLChildren(), ))); } diff --git a/src/applications/differential/view/DifferentialChangesetListView.php b/src/applications/differential/view/DifferentialChangesetListView.php index 422e8fd9ab..aae5f31f23 100644 --- a/src/applications/differential/view/DifferentialChangesetListView.php +++ b/src/applications/differential/view/DifferentialChangesetListView.php @@ -187,7 +187,7 @@ final class DifferentialChangesetListView extends AphrontView { )); } - return $this->renderSingleView( + return $this->renderHTMLView( array( id(new PhabricatorHeaderView()) ->setHeader($this->getTitle()) @@ -221,20 +221,15 @@ final class DifferentialChangesetListView extends AphrontView { ), array('Changes discarded. ', $link)); - return array( - 'l' => hsprintf( - ''. - ''. - ''. - '
%s
', - $div), + $template = + ''. + ''. + ''. + '
%s%s
'; - 'r' => hsprintf( - ''. - ''. - ''. - '
%s
', - $div), + return array( + 'l' => sprintf($template, $div, ''), + 'r' => sprintf($template, '', $div), ); } diff --git a/src/applications/differential/view/DifferentialDiffTableOfContentsView.php b/src/applications/differential/view/DifferentialDiffTableOfContentsView.php index 63de1f17fd..cd30fa0c90 100644 --- a/src/applications/differential/view/DifferentialDiffTableOfContentsView.php +++ b/src/applications/differential/view/DifferentialDiffTableOfContentsView.php @@ -94,20 +94,22 @@ final class DifferentialDiffTableOfContentsView extends AphrontView { $meta[] = pht('Copied to multiple locations:'); } foreach ($away as $path) { - $meta[] = $path; + $meta[] = phutil_escape_html($path); } - $meta = phutil_implode_html(phutil_tag('br'), $meta); + $meta = implode('
', $meta); } else { if ($type == DifferentialChangeType::TYPE_MOVE_AWAY) { - $meta = pht('Moved to %s', reset($away)); + $meta = pht('Moved to %s', phutil_escape_html(reset($away))); } else { - $meta = pht('Copied to %s', reset($away)); + $meta = pht('Copied to %s', phutil_escape_html(reset($away))); } } } else if ($type == DifferentialChangeType::TYPE_MOVE_HERE) { - $meta = pht('Moved from %s', $changeset->getOldFile()); + $meta = pht('Moved from %s', + phutil_escape_html($changeset->getOldFile())); } else if ($type == DifferentialChangeType::TYPE_COPY_HERE) { - $meta = pht('Copied from %s', $changeset->getOldFile()); + $meta = pht('Copied from %s', + phutil_escape_html($changeset->getOldFile())); } else { $meta = null; } @@ -128,12 +130,12 @@ final class DifferentialDiffTableOfContentsView extends AphrontView { $pchar = ($changeset->getOldProperties() === $changeset->getNewProperties()) ? null - : hsprintf('M', pht('Properties Changed')); + : 'M'; $fname = $changeset->getFilename(); $cov = $this->renderCoverage($coverage, $fname); if ($cov === null) { - $mcov = $cov = phutil_tag('em', array(), '-'); + $mcov = $cov = '-'; } else { $mcov = phutil_tag( 'div', @@ -144,28 +146,27 @@ final class DifferentialDiffTableOfContentsView extends AphrontView { (isset($this->visibleChangesets[$id]) ? 'Loading...' : '?')); } - $rows[] = hsprintf( - ''. - '%s'. - '%s'. - '%s'. - '%s%s'. - '%s'. - '%s'. - '', - $chartitle, $char, - $pchar, - $desc, - $link, $lines, - $cov, - $mcov); + $rows[] = + ''. + phutil_tag( + 'td', + array( + 'class' => 'differential-toc-char', + 'title' => $chartitle, + ), + $char). + ''.$pchar.''. + ''.$desc.''. + ''.$link.$lines.''. + ''.$cov.''. + ''.$mcov.''. + ''; if ($meta) { - $rows[] = hsprintf( + $rows[] = ''. ''. - '%s'. - '', - $meta); + ''.$meta.''. + ''; } if ($this->diff && $this->repository) { $paths[] = @@ -200,13 +201,19 @@ final class DifferentialDiffTableOfContentsView extends AphrontView { ), pht('Show All Context')); - $buttons = hsprintf( - '%s%s', - $editor_link, - $reveal_link); + $buttons = + ''. + $editor_link.$reveal_link. + ''; - return hsprintf( - '%s%s'. + return + id(new PhabricatorAnchorView()) + ->setAnchorName('toc') + ->setNavigationMarker(true) + ->render(). + id(new PhabricatorHeaderView()) + ->setHeader(pht('Table of Contents')) + ->render(). '
'. ''. ''. @@ -214,23 +221,17 @@ final class DifferentialDiffTableOfContentsView extends AphrontView { ''. ''. ''. - ''. - ''. + ''. + ''. ''. - '%s%s'. + implode("\n", $rows). + $buttons. '
Path%s%s'. + pht('Coverage (All)'). + ''. + pht('Coverage (Touched)'). + '
'. - '
', - id(new PhabricatorAnchorView()) - ->setAnchorName('toc') - ->setNavigationMarker(true) - ->render(), - id(new PhabricatorHeaderView()) - ->setHeader(pht('Table of Contents')) - ->render(), - pht('Coverage (All)'), - pht('Coverage (Touched)'), - phutil_implode_html("\n", $rows), - $buttons); + ''; } private function renderCoverage(array $coverage, $file) { diff --git a/src/applications/differential/view/DifferentialInlineCommentEditView.php b/src/applications/differential/view/DifferentialInlineCommentEditView.php index 193e3520ca..1fccbe5f82 100644 --- a/src/applications/differential/view/DifferentialInlineCommentEditView.php +++ b/src/applications/differential/view/DifferentialInlineCommentEditView.php @@ -55,7 +55,7 @@ final class DifferentialInlineCommentEditView extends AphrontView { 'method' => 'POST', 'sigil' => 'inline-edit-form', ), - $this->renderSingleView( + $this->renderHTMLView( array( $this->renderInputs(), $this->renderBody(), @@ -123,14 +123,14 @@ final class DifferentialInlineCommentEditView extends AphrontView { array( 'class' => 'differential-inline-comment-edit-body', ), - $this->renderChildren()); + $this->renderHTMLChildren()); $edit = phutil_tag( 'edit', array( 'class' => 'differential-inline-comment-edit-buttons', ), - $this->renderSingleView( + $this->renderHTMLView( array( $formatting, $buttons, @@ -148,7 +148,7 @@ final class DifferentialInlineCommentEditView extends AphrontView { 'length' => $this->length, ), ), - $this->renderSingleView( + $this->renderHTMLView( array( $title, $body, diff --git a/src/applications/differential/view/DifferentialInlineCommentView.php b/src/applications/differential/view/DifferentialInlineCommentView.php index f9ff40e2b7..0fa497fa59 100644 --- a/src/applications/differential/view/DifferentialInlineCommentView.php +++ b/src/applications/differential/view/DifferentialInlineCommentView.php @@ -178,7 +178,7 @@ final class DifferentialInlineCommentView extends AphrontView { $links = phutil_tag( 'span', array('class' => 'differential-inline-comment-links'), - phutil_implode_html(" \xC2\xB7 ", $links)); + array_interleave(" \xC2\xB7 ", $links)); } else { $links = null; } diff --git a/src/applications/differential/view/DifferentialLocalCommitsView.php b/src/applications/differential/view/DifferentialLocalCommitsView.php index dfb58dd3a8..d1207252d2 100644 --- a/src/applications/differential/view/DifferentialLocalCommitsView.php +++ b/src/applications/differential/view/DifferentialLocalCommitsView.php @@ -74,7 +74,7 @@ final class DifferentialLocalCommitsView extends AphrontView { } $parents[$k] = substr($parent, 0, 16); } - $parents = phutil_implode_html(phutil_tag('br'), $parents); + $parents = array_interleave(phutil_tag('br'), $parents); $row[] = phutil_tag('td', array(), $parents); $author = nonempty( @@ -114,31 +114,29 @@ final class DifferentialLocalCommitsView extends AphrontView { $headers = array(); - $headers[] = phutil_tag('th', array(), pht('Commit')); + $headers[] = ''.pht('Commit').''; if ($has_tree) { - $headers[] = phutil_tag('th', array(), pht('Tree')); + $headers[] = ''.pht('Tree').''; } if ($has_local) { - $headers[] = phutil_tag('th', array(), pht('Local')); + $headers[] = ''.pht('Local').''; } - $headers[] = phutil_tag('th', array(), pht('Parents')); - $headers[] = phutil_tag('th', array(), pht('Author')); - $headers[] = phutil_tag('th', array(), pht('Summary')); - $headers[] = phutil_tag('th', array(), pht('Date')); + $headers[] = ''.pht('Parents').''; + $headers[] = ''.pht('Author').''; + $headers[] = ''.pht('Summary').''; + $headers[] = ''.pht('Date').''; - $headers = phutil_tag('tr', array(), $headers); + $headers = ''.implode('', $headers).''; - $header = id(new PhabricatorHeaderView()) - ->setHeader(pht('Local Commits')) - ->render(); - - return hsprintf( - '%s'. + return + id(new PhabricatorHeaderView()) + ->setHeader(pht('Local Commits')) + ->render(). '
'. - '%s%s
'. - '
', - $header, - $headers, - phutil_implode_html("\n", $rows)); + ''. + $headers. + implode("\n", $rows). + '
'. + ''; } } diff --git a/src/applications/differential/view/DifferentialPrimaryPaneView.php b/src/applications/differential/view/DifferentialPrimaryPaneView.php index cfa4215fd5..11b8e33241 100644 --- a/src/applications/differential/view/DifferentialPrimaryPaneView.php +++ b/src/applications/differential/view/DifferentialPrimaryPaneView.php @@ -11,7 +11,7 @@ final class DifferentialPrimaryPaneView extends AphrontView { public function render() { - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => 'differential-primary-pane', diff --git a/src/applications/differential/view/DifferentialRevisionCommentListView.php b/src/applications/differential/view/DifferentialRevisionCommentListView.php index 86d0c76bfa..211f08d42a 100644 --- a/src/applications/differential/view/DifferentialRevisionCommentListView.php +++ b/src/applications/differential/view/DifferentialRevisionCommentListView.php @@ -187,12 +187,14 @@ final class DifferentialRevisionCommentListView extends AphrontView { $hidden = null; } - return javelin_tag( + return javelin_render_tag( 'div', array( 'class' => 'differential-comment-list', 'id' => $this->getID(), ), - array_merge($header, array($hidden), $visible)); + implode("\n", $header). + $hidden. + implode("\n", $visible)); } } diff --git a/src/applications/differential/view/DifferentialRevisionCommentView.php b/src/applications/differential/view/DifferentialRevisionCommentView.php index 226e9a9e82..251c6d12fd 100644 --- a/src/applications/differential/view/DifferentialRevisionCommentView.php +++ b/src/applications/differential/view/DifferentialRevisionCommentView.php @@ -87,9 +87,10 @@ final class DifferentialRevisionCommentView extends AphrontView { $comment, PhabricatorInlineCommentInterface::MARKUP_FIELD_BODY); - $content = hsprintf( - '
%s
', - $content); + $content = + '
'. + $content. + '
'; } $inline_render = $this->renderInlineComments(); @@ -115,22 +116,19 @@ final class DifferentialRevisionCommentView extends AphrontView { array()); $verb = DifferentialAction::getActionPastTenseVerb($comment->getAction()); + $verb = phutil_escape_html($verb); $actions = array(); // TODO: i18n switch ($comment->getAction()) { case DifferentialAction::ACTION_ADDCCS: - $actions[] = hsprintf( - "%s added CCs: %s.", - $author_link, - $this->renderHandleList($added_ccs)); + $actions[] = "{$author_link} added CCs: ". + $this->renderHandleList($added_ccs)."."; $added_ccs = null; break; case DifferentialAction::ACTION_ADDREVIEWERS: - $actions[] = hsprintf( - "%s added reviewers: %s.", - $author_link, - $this->renderHandleList($added_reviewers)); + $actions[] = "{$author_link} added reviewers: ". + $this->renderHandleList($added_reviewers)."."; $added_reviewers = null; break; case DifferentialAction::ACTION_UPDATE: @@ -142,48 +140,33 @@ final class DifferentialRevisionCommentView extends AphrontView { 'href' => '/D'.$comment->getRevisionID().'?id='.$diff_id, ), 'Diff #'.$diff_id); - $actions[] = hsprintf( - "%s updated this revision to %s.", - $author_link, - $diff_link); + $actions[] = "{$author_link} updated this revision to {$diff_link}."; } else { - $actions[] = hsprintf( - "%s %s this revision.", - $author_link, - $verb); + $actions[] = "{$author_link} {$verb} this revision."; } break; default: - $actions[] = hsprintf( - "%s %s this revision.", - $author_link, - $verb); + $actions[] = "{$author_link} {$verb} this revision."; break; } if ($added_reviewers) { - $actions[] = hsprintf( - "%s added reviewers: %s.", - $author_link, - $this->renderHandleList($added_reviewers)); + $actions[] = "{$author_link} added reviewers: ". + $this->renderHandleList($added_reviewers)."."; } if ($removed_reviewers) { - $actions[] = hsprintf( - "%s removed reviewers: %s.", - $author_link, - $this->renderHandleList($removed_reviewers)); + $actions[] = "{$author_link} removed reviewers: ". + $this->renderHandleList($removed_reviewers)."."; } if ($added_ccs) { - $actions[] = hsprintf( - "%s added CCs: %s.", - $author_link, - $this->renderHandleList($added_ccs)); + $actions[] = "{$author_link} added CCs: ". + $this->renderHandleList($added_ccs)."."; } foreach ($actions as $key => $action) { - $actions[$key] = phutil_tag('div', array(), $action); + $actions[$key] = '
'.$action.'
'; } $xaction_view = id(new PhabricatorTransactionView()) @@ -207,10 +190,11 @@ final class DifferentialRevisionCommentView extends AphrontView { } if (!$hide_comments) { - $xaction_view->appendChild(hsprintf( - '
%s%s
', - $content, - $this->renderSingleView($inline_render))); + $xaction_view->appendChild( + '
'. + $content. + '
'. + $this->renderSingleView($inline_render)); } return $xaction_view->render(); @@ -221,7 +205,7 @@ final class DifferentialRevisionCommentView extends AphrontView { foreach ($phids as $phid) { $result[] = $this->handles[$phid]->renderLink(); } - return phutil_implode_html(', ', $result); + return implode(', ', $result); } private function renderInlineComments() { diff --git a/src/applications/differential/view/DifferentialRevisionDetailView.php b/src/applications/differential/view/DifferentialRevisionDetailView.php index 07c1d60927..75fe45bfaf 100644 --- a/src/applications/differential/view/DifferentialRevisionDetailView.php +++ b/src/applications/differential/view/DifferentialRevisionDetailView.php @@ -87,11 +87,7 @@ final class DifferentialRevisionDetailView extends AphrontView { } $properties->setHasKeyboardShortcuts(true); - return hsprintf( - '%s%s%s', - $header->render(), - $actions->render(), - $properties->render()); + return $header->render() . $actions->render() . $properties->render(); } private function renderHeader(DifferentialRevision $revision) { diff --git a/src/applications/differential/view/DifferentialRevisionListView.php b/src/applications/differential/view/DifferentialRevisionListView.php index aad2cf13f1..b0306deec5 100644 --- a/src/applications/differential/view/DifferentialRevisionListView.php +++ b/src/applications/differential/view/DifferentialRevisionListView.php @@ -128,18 +128,18 @@ final class DifferentialRevisionListView extends AphrontView { } else if (array_key_exists($revision->getID(), $this->drafts)) { $src = '/rsrc/image/icon/fatcow/page_white_edit.png'; - $flag = hsprintf( - '%s', - '/D'.$revision->getID().'#comment-preview', - phutil_tag( - 'img', - array( - 'src' => celerity_get_resource_uri($src), - 'width' => 16, - 'height' => 16, - 'alt' => 'Draft', - 'title' => pht('Draft Comment'), - ))); + $flag = + ''. + phutil_tag( + 'img', + array( + 'src' => celerity_get_resource_uri($src), + 'width' => 16, + 'height' => 16, + 'alt' => 'Draft', + 'title' => pht('Draft Comment'), + )). + ''; } $row = array($flag); diff --git a/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php b/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php index 308019c984..45f3de6c0b 100644 --- a/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php +++ b/src/applications/differential/view/DifferentialRevisionUpdateHistoryView.php @@ -177,8 +177,9 @@ final class DifferentialRevisionUpdateHistoryView extends AphrontView { DifferentialChangesetParser::WHITESPACE_SHOW_ALL => 'Show All', ); + $select = ''; - array_unshift($rows, phutil_tag('tr', array(), array( - phutil_tag('th', array(), pht('Diff')), - phutil_tag('th', array(), pht('ID')), - phutil_tag('th', array(), pht('Base')), - phutil_tag('th', array(), pht('Description')), - phutil_tag('th', array(), pht('Created')), - phutil_tag('th', array(), pht('Lint')), - phutil_tag('th', array(), pht('Unit')), - ))); - - return hsprintf( - '%s'. + return + id(new PhabricatorHeaderView()) + ->setHeader(pht('Revision Update History')) + ->render() . '
'. '
'. ''. - '%s'. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + ''. + implode("\n", $rows). ''. ''. ''. '
'.pht('Diff').''.pht('ID').''.pht('Base').''.pht('Description').''.pht('Created').''.pht('Lint').''.pht('Unit').'
'. - ''. - ''. + ''. + ''. '
'. '
'. - '
', - id(new PhabricatorHeaderView()) - ->setHeader(pht('Revision Update History')) - ->render(), - phutil_implode_html("\n", $rows), - pht('Whitespace Changes: %s', $select), - pht('Show Diff')); + ''; } const STAR_NONE = 'none'; diff --git a/src/applications/diffusion/controller/DiffusionBrowseController.php b/src/applications/diffusion/controller/DiffusionBrowseController.php index fbc56ffea4..7d3ac8ed7c 100644 --- a/src/applications/diffusion/controller/DiffusionBrowseController.php +++ b/src/applications/diffusion/controller/DiffusionBrowseController.php @@ -21,7 +21,7 @@ final class DiffusionBrowseController extends DiffusionController { $title = 'Tag: '.$drequest->getSymbolicCommit(); $tag_view = new AphrontPanelView(); - $tag_view->setHeader($title); + $tag_view->setHeader(phutil_escape_html($title)); $tag_view->appendChild( $this->markupText($drequest->getTagContent())); @@ -106,7 +106,7 @@ final class DiffusionBrowseController extends DiffusionController { private function markupText($text) { $engine = PhabricatorMarkupEngine::newDiffusionMarkupEngine(); - $text = $engine->markupText($text); + $text = phutil_safe_html($engine->markupText($text)); $text = phutil_tag( 'div', diff --git a/src/applications/diffusion/controller/DiffusionCommitController.php b/src/applications/diffusion/controller/DiffusionCommitController.php index db7f751137..8726c5a91c 100644 --- a/src/applications/diffusion/controller/DiffusionCommitController.php +++ b/src/applications/diffusion/controller/DiffusionCommitController.php @@ -97,7 +97,8 @@ final class DiffusionCommitController extends DiffusionController { array( 'class' => 'diffusion-commit-message phabricator-remarkup', ), - $engine->markupText($commit_data->getCommitMessage()))); + phutil_safe_html( + $engine->markupText($commit_data->getCommitMessage())))); $content[] = $top_anchor; $content[] = $headsup_view; @@ -448,7 +449,9 @@ final class DiffusionCommitController extends DiffusionController { foreach ($parents as $parent) { $parent_links[] = $handles[$parent->getPHID()]->renderLink(); } - $props['Parents'] = phutil_implode_html(" \xC2\xB7 ", $parent_links); + $props['Parents'] = array_interleave( + " \xC2\xB7 ", + $parent_links); } $request = $this->getDiffusionRequest(); @@ -485,7 +488,7 @@ final class DiffusionCommitController extends DiffusionController { foreach ($task_phids as $phid) { $task_list[] = $handles[$phid]->renderLink(); } - $task_list = phutil_implode_html(phutil_tag('br'), $task_list); + $task_list = array_interleave(phutil_tag('br'), $task_list); $props['Tasks'] = $task_list; } @@ -494,7 +497,7 @@ final class DiffusionCommitController extends DiffusionController { foreach ($proj_phids as $phid) { $proj_list[] = $handles[$phid]->renderLink(); } - $proj_list = phutil_implode_html(phutil_tag('br'), $proj_list); + $proj_list = array_interleave(phutil_tag('br'), $proj_list); $props['Projects'] = $proj_list; } @@ -686,7 +689,7 @@ final class DiffusionCommitController extends DiffusionController { 'inlineuri' => '/diffusion/inline/preview/'.$commit->getPHID().'/', )); - $preview_panel = hsprintf( + $preview_panel = '
@@ -695,24 +698,27 @@ final class DiffusionCommitController extends DiffusionController {
-
'); +
'; // TODO: This is pretty awkward, unify the CSS between Diffusion and // Differential better. require_celerity_resource('differential-core-view-css'); - return phutil_tag( + return phutil_render_tag( 'div', array( 'id' => $pane_id, ), - hsprintf( - '
%s%s%s
', + phutil_render_tag( + 'div', + array( + 'class' => 'differential-add-comment-panel', + ), id(new PhabricatorAnchorView()) ->setAnchorName('comment') ->setNavigationMarker(true) - ->render(), - $panel->render(), + ->render(). + $panel->render(). $preview_panel)); } @@ -932,7 +938,7 @@ final class DiffusionCommitController extends DiffusionController { $ref); } - return phutil_implode_html(', ', $ref_links); + return array_interleave(', ', $ref_links); } private function buildRawDiffResponse(DiffusionRequest $drequest) { diff --git a/src/applications/diffusion/controller/DiffusionExternalController.php b/src/applications/diffusion/controller/DiffusionExternalController.php index f8f5035d58..c20e11cb82 100644 --- a/src/applications/diffusion/controller/DiffusionExternalController.php +++ b/src/applications/diffusion/controller/DiffusionExternalController.php @@ -103,7 +103,7 @@ final class DiffusionExternalController extends DiffusionController { 'href' => $href, ), 'r'.$repo->getCallsign().$commit->getCommitIdentifier()), - $commit->loadCommitData()->getSummary(), + phutil_escape_html($commit->loadCommitData()->getSummary()), ); } diff --git a/src/applications/diffusion/controller/DiffusionHomeController.php b/src/applications/diffusion/controller/DiffusionHomeController.php index 0d9c5d786e..93d0330414 100644 --- a/src/applications/diffusion/controller/DiffusionHomeController.php +++ b/src/applications/diffusion/controller/DiffusionHomeController.php @@ -19,7 +19,7 @@ final class DiffusionHomeController extends DiffusionController { 'href' => $shortcut->getHref(), ), $shortcut->getName()), - $shortcut->getDescription(), + phutil_escape_html($shortcut->getDescription()), ); } @@ -130,7 +130,7 @@ final class DiffusionHomeController extends DiffusionController { 'href' => '/diffusion/'.$repository->getCallsign().'/', ), $repository->getName()), - $repository->getDetail('description'), + phutil_escape_html($repository->getDetail('description')), PhabricatorRepositoryType::getNameForRepositoryType( $repository->getVersionControlSystem()), $size, diff --git a/src/applications/diffusion/controller/DiffusionLintController.php b/src/applications/diffusion/controller/DiffusionLintController.php index c239785122..103fadb646 100644 --- a/src/applications/diffusion/controller/DiffusionLintController.php +++ b/src/applications/diffusion/controller/DiffusionLintController.php @@ -71,10 +71,11 @@ final class DiffusionLintController extends DiffusionController { '%s', $drequest->generateURI(array('action' => 'lint')), $drequest->getCallsign()), - ArcanistLintSeverity::getStringForSeverity($code['maxSeverity']), - $code['code'], - $code['maxName'], - $code['maxDescription'], + phutil_escape_html(ArcanistLintSeverity::getStringForSeverity( + $code['maxSeverity'])), + phutil_escape_html($code['code']), + phutil_escape_html($code['maxName']), + phutil_escape_html($code['maxDescription']), ); } diff --git a/src/applications/diffusion/controller/DiffusionLintDetailsController.php b/src/applications/diffusion/controller/DiffusionLintDetailsController.php index 877a8479d0..5eec9c507c 100644 --- a/src/applications/diffusion/controller/DiffusionLintDetailsController.php +++ b/src/applications/diffusion/controller/DiffusionLintDetailsController.php @@ -34,9 +34,10 @@ final class DiffusionLintDetailsController extends DiffusionController { $rows[] = array( $path, $line, - ArcanistLintSeverity::getStringForSeverity($message['severity']), - $message['name'], - $message['description'], + phutil_escape_html(ArcanistLintSeverity::getStringForSeverity( + $message['severity'])), + phutil_escape_html($message['name']), + phutil_escape_html($message['description']), ); } @@ -70,7 +71,7 @@ final class DiffusionLintDetailsController extends DiffusionController { $content[] = id(new AphrontPanelView()) ->setHeader( - ($lint != '' ? $lint." \xC2\xB7 " : ''). + ($lint != '' ? phutil_escape_html($lint)." \xC2\xB7 " : ''). pht('%d Lint Message(s)', count($messages))) ->setCaption($link) ->appendChild($table) diff --git a/src/applications/diffusion/controller/DiffusionRepositoryController.php b/src/applications/diffusion/controller/DiffusionRepositoryController.php index 273dbc9250..714b2819c1 100644 --- a/src/applications/diffusion/controller/DiffusionRepositoryController.php +++ b/src/applications/diffusion/controller/DiffusionRepositoryController.php @@ -68,7 +68,7 @@ final class DiffusionRepositoryController extends DiffusionController { 'View Full Commit History'); $panel = new AphrontPanelView(); - $panel->setHeader(hsprintf("Recent Commits · %s", $all)); + $panel->setHeader("Recent Commits · {$all}"); $panel->appendChild($history_table); $panel->setNoBackground(); @@ -125,7 +125,9 @@ final class DiffusionRepositoryController extends DiffusionController { $rows = array(); foreach ($properties as $key => $value) { - $rows[] = array($key, $value); + $rows[] = array( + phutil_escape_html($key), + phutil_escape_html($value)); } $table = new AphrontTableView($rows); diff --git a/src/applications/diffusion/controller/DiffusionSymbolController.php b/src/applications/diffusion/controller/DiffusionSymbolController.php index 2797bca4b3..17fcea83ae 100644 --- a/src/applications/diffusion/controller/DiffusionSymbolController.php +++ b/src/applications/diffusion/controller/DiffusionSymbolController.php @@ -81,8 +81,8 @@ final class DiffusionSymbolController extends DiffusionController { $project_name = '-'; } - $file = $symbol->getPath(); - $line = $symbol->getLineNumber(); + $file = phutil_escape_html($symbol->getPath()); + $line = phutil_escape_html($symbol->getLineNumber()); $repo = $symbol->getRepository(); if ($repo) { @@ -101,17 +101,17 @@ final class DiffusionSymbolController extends DiffusionController { ), $file.':'.$line); } else if ($file) { - $location = $file.':'.$line; + $location = phutil_escape_html($file.':'.$line); } else { $location = '?'; } $rows[] = array( - $symbol->getSymbolType(), - $symbol->getSymbolContext(), - $symbol->getSymbolName(), - $symbol->getSymbolLanguage(), - $project_name, + phutil_escape_html($symbol->getSymbolType()), + phutil_escape_html($symbol->getSymbolContext()), + phutil_escape_html($symbol->getSymbolName()), + phutil_escape_html($symbol->getSymbolLanguage()), + phutil_escape_html($project_name), $location, ); } diff --git a/src/applications/diffusion/query/browse/DiffusionBrowseQuery.php b/src/applications/diffusion/query/browse/DiffusionBrowseQuery.php index 6a439ab2c4..a4d2d44ceb 100644 --- a/src/applications/diffusion/query/browse/DiffusionBrowseQuery.php +++ b/src/applications/diffusion/query/browse/DiffusionBrowseQuery.php @@ -119,14 +119,15 @@ abstract class DiffusionBrowseQuery { $readme_content = $highlighter ->getHighlightFuture($readme_content) ->resolve(); - $readme_content = phutil_escape_html_newlines($readme_content); + $readme_content = nl2br($readme_content); + $readme_content = phutil_safe_html($readme_content); require_celerity_resource('syntax-highlighting-css'); $class = 'remarkup-code'; } else { // Markup extensionless files as remarkup so we get links and such. $engine = PhabricatorMarkupEngine::newDiffusionMarkupEngine(); - $readme_content = $engine->markupText($readme_content); + $readme_content = phutil_safe_html($engine->markupText($readme_content)); $class = 'phabricator-remarkup'; } diff --git a/src/applications/diffusion/view/DiffusionBrowseTableView.php b/src/applications/diffusion/view/DiffusionBrowseTableView.php index 3543f1e591..968b071209 100644 --- a/src/applications/diffusion/view/DiffusionBrowseTableView.php +++ b/src/applications/diffusion/view/DiffusionBrowseTableView.php @@ -55,7 +55,7 @@ final class DiffusionBrowseTableView extends DiffusionView { $committer = self::renderName($committer); } if ($author != $committer) { - $author = hsprintf('%s/%s', $author, $committer); + $author .= '/'.$committer; } } @@ -132,17 +132,24 @@ final class DiffusionBrowseTableView extends DiffusionView { $browse_text = $path->getPath().'/'; $dir_slash = '/'; - $browse_link = phutil_tag('strong', array(), $this->linkBrowse( + $browse_link = ''.$this->linkBrowse( $base_path.$path->getPath().$dir_slash, array( - 'text' => $this->renderPathIcon('dir', $browse_text), - ))); + 'text' => $this->renderPathIcon( + 'dir', + $browse_text), + )).''; } else if ($file_type == DifferentialChangeType::FILE_SUBMODULE) { $browse_text = $path->getPath().'/'; - $browse_link = phutil_tag('strong', array(), $this->linkExternal( - $path->getHash(), - $path->getExternalURI(), - $this->renderPathIcon('ext', $browse_text))); + $browse_link = + ''. + $this->linkExternal( + $path->getHash(), + $path->getExternalURI(), + $this->renderPathIcon( + 'ext', + $browse_text)). + ''; } else { if ($file_type == DifferentialChangeType::FILE_SYMLINK) { $type = 'link'; @@ -183,7 +190,7 @@ final class DiffusionBrowseTableView extends DiffusionView { $need_pull[$uri] = $dict; foreach ($dict as $k => $uniq) { - $dict[$k] = phutil_tag('span', array('id' => $uniq), ''); + $dict[$k] = ''; } } diff --git a/src/applications/diffusion/view/DiffusionCommentListView.php b/src/applications/diffusion/view/DiffusionCommentListView.php index fcbbb35791..bbec8ed0fd 100644 --- a/src/applications/diffusion/view/DiffusionCommentListView.php +++ b/src/applications/diffusion/view/DiffusionCommentListView.php @@ -87,10 +87,10 @@ final class DiffusionCommentListView extends AphrontView { ++$num; } - return phutil_tag( - 'div', - array('class' => 'diffusion-comment-list'), - $comments); + return + '
'. + $this->renderSingleView($comments). + '
'; } } diff --git a/src/applications/diffusion/view/DiffusionCommentView.php b/src/applications/diffusion/view/DiffusionCommentView.php index 890052e667..1b37302b34 100644 --- a/src/applications/diffusion/view/DiffusionCommentView.php +++ b/src/applications/diffusion/view/DiffusionCommentView.php @@ -114,19 +114,17 @@ final class DiffusionCommentView extends AphrontView { $actions = array(); if ($action == PhabricatorAuditActionConstants::ADD_CCS) { $rendered_ccs = $this->renderHandleList($added_ccs); - $actions[] = hsprintf("%s added CCs: %s.", $author_link, $rendered_ccs); + $actions[] = "{$author_link} added CCs: {$rendered_ccs}."; } else if ($action == PhabricatorAuditActionConstants::ADD_AUDITORS) { $rendered_auditors = $this->renderHandleList($added_auditors); - $actions[] = hsprintf( - "%s added auditors: %s.", - $author_link, - $rendered_auditors); + $actions[] = "{$author_link} added auditors: ". + "{$rendered_auditors}."; } else { - $actions[] = hsprintf("%s %s this commit.", $author_link, $verb); + $actions[] = "{$author_link} ".phutil_escape_html($verb)." this commit."; } foreach ($actions as $key => $action) { - $actions[$key] = phutil_tag('div', array(), $action); + $actions[$key] = '
'.$action.'
'; } return $actions; @@ -139,12 +137,13 @@ final class DiffusionCommentView extends AphrontView { if (!strlen($comment->getContent()) && empty($this->inlineComments)) { return null; } else { - return hsprintf( - '
%s%s
', - $engine->getOutput( - $comment, - PhabricatorAuditComment::MARKUP_FIELD_BODY), - $this->renderSingleView($this->renderInlines())); + return + '
'. + $engine->getOutput( + $comment, + PhabricatorAuditComment::MARKUP_FIELD_BODY). + $this->renderSingleView($this->renderInlines()). + '
'; } } @@ -187,7 +186,7 @@ final class DiffusionCommentView extends AphrontView { foreach ($phids as $phid) { $result[] = $this->handles[$phid]->renderLink(); } - return phutil_implode_html(', ', $result); + return implode(', ', $result); } private function renderClasses() { diff --git a/src/applications/diffusion/view/DiffusionCommitChangeTableView.php b/src/applications/diffusion/view/DiffusionCommitChangeTableView.php index 3674920a6f..3d6d5eb7b1 100644 --- a/src/applications/diffusion/view/DiffusionCommitChangeTableView.php +++ b/src/applications/diffusion/view/DiffusionCommitChangeTableView.php @@ -51,7 +51,7 @@ final class DiffusionCommitChangeTableView extends DiffusionView { ), $path); } else { - $path_column = $path; + $path_column = phutil_escape_html($path); } $rows[] = array( diff --git a/src/applications/diffusion/view/DiffusionHistoryTableView.php b/src/applications/diffusion/view/DiffusionHistoryTableView.php index 39bf2200d0..bd35f8134f 100644 --- a/src/applications/diffusion/view/DiffusionHistoryTableView.php +++ b/src/applications/diffusion/view/DiffusionHistoryTableView.php @@ -107,7 +107,7 @@ final class DiffusionHistoryTableView extends DiffusionView { } else { $committer = self::renderName($committer); } - $author = hsprintf('%s/%s', $author, $committer); + $author .= '/'.$committer; } $commit = $history->getCommit(); @@ -118,7 +118,7 @@ final class DiffusionHistoryTableView extends DiffusionView { $path = null, $history->getCommitIdentifier()); } else { - $change = phutil_tag('em', array(), "Importing\xE2\x80\xA6"); + $change = "Importing\xE2\x80\xA6"; } $rows[] = array( diff --git a/src/applications/diffusion/view/DiffusionTagListView.php b/src/applications/diffusion/view/DiffusionTagListView.php index 500b96f7c1..b2291dcfe9 100644 --- a/src/applications/diffusion/view/DiffusionTagListView.php +++ b/src/applications/diffusion/view/DiffusionTagListView.php @@ -79,6 +79,7 @@ final class DiffusionTagListView extends DiffusionView { $description = $tag->getDescription(); } } + $description = phutil_escape_html($description); $rows[] = array( $tag_link, diff --git a/src/applications/diffusion/view/DiffusionView.php b/src/applications/diffusion/view/DiffusionView.php index 83a373d403..c36ddc1c46 100644 --- a/src/applications/diffusion/view/DiffusionView.php +++ b/src/applications/diffusion/view/DiffusionView.php @@ -156,7 +156,7 @@ abstract class DiffusionView extends AphrontView { ), $email->getDisplayName()); } - return hsprintf('%s', $name); + return phutil_escape_html($name); } } diff --git a/src/applications/diviner/controller/DivinerListController.php b/src/applications/diviner/controller/DivinerListController.php index ab3089ba91..3d408fcc37 100644 --- a/src/applications/diviner/controller/DivinerListController.php +++ b/src/applications/diviner/controller/DivinerListController.php @@ -50,7 +50,10 @@ final class DivinerListController extends PhabricatorController { $flavor); } - $out = phutil_tag('div', array('class' => 'aphront-directory-list'), $out); + $out = + '
'. + implode("\n", $out). + '
'; return $this->buildApplicationPage( $out, diff --git a/src/applications/drydock/controller/DrydockController.php b/src/applications/drydock/controller/DrydockController.php index f9c976c6a7..9b55ff5f01 100644 --- a/src/applications/drydock/controller/DrydockController.php +++ b/src/applications/drydock/controller/DrydockController.php @@ -44,7 +44,7 @@ abstract class DrydockController extends PhabricatorController { 'href' => $lease_uri, ), $log->getLeaseID()), - $log->getMessage(), + phutil_escape_html($log->getMessage()), phabricator_date($log->getEpoch(), $user), ); } diff --git a/src/applications/drydock/controller/DrydockLeaseReleaseController.php b/src/applications/drydock/controller/DrydockLeaseReleaseController.php index dd238e2467..7032917424 100644 --- a/src/applications/drydock/controller/DrydockLeaseReleaseController.php +++ b/src/applications/drydock/controller/DrydockLeaseReleaseController.php @@ -24,8 +24,8 @@ final class DrydockLeaseReleaseController extends DrydockController { $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle(pht('Lease Not Active')) - ->appendChild(phutil_tag('p', array(), pht( - 'You can only release "active" leases.'))) + ->appendChild( + '

'.pht('You can only release "active" leases.').'

') ->addCancelButton($lease_uri); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -35,10 +35,11 @@ final class DrydockLeaseReleaseController extends DrydockController { $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle(pht('Really release lease?')) - ->appendChild(phutil_tag('p', array(), pht( - 'Releasing a lease may cause trouble for the lease holder and '. - 'trigger cleanup of the underlying resource. It can not be '. - 'undone. Continue?'))) + ->appendChild( + '

'.pht( + 'Releasing a lease may cause trouble for the lease holder and '. + 'trigger cleanup of the underlying resource. It can not be '. + 'undone. Continue?').'

') ->addSubmitButton(pht('Release Lease')) ->addCancelButton($lease_uri); diff --git a/src/applications/drydock/controller/DrydockResourceCloseController.php b/src/applications/drydock/controller/DrydockResourceCloseController.php index 8b28ce0319..94ac736b78 100644 --- a/src/applications/drydock/controller/DrydockResourceCloseController.php +++ b/src/applications/drydock/controller/DrydockResourceCloseController.php @@ -24,8 +24,8 @@ final class DrydockResourceCloseController extends DrydockController { $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle(pht('Resource Not Open')) - ->appendChild(phutil_tag('p', array(), pht( - 'You can only close "open" resources.'))) + ->appendChild( + '

'.pht('You can only close "open" resources.').'

') ->addCancelButton($resource_uri); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -35,9 +35,10 @@ final class DrydockResourceCloseController extends DrydockController { $dialog = id(new AphrontDialogView()) ->setUser($user) ->setTitle(pht('Really close resource?')) - ->appendChild(phutil_tag('p', array(), pht( - 'Closing a resource releases all leases and destroys the '. - 'resource. It can not be undone. Continue?'))) + ->appendChild( + '

'.pht( + 'Closing a resource releases all leases and destroys the '. + 'resource. It can not be undone. Continue?').'

') ->addSubmitButton(pht('Close Resource')) ->addCancelButton($resource_uri); diff --git a/src/applications/fact/controller/PhabricatorFactHomeController.php b/src/applications/fact/controller/PhabricatorFactHomeController.php index 342edb7fa3..82ce96baa1 100644 --- a/src/applications/fact/controller/PhabricatorFactHomeController.php +++ b/src/applications/fact/controller/PhabricatorFactHomeController.php @@ -32,7 +32,10 @@ final class PhabricatorFactHomeController extends PhabricatorFactController { $name = $spec->getName(); $value = $spec->formatValueForDisplay($user, $fact->getValueX()); - $rows[] = array($name, $value); + $rows[] = array( + phutil_escape_html($name), + phutil_escape_html($value), + ); } $table = new AphrontTableView($rows); diff --git a/src/applications/feed/builder/PhabricatorFeedBuilder.php b/src/applications/feed/builder/PhabricatorFeedBuilder.php index 9803fd51e1..dfb9751cf8 100644 --- a/src/applications/feed/builder/PhabricatorFeedBuilder.php +++ b/src/applications/feed/builder/PhabricatorFeedBuilder.php @@ -40,8 +40,8 @@ final class PhabricatorFeedBuilder { if ($date !== $last_date) { if ($last_date !== null) { - $null_view->appendChild(hsprintf( - '
')); + $null_view->appendChild( + '
'); } $last_date = $date; $null_view->appendChild( @@ -59,9 +59,10 @@ final class PhabricatorFeedBuilder { $null_view->appendChild($view); } - return id(new AphrontNullView())->appendChild(hsprintf( - '
%s
', - $null_view->render())); + return id(new AphrontNullView())->appendChild( + '
'. + $null_view->render(). + '
'); } } diff --git a/src/applications/feed/story/PhabricatorFeedStory.php b/src/applications/feed/story/PhabricatorFeedStory.php index f739781194..c94392b302 100644 --- a/src/applications/feed/story/PhabricatorFeedStory.php +++ b/src/applications/feed/story/PhabricatorFeedStory.php @@ -224,7 +224,7 @@ abstract class PhabricatorFeedStory implements PhabricatorPolicyInterface { foreach ($phids as $phid) { $list[] = $this->linkTo($phid); } - return phutil_implode_html(', ', $list); + return implode(', ', $list); } final protected function linkTo($phid) { diff --git a/src/applications/feed/story/PhabricatorFeedStoryAudit.php b/src/applications/feed/story/PhabricatorFeedStoryAudit.php index fd3d55e463..9fe789b046 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryAudit.php +++ b/src/applications/feed/story/PhabricatorFeedStoryAudit.php @@ -15,11 +15,11 @@ final class PhabricatorFeedStoryAudit extends PhabricatorFeedStory { $action = $this->getValue('action'); $verb = PhabricatorAuditActionConstants::getActionPastTenseVerb($action); - $view->setTitle(hsprintf( - '%s %s commit %s.', - $this->linkTo($author_phid), - $verb, - $this->linkTo($commit_phid))); + $view->setTitle( + $this->linkTo($author_phid). + " {$verb} commit ". + $this->linkTo($commit_phid). + "."); $view->setEpoch($this->getEpoch()); diff --git a/src/applications/feed/story/PhabricatorFeedStoryCommit.php b/src/applications/feed/story/PhabricatorFeedStoryCommit.php index 57989e200c..0e2030cbf3 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryCommit.php +++ b/src/applications/feed/story/PhabricatorFeedStoryCommit.php @@ -19,14 +19,14 @@ final class PhabricatorFeedStoryCommit extends PhabricatorFeedStory { if ($data->getValue('authorPHID')) { $author = $this->linkTo($data->getValue('authorPHID')); } else { - $author = $data->getValue('authorName'); + $author = phutil_escape_html($data->getValue('authorName')); } $committer = null; if ($data->getValue('committerPHID')) { $committer = $this->linkTo($data->getValue('committerPHID')); } else if ($data->getValue('committerName')) { - $committer = $data->getValue('committerName'); + $committer = phutil_escape_html($data->getValue('committerName')); } $commit = $this->linkTo($data->getValue('commitPHID')); @@ -37,16 +37,9 @@ final class PhabricatorFeedStoryCommit extends PhabricatorFeedStory { } if ($author) { - $title = hsprintf( - "%s committed %s (authored by %s)", - $committer, - $commit, - $author); + $title = "{$committer} committed {$commit} (authored by {$author})"; } else { - $title = hsprintf( - "%s committed %s", - $committer, - $commit); + $title = "{$committer} committed {$commit}"; } $view = new PhabricatorFeedStoryView(); diff --git a/src/applications/feed/story/PhabricatorFeedStoryDifferential.php b/src/applications/feed/story/PhabricatorFeedStoryDifferential.php index 34ca11edd8..6382c39f8b 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryDifferential.php +++ b/src/applications/feed/story/PhabricatorFeedStoryDifferential.php @@ -51,11 +51,7 @@ final class PhabricatorFeedStoryDifferential extends PhabricatorFeedStory { $verb = DifferentialAction::getActionPastTenseVerb($action); - $one_line = hsprintf( - '%s %s revision %s', - $actor_link, - $verb, - $revision_link); + $one_line = "{$actor_link} {$verb} revision {$revision_link}"; return $one_line; } diff --git a/src/applications/feed/story/PhabricatorFeedStoryManiphest.php b/src/applications/feed/story/PhabricatorFeedStoryManiphest.php index 9f4fc2c23c..c6c0348d6d 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryManiphest.php +++ b/src/applications/feed/story/PhabricatorFeedStoryManiphest.php @@ -66,23 +66,16 @@ final class PhabricatorFeedStoryManiphest case ManiphestAction::ACTION_REASSIGN: if ($owner_phid) { if ($owner_phid == $actor_phid) { - $one_line = hsprintf('%s claimed %s', $actor_link, $task_link); + $one_line = "{$actor_link} claimed {$task_link}"; } else { - $one_line = hsprintf('%s %s %s to %s', - $actor_link, - $verb, - $owner_link, - $task_link); + $one_line = "{$actor_link} {$verb} {$task_link} to {$owner_link}"; } } else { - $one_line = hsprintf( - '%s placed %s up for grabs', - $actor_link, - $task_link); + $one_line = "{$actor_link} placed {$task_link} up for grabs"; } break; default: - $one_line = hsprintf('%s %s %s', $actor_link, $verb, $task_link); + $one_line = "{$actor_link} {$verb} {$task_link}"; break; } diff --git a/src/applications/feed/story/PhabricatorFeedStoryPhriction.php b/src/applications/feed/story/PhabricatorFeedStoryPhriction.php index 4791214b75..9e22f7d5b2 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryPhriction.php +++ b/src/applications/feed/story/PhabricatorFeedStoryPhriction.php @@ -17,11 +17,10 @@ final class PhabricatorFeedStoryPhriction extends PhabricatorFeedStory { $action = $data->getValue('action'); $verb = PhrictionActionConstants::getActionPastTenseVerb($action); - $view->setTitle(hsprintf( - '%s %s the document %s.', - $this->linkTo($author_phid), - $verb, - $this->linkTo($document_phid))); + $view->setTitle( + $this->linkTo($author_phid). + " {$verb} the document ". + $this->linkTo($document_phid).'.'); $view->setEpoch($data->getEpoch()); $action = $data->getValue('action'); diff --git a/src/applications/feed/story/PhabricatorFeedStoryProject.php b/src/applications/feed/story/PhabricatorFeedStoryProject.php index 7b4733dfbc..c517a98496 100644 --- a/src/applications/feed/story/PhabricatorFeedStoryProject.php +++ b/src/applications/feed/story/PhabricatorFeedStoryProject.php @@ -21,25 +21,31 @@ final class PhabricatorFeedStoryProject extends PhabricatorFeedStory { switch ($type) { case PhabricatorProjectTransactionType::TYPE_NAME: if (strlen($old)) { - $action = hsprintf( - 'renamed project %s from %s to %s.', - $this->linkTo($proj_phid), - $this->renderString($old), - $this->renderString($new)); + $action = 'renamed project '. + $this->linkTo($proj_phid). + ' from '. + $this->renderString($old). + ' to '. + $this->renderString($new). + '.'; } else { - $action = hsprintf( - 'created project %s (as %s).', - $this->linkTo($proj_phid), - $this->renderString($new)); + $action = 'created project '. + $this->linkTo($proj_phid). + ' (as '. + $this->renderString($new). + ').'; } break; case PhabricatorProjectTransactionType::TYPE_STATUS: - $action = hsprintf( - 'changed project %s status from %s to %s.', - $this->linkTo($proj_phid), - $this->renderString(PhabricatorProjectStatus::getNameForStatus($old)), - $this->renderString(PhabricatorProjectStatus::getNameForStatus($new)) - ); + $action = 'changed project '. + $this->linkTo($proj_phid). + ' status from '. + $this->renderString( + PhabricatorProjectStatus::getNameForStatus($old)). + ' to '. + $this->renderString( + PhabricatorProjectStatus::getNameForStatus($new)). + '.'; break; case PhabricatorProjectTransactionType::TYPE_MEMBERS: $add = array_diff($new, $old); @@ -47,33 +53,30 @@ final class PhabricatorFeedStoryProject extends PhabricatorFeedStory { if ((count($add) == 1) && (count($rem) == 0) && (head($add) == $author_phid)) { - $action = hsprintf('joined project %s.', $this->linkTo($proj_phid)); + $action = 'joined project '.$this->linkTo($proj_phid).'.'; } else if ((count($add) == 0) && (count($rem) == 1) && (head($rem) == $author_phid)) { - $action = hsprintf('left project %s.', $this->linkTo($proj_phid)); + $action = 'left project '.$this->linkTo($proj_phid).'.'; } else if (empty($rem)) { - $action = hsprintf( - 'added members to project %s: %s.', - $this->linkTo($proj_phid), - $this->renderHandleList($add)); + $action = 'added members to project '. + $this->linkTo($proj_phid).': '. + $this->renderHandleList($add).'.'; } else if (empty($add)) { - $action = hsprintf( - 'removed members from project %s: %s.', - $this->linkTo($proj_phid), - $this->renderHandleList($rem)); + $action = 'removed members from project '. + $this->linkTo($proj_phid).': '. + $this->renderHandleList($rem).'.'; } else { - $action = hsprintf( - 'changed members of project %s, added: %s; removed: %s.', - $this->linkTo($proj_phid), - $this->renderHandleList($add), - $this->renderHandleList($rem)); + $action = 'changed members of project '. + $this->linkTo($proj_phid).', added: '. + $this->renderHandleList($add).'; removed: '. + $this->renderHandleList($rem).'.'; } break; default: - $action = hsprintf('updated project %s.', $this->linkTo($proj_phid)); + $action = 'updated project '.$this->linkTo($proj_phid).'.'; break; } - $view->setTitle(hsprintf('%s %s', $this->linkTo($author_phid), $action)); + $view->setTitle($this->linkTo($author_phid).' '.$action); $view->setOneLineStory(true); return $view; diff --git a/src/applications/feed/view/PhabricatorFeedStoryView.php b/src/applications/feed/view/PhabricatorFeedStoryView.php index fb2d8df8f1..9900b5e9a7 100644 --- a/src/applications/feed/view/PhabricatorFeedStoryView.php +++ b/src/applications/feed/view/PhabricatorFeedStoryView.php @@ -58,7 +58,7 @@ final class PhabricatorFeedStoryView extends PhabricatorFeedView { $classes[] = 'phabricator-notification-unread'; } - return javelin_tag( + return javelin_render_tag( 'div', array( 'class' => implode(' ', $classes), @@ -72,7 +72,7 @@ final class PhabricatorFeedStoryView extends PhabricatorFeedView { public function render() { - $head = phutil_tag( + $head = phutil_render_tag( 'div', array( 'class' => 'phabricator-feed-story-head', @@ -84,7 +84,7 @@ final class PhabricatorFeedStoryView extends PhabricatorFeedView { $image_style = null; if (!$this->oneLine) { - $body = phutil_tag( + $body = phutil_render_tag( 'div', array( 'class' => 'phabricator-feed-story-body', @@ -111,7 +111,7 @@ final class PhabricatorFeedStoryView extends PhabricatorFeedView { require_celerity_resource('phabricator-feed-css'); - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => $this->oneLine diff --git a/src/applications/flag/events/PhabricatorFlagsUIEventListener.php b/src/applications/flag/events/PhabricatorFlagsUIEventListener.php index 13ba11321b..1ec6e7f1c0 100644 --- a/src/applications/flag/events/PhabricatorFlagsUIEventListener.php +++ b/src/applications/flag/events/PhabricatorFlagsUIEventListener.php @@ -31,7 +31,7 @@ final class PhabricatorFlagsUIEventListener extends PhutilEventListener { $flag_action = id(new PhabricatorActionView()) ->setWorkflow(true) ->setHref('/flag/delete/'.$flag->getID().'/') - ->setName('Remove '.$color.' Flag') + ->setName(phutil_escape_html('Remove '.$color.' Flag')) ->setIcon('flag-'.$flag->getColor()); } else { $flag_action = id(new PhabricatorActionView()) diff --git a/src/applications/flag/view/PhabricatorFlagListView.php b/src/applications/flag/view/PhabricatorFlagListView.php index eb200f6088..90be2b8f2f 100644 --- a/src/applications/flag/view/PhabricatorFlagListView.php +++ b/src/applications/flag/view/PhabricatorFlagListView.php @@ -27,7 +27,7 @@ final class PhabricatorFlagListView extends AphrontView { ), ''), $flag->getHandle()->renderLink(), - $flag->getNote(), + phutil_escape_html($flag->getNote()), phabricator_datetime($flag->getDateCreated(), $user), phabricator_form( $user, diff --git a/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php b/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php index 06ea9e9d0e..784f223011 100644 --- a/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php +++ b/src/applications/help/controller/PhabricatorHelpKeyboardShortcutController.php @@ -27,7 +27,7 @@ final class PhabricatorHelpKeyboardShortcutController foreach ($shortcut['keys'] as $stroke) { $keystrokes[] = phutil_tag('kbd', array(), $stroke); } - $keystrokes = phutil_implode_html(' or ', $keystrokes); + $keystrokes = array_interleave(' or ', $keystrokes); $rows[] = phutil_tag( 'tr', array(), @@ -37,10 +37,10 @@ final class PhabricatorHelpKeyboardShortcutController )); } - $table = phutil_tag( - 'table', - array('class' => 'keyboard-shortcut-help'), - $rows); + $table = + ''. + implode('', $rows). + '
'; $dialog = id(new AphrontDialogView()) ->setUser($user) diff --git a/src/applications/herald/controller/HeraldTranscriptController.php b/src/applications/herald/controller/HeraldTranscriptController.php index 870fab3e68..3903bbcb91 100644 --- a/src/applications/herald/controller/HeraldTranscriptController.php +++ b/src/applications/herald/controller/HeraldTranscriptController.php @@ -301,8 +301,8 @@ final class HeraldTranscriptController extends HeraldController { } $rows[] = array( - $action_names[$apply_xscript->getAction()], - $target, + phutil_escape_html($action_names[$apply_xscript->getAction()]), + phutil_escape_html($target), hsprintf( 'Taken because: %s
'. 'Outcome: %s %s', @@ -437,10 +437,10 @@ final class HeraldTranscriptController extends HeraldController { $panel = new AphrontPanelView(); $panel->setHeader('Rule Details'); - $panel->appendChild(phutil_tag( - 'ul', - array('class' => 'herald-explain-list'), - $rule_markup)); + $panel->appendChild( + '
    '. + implode("\n", $rule_markup). + '
'); return $panel; } @@ -487,10 +487,15 @@ final class HeraldTranscriptController extends HeraldController { 'class' => 'herald-field-value-transcript', ), $value); + } else { + $value = phutil_escape_html($value); } } - $rows[] = array($name, $value); + $rows[] = array( + phutil_escape_html($name), + $value, + ); } $table = new AphrontTableView($rows); diff --git a/src/applications/herald/view/HeraldRuleEditHistoryView.php b/src/applications/herald/view/HeraldRuleEditHistoryView.php index 7bbfd2342f..7e3fb7b625 100644 --- a/src/applications/herald/view/HeraldRuleEditHistoryView.php +++ b/src/applications/herald/view/HeraldRuleEditHistoryView.php @@ -32,14 +32,14 @@ final class HeraldRuleEditHistoryView extends AphrontView { switch ($edit->getAction()) { case 'create': - $details = pht("Created rule '%s'.", $rule_name); + $details = "Created rule '{$rule_name}'."; break; case 'delete': - $details = pht("Deleted rule '%s'.", $rule_name); + $details = "Deleted rule '{$rule_name}'."; break; case 'edit': default: - $details = pht("Edited rule '%s'.", $rule_name); + $details = "Edited rule '{$rule_name}'."; break; } diff --git a/src/applications/macro/controller/PhabricatorMacroDisableController.php b/src/applications/macro/controller/PhabricatorMacroDisableController.php index 2dbe854d0c..3e9e44aa9e 100644 --- a/src/applications/macro/controller/PhabricatorMacroDisableController.php +++ b/src/applications/macro/controller/PhabricatorMacroDisableController.php @@ -43,10 +43,10 @@ final class PhabricatorMacroDisableController $dialog ->setUser($request->getUser()) ->setTitle(pht('Really disable macro?')) - ->appendChild(phutil_tag('p', array(), pht( - 'Really disable the much-beloved image macro %s? '. - 'It will be sorely missed.', - $macro->getName()))) + ->appendChild( + '

'.pht('Really disable the much-beloved image macro %s? '. + 'It will be sorely missed.', phutil_escape_html($macro->getName())). + '

') ->setSubmitURI($this->getApplicationURI('/disable/'.$this->id.'/')) ->addSubmitButton(pht('Disable')) ->addCancelButton($view_uri); diff --git a/src/applications/macro/controller/PhabricatorMacroViewController.php b/src/applications/macro/controller/PhabricatorMacroViewController.php index 94e0c4691f..770ae16a1c 100644 --- a/src/applications/macro/controller/PhabricatorMacroViewController.php +++ b/src/applications/macro/controller/PhabricatorMacroViewController.php @@ -147,7 +147,7 @@ final class PhabricatorMacroViewController foreach ($subscribers as $subscriber) { $sub_view[] = $this->getHandle($subscriber)->renderLink(); } - $sub_view = phutil_implode_html(', ', $sub_view); + $sub_view = array_interleave(', ', $sub_view); } else { $sub_view = phutil_tag('em', array(), pht('None')); } diff --git a/src/applications/macro/storage/PhabricatorMacroTransaction.php b/src/applications/macro/storage/PhabricatorMacroTransaction.php index bd0ac70c49..5711d7899e 100644 --- a/src/applications/macro/storage/PhabricatorMacroTransaction.php +++ b/src/applications/macro/storage/PhabricatorMacroTransaction.php @@ -64,8 +64,8 @@ final class PhabricatorMacroTransaction return pht( '%s renamed this macro from "%s" to "%s".', $this->renderHandleLink($author_phid), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); break; case PhabricatorMacroTransactionType::TYPE_DISABLED: if ($new) { @@ -109,8 +109,8 @@ final class PhabricatorMacroTransaction '%s renamed %s from "%s" to "%s".', $this->renderHandleLink($author_phid), $this->renderHandleLink($object_phid), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); case PhabricatorMacroTransactionType::TYPE_DISABLED: if ($new) { return pht( diff --git a/src/applications/mailinglists/controller/PhabricatorMailingListsListController.php b/src/applications/mailinglists/controller/PhabricatorMailingListsListController.php index f5670b4895..c675d4b30b 100644 --- a/src/applications/mailinglists/controller/PhabricatorMailingListsListController.php +++ b/src/applications/mailinglists/controller/PhabricatorMailingListsListController.php @@ -31,8 +31,8 @@ final class PhabricatorMailingListsListController $rows = array(); foreach ($lists as $list) { $rows[] = array( - $list->getName(), - $list->getEmail(), + phutil_escape_html($list->getName()), + phutil_escape_html($list->getEmail()), phutil_tag( 'a', array( diff --git a/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php b/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php index 15058a7302..b393a6e1de 100644 --- a/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php +++ b/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldDefaultSpecification.php @@ -152,13 +152,13 @@ class ManiphestAuxiliaryFieldDefaultSpecification switch ($this->getFieldType()) { case self::TYPE_BOOL: if ($this->getValue()) { - return $this->getCheckboxValue(); + return phutil_escape_html($this->getCheckboxValue()); } else { return null; } case self::TYPE_SELECT: $display = idx($this->getSelectOptions(), $this->getValue()); - return $display; + return phutil_escape_html($display); } return parent::renderForDetailView(); } @@ -203,6 +203,10 @@ class ManiphestAuxiliaryFieldDefaultSpecification break; } + if ($target == self::RENDER_TARGET_HTML) { + $desc = phutil_escape_html($desc); + } + return $desc; } diff --git a/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldSpecification.php b/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldSpecification.php index 216227194d..fba027e838 100644 --- a/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldSpecification.php +++ b/src/applications/maniphest/auxiliaryfield/ManiphestAuxiliaryFieldSpecification.php @@ -71,7 +71,7 @@ abstract class ManiphestAuxiliaryFieldSpecification { } public function renderForDetailView() { - return $this->getValue(); + return phutil_escape_html($this->getValue()); } diff --git a/src/applications/maniphest/controller/ManiphestExportController.php b/src/applications/maniphest/controller/ManiphestExportController.php index a33809b745..591e8ff310 100644 --- a/src/applications/maniphest/controller/ManiphestExportController.php +++ b/src/applications/maniphest/controller/ManiphestExportController.php @@ -28,7 +28,7 @@ final class ManiphestExportController extends ManiphestController { $dialog->setUser($user); $dialog->setTitle('Excel Export Not Configured'); - $dialog->appendChild(hsprintf( + $dialog->appendChild( '

This system does not have PHPExcel installed. This software '. 'component is required to export tasks to Excel. Have your system '. 'administrator install it from:

'. @@ -38,7 +38,7 @@ final class ManiphestExportController extends ManiphestController { '

'. '
'. '

Your PHP "include_path" needs to be updated to include the '. - 'PHPExcel Classes/ directory.

')); + 'PHPExcel Classes/ directory.

'); $dialog->addCancelButton('/maniphest/'); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -59,8 +59,8 @@ final class ManiphestExportController extends ManiphestController { $dialog->setUser($user); $dialog->setTitle('Export Tasks to Excel'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Do you want to export the query results to Excel?'))); + $dialog->appendChild( + '

Do you want to export the query results to Excel?

'); $dialog->addCancelButton('/maniphest/'); $dialog->addSubmitButton('Export to Excel'); diff --git a/src/applications/maniphest/controller/ManiphestReportController.php b/src/applications/maniphest/controller/ManiphestReportController.php index 229ba2e1f4..34c2b30494 100644 --- a/src/applications/maniphest/controller/ManiphestReportController.php +++ b/src/applications/maniphest/controller/ManiphestReportController.php @@ -244,7 +244,7 @@ final class ManiphestReportController extends ManiphestController { )); if ($handle) { - $header = pht("Task Burn Rate for Project %s", $handle->renderLink()); + $header = "Task Burn Rate for Project ".$handle->renderLink(); $caption = hsprintf( "

NOTE: This table reflects tasks currently in ". "the project. If a task was opened in the past but added to ". @@ -363,9 +363,9 @@ final class ManiphestReportController extends ManiphestController { $fmt = number_format($delta); if ($delta > 0) { $fmt = '+'.$fmt; - $fmt = hsprintf('%s', $fmt); + $fmt = ''.$fmt.''; } else { - $fmt = hsprintf('%s', $fmt); + $fmt = ''.$fmt.''; } return array( diff --git a/src/applications/maniphest/controller/ManiphestSavedQueryListController.php b/src/applications/maniphest/controller/ManiphestSavedQueryListController.php index 2f80e6028d..d6377c10b7 100644 --- a/src/applications/maniphest/controller/ManiphestSavedQueryListController.php +++ b/src/applications/maniphest/controller/ManiphestSavedQueryListController.php @@ -81,7 +81,7 @@ final class ManiphestSavedQueryListController extends ManiphestController { 'value' => 0, 'checked' => ($default === null ? 'checked' : null), )), - phutil_tag('em', array(), 'No Default'), + 'No Default', '', '', ); @@ -111,7 +111,7 @@ final class ManiphestSavedQueryListController extends ManiphestController { 'Save Default Query')); $panel->appendChild($table); - $form = phabricator_form( + $form = phabricator_render_form( $user, array( 'method' => 'POST', diff --git a/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php b/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php index ee185362c5..64fa264dc8 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDescriptionPreviewController.php @@ -18,9 +18,10 @@ final class ManiphestTaskDescriptionPreviewController ManiphestTask::MARKUP_FIELD_DESCRIPTION, $request->getUser()); - $content = hsprintf( - '

%s
', - $output); + $content = + '
'. + $output. + '
'; return id(new AphrontAjaxResponse()) ->setContent($content); diff --git a/src/applications/maniphest/controller/ManiphestTaskDetailController.php b/src/applications/maniphest/controller/ManiphestTaskDetailController.php index 4cb394d8c5..b4567f0ddf 100644 --- a/src/applications/maniphest/controller/ManiphestTaskDetailController.php +++ b/src/applications/maniphest/controller/ManiphestTaskDetailController.php @@ -88,32 +88,36 @@ final class ManiphestTaskDetailController extends ManiphestController { if ($parent_task) { $context_bar = new AphrontContextBarView(); - $context_bar->addButton(phutil_tag( - 'a', - array( - 'href' => '/maniphest/task/create/?parent='.$parent_task->getID(), - 'class' => 'green button', - ), - 'Create Another Subtask')); - $context_bar->appendChild(hsprintf( - 'Created a subtask of %s', - $this->getHandle($parent_task->getPHID())->renderLink())); + $context_bar->addButton( + phutil_tag( + 'a', + array( + 'href' => '/maniphest/task/create/?parent='.$parent_task->getID(), + 'class' => 'green button', + ), + 'Create Another Subtask')); + $context_bar->appendChild( + 'Created a subtask of '. + $this->getHandle($parent_task->getPHID())->renderLink(). + ''); } else if ($workflow == 'create') { $context_bar = new AphrontContextBarView(); - $context_bar->addButton(phutil_tag('label', array(), 'Create Another')); - $context_bar->addButton(phutil_tag( - 'a', - array( - 'href' => '/maniphest/task/create/?template='.$task->getID(), - 'class' => 'green button', - ), + $context_bar->addButton(''); + $context_bar->addButton( + phutil_tag( + 'a', + array( + 'href' => '/maniphest/task/create/?template='.$task->getID(), + 'class' => 'green button', + ), 'Similar Task')); - $context_bar->addButton(phutil_tag( - 'a', - array( - 'href' => '/maniphest/task/create/', - 'class' => 'green button', - ), + $context_bar->addButton( + phutil_tag( + 'a', + array( + 'href' => '/maniphest/task/create/', + 'class' => 'green button', + ), 'Empty Task')); $context_bar->appendChild('New task created.'); } @@ -301,13 +305,14 @@ final class ManiphestTaskDetailController extends ManiphestController { $comment_header = id(new PhabricatorHeaderView()) ->setHeader($is_serious ? pht('Add Comment') : pht('Weigh In')); - $preview_panel = hsprintf( + $preview_panel = '
-
%s
+
+ '.pht('Loading preview...').' +
-
', - pht('Loading preview...')); + '; $transaction_view = new ManiphestTransactionListView(); $transaction_view->setTransactions($transactions); diff --git a/src/applications/maniphest/controller/ManiphestTaskEditController.php b/src/applications/maniphest/controller/ManiphestTaskEditController.php index 3ca0812884..23fcf30bee 100644 --- a/src/applications/maniphest/controller/ManiphestTaskEditController.php +++ b/src/applications/maniphest/controller/ManiphestTaskEditController.php @@ -456,7 +456,7 @@ final class ManiphestTaskEditController extends ManiphestController { if ($files) { $file_display = mpull($files, 'getName'); - $file_display = phutil_implode_html(phutil_tag('br'), $file_display); + $file_display = array_interleave(phutil_tag('br'), $file_display); $form->appendChild( id(new AphrontFormMarkupControl()) @@ -512,7 +512,7 @@ final class ManiphestTaskEditController extends ManiphestController { $panel->appendChild($form); $panel->setNoBackground(); - $description_preview_panel = hsprintf( + $description_preview_panel = '
Description Preview @@ -522,7 +522,7 @@ final class ManiphestTaskEditController extends ManiphestController { Loading preview...
- '); + '; Javelin::initBehavior( 'maniphest-description-preview', @@ -542,7 +542,7 @@ final class ManiphestTaskEditController extends ManiphestController { array( $error_view, $panel, - $description_preview_panel, + $description_preview_panel ), array( 'title' => $header_name, diff --git a/src/applications/maniphest/controller/ManiphestTaskListController.php b/src/applications/maniphest/controller/ManiphestTaskListController.php index a542754590..3f89a567a6 100644 --- a/src/applications/maniphest/controller/ManiphestTaskListController.php +++ b/src/applications/maniphest/controller/ManiphestTaskListController.php @@ -298,14 +298,13 @@ final class ManiphestTaskListController extends ManiphestController { require_celerity_resource('maniphest-task-summary-css'); $list_container = new AphrontNullView(); - $list_container->appendChild(hsprintf( - '
')); + $list_container->appendChild('
'); if (!$have_tasks) { - $list_container->appendChild(hsprintf( + $list_container->appendChild( '

'. 'No matching tasks.'. - '

')); + ''); } else { $pager = new AphrontPagerView(); $pager->setURI($request->getRequestURI(), 'offset'); @@ -317,13 +316,14 @@ final class ManiphestTaskListController extends ManiphestController { $max = min($pager->getOffset() + $page_size, $total_count); $tot = $total_count; - $list_container->appendChild(hsprintf( + $cur = number_format($cur); + $max = number_format($max); + $tot = number_format($tot); + + $list_container->appendChild( '
'. - "Displaying tasks %s - %s of %s.". - '
', - number_format($cur), - number_format($max), - number_format($tot))); + "Displaying tasks {$cur} - {$max} of {$tot}.". + '
'); $selector = new AphrontNullView(); @@ -334,7 +334,7 @@ final class ManiphestTaskListController extends ManiphestController { ($group == 'none' || $group == 'priority'); $lists = new AphrontNullView(); - $lists->appendChild(hsprintf('
')); + $lists->appendChild('
'); foreach ($tasks as $group => $list) { $task_list = new ManiphestTaskListView(); $task_list->setShowBatchControls(true); @@ -367,14 +367,14 @@ final class ManiphestTaskListController extends ManiphestController { $lists->appendChild($panel); } - $lists->appendChild(hsprintf('
')); + $lists->appendChild('
'); $selector->appendChild($lists); $selector->appendChild($this->renderBatchEditor($query)); $form_id = celerity_generate_unique_node_id(); - $selector = phabricator_form( + $selector = phabricator_render_form( $user, array( 'method' => 'POST', @@ -394,7 +394,7 @@ final class ManiphestTaskListController extends ManiphestController { )); } - $list_container->appendChild(hsprintf('
')); + $list_container->appendChild(''); $nav->appendChild($list_container); $title = pht('Task List'); @@ -678,21 +678,25 @@ final class ManiphestTaskListController extends ManiphestController { ), 'Export Tasks to Excel...'); - return hsprintf( + return '
'. '
Batch Task Editor
'. ''. ''. - ''. - ''. - ''. - ''. + ''. + ''. + ''. + ''. ''. '
%s%s%s0 Selected Tasks%s'. + $select_all. + $select_none. + ''. + $export. + ''. + '0 Selected Tasks'. + ''.$submit.'
'. - '', - $select_all, $select_none, - $export, - $submit); + ''; } private function buildQueryFromRequest() { diff --git a/src/applications/maniphest/view/ManiphestTaskListView.php b/src/applications/maniphest/view/ManiphestTaskListView.php index aa8baac074..f808ab9104 100644 --- a/src/applications/maniphest/view/ManiphestTaskListView.php +++ b/src/applications/maniphest/view/ManiphestTaskListView.php @@ -45,7 +45,7 @@ final class ManiphestTaskListView extends ManiphestView { $views[] = $view->render(); } - return $this->renderSingleView($views); + return $this->renderHTMLView($views); } } diff --git a/src/applications/maniphest/view/ManiphestTaskProjectsView.php b/src/applications/maniphest/view/ManiphestTaskProjectsView.php index f292157a91..00f4ad86f2 100644 --- a/src/applications/maniphest/view/ManiphestTaskProjectsView.php +++ b/src/applications/maniphest/view/ManiphestTaskProjectsView.php @@ -52,7 +52,7 @@ final class ManiphestTaskProjectsView extends ManiphestView { "\xE2\x80\xA6"); } - return $this->renderSingleView($tags); + return $this->renderHTMLView($tags); } } diff --git a/src/applications/maniphest/view/ManiphestTransactionDetailView.php b/src/applications/maniphest/view/ManiphestTransactionDetailView.php index 62294c91ae..4d5afbf8ad 100644 --- a/src/applications/maniphest/view/ManiphestTransactionDetailView.php +++ b/src/applications/maniphest/view/ManiphestTransactionDetailView.php @@ -179,17 +179,17 @@ final class ManiphestTransactionDetailView extends ManiphestView { } if ($this->getRenderSummaryOnly()) { - return phutil_implode_html("\n", $descs); + return implode("\n", $descs); } if ($comment_transaction && $comment_transaction->hasComments()) { $comment_block = $this->markupEngine->getOutput( $comment_transaction, ManiphestTransaction::MARKUP_FIELD_BODY); - $comment_block = phutil_tag( - 'div', - array('class' => 'maniphest-transaction-comments phabricator-remarkup'), - $comment_block); + $comment_block = + '
'. + $comment_block. + '
'; } else { $comment_block = null; } @@ -590,6 +590,9 @@ final class ManiphestTransactionDetailView extends ManiphestView { DifferentialChangesetParser::parseRangeSpecification($spec); $output = $parser->render($range_s, $range_e, $mask); + // TODO: [HTML] DifferentialChangesetParser needs cleanup. + $output = phutil_safe_html($output); + return $output; } @@ -624,7 +627,7 @@ final class ManiphestTransactionDetailView extends ManiphestView { $links[] = $this->handles[$phid]->renderLink(); } } - return phutil_implode_html(', ', $links); + return implode(', ', $links); } private function renderString($string) { diff --git a/src/applications/maniphest/view/ManiphestTransactionListView.php b/src/applications/maniphest/view/ManiphestTransactionListView.php index 9e8ccc8f08..14bff880e6 100644 --- a/src/applications/maniphest/view/ManiphestTransactionListView.php +++ b/src/applications/maniphest/view/ManiphestTransactionListView.php @@ -102,10 +102,10 @@ final class ManiphestTransactionListView extends ManiphestView { $views[] = $view->render(); } - return phutil_tag( - 'div', - array('class' => 'maniphest-transaction-list-view'), - $views); + return + '
'. + implode("\n", $views). + '
'; } } diff --git a/src/applications/meta/view/PhabricatorApplicationLaunchView.php b/src/applications/meta/view/PhabricatorApplicationLaunchView.php index faa0c348ff..8af4f65ff4 100644 --- a/src/applications/meta/view/PhabricatorApplicationLaunchView.php +++ b/src/applications/meta/view/PhabricatorApplicationLaunchView.php @@ -128,13 +128,13 @@ final class PhabricatorApplicationLaunchView extends AphrontView { 'href' => $application ? $application->getBaseURI() : null, 'title' => $application ? $application->getShortDescription() : null, ), - $this->renderSingleView( + $this->renderHTMLView( array( $icon, $content, ))); - return $this->renderSingleView( + return $this->renderHTMLView( array( $app_button, $create_button, diff --git a/src/applications/metamta/controller/PhabricatorMetaMTAListController.php b/src/applications/metamta/controller/PhabricatorMetaMTAListController.php index f7eb0ffbe6..eca61ceaf9 100644 --- a/src/applications/metamta/controller/PhabricatorMetaMTAListController.php +++ b/src/applications/metamta/controller/PhabricatorMetaMTAListController.php @@ -67,7 +67,7 @@ final class PhabricatorMetaMTAListController phabricator_datetime($mail->getDateCreated(), $user), phabricator_format_relative_time_detailed( time() - $mail->getDateModified()), - $mail->getSubject(), + phutil_escape_html($mail->getSubject()), phutil_tag( 'a', array( diff --git a/src/applications/metamta/controller/PhabricatorMetaMTAReceivedListController.php b/src/applications/metamta/controller/PhabricatorMetaMTAReceivedListController.php index 42913bb32d..d55f4b7174 100644 --- a/src/applications/metamta/controller/PhabricatorMetaMTAReceivedListController.php +++ b/src/applications/metamta/controller/PhabricatorMetaMTAReceivedListController.php @@ -38,7 +38,7 @@ final class PhabricatorMetaMTAReceivedListController $mail->getRelatedPHID() ? $handles[$mail->getRelatedPHID()]->renderLink() : '-', - $mail->getMessage(), + phutil_escape_html($mail->getMessage()), ); } diff --git a/src/applications/notification/controller/PhabricatorNotificationListController.php b/src/applications/notification/controller/PhabricatorNotificationListController.php index 1557c8acc8..739a70f3ae 100644 --- a/src/applications/notification/controller/PhabricatorNotificationListController.php +++ b/src/applications/notification/controller/PhabricatorNotificationListController.php @@ -43,16 +43,19 @@ final class PhabricatorNotificationListController if ($notifications) { $builder = new PhabricatorNotificationBuilder($notifications); - $view = $builder->buildView()->render(); + $view = $builder->buildView(); } else { - $view = hsprintf( - '
%s
', - $no_data); + $view = + '
'. + $no_data. + '
'; } - $view = hsprintf( - '
%s
', - $view); + $view = array( + '
', + $view, + '
', + ); $panel = new AphrontPanelView(); $panel->setHeader($header); diff --git a/src/applications/notification/controller/PhabricatorNotificationPanelController.php b/src/applications/notification/controller/PhabricatorNotificationPanelController.php index 19a811fe4e..b25365c607 100644 --- a/src/applications/notification/controller/PhabricatorNotificationPanelController.php +++ b/src/applications/notification/controller/PhabricatorNotificationPanelController.php @@ -20,23 +20,25 @@ final class PhabricatorNotificationPanelController $notifications_view = $builder->buildView(); $content = $notifications_view->render(); } else { - $content = hsprintf( - '
%s
', - pht('You have no notifications.')); + $content = + '
'. + 'You have no notifications.'. + '
'; } - $content = hsprintf( - '
%s
'. - '%s'. - '
%s
', - pht('Notifications'), - $content, - phutil_tag( - 'a', - array( - 'href' => '/notification/', - ), - 'View All Notifications')); + $content = + '
'. + pht('Notifications'). + '
'. + $content. + '
'. + phutil_tag( + 'a', + array( + 'href' => '/notification/', + ), + 'View All Notifications'). + '
'; $unread_count = id(new PhabricatorFeedStoryNotification()) ->countUnread($user); diff --git a/src/applications/notification/controller/PhabricatorNotificationStatusController.php b/src/applications/notification/controller/PhabricatorNotificationStatusController.php index 7f40302ff2..5c28923b9f 100644 --- a/src/applications/notification/controller/PhabricatorNotificationStatusController.php +++ b/src/applications/notification/controller/PhabricatorNotificationStatusController.php @@ -45,19 +45,22 @@ final class PhabricatorNotificationStatusController $rows = array(); foreach ($status as $key => $value) { + $label = phutil_escape_html($key); + switch ($key) { case 'uptime': $value /= 1000; $value = phabricator_format_relative_time_detailed($value); break; case 'log': + $value = phutil_escape_html($value); break; default: - $value = number_format($value); + $value = phutil_escape_html(number_format($value)); break; } - $rows[] = array($key, $value); + $rows[] = array($label, $value); } $table = new AphrontTableView($rows); diff --git a/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php b/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php index 4eb21e5b80..a0b4e1d592 100644 --- a/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php +++ b/src/applications/oauthserver/controller/PhabricatorOAuthServerAuthController.php @@ -143,7 +143,8 @@ extends PhabricatorAuthController { // display time -- make a nice form for the user to grant the client // access to the granularity specified by $scope - $title = 'Authorize '.$client->getName().'?'; + $name = phutil_escape_html($client->getName()); + $title = 'Authorize ' . $name . '?'; $panel = new AphrontPanelView(); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->setHeader($title); diff --git a/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php b/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php index ae3f85a3ac..cb893c78ea 100644 --- a/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php +++ b/src/applications/oauthserver/controller/client/PhabricatorOAuthClientDeleteController.php @@ -32,13 +32,15 @@ extends PhabricatorOAuthClientBaseController { ->setURI('/oauthserver/client/?deleted=1'); } - $title .= ' '.$client->getName(); + $client_name = phutil_escape_html($client->getName()); + $title .= ' '.$client_name; $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle($title); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Are you sure you want to delete this client?'))); + $dialog->appendChild( + '

Are you sure you want to delete this client?

' + ); $dialog->addSubmitButton(); $dialog->addCancelButton($client->getEditURI()); return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php b/src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php index b8d6d65907..51104ae880 100644 --- a/src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php +++ b/src/applications/oauthserver/controller/client/PhabricatorOAuthClientListController.php @@ -113,8 +113,10 @@ extends PhabricatorOAuthClientBaseController { $new = $this->getRequest()->getStr('new'); $deleted = $this->getRequest()->getBool('deleted'); if ($edited) { + $edited = phutil_escape_html($edited); $title = 'Successfully edited client with id '.$edited.'.'; } else if ($new) { + $new = phutil_escape_html($new); $title = 'Successfully created client with id '.$new.'.'; } else if ($deleted) { $title = 'Successfully deleted client.'; diff --git a/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php b/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php index 4f366c53d9..94c9839d79 100644 --- a/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php +++ b/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationDeleteController.php @@ -37,17 +37,20 @@ extends PhabricatorOAuthClientAuthorizationBaseController { ->loadOneWhere('phid = %s', $client_phid); if ($client) { - $title .= ' for '.$client->getName(); + $client_name = phutil_escape_html($client->getName()); + $title .= ' for '.$client_name; } else { // the client does not exist so token is dead already (but // let's let the user clean this up anyway in that case) + $client_name = ''; } $dialog = new AphrontDialogView(); $dialog->setUser($current_user); $dialog->setTitle($title); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Are you sure you want to delete this client authorization?'))); + $dialog->appendChild( + '

Are you sure you want to delete this client authorization?

' + ); $dialog->addSubmitButton(); $dialog->addCancelButton($authorization->getEditURI()); return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php b/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php index d45e4dc96d..c3b0a927af 100644 --- a/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php +++ b/src/applications/oauthserver/controller/clientauthorization/PhabricatorOAuthClientAuthorizationListController.php @@ -137,6 +137,7 @@ extends PhabricatorOAuthClientAuthorizationBaseController { $edited = $this->getRequest()->getStr('edited'); $deleted = $this->getRequest()->getBool('deleted'); if ($edited) { + $edited = phutil_escape_html($edited); $title = 'Successfully edited client authorization.'; } else if ($deleted) { $title = 'Successfully deleted client authorization.'; diff --git a/src/applications/owners/controller/PhabricatorOwnersDetailController.php b/src/applications/owners/controller/PhabricatorOwnersDetailController.php index eae6ac2050..58afadf36d 100644 --- a/src/applications/owners/controller/PhabricatorOwnersDetailController.php +++ b/src/applications/owners/controller/PhabricatorOwnersDetailController.php @@ -47,25 +47,32 @@ final class PhabricatorOwnersDetailController $rows = array(); - $rows[] = array('Name', $package->getName()); - $rows[] = array('Description', $package->getDescription()); + $rows[] = array( + 'Name', + phutil_escape_html($package->getName())); + $rows[] = array( + 'Description', + phutil_escape_html($package->getDescription())); $primary_owner = null; $primary_phid = $package->getPrimaryOwnerPHID(); if ($primary_phid && isset($handles[$primary_phid])) { - $primary_owner = phutil_tag( - 'strong', - array(), - $handles[$primary_phid]->renderLink()); + $primary_owner = + ''.$handles[$primary_phid]->renderLink().''; } - $rows[] = array('Primary Owner', $primary_owner); + $rows[] = array( + 'Primary Owner', + $primary_owner, + ); $owner_links = array(); foreach ($owners as $owner) { $owner_links[] = $handles[$owner->getUserPHID()]->renderLink(); } - $owner_links = phutil_implode_html(phutil_tag('br'), $owner_links); - $rows[] = array('Owners', $owner_links); + $owner_links = implode('
', $owner_links); + $rows[] = array( + 'Owners', + $owner_links); $rows[] = array( 'Auditing', @@ -92,14 +99,14 @@ final class PhabricatorOwnersDetailController 'href' => (string) $href, ), $path->getPath()); - $path_links[] = hsprintf( - '%s %s %s', - ($path->getExcluded() ? "\xE2\x80\x93" : '+'), - $repo_name, - $path_link); + $path_links[] = + ($path->getExcluded() ? '–' : '+').' '. + $repo_name.' '.$path_link; } - $path_links = phutil_implode_html(phutil_tag('br'), $path_links); - $rows[] = array('Paths', $path_links); + $path_links = implode('
', $path_links); + $rows[] = array( + 'Paths', + $path_links); $table = new AphrontTableView($rows); $table->setColumnClasses( @@ -109,7 +116,8 @@ final class PhabricatorOwnersDetailController )); $panel = new AphrontPanelView(); - $panel->setHeader('Package Details for "'.$package->getName().'"'); + $panel->setHeader( + 'Package Details for "'.phutil_escape_html($package->getName()).'"'); $panel->addButton( javelin_tag( 'a', @@ -199,7 +207,7 @@ final class PhabricatorOwnersDetailController $commit_panels = array(); foreach ($commit_views as $commit_view) { $commit_panel = new AphrontPanelView(); - $commit_panel->setHeader($commit_view['header']); + $commit_panel->setHeader(phutil_escape_html($commit_view['header'])); if (isset($commit_view['button'])) { $commit_panel->addButton($commit_view['button']); } diff --git a/src/applications/owners/controller/PhabricatorOwnersListController.php b/src/applications/owners/controller/PhabricatorOwnersListController.php index babe04b9c1..9a140620b1 100644 --- a/src/applications/owners/controller/PhabricatorOwnersListController.php +++ b/src/applications/owners/controller/PhabricatorOwnersListController.php @@ -235,10 +235,10 @@ final class PhabricatorOwnersListController foreach ($pkg_owners as $key => $owner) { $pkg_owners[$key] = $handles[$owner->getUserPHID()]->renderLink(); if ($owner->getUserPHID() == $package->getPrimaryOwnerPHID()) { - $pkg_owners[$key] = phutil_tag('strong', array(), $pkg_owners[$key]); + $pkg_owners[$key] = ''.$pkg_owners[$key].''; } } - $pkg_owners = phutil_implode_html(phutil_tag('br'), $pkg_owners); + $pkg_owners = implode('
', $pkg_owners); $pkg_paths = idx($paths, $package->getID(), array()); foreach ($pkg_paths as $key => $path) { @@ -251,21 +251,20 @@ final class PhabricatorOwnersListController 'path' => $path->getPath(), 'action' => 'browse', )); - $pkg_paths[$key] = hsprintf( - '%s %s%s', - ($path->getExcluded() ? "\xE2\x80\x93" : '+'), - phutil_tag('strong', array(), $repo->getName()), + $pkg_paths[$key] = + ($path->getExcluded() ? '–' : '+').' '. + phutil_tag('strong', array(), $repo->getName()). phutil_tag( 'a', array( 'href' => (string) $href, ), - $path->getPath())); + $path->getPath()); } else { - $pkg_paths[$key] = $path->getPath(); + $pkg_paths[$key] = phutil_escape_html($path->getPath()); } } - $pkg_paths = phutil_implode_html(phutil_tag('br'), $pkg_paths); + $pkg_paths = implode('
', $pkg_paths); $rows[] = array( phutil_tag( diff --git a/src/applications/paste/controller/PhabricatorPasteListController.php b/src/applications/paste/controller/PhabricatorPasteListController.php index 7d22d6fd62..def6cc8f66 100644 --- a/src/applications/paste/controller/PhabricatorPasteListController.php +++ b/src/applications/paste/controller/PhabricatorPasteListController.php @@ -109,7 +109,7 @@ final class PhabricatorPasteListController extends PhabricatorPasteController { $lang_name = $paste->getLanguage(); if ($lang_name) { $lang_name = idx($lang_map, $lang_name, $lang_name); - $item->addIcon('none', $lang_name); + $item->addIcon('none', phutil_escape_html($lang_name)); } $list->addItem($item); diff --git a/src/applications/people/controller/PhabricatorPeopleLdapController.php b/src/applications/people/controller/PhabricatorPeopleLdapController.php index 0567e90b4c..f29efb5335 100644 --- a/src/applications/people/controller/PhabricatorPeopleLdapController.php +++ b/src/applications/people/controller/PhabricatorPeopleLdapController.php @@ -153,29 +153,34 @@ final class PhabricatorPeopleLdapController private function renderUserInputs($user) { $username = $user[0]; - return hsprintf( - '%s%s%s', - phutil_tag( - 'input', - array( - 'type' => 'checkbox', - 'name' => 'usernames[]', - 'value' => $username, - )), - phutil_tag( - 'input', - array( - 'type' => 'hidden', - 'name' => "email[$username]", - 'value' => $user[1], - )), - phutil_tag( - 'input', - array( - 'type' => 'hidden', - 'name' => "name[$username]", - 'value' => $user[2], - ))); + $inputs = phutil_tag( + 'input', + array( + 'type' => 'checkbox', + 'name' => 'usernames[]', + 'value' =>$username, + ), + ''); + + $inputs .= phutil_tag( + 'input', + array( + 'type' => 'hidden', + 'name' => "email[$username]", + 'value' =>$user[1], + ), + ''); + + $inputs .= phutil_tag( + 'input', + array( + 'type' => 'hidden', + 'name' => "name[$username]", + 'value' =>$user[2], + ), + ''); + + return $inputs; } } diff --git a/src/applications/people/controller/PhabricatorPeopleListController.php b/src/applications/people/controller/PhabricatorPeopleListController.php index f7eb21597a..290f77f174 100644 --- a/src/applications/people/controller/PhabricatorPeopleListController.php +++ b/src/applications/people/controller/PhabricatorPeopleListController.php @@ -55,7 +55,7 @@ final class PhabricatorPeopleListController 'href' => '/p/'.$user->getUsername().'/', ), $user->getUserName()), - $user->getRealName(), + phutil_escape_html($user->getRealName()), $status, $email, phutil_tag( diff --git a/src/applications/people/controller/PhabricatorPeopleLogsController.php b/src/applications/people/controller/PhabricatorPeopleLogsController.php index de42b37a33..9b10f34396 100644 --- a/src/applications/people/controller/PhabricatorPeopleLogsController.php +++ b/src/applications/people/controller/PhabricatorPeopleLogsController.php @@ -157,8 +157,10 @@ final class PhabricatorPeopleLogsController phabricator_date($log->getDateCreated(),$user), phabricator_time($log->getDateCreated(),$user), $log->getAction(), - $log->getActorPHID() ? $handles[$log->getActorPHID()]->getName() : null, - $handles[$log->getUserPHID()]->getName(), + $log->getActorPHID() + ? phutil_escape_html($handles[$log->getActorPHID()]->getName()) + : null, + phutil_escape_html($handles[$log->getUserPHID()]->getName()), json_encode($log->getOldValue(), true), json_encode($log->getNewValue(), true), phutil_tag( diff --git a/src/applications/people/controller/PhabricatorPeopleProfileController.php b/src/applications/people/controller/PhabricatorPeopleProfileController.php index c255897caf..d16f5d948e 100644 --- a/src/applications/people/controller/PhabricatorPeopleProfileController.php +++ b/src/applications/people/controller/PhabricatorPeopleProfileController.php @@ -142,7 +142,7 @@ final class PhabricatorPeopleProfileController $nav->appendChild($header); - $content = hsprintf('
%s
', $content); + $content = '
'.$content.'
'; $header->appendChild($content); if ($user->getPHID() == $viewer->getPHID()) { @@ -172,11 +172,13 @@ final class PhabricatorPeopleProfileController $blurb = nonempty( $profile->getBlurb(), - '//'.pht('Nothing is known about this rare specimen.').'//' + '//'. + pht('Nothing is known about this rare specimen.') + .'//' ); $engine = PhabricatorMarkupEngine::newProfileMarkupEngine(); - $blurb = $engine->markupText($blurb); + $blurb = phutil_safe_html($engine->markupText($blurb)); $viewer = $this->getRequest()->getUser(); @@ -230,11 +232,12 @@ final class PhabricatorPeopleProfileController $builder->setUser($viewer); $view = $builder->buildView(); - return hsprintf( + return '

Activity Feed

-
%s
-
', - $view->render()); +
+ '.$view->render().' +
+
'; } } diff --git a/src/applications/phame/controller/blog/PhameBlogDeleteController.php b/src/applications/phame/controller/blog/PhameBlogDeleteController.php index e6d9b4dff6..eb6f4695a8 100644 --- a/src/applications/phame/controller/blog/PhameBlogDeleteController.php +++ b/src/applications/phame/controller/blog/PhameBlogDeleteController.php @@ -41,7 +41,7 @@ final class PhameBlogDeleteController extends PhameController { ->appendChild( pht( 'Really delete the blog "%s"? It will be gone forever.', - $blog->getName())) + phutil_escape_html($blog->getName()))) ->addSubmitButton(pht('Delete')) ->addCancelButton($cancel_uri); diff --git a/src/applications/phame/controller/post/PhamePostDeleteController.php b/src/applications/phame/controller/post/PhamePostDeleteController.php index 8faa715a5e..26719ff61c 100644 --- a/src/applications/phame/controller/post/PhamePostDeleteController.php +++ b/src/applications/phame/controller/post/PhamePostDeleteController.php @@ -41,7 +41,7 @@ final class PhamePostDeleteController extends PhameController { ->appendChild( pht( 'Really delete the post "%s"? It will be gone forever.', - $post->getTitle())) + phutil_escape_html($post->getTitle()))) ->addSubmitButton(pht('Delete')) ->addCancelButton($cancel_uri); diff --git a/src/applications/phame/controller/post/PhamePostEditController.php b/src/applications/phame/controller/post/PhamePostEditController.php index 9af5a98b43..20217edc51 100644 --- a/src/applications/phame/controller/post/PhamePostEditController.php +++ b/src/applications/phame/controller/post/PhamePostEditController.php @@ -148,7 +148,7 @@ final class PhamePostEditController ->setValue($submit_button) ); - $preview_panel = hsprintf( + $preview_panel = '
Post Preview @@ -158,7 +158,7 @@ final class PhamePostEditController Loading preview...
- '); + '; require_celerity_resource('phame-css'); Javelin::initBehavior( diff --git a/src/applications/phame/controller/post/PhamePostNotLiveController.php b/src/applications/phame/controller/post/PhamePostNotLiveController.php index 885bc3b1a9..c2b4983736 100644 --- a/src/applications/phame/controller/post/PhamePostNotLiveController.php +++ b/src/applications/phame/controller/post/PhamePostNotLiveController.php @@ -25,16 +25,16 @@ final class PhamePostNotLiveController extends PhameController { $reasons = array(); if (!$post->getBlog()) { - $reasons[] = phutil_tag('p', array(), pht( - 'You can not view the live version of this post because it '. + $reasons[] = + '

'.pht('You can not view the live version of this post because it '. 'is not associated with a blog. Move the post to a blog in order to '. - 'view it live.')); + 'view it live.').'

'; } if ($post->isDraft()) { - $reasons[] = phutil_tag('p', array(), pht( - 'You can not view the live version of this post because it '. - 'is still a draft. Use "Preview/Publish" to publish the post.')); + $reasons[] = + '

'.pht('You can not view the live version of this post because it '. + 'is still a draft. Use "Preview/Publish" to publish the post.').'

'; } if ($reasons) { diff --git a/src/applications/phame/controller/post/PhamePostPreviewController.php b/src/applications/phame/controller/post/PhamePostPreviewController.php index 06fe3de4da..38b007178d 100644 --- a/src/applications/phame/controller/post/PhamePostPreviewController.php +++ b/src/applications/phame/controller/post/PhamePostPreviewController.php @@ -23,7 +23,7 @@ extends PhameController { PhamePost::MARKUP_FIELD_BODY, $user); - $content = hsprintf('
%s
', $content); + $content = '
'.$content.'
'; return id(new AphrontAjaxResponse())->setContent($content); } diff --git a/src/applications/phame/controller/post/PhamePostUnpublishController.php b/src/applications/phame/controller/post/PhamePostUnpublishController.php index f70cff773c..efc8153dab 100644 --- a/src/applications/phame/controller/post/PhamePostUnpublishController.php +++ b/src/applications/phame/controller/post/PhamePostUnpublishController.php @@ -45,7 +45,7 @@ final class PhamePostUnpublishController extends PhameController { pht( 'The post "%s" will no longer be visible to other users until you '. 'republish it.', - $post->getTitle())) + phutil_escape_html($post->getTitle()))) ->addSubmitButton(pht('Unpublish')) ->addCancelButton($cancel_uri); diff --git a/src/applications/phame/skins/PhameBasicBlogSkin.php b/src/applications/phame/skins/PhameBasicBlogSkin.php index 2c6f91e97b..569bb6b3b3 100644 --- a/src/applications/phame/skins/PhameBasicBlogSkin.php +++ b/src/applications/phame/skins/PhameBasicBlogSkin.php @@ -123,7 +123,7 @@ abstract class PhameBasicBlogSkin extends PhameBlogSkin { } protected function render404Page() { - return hsprintf('

404 Not Found

'); + return '

404 Not Found

'; } final public function getResourceURI($resource) { diff --git a/src/applications/phame/skins/PhameBasicTemplateBlogSkin.php b/src/applications/phame/skins/PhameBasicTemplateBlogSkin.php index 7ccd2cffe9..39dc7df989 100644 --- a/src/applications/phame/skins/PhameBasicTemplateBlogSkin.php +++ b/src/applications/phame/skins/PhameBasicTemplateBlogSkin.php @@ -26,7 +26,7 @@ final class PhameBasicTemplateBlogSkin extends PhameBasicBlogSkin { 'href' => $this->getResourceURI('css/'.$path), )); } - $this->cssResources = phutil_implode_html("\n", $this->cssResources); + $this->cssResources = implode("\n", $this->cssResources); } $request = $this->getRequest(); @@ -43,7 +43,7 @@ final class PhameBasicTemplateBlogSkin extends PhameBasicBlogSkin { ); $response = new AphrontWebpageResponse(); - $response->setContent(phutil_implode_html("\n", $content)); + $response->setContent(implode("\n", $content)); return $response; } diff --git a/src/applications/phid/controller/PhabricatorPHIDLookupController.php b/src/applications/phid/controller/PhabricatorPHIDLookupController.php index e7c93f60ba..c6228df5c2 100644 --- a/src/applications/phid/controller/PhabricatorPHIDLookupController.php +++ b/src/applications/phid/controller/PhabricatorPHIDLookupController.php @@ -24,9 +24,9 @@ final class PhabricatorPHIDLookupController } $rows[] = array( - $handle->getPHID(), - $handle->getType(), - $handle->getName(), + phutil_escape_html($handle->getPHID()), + phutil_escape_html($handle->getType()), + phutil_escape_html($handle->getName()), $link, ); } diff --git a/src/applications/pholio/controller/PholioMockViewController.php b/src/applications/pholio/controller/PholioMockViewController.php index 361b7257fb..94a3e447c7 100644 --- a/src/applications/pholio/controller/PholioMockViewController.php +++ b/src/applications/pholio/controller/PholioMockViewController.php @@ -145,7 +145,7 @@ final class PholioMockViewController extends PholioController { foreach ($subscribers as $subscriber) { $sub_view[] = $this->getHandle($subscriber)->renderLink(); } - $sub_view = phutil_implode_html(', ', $sub_view); + $sub_view = array_interleave(', ', $sub_view); } else { $sub_view = phutil_tag('em', array(), pht('None')); } diff --git a/src/applications/pholio/storage/PholioTransaction.php b/src/applications/pholio/storage/PholioTransaction.php index ece88cbdd5..55a5ab7ba6 100644 --- a/src/applications/pholio/storage/PholioTransaction.php +++ b/src/applications/pholio/storage/PholioTransaction.php @@ -44,15 +44,15 @@ final class PholioTransaction extends PhabricatorApplicationTransaction { return pht( '%s renamed this mock from "%s" to "%s".', $this->renderHandleLink($author_phid), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); break; case PholioTransactionType::TYPE_DESCRIPTION: return pht( '%s updated the description of this mock. '. 'The old description was: %s', $this->renderHandleLink($author_phid), - $old); + phutil_escape_html($old)); } return parent::getTitle(); diff --git a/src/applications/pholio/view/PholioMockImagesView.php b/src/applications/pholio/view/PholioMockImagesView.php index 7ab6363b89..b43020e8f1 100644 --- a/src/applications/pholio/view/PholioMockImagesView.php +++ b/src/applications/pholio/view/PholioMockImagesView.php @@ -91,6 +91,6 @@ final class PholioMockImagesView extends AphrontView { $thumbnails); } - return $this->renderSingleView($mockview); + return $this->renderHTMLView($mockview); } } diff --git a/src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php b/src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php index bec14d9a21..c21f9f2b0b 100644 --- a/src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php +++ b/src/applications/phpast/controller/PhabricatorXHPASTViewFramesetController.php @@ -14,15 +14,12 @@ final class PhabricatorXHPASTViewFramesetController $response = new AphrontWebpageResponse(); $response->setFrameable(true); - $response->setContent(hsprintf( - ''. - ''. - ''. - ''. - '', - $id, - $id, - $id)); + $response->setContent( + ''. + ''. + ''. + ''. + ''); return $response; } diff --git a/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php b/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php index 48ba6afc33..0d90598190 100644 --- a/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php +++ b/src/applications/phpast/controller/PhabricatorXHPASTViewInputController.php @@ -5,6 +5,7 @@ final class PhabricatorXHPASTViewInputController public function processRequest() { $input = $this->getStorageTree()->getInput(); - return $this->buildXHPASTViewPanelResponse($input); + return $this->buildXHPASTViewPanelResponse( + phutil_escape_html($input)); } } diff --git a/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php b/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php index 0e43c418f1..b4494eb44e 100644 --- a/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php +++ b/src/applications/phpast/controller/PhabricatorXHPASTViewPanelController.php @@ -20,7 +20,7 @@ abstract class PhabricatorXHPASTViewPanelController } protected function buildXHPASTViewPanelResponse($content) { - $content = hsprintf( + $content = ''. ''. ''. @@ -57,9 +57,10 @@ li span { '. ''. - '%s'. - '', - $content); + ''. + $content. + ''. + ''; $response = new AphrontWebpageResponse(); $response->setFrameable(true); diff --git a/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php b/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php index 4931ab29e3..bf7c620be9 100644 --- a/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php +++ b/src/applications/phpast/controller/PhabricatorXHPASTViewStreamController.php @@ -27,7 +27,6 @@ final class PhabricatorXHPASTViewStreamController $token->getValue()); } - return $this->buildXHPASTViewPanelResponse( - phutil_implode_html('', $tokens)); + return $this->buildXHPASTViewPanelResponse(implode('', $tokens)); } } diff --git a/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php b/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php index b332784e92..5b7673386e 100644 --- a/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php +++ b/src/applications/phpast/controller/PhabricatorXHPASTViewTreeController.php @@ -12,7 +12,7 @@ final class PhabricatorXHPASTViewTreeController $input, array(0, $stdout, '')); - $tree = phutil_tag('ul', array(), $this->buildTree($tree->getRootNode())); + $tree = '
    '.$this->buildTree($tree->getRootNode()).'
'; return $this->buildXHPASTViewPanelResponse($tree); } @@ -27,19 +27,19 @@ final class PhabricatorXHPASTViewTreeController } $tree = array(); - $tree[] = phutil_tag( - 'li', - array(), - phutil_tag( - 'span', - array( - 'title' => $title, - ), - $name)); + $tree[] = + '
  • '. + phutil_tag( + 'span', + array( + 'title' => $title, + ), + $name). + '
    • '; foreach ($root->getChildren() as $child) { - $tree[] = phutil_tag('ul', array(), $this->buildTree($child)); + $tree[] = '
      '.$this->buildTree($child).'
    '; } - return phutil_implode_html("\n", $tree); + return implode("\n", $tree); } } diff --git a/src/applications/phriction/controller/PhrictionDiffController.php b/src/applications/phriction/controller/PhrictionDiffController.php index 7ce9082a29..0cc32b75e4 100644 --- a/src/applications/phriction/controller/PhrictionDiffController.php +++ b/src/applications/phriction/controller/PhrictionDiffController.php @@ -155,32 +155,28 @@ final class PhrictionDiffController $link_r = pht('Most Recent Change'); } - $navigation_table = hsprintf( + $navigation_table = ' - - + + -
    %s%s'.$link_l.''.$link_r.'
    ', - $link_l, - $link_r); + '; } - $output = hsprintf( + $output = '
    '. - '%s

    %s'. + $comparison_table->render(). + '
    '. + '
    '. + $navigation_table. ''. - ''. + ''. '
    %s%s
    '.$revert_l.''.$revert_r.'
    '. - '%s'. - '
    ', - $comparison_table->render(), - $navigation_table, - $revert_l, - $revert_r, - $output); + $output. + ''; return $this->buildStandardPageResponse( array( @@ -238,9 +234,9 @@ final class PhrictionDiffController $rows[] = array( phabricator_date($c->getDateCreated(), $user), phabricator_time($c->getDateCreated(), $user), - 'Version '.$c->getVersion(), + phutil_escape_html('Version '.$c->getVersion()), $handles[$c->getAuthorPHID()]->renderLink(), - $c->getDescription(), + phutil_escape_html($c->getDescription()), ); } diff --git a/src/applications/phriction/controller/PhrictionDocumentController.php b/src/applications/phriction/controller/PhrictionDocumentController.php index 338d894a66..bf925650b7 100644 --- a/src/applications/phriction/controller/PhrictionDocumentController.php +++ b/src/applications/phriction/controller/PhrictionDocumentController.php @@ -110,9 +110,9 @@ final class PhrictionDocumentController $project_info = null; if ($project_phid) { - $project_info = hsprintf( - '
    This document is about the project %s.', - $handles[$project_phid]->renderLink()); + $project_info = + '
    This document is about the project '. + $handles[$project_phid]->renderLink().'.'; } $index_link = phutil_tag( @@ -122,11 +122,12 @@ final class PhrictionDocumentController ), pht('Document Index')); - $byline = hsprintf( - '
    Last updated %s by %s.%s
    ', - $when, - $handles[$content->getAuthorPHID()]->renderLink(), - $project_info); + $byline = + '
    '. + "Last updated {$when} by ". + $handles[$content->getAuthorPHID()]->renderLink().'.'. + $project_info. + '
    '; $doc_status = $document->getStatus(); @@ -144,18 +145,19 @@ final class PhrictionDocumentController throw new Exception("Unknown document status '{$doc_status}'!"); } - $page_content = hsprintf( - '
    %s%s%s
    ', - $index_link, - $byline, - $core_content); + $page_content = + '
    '. + $index_link. + $byline. + $core_content. + '
    '; } if ($version_note) { $version_note = $version_note->render(); } - $children = $this->renderDocumentChildren($slug); + $children = $this->renderChildren($slug); $crumbs = $this->buildApplicationCrumbs(); $crumb_views = $this->renderBreadcrumbs($slug); @@ -168,14 +170,17 @@ final class PhrictionDocumentController $header = id(new PhabricatorHeaderView()) ->setHeader($page_title); + $page = + $crumbs->render(). + $header->render(). + $actions->render(). + $version_note. + $page_content. + $children; + return $this->buildApplicationPage( array( - $crumbs->render(), - $header->render(), - $actions->render(), - $version_note, - $page_content, - $children, + $page, ), array( 'title' => $page_title, @@ -220,7 +225,7 @@ final class PhrictionDocumentController ->setHref(PhrictionDocument::getSlugURI($slug, 'history'))); } - private function renderDocumentChildren($slug) { + private function renderChildren($slug) { $document_dao = new PhrictionDocument(); $content_dao = new PhrictionContent(); $conn = $document_dao->establishConnection('r'); @@ -304,32 +309,31 @@ final class PhrictionDocumentController $children = isort($children, 'title'); $list = array(); + $list[] = '
      '; foreach ($children as $child) { - $list[] = hsprintf('
    • '); $list[] = $this->renderChildDocumentLink($child); $grand = idx($grandchildren, $child['slug'], array()); if ($grand) { - $list[] = hsprintf('
        '); + $list[] = '
          '; foreach ($grand as $grandchild) { - $list[] = hsprintf('
        • '); $list[] = $this->renderChildDocumentLink($grandchild); - $list[] = hsprintf('
          • '); } - $list[] = hsprintf('
        '); + $list[] = '
      '; } - $list[] = hsprintf('
      • '); } if ($more_children) { - $list[] = phutil_tag('li', array(), pht('More...')); + $list[] = '
    • '.pht('More...').'
      • '; } + $list[] = '
    '; + $list = implode("\n", $list); - return hsprintf( + return '
    '. - '
    %s
    '. - '%s'. - '
    ', - pht('Document Hierarchy'), - phutil_tag('ul', array(), $list)); + '
    '. + pht('Document Hierarchy'). + '
    '. + $list. + ''; } private function renderChildDocumentLink(array $info) { @@ -342,10 +346,10 @@ final class PhrictionDocumentController $title); if (isset($info['empty'])) { - $item = phutil_tag('em', array(), $item); + $item = ''.$item.''; } - return $item; + return '
  • '.$item.'
    • '; } } diff --git a/src/applications/phriction/controller/PhrictionEditController.php b/src/applications/phriction/controller/PhrictionEditController.php index 2b9b5bee23..188d54a14c 100644 --- a/src/applications/phriction/controller/PhrictionEditController.php +++ b/src/applications/phriction/controller/PhrictionEditController.php @@ -108,8 +108,8 @@ final class PhrictionEditController $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('No Edits')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'You did not make any changes to the document.'))); + $dialog->appendChild( + '

    '.pht('You did not make any changes to the document.').'

    '); $dialog->addCancelButton($request->getRequestURI()); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -122,8 +122,8 @@ final class PhrictionEditController $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Empty Page')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'You can not create an empty document.'))); + $dialog->appendChild( + '

    '.pht('You can not create an empty document.').'

    '); $dialog->addCancelButton($request->getRequestURI()); return id(new AphrontDialogResponse())->setDialog($dialog); @@ -231,15 +231,17 @@ final class PhrictionEditController ->setHeader($panel_header) ->appendChild($form); - $preview_panel = hsprintf( + $preview_panel = '
    -
    %s
    -
    -
    %s
    +
    + '.pht('Document Preview').'
    -
    ', - pht('Document Preview'), - pht('Loading preview...')); +
    +
    + '.pht('Loading preview...').' +
    +
    +
    '; Javelin::initBehavior( 'phriction-document-preview', diff --git a/src/applications/phriction/controller/PhrictionHistoryController.php b/src/applications/phriction/controller/PhrictionHistoryController.php index 68c570ba73..f09521fe62 100644 --- a/src/applications/phriction/controller/PhrictionHistoryController.php +++ b/src/applications/phriction/controller/PhrictionHistoryController.php @@ -49,7 +49,7 @@ final class PhrictionHistoryController $diff_uri = new PhutilURI('/phriction/diff/'.$document->getID().'/'); - $vs_previous = phutil_tag('em', array(), pht('Created')); + $vs_previous = ''.pht('Created').''; if ($content->getVersion() != 1) { $uri = $diff_uri ->alter('l', $content->getVersion() - 1) @@ -62,7 +62,7 @@ final class PhrictionHistoryController pht('Show Change')); } - $vs_head = phutil_tag('em', array(), pht('Current')); + $vs_head = ''.pht('Current').''; if ($content->getID() != $document->getContentID()) { $uri = $diff_uri ->alter('l', $content->getVersion()) @@ -90,7 +90,7 @@ final class PhrictionHistoryController pht('Version %s', $version)), $handles[$content->getAuthorPHID()]->renderLink(), $change_type, - $content->getDescription(), + phutil_escape_html($content->getDescription()), $vs_previous, $vs_head, ); diff --git a/src/applications/phriction/storage/PhrictionContent.php b/src/applications/phriction/storage/PhrictionContent.php index ebc252cba8..6c13c55fb7 100644 --- a/src/applications/phriction/storage/PhrictionContent.php +++ b/src/applications/phriction/storage/PhrictionContent.php @@ -75,19 +75,20 @@ final class PhrictionContent extends PhrictionDAO $engine); if ($toc) { - $toc = hsprintf( + $toc = '
    '. - '
    %s
    '. - '%s'. - '
    ', - pht('Table of Contents'), - $toc); + '
    '. + pht('Table of Contents'). + '
    '. + $toc. + ''; } - return hsprintf( - '
    %s%s
    ', - $toc, - $output); + return + '
    '. + $toc. + $output. + '
    '; } diff --git a/src/applications/policy/filter/PhabricatorPolicy.php b/src/applications/policy/filter/PhabricatorPolicy.php index 8f8d1120f8..305cae4cd1 100644 --- a/src/applications/policy/filter/PhabricatorPolicy.php +++ b/src/applications/policy/filter/PhabricatorPolicy.php @@ -84,7 +84,7 @@ final class PhabricatorPolicy { ), $this->getName()); } else { - $desc = $this->getName(); + $desc = phutil_escape_html($this->getName()); } switch ($this->getType()) { diff --git a/src/applications/ponder/controller/PonderAnswerSaveController.php b/src/applications/ponder/controller/PonderAnswerSaveController.php index 9f505a3287..85a311bcc6 100644 --- a/src/applications/ponder/controller/PonderAnswerSaveController.php +++ b/src/applications/ponder/controller/PonderAnswerSaveController.php @@ -23,8 +23,7 @@ final class PonderAnswerSaveController extends PonderController { $dialog = new AphrontDialogView(); $dialog->setUser($request->getUser()); $dialog->setTitle('Empty answer'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Your answer must not be empty.'))); + $dialog->appendChild('

    Your answer must not be empty.

    '); $dialog->addCancelButton('/Q'.$question_id); return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/ponder/controller/PonderCommentSaveController.php b/src/applications/ponder/controller/PonderCommentSaveController.php index 54bbc8a2ba..125fee9a52 100644 --- a/src/applications/ponder/controller/PonderCommentSaveController.php +++ b/src/applications/ponder/controller/PonderCommentSaveController.php @@ -32,8 +32,7 @@ final class PonderCommentSaveController extends PonderController { $dialog = new AphrontDialogView(); $dialog->setUser($request->getUser()); $dialog->setTitle('Empty comment'); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Your comment must not be empty.'))); + $dialog->appendChild('

    Your comment must not be empty.

    '); $dialog->addCancelButton('/Q'.$question_id); return id(new AphrontDialogResponse())->setDialog($dialog); diff --git a/src/applications/ponder/controller/PonderQuestionAskController.php b/src/applications/ponder/controller/PonderQuestionAskController.php index 77c6770ffe..405ce3f7c5 100644 --- a/src/applications/ponder/controller/PonderQuestionAskController.php +++ b/src/applications/ponder/controller/PonderQuestionAskController.php @@ -74,13 +74,14 @@ final class PonderQuestionAskController extends PonderController { id(new AphrontFormSubmitControl()) ->setValue('Ask Away!')); - $preview = hsprintf( + $preview = '
    '. '
    '. - '%s'. + ''. + pht('Loading question preview...'). + ''. '
    '. - '
    ', - pht('Loading question preview...')); + ''; Javelin::initBehavior( 'ponder-feedback-preview', diff --git a/src/applications/ponder/view/PonderAddAnswerView.php b/src/applications/ponder/view/PonderAddAnswerView.php index 80109f39e3..a4b199180c 100644 --- a/src/applications/ponder/view/PonderAddAnswerView.php +++ b/src/applications/ponder/view/PonderAddAnswerView.php @@ -44,14 +44,14 @@ final class PonderAddAnswerView extends AphrontView { id(new AphrontFormSubmitControl()) ->setValue($is_serious ? 'Submit' : 'Make it so')); - $preview = hsprintf( + $preview = '
    '. '
    '. ''. 'Loading answer preview...'. ''. '
    '. - '
    '); + ''; Javelin::initBehavior( 'ponder-feedback-preview', diff --git a/src/applications/ponder/view/PonderAnswerListView.php b/src/applications/ponder/view/PonderAnswerListView.php index 87c4674ae9..fa42d222a9 100644 --- a/src/applications/ponder/view/PonderAnswerListView.php +++ b/src/applications/ponder/view/PonderAnswerListView.php @@ -70,8 +70,7 @@ final class PonderAnswerListView extends AphrontView { $panel->appendChild($view); $panel->appendChild($commentview); - $panel->appendChild( - hsprintf('
    ')); + $panel->appendChild('
    '); } diff --git a/src/applications/ponder/view/PonderPostBodyView.php b/src/applications/ponder/view/PonderPostBodyView.php index 1f02c5e8ff..4bfb4362ea 100644 --- a/src/applications/ponder/view/PonderPostBodyView.php +++ b/src/applications/ponder/view/PonderPostBodyView.php @@ -64,7 +64,7 @@ final class PonderPostBodyView extends AphrontView { $content); $author = $this->handles[$target->getAuthorPHID()]; - $actions = array(hsprintf('%s %s', $author->renderLink(), $this->action)); + $actions = array($author->renderLink().' '.$this->action); $author_link = $author->renderLink(); $xaction_view = id(new PhabricatorTransactionView()) ->setUser($user) diff --git a/src/applications/ponder/view/PonderQuestionSummaryView.php b/src/applications/ponder/view/PonderQuestionSummaryView.php index 8bac384084..530267f400 100644 --- a/src/applications/ponder/view/PonderQuestionSummaryView.php +++ b/src/applications/ponder/view/PonderQuestionSummaryView.php @@ -43,29 +43,34 @@ final class PonderQuestionSummaryView extends AphrontView { '', $question->getAnswerCount()); - $title = hsprintf('

    %s

    ', - phutil_tag( - 'a', - array( - "href" => '/Q' . $question->getID(), - ), - 'Q' . $question->getID() . - ' ' . $question->getTitle() - )); + $title = + '

    '. + phutil_tag( + 'a', + array( + "href" => '/Q' . $question->getID(), + ), + 'Q' . $question->getID() . + ' ' . $question->getTitle() + ) . + '

    '; - $rhs = hsprintf( + $rhs = '
    '. - '%s asked on %s by %s'. - '
    ', - $title, - phabricator_datetime($question->getDateCreated(), $user), - $authorlink); + $title. + ''. + 'asked on '. + phabricator_datetime($question->getDateCreated(), $user). + ' by ' . $authorlink. + ''. + ''; - $summary = hsprintf( - '
    %s%s%s
    ', - $votecount, - $answercount, - $rhs); + $summary = + '
    '. + $votecount. + $answercount. + $rhs. + '
    '; return $summary; diff --git a/src/applications/ponder/view/PonderVotableView.php b/src/applications/ponder/view/PonderVotableView.php index 11cbe6cde0..a00e6bee07 100644 --- a/src/applications/ponder/view/PonderVotableView.php +++ b/src/applications/ponder/view/PonderVotableView.php @@ -63,7 +63,7 @@ final class PonderVotableView extends AphrontView { ), $this->count); - return javelin_tag( + return javelin_render_tag( 'div', array( 'class' => 'ponder-votable', @@ -80,7 +80,7 @@ final class PonderVotableView extends AphrontView { 'class' => 'ponder-votebox', ), array($up, $count, $down)), - phutil_tag( + phutil_render_tag( 'div', array( 'class' => 'ponder-votebox-content', diff --git a/src/applications/project/controller/PhabricatorProjectListController.php b/src/applications/project/controller/PhabricatorProjectListController.php index ffcd020baa..704acef6e5 100644 --- a/src/applications/project/controller/PhabricatorProjectListController.php +++ b/src/applications/project/controller/PhabricatorProjectListController.php @@ -97,9 +97,10 @@ final class PhabricatorProjectListController 'href' => '/project/view/'.$project->getID().'/', ), $project->getName()), - PhabricatorProjectStatus::getNameForStatus($project->getStatus()), - $blurb, - $population, + phutil_escape_html( + PhabricatorProjectStatus::getNameForStatus($project->getStatus())), + phutil_escape_html($blurb), + phutil_escape_html($population), phutil_tag( 'a', array( diff --git a/src/applications/project/controller/PhabricatorProjectMembersEditController.php b/src/applications/project/controller/PhabricatorProjectMembersEditController.php index 1d817d691c..1c1dfa7473 100644 --- a/src/applications/project/controller/PhabricatorProjectMembersEditController.php +++ b/src/applications/project/controller/PhabricatorProjectMembersEditController.php @@ -113,7 +113,7 @@ final class PhabricatorProjectMembersEditController $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->setNoBackground(); $panel->appendChild($form); - $panel->appendChild(phutil_tag('br')); + $panel->appendChild('
    '); $panel->appendChild($faux_form); $nav = $this->buildLocalNavigation($project); diff --git a/src/applications/project/controller/PhabricatorProjectProfileController.php b/src/applications/project/controller/PhabricatorProjectProfileController.php index a4b22e6fdf..df47270792 100644 --- a/src/applications/project/controller/PhabricatorProjectProfileController.php +++ b/src/applications/project/controller/PhabricatorProjectProfileController.php @@ -55,7 +55,7 @@ final class PhabricatorProjectProfileController $query->setViewer($this->getRequest()->getUser()); $stories = $query->execute(); - $content = hsprintf('%s%s', $content, $this->renderStories($stories)); + $content .= $this->renderStories($stories); break; case 'about': $content = $this->renderAboutPage($project, $profile); @@ -114,7 +114,7 @@ final class PhabricatorProjectProfileController $nav_view->appendChild($header); - $content = hsprintf('
    %s
    ', $content); + $content = '
    '.$content.'
    '; $header->appendChild($content); return $this->buildApplicationPage( @@ -183,23 +183,25 @@ final class PhabricatorProjectProfileController $affiliated = array(); foreach ($handles as $phids => $handle) { - $affiliated[] = phutil_tag('li', array(), $handle->renderLink()); + $affiliated[] = '
  • '.$handle->renderLink().'
    • '; } if ($affiliated) { - $affiliated = phutil_tag('ul', array(), $affiliated); + $affiliated = '
      '.implode("\n", $affiliated).'
    '; } else { - $affiliated = hsprintf('

    %s

    ', pht( - 'No one is affiliated with this project.')); + $affiliated = + '

    '. + pht('No one is affiliated with this project.'). + '

    '; } - return hsprintf( + return '
    '. - '

    %s

    '. - '
    %s
    '. - '
    ', - pht('People'), - $affiliated); + '

    '.pht('People').'

    '. + '
    '. + $affiliated. + '
    '. + ''; } private function renderFeedPage( @@ -226,13 +228,15 @@ final class PhabricatorProjectProfileController $builder->setUser($this->getRequest()->getUser()); $view = $builder->buildView(); - return hsprintf( + return '
    '. - '

    %s

    '. - '
    %s
    '. - '
    ', - pht('Activity Feed'), - $view->render()); + '

    '. + pht('Activity Feed'). + '

    '. + '
    '. + $view->render(). + '
    '. + ''; } @@ -263,9 +267,9 @@ final class PhabricatorProjectProfileController } if (empty($tasks)) { - $task_views = phutil_tag('em', array(), pht('No open tasks.')); + $task_views = ''.pht('No open tasks.').''; } else { - $task_views = phutil_implode_html('', $task_views); + $task_views = implode('', $task_views); } $open = number_format($count); @@ -277,17 +281,18 @@ final class PhabricatorProjectProfileController ), pht("View All Open Tasks \xC2\xBB")); - $content = hsprintf( + $content = '
    -

    %s

    '. +

    '. + pht("Open Tasks (%d)", $open). + '

    '. '
    '. - '%s'. - '
    %s
    '. + $task_views. + '
    '. + $more_link. + '
    '. '
    -
    ', - pht('Open Tasks (%s)', $open), - $task_views, - $more_link); + '; return $content; } diff --git a/src/applications/project/controller/PhabricatorProjectUpdateController.php b/src/applications/project/controller/PhabricatorProjectUpdateController.php index 2c27daf760..f6b6910eda 100644 --- a/src/applications/project/controller/PhabricatorProjectUpdateController.php +++ b/src/applications/project/controller/PhabricatorProjectUpdateController.php @@ -62,9 +62,11 @@ final class PhabricatorProjectUpdateController $dialog = new AphrontDialogView(); $dialog->setUser($user); $dialog->setTitle(pht('Really leave project?')); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Your tremendous contributions to this project will be sorely '. - 'missed. Are you sure you want to leave?'))); + $dialog->appendChild( + '

    '. + pht('Your tremendous contributions to this project will be sorely '. + 'missed. Are you sure you want to leave?'). + '

    '); $dialog->addCancelButton($project_uri); $dialog->addSubmitButton(pht('Leave Project')); break; diff --git a/src/applications/remarkup/conduit/ConduitAPI_remarkup_process_Method.php b/src/applications/remarkup/conduit/ConduitAPI_remarkup_process_Method.php index fd827987fc..7d51f23d26 100644 --- a/src/applications/remarkup/conduit/ConduitAPI_remarkup_process_Method.php +++ b/src/applications/remarkup/conduit/ConduitAPI_remarkup_process_Method.php @@ -45,7 +45,7 @@ final class ConduitAPI_remarkup_process_Method extends ConduitAPIMethod { $text = $engine->markupText($content); if ($text) { - $content = hsprintf('%s', $text)->getHTMLContent(); + $content = phutil_safe_html($text)->getHTMLContent(); } else { $content = ''; } diff --git a/src/applications/repository/controller/PhabricatorRepositoryListController.php b/src/applications/repository/controller/PhabricatorRepositoryListController.php index f09c5096ae..3b32685467 100644 --- a/src/applications/repository/controller/PhabricatorRepositoryListController.php +++ b/src/applications/repository/controller/PhabricatorRepositoryListController.php @@ -27,12 +27,12 @@ final class PhabricatorRepositoryListController ), 'View in Diffusion'); } else { - $diffusion_link = phutil_tag('em', array(), 'Not Tracked'); + $diffusion_link = 'Not Tracked'; } $rows[] = array( - $repo->getCallsign(), - $repo->getName(), + phutil_escape_html($repo->getCallsign()), + phutil_escape_html($repo->getName()), PhabricatorRepositoryType::getNameForRepositoryType( $repo->getVersionControlSystem()), $diffusion_link, @@ -98,13 +98,13 @@ final class PhabricatorRepositoryListController foreach ($projects as $project) { $repo = idx($repos, $project->getRepositoryID()); if ($repo) { - $repo_name = $repo->getName(); + $repo_name = phutil_escape_html($repo->getName()); } else { $repo_name = '-'; } $rows[] = array( - $project->getName(), + phutil_escape_html($project->getName()), $repo_name, phutil_tag( 'a', diff --git a/src/applications/search/controller/PhabricatorSearchController.php b/src/applications/search/controller/PhabricatorSearchController.php index e0f128a73e..93e55a11de 100644 --- a/src/applications/search/controller/PhabricatorSearchController.php +++ b/src/applications/search/controller/PhabricatorSearchController.php @@ -242,18 +242,18 @@ final class PhabricatorSearchController ->setObject(idx($objects, $phid)); $results[] = $view->render(); } - $results = hsprintf( + $results = '
    '. - '%s'. - '
    %s
    '. - '
    ', - phutil_implode_html("\n", $results), - $pager->render()); + implode("\n", $results). + '
    '. + $pager->render(). + '
    '. + ''; } else { - $results = hsprintf( + $results = '
    '. '

    No search results.

    '. - '
    '); + ''; } } else { $results = null; diff --git a/src/applications/search/view/PhabricatorSearchResultView.php b/src/applications/search/view/PhabricatorSearchResultView.php index 0a95bdff54..821853d2aa 100644 --- a/src/applications/search/view/PhabricatorSearchResultView.php +++ b/src/applications/search/view/PhabricatorSearchResultView.php @@ -70,25 +70,21 @@ final class PhabricatorSearchResultView extends AphrontView { break; } - return hsprintf( + return '
    '. - '%s'. + $img. '
    '. - '%s'. - '
    %s · %s
    '. + phutil_tag( + 'a', + array( + 'class' => 'result-name', + 'href' => $handle->getURI(), + ), + $this->emboldenQuery($object_name)). + '
    '.$type_name.' · '.$link.'
    '. '
    '. '
    '. - '
    ', - $img, - phutil_tag( - 'a', - array( - 'class' => 'result-name', - 'href' => $handle->getURI(), - ), - $this->emboldenQuery($object_name)), - $type_name, - $link); + ''; } private function emboldenQuery($str) { diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php b/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php index 7c9199e279..d4ccec4194 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelConduit.php @@ -26,9 +26,9 @@ final class PhabricatorSettingsPanelConduit $dialog->setSubmitURI($this->getPanelURI()); $dialog->addSubmitButton('Regenerate'); $dialog->addCancelbutton($this->getPanelURI()); - $dialog->appendChild(phutil_tag('p', array(), pht( - 'Really destroy the old certificate? Any established '. - 'sessions will be terminated.'))); + $dialog->appendChild( + '

    Really destroy the old certificate? Any established '. + 'sessions will be terminated.'); return id(new AphrontDialogResponse()) ->setDialog($dialog); diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php index 09d385c506..86a0d10dbc 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelEmailAddresses.php @@ -103,7 +103,7 @@ final class PhabricatorSettingsPanelEmailAddresses } $rows[] = array( - $email->getAddress(), + phutil_escape_html($email->getAddress()), $action, $remove, ); @@ -191,9 +191,9 @@ final class PhabricatorSettingsPanelEmailAddresses ->setUser($user) ->addHiddenInput('new', 'verify') ->setTitle('Verification Email Sent') - ->appendChild(phutil_tag('p', array(), pht( - 'A verification email has been sent. Click the link in the '. - 'email to verify your address.'))) + ->appendChild( + '

    A verification email has been sent. Click the link in the '. + 'email to verify your address.

    ') ->setSubmitURI($uri) ->addSubmitButton('Done'); @@ -264,9 +264,9 @@ final class PhabricatorSettingsPanelEmailAddresses ->setUser($user) ->addHiddenInput('delete', $email_id) ->setTitle("Really delete address '{$address}'?") - ->appendChild(phutil_tag('p', array(), pht( - 'Are you sure you want to delete this address? You will no '. - 'longer be able to use it to login.'))) + ->appendChild( + '

    Are you sure you want to delete this address? You will no '. + 'longer be able to use it to login.

    ') ->addSubmitButton('Delete') ->addCancelButton($uri); diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelLDAP.php b/src/applications/settings/panel/PhabricatorSettingsPanelLDAP.php index 4adb085f63..25df530fdb 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelLDAP.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelLDAP.php @@ -75,7 +75,7 @@ final class PhabricatorSettingsPanelLDAP foreach ($forms as $name => $form) { if ($name) { - $panel->appendChild(hsprintf('

    %s


    ', $name)); + $panel->appendChild('

    '.$name.'


    '); } $panel->appendChild($form); } diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php b/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php index a1df581abb..b95640ba48 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelOAuth.php @@ -215,7 +215,7 @@ final class PhabricatorSettingsPanelOAuth foreach ($forms as $name => $form) { if ($name) { - $panel->appendChild(hsprintf('

    %s


    ', $name)); + $panel->appendChild('

    '.$name.'


    '); } $panel->appendChild($form); } diff --git a/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php b/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php index 0519e45c54..133c45ec9c 100644 --- a/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php +++ b/src/applications/settings/panel/PhabricatorSettingsPanelSSHKeys.php @@ -182,8 +182,8 @@ final class PhabricatorSettingsPanelSSHKeys 'href' => $this->getPanelURI('?edit='.$key->getID()), ), $key->getName()), - $key->getKeyComment(), - $key->getKeyType(), + phutil_escape_html($key->getKeyComment()), + phutil_escape_html($key->getKeyType()), phabricator_date($key->getDateCreated(), $user), phabricator_time($key->getDateCreated(), $user), javelin_tag( @@ -240,7 +240,7 @@ final class PhabricatorSettingsPanelSSHKeys $user = $request->getUser(); - $name = phutil_tag('strong', array(), $key->getName()); + $name = phutil_escape_html($key->getName()); if ($request->isDialogFormPost()) { $key->delete(); @@ -252,10 +252,10 @@ final class PhabricatorSettingsPanelSSHKeys ->setUser($user) ->addHiddenInput('delete', $key->getID()) ->setTitle('Really delete SSH Public Key?') - ->appendChild(phutil_tag('p', array(), pht( - 'The key "%s" will be permanently deleted, and you will not longer be '. - 'able to use the corresponding private key to authenticate.', - $name))) + ->appendChild( + '

    The key "'.$name.'" will be permanently deleted, '. + 'and you will not longer be able to use the corresponding private key '. + 'to authenticate.

    ') ->addSubmitButton('Delete Public Key') ->addCancelButton($this->getPanelURI()); diff --git a/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php b/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php index 5c39fda9d1..44b3a06d5d 100644 --- a/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php +++ b/src/applications/slowvote/controller/PhabricatorSlowvotePollController.php @@ -177,11 +177,11 @@ final class PhabricatorSlowvotePollController $panel = new AphrontPanelView(); - $panel->setHeader($poll->getQuestion()); + $panel->setHeader(phutil_escape_html($poll->getQuestion())); $panel->setWidth(AphrontPanelView::WIDTH_WIDE); $panel->appendChild($form); - $panel->appendChild(hsprintf('

    ')); + $panel->appendChild('

    '); $panel->appendChild($result_markup); return $this->buildStandardPageResponse( @@ -203,7 +203,8 @@ final class PhabricatorSlowvotePollController foreach ($comments as $comment) { $handle = $handles[$comment->getAuthorPHID()]; - $markup = $engine->markupText($comment->getCommentText()); + $markup = phutil_safe_html( + $engine->markupText($comment->getCommentText())); require_celerity_resource('phabricator-remarkup-css'); diff --git a/src/applications/subscriptions/events/PhabricatorSubscriptionsUIEventListener.php b/src/applications/subscriptions/events/PhabricatorSubscriptionsUIEventListener.php index 93e5144ae0..3a3c7deb3a 100644 --- a/src/applications/subscriptions/events/PhabricatorSubscriptionsUIEventListener.php +++ b/src/applications/subscriptions/events/PhabricatorSubscriptionsUIEventListener.php @@ -36,7 +36,7 @@ final class PhabricatorSubscriptionsUIEventListener ->setDisabled(true) ->setRenderAsForm(true) ->setHref('/subscriptions/add/'.$object->getPHID().'/') - ->setName('Automatically Subscribed') + ->setName(phutil_escape_html('Automatically Subscribed')) ->setIcon('subscribe-auto'); } else { $subscribed = false; @@ -59,7 +59,7 @@ final class PhabricatorSubscriptionsUIEventListener ->setWorkflow(true) ->setRenderAsForm(true) ->setHref('/subscriptions/delete/'.$object->getPHID().'/') - ->setName('Unsubscribe') + ->setName(phutil_escape_html('Unsubscribe')) ->setIcon('subscribe-delete'); } else { $sub_action = id(new PhabricatorActionView()) @@ -67,7 +67,7 @@ final class PhabricatorSubscriptionsUIEventListener ->setWorkflow(true) ->setRenderAsForm(true) ->setHref('/subscriptions/add/'.$object->getPHID().'/') - ->setName('Subscribe') + ->setName(phutil_escape_html('Subscribe')) ->setIcon('subscribe-add'); } diff --git a/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php b/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php index fe63299d1b..9c1caab76e 100644 --- a/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php +++ b/src/applications/transactions/response/PhabricatorApplicationTransactionNoEffectResponse.php @@ -57,8 +57,7 @@ final class PhabricatorApplicationTransactionNoEffectResponse ->setTitle($title); foreach ($xactions as $xaction) { - $dialog->appendChild( - phutil_tag('p', array(), $xaction->getNoEffectDescription())); + $dialog->appendChild('

    '.$xaction->getNoEffectDescription().'

    '); } $dialog->appendChild($tail); diff --git a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php index 6494929c15..00bbde7e3d 100644 --- a/src/applications/transactions/storage/PhabricatorApplicationTransaction.php +++ b/src/applications/transactions/storage/PhabricatorApplicationTransaction.php @@ -134,7 +134,7 @@ abstract class PhabricatorApplicationTransaction if ($this->renderingTarget == self::TARGET_HTML) { return $this->getHandle($phid)->renderLink(); } else { - return hsprintf('%s', $this->getHandle($phid)->getName()); + return $this->getHandle($phid)->getName(); } } @@ -143,7 +143,7 @@ abstract class PhabricatorApplicationTransaction foreach ($phids as $phid) { $links[] = $this->renderHandleLink($phid); } - return phutil_implode_html(', ', $links); + return phutil_safe_html(implode(', ', $links)); } public function getIcon() { @@ -218,16 +218,16 @@ abstract class PhabricatorApplicationTransaction '%s changed the visibility of this %s from "%s" to "%s".', $this->renderHandleLink($author_phid), $this->getApplicationObjectTypeName(), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); case PhabricatorTransactions::TYPE_EDIT_POLICY: // TODO: Render human-readable. return pht( '%s changed the edit policy of this %s from "%s" to "%s".', $this->renderHandleLink($author_phid), $this->getApplicationObjectTypeName(), - $old, - $new); + phutil_escape_html($old), + phutil_escape_html($new)); case PhabricatorTransactions::TYPE_SUBSCRIBERS: $add = array_diff($new, $old); $rem = array_diff($old, $new); diff --git a/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php b/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php index a943ec6179..aba6d84bab 100644 --- a/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php +++ b/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php @@ -128,7 +128,7 @@ class PhabricatorApplicationTransactionCommentView extends AphrontView { 'id' => $this->getPreviewPanelID(), 'style' => 'display: none', ), - self::renderSingleView( + self::renderHTMLView( array( $header, $preview, diff --git a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php index 96c106e60e..07bcbafd47 100644 --- a/src/applications/transactions/view/PhabricatorApplicationTransactionView.php +++ b/src/applications/transactions/view/PhabricatorApplicationTransactionView.php @@ -99,8 +99,8 @@ class PhabricatorApplicationTransactionView extends AphrontView { $event->appendChild( $engine->getOutput($xaction->getComment(), $field)); } else if ($has_deleted_comment) { - $event->appendChild(phutil_tag('em', array(), pht( - 'This comment has been deleted.'))); + $event->appendChild( + ''.pht('This comment has been deleted.').''); } $events[] = $event; diff --git a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php index 18b3cceffe..5d61db7853 100644 --- a/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php +++ b/src/applications/typeahead/controller/PhabricatorTypeaheadCommonDatasourceController.php @@ -297,6 +297,9 @@ final class PhabricatorTypeaheadCommonDatasourceController $rows = array(); foreach ($results as $result) { $wire = $result->getWireFormat(); + foreach ($wire as $k => $v) { + $wire[$k] = phutil_escape_html($v); + } $rows[] = $wire; } diff --git a/src/applications/uiexample/examples/PhabricatorActionListExample.php b/src/applications/uiexample/examples/PhabricatorActionListExample.php index 1fe7698ebc..33df2496b5 100644 --- a/src/applications/uiexample/examples/PhabricatorActionListExample.php +++ b/src/applications/uiexample/examples/PhabricatorActionListExample.php @@ -104,7 +104,7 @@ final class PhabricatorActionListExample extends PhabricatorUIExample { return array( $view, - hsprintf('
    '), + '
    ', $notices, ); } diff --git a/src/applications/uiexample/examples/PhabricatorButtonsExample.php b/src/applications/uiexample/examples/PhabricatorButtonsExample.php index fb7f0958bc..0a3e57f715 100644 --- a/src/applications/uiexample/examples/PhabricatorButtonsExample.php +++ b/src/applications/uiexample/examples/PhabricatorButtonsExample.php @@ -35,11 +35,11 @@ final class PhabricatorButtonsExample extends PhabricatorUIExample { ), ucwords($size.' '.$color.' '.$tag)); - $view[] = hsprintf('

    '); + $view[] = '

    '; } } } - return phutil_tag('div', array('style' => 'margin: 1em 2em;'), $view); + return '
    '.implode('', $view).'
    '; } } diff --git a/src/applications/uiexample/examples/PhabricatorTagExample.php b/src/applications/uiexample/examples/PhabricatorTagExample.php index 80518363ae..e70a4f3a34 100644 --- a/src/applications/uiexample/examples/PhabricatorTagExample.php +++ b/src/applications/uiexample/examples/PhabricatorTagExample.php @@ -19,7 +19,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setName('@alincoln') ->setHref('#'); $tags[] = ' how is stuff?'; - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = 'Did you hear that '; @@ -41,7 +41,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setDotColor(PhabricatorTagView::COLOR_GREY) ->setHref('#'); $tags[] = ' is gone?'; - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = 'Take a look at '; $tags[] = id(new PhabricatorTagView()) @@ -49,7 +49,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setName('D123') ->setHref('#'); $tags[] = ' when you get a chance.'; - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = 'Hmm? '; $tags[] = id(new PhabricatorTagView()) @@ -63,7 +63,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setBackgroundColor(PhabricatorTagView::COLOR_BLACK) ->setName('Abandoned'); $tags[] = '.'; - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = 'I hope someone is going to '; $tags[] = id(new PhabricatorTagView()) @@ -77,7 +77,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setBackgroundColor(PhabricatorTagView::COLOR_REDORANGE) ->setName('High Priority'); $tags[] = '!'; - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = id(new PhabricatorHeaderView()) @@ -89,7 +89,7 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setType(PhabricatorTagView::TYPE_STATE) ->setBackgroundColor($color) ->setName(ucwords($color)); - $tags[] = hsprintf('

    '); + $tags[] = '

    '; } $tags[] = id(new PhabricatorHeaderView()) @@ -101,14 +101,14 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setDotColor(PhabricatorTagView::COLOR_RED) ->setBarColor(PhabricatorTagView::COLOR_RED) ->setName('Christmas'); - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = id(new PhabricatorTagView()) ->setType(PhabricatorTagView::TYPE_OBJECT) ->setBackgroundColor(PhabricatorTagView::COLOR_ORANGE) ->setDotColor(PhabricatorTagView::COLOR_BLACK) ->setBarColor(PhabricatorTagView::COLOR_BLACK) ->setName('Halloween'); - $tags[] = hsprintf('

    '); + $tags[] = '

    '; $tags[] = id(new PhabricatorTagView()) ->setType(PhabricatorTagView::TYPE_STATE) ->setBackgroundColor(PhabricatorTagView::COLOR_MAGENTA) @@ -116,9 +116,10 @@ final class PhabricatorTagExample extends PhabricatorUIExample { ->setBarColor(PhabricatorTagView::COLOR_BLUE) ->setName('Easter'); - return phutil_tag( - 'div', - array('style' => 'padding: 1em 2em;'), - $tags); + return array( + '
    ', + $tags, + '
    ', + ); } } diff --git a/src/applications/uiexample/examples/PhabricatorUINotificationExample.php b/src/applications/uiexample/examples/PhabricatorUINotificationExample.php index 3c53b2da47..429f6c1a12 100644 --- a/src/applications/uiexample/examples/PhabricatorUINotificationExample.php +++ b/src/applications/uiexample/examples/PhabricatorUINotificationExample.php @@ -23,7 +23,7 @@ final class PhabricatorUINotificationExample extends PhabricatorUIExample { ), 'Show Notification'); - $content = hsprintf('
    %s
    ', $content); + $content = '
    '.$content.''; return $content; } diff --git a/src/applications/uiexample/examples/PhabricatorUIPagerExample.php b/src/applications/uiexample/examples/PhabricatorUIPagerExample.php index 1d34e84792..f50a335547 100644 --- a/src/applications/uiexample/examples/PhabricatorUIPagerExample.php +++ b/src/applications/uiexample/examples/PhabricatorUIPagerExample.php @@ -35,10 +35,10 @@ final class PhabricatorUIPagerExample extends PhabricatorUIExample { $panel = new AphrontPanelView(); $panel->appendChild($table); - $panel->appendChild(hsprintf( + $panel->appendChild( '

    '. 'Use AphrontPagerView to render a pager element.'. - '

    ')); + '

    '); $pager = new AphrontPagerView(); $pager->setPageSize($page_size); @@ -47,10 +47,10 @@ final class PhabricatorUIPagerExample extends PhabricatorUIExample { $pager->setURI($request->getRequestURI(), 'offset'); $panel->appendChild($pager); - $panel->appendChild(hsprintf( + $panel->appendChild( '

    '. 'You can show more or fewer pages of surrounding context.'. - '

    ')); + '

    '); $many_pages_pager = new AphrontPagerView(); $many_pages_pager->setPageSize($page_size); @@ -60,12 +60,12 @@ final class PhabricatorUIPagerExample extends PhabricatorUIExample { $many_pages_pager->setSurroundingPages(7); $panel->appendChild($many_pages_pager); - $panel->appendChild(hsprintf( + $panel->appendChild( '

    '. 'When it is prohibitively expensive or complex to attain a complete '. 'count of the items, you can select one extra item and set '. 'hasMorePages(true) if it exists, creating an inexact pager.'. - '

    ')); + '

    '); $inexact_pager = new AphrontPagerView(); $inexact_pager->setPageSize($page_size); diff --git a/src/docs/developer/rendering_html.diviner b/src/docs/developer/rendering_html.diviner index 5cd2c661d5..185c43caf9 100644 --- a/src/docs/developer/rendering_html.diviner +++ b/src/docs/developer/rendering_html.diviner @@ -108,13 +108,13 @@ must to maintain backward compatibility.) If you need to build a list of items with some element in between each of them (like a middot, comma, or vertical bar) you can use -@{function:phutil_implode_html}: +@{function:array_interleave}: // Render links with commas between them. phutil_tag( 'div', array(), - phutil_implode_html(', ', $list_of_links)); + array_interleave(', ', $list_of_links)); = AphrontView Classes = @@ -124,6 +124,14 @@ return `phutil_tag()` or `javelin_tag()`: return phutil_tag('div', ...); +@{class:AphrontView} subclasses can use `renderHTMLChildren()` and +`renderHTMLView()` to build @{class@libphutil:PhutilSafeHTML} objects from +children or arbitrary lists of components. + +@{class:AphrontView} subclasses should avoid `renderChildren()` and +`renderSingleView()` and transition callers to the `HTML` varieties. These older +methods do not return @{class@libphutil:PhutilSafeHTML} objects. + = Internationalization: pht() = The @{function:pht} function has some special rules. If any input to @@ -148,36 +156,16 @@ calling @{function:phutil_safe_html} on it. This is **dangerous**, because if you are wrong and the string is not actually safe, you have introduced an XSS vulnerability. Consequently, you should avoid calling this if possible. -You can use @{function@libphutil:phutil_escape_html_newlines} to escape HTML -while converting newlines to `
    `. You should not need to explicitly use -@{function@libphutil:phutil_escape_html} anywhere. +You can use @{function@libphutil:phutil_escape_html} to explicitly escape an +HTML string. You should not normally need to use it. -If you need to apply a string function (such as `trim()`) to safe HTML, use -@{method@libphutil:PhutilSafeHTML::applyFunction}. +You can use @{function@libphutil:phutil_escape_html_newlines} to escape HTML +while converting newlines to `
    `. If you need to extract the content of a @{class@libphutil:PhutilSafeHTML} object, you should call `getHTMLContent()`, not cast it to a string. Eventually, we would like to remove the string cast entirely. -Functions @{function@libphutil:phutil_tag} and @{function@libphutil:hsprintf} -are not safe if you pass the user input for the tag or attribute name. All the -following examples are dangerous: - - counterexample - phutil_tag($evil); - - phutil_tag('span', array($evil => $evil2)); - - // Use PhutilURI to check if $evil is valid HTTP link. - phutil_tag('a', array('href' => $evil)); - - phutil_tag('span', array('onmouseover' => $evil)); - - hsprintf('<%s>%s', $evil, $evil2, $evil); - - // We have a lint rule disallowing this. - hsprintf($evil); - = Deprecated Functions = The functions @{function@libphutil:phutil_render_tag} and diff --git a/src/infrastructure/celerity/CelerityStaticResourceResponse.php b/src/infrastructure/celerity/CelerityStaticResourceResponse.php index 1545cd2ee0..a90dcb498e 100644 --- a/src/infrastructure/celerity/CelerityStaticResourceResponse.php +++ b/src/infrastructure/celerity/CelerityStaticResourceResponse.php @@ -98,9 +98,8 @@ final class CelerityStaticResourceResponse { $this->hasRendered[$resource['uri']] = true; $output[] = $this->renderResource($resource); - $output[] = "\n"; } - return phutil_implode_html('', $output); + return implode("\n", $output)."\n"; } private function renderResource(array $resource) { @@ -181,9 +180,8 @@ final class CelerityStaticResourceResponse { if ($data) { $data = implode("\n", $data); - return hsprintf( - '', - phutil_safe_html($data)); + return ''; } else { return ''; } diff --git a/src/infrastructure/diff/PhabricatorInlineCommentController.php b/src/infrastructure/diff/PhabricatorInlineCommentController.php index 3a8ad2f1ad..99fe0b70da 100644 --- a/src/infrastructure/diff/PhabricatorInlineCommentController.php +++ b/src/infrastructure/diff/PhabricatorInlineCommentController.php @@ -71,7 +71,7 @@ abstract class PhabricatorInlineCommentController $dialog->setTitle('Really delete this comment?'); $dialog->addHiddenInput('id', $this->getCommentID()); $dialog->addHiddenInput('op', 'delete'); - $dialog->appendChild(hsprintf('

    Delete this inline comment?

    ')); + $dialog->appendChild('

    Delete this inline comment?

    '); $dialog->addCancelButton('#'); $dialog->addSubmitButton('Delete'); diff --git a/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php b/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php index 77e6e67e60..cd9a65be96 100644 --- a/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php +++ b/src/infrastructure/diff/PhabricatorInlineCommentPreviewController.php @@ -34,7 +34,7 @@ abstract class PhabricatorInlineCommentPreviewController $view->setPreview(true); $views[] = $view->render(); } - $views = phutil_implode_html("\n", $views); + $views = implode("\n", $views); return id(new AphrontAjaxResponse()) ->setContent($views); diff --git a/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php b/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php index f8686ebba0..de792665fb 100644 --- a/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php +++ b/src/infrastructure/diff/view/PhabricatorInlineSummaryView.php @@ -15,7 +15,7 @@ final class PhabricatorInlineSummaryView extends AphrontView { public function render() { require_celerity_resource('inline-comment-summary-css'); - return hsprintf('%s%s', $this->renderHeader(), $this->renderTable()); + return $this->renderHeader().$this->renderTable(); } private function renderHeader() { @@ -79,26 +79,19 @@ final class PhabricatorInlineSummaryView extends AphrontView { $where = idx($item, 'where'); - $colspan = ($has_where ? null : 2); - $rows[] = hsprintf( + $colspan = ($has_where ? '' : ' colspan="2"'); + $rows[] = ''. - '%s'. - '%s'. - '%s'. - '', - $lines, - ($has_where - ? hsprintf('%s', $where) - : null), - phutil_tag( - 'td', - array( - 'class' => 'inline-summary-content', - 'colspan' => $colspan, - ), - hsprintf( - '
    %s
    ', - $item['content']))); + ''.$lines.''. + ($has_where + ? hsprintf('%s', $where) + : null). + ''. + '
    '. + $item['content']. + '
    '. + ''. + ''; } } @@ -107,7 +100,7 @@ final class PhabricatorInlineSummaryView extends AphrontView { array( 'class' => 'phabricator-inline-summary-table', ), - phutil_implode_html("\n", $rows)); + new PhutilSafeHTML(implode("\n", $rows))); } } diff --git a/src/infrastructure/lint/PhabricatorLintEngine.php b/src/infrastructure/lint/PhabricatorLintEngine.php index 28fb9967e6..391d9fb5d1 100644 --- a/src/infrastructure/lint/PhabricatorLintEngine.php +++ b/src/infrastructure/lint/PhabricatorLintEngine.php @@ -5,24 +5,6 @@ final class PhabricatorLintEngine extends PhutilLintEngine { public function buildLinters() { $linters = parent::buildLinters(); - foreach ($linters as $linter) { - if ($linter instanceof ArcanistPhutilXHPASTLinter) { - $linter->setDeprecatedFunctions(array( - 'phutil_escape_html' => - 'The phutil_escape_html() function is deprecated. Raw strings '. - 'passed to phutil_tag() or hsprintf() are escaped automatically.', - - 'javelin_render_tag' => - 'The javelin_render_tag() function is deprecated and unsafe. '. - 'Use javelin_tag() instead.', - - 'phabricator_render_form' => - 'The phabricator_render_form() function is deprecated and unsafe. '. - 'Use phabricator_form() instead.', - )); - } - } - $paths = $this->getPaths(); foreach ($paths as $key => $path) { diff --git a/src/infrastructure/markup/PhabricatorMarkupEngine.php b/src/infrastructure/markup/PhabricatorMarkupEngine.php index f242519c18..5e9a96d31d 100644 --- a/src/infrastructure/markup/PhabricatorMarkupEngine.php +++ b/src/infrastructure/markup/PhabricatorMarkupEngine.php @@ -41,7 +41,7 @@ final class PhabricatorMarkupEngine { private $objects = array(); private $viewer; - private $version = 3; + private $version = 2; /* -( Markup Pipeline )---------------------------------------------------- */ @@ -160,7 +160,7 @@ final class PhabricatorMarkupEngine { "Call process() before getOutput()."); } - return $this->objects[$key]['output']; + return new PhutilSafeHTML($this->objects[$key]['output']); } @@ -424,6 +424,7 @@ final class PhabricatorMarkupEngine { $rules[] = new PhabricatorRemarkupRuleMention(); + $rules[] = new PhutilRemarkupRuleEscapeHTML(); $rules[] = new PhutilRemarkupRuleBold(); $rules[] = new PhutilRemarkupRuleItalic(); $rules[] = new PhutilRemarkupRuleDel(); @@ -449,6 +450,7 @@ final class PhabricatorMarkupEngine { foreach ($blocks as $block) { if ($block instanceof PhutilRemarkupEngineRemarkupLiteralBlockRule) { $literal_rules = array(); + $literal_rules[] = new PhutilRemarkupRuleEscapeHTML(); $literal_rules[] = new PhutilRemarkupRuleLinebreaks(); $block->setMarkupRules($literal_rules); } else if ( diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleCountdown.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleCountdown.php index 3356aed8e2..548a2b1d64 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleCountdown.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleCountdown.php @@ -8,13 +8,13 @@ final class PhabricatorRemarkupRuleCountdown extends PhutilRemarkupRule { const KEY_RULE_COUNTDOWN = 'rule.countdown'; public function apply($text) { - return $this->replaceHTML( + return preg_replace_callback( "@\B{C(\d+)}\B@", array($this, 'markupCountdown'), $text); } - protected function markupCountdown($matches) { + private function markupCountdown($matches) { $countdown = id(new PhabricatorTimer())->load($matches[1]); if (!$countdown) { return $matches[0]; @@ -46,17 +46,20 @@ final class PhabricatorRemarkupRuleCountdown extends PhutilRemarkupRule { foreach ($metadata as $id => $info) { list($time, $token) = $info; - $prefix = 'phabricator-timer-'; $count = phutil_tag( 'span', array( 'id' => $id, ), array( - javelin_tag('span', array('sigil' => $prefix.'days'), ''), 'd', - javelin_tag('span', array('sigil' => $prefix.'hours'), ''), 'h', - javelin_tag('span', array('sigil' => $prefix.'minutes'), ''), 'm', - javelin_tag('span', array('sigil' => $prefix.'seconds'), ''), 's', + javelin_tag('span', + array('sigil' => 'phabricator-timer-days'), '').'d', + javelin_tag('span', + array('sigil' => 'phabricator-timer-hours'), '').'h', + javelin_tag('span', + array('sigil' => 'phabricator-timer-minutes'), '').'m', + javelin_tag('span', + array('sigil' => 'phabricator-timer-seconds'), '').'s', )); Javelin::initBehavior('countdown-timer', array( 'timestamp' => $time, diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleEmbedFile.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleEmbedFile.php index e7c25dd1fe..9ef0ac8ad9 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleEmbedFile.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleEmbedFile.php @@ -10,7 +10,7 @@ final class PhabricatorRemarkupRuleEmbedFile const KEY_EMBED_FILE_PHIDS = 'phabricator.embedded-file-phids'; public function apply($text) { - return $this->replaceHTML( + return preg_replace_callback( "@{F(\d+)([^}]+?)?}@", array($this, 'markupEmbedFile'), $text); diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleImageMacro.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleImageMacro.php index 006bfda0e8..eb048f8c4c 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleImageMacro.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleImageMacro.php @@ -9,7 +9,7 @@ final class PhabricatorRemarkupRuleImageMacro private $images; public function apply($text) { - return $this->replaceHTML( + return preg_replace_callback( '@^([a-zA-Z0-9:_\-]+)$@m', array($this, 'markupImageMacro'), $text); @@ -25,10 +25,8 @@ final class PhabricatorRemarkupRuleImageMacro } } - $name = (string)$matches[1]; - - if (array_key_exists($name, $this->images)) { - $phid = $this->images[$name]; + if (array_key_exists($matches[1], $this->images)) { + $phid = $this->images[$matches[1]]; $file = id(new PhabricatorFile())->loadOneWhere('phid = %s', $phid); $style = null; diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMeme.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMeme.php index b569eb60ac..1254d044ad 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMeme.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMeme.php @@ -9,7 +9,7 @@ final class PhabricatorRemarkupRuleMeme private $images; public function apply($text) { - return $this->replaceHTML( + return preg_replace_callback( '@{meme,([^}]+)}$@m', array($this, 'markupMeme'), $text); diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMention.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMention.php index b2a98fc9af..f68d05fb64 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMention.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleMention.php @@ -21,13 +21,13 @@ final class PhabricatorRemarkupRuleMention const REGEX = '/(?replaceHTML( + return preg_replace_callback( self::REGEX, array($this, 'markupMention'), $text); } - protected function markupMention($matches) { + private function markupMention($matches) { $engine = $this->getEngine(); $token = $engine->storeText(''); diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectHandle.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectHandle.php index 8aa082b621..4925459e4e 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectHandle.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectHandle.php @@ -13,13 +13,13 @@ abstract class PhabricatorRemarkupRuleObjectHandle public function apply($text) { $prefix = $this->getObjectNamePrefix(); - return $this->replaceHTML( + return preg_replace_callback( "@\B{{$prefix}(\d+)}\B@", array($this, 'markupObjectHandle'), $text); } - protected function markupObjectHandle($matches) { + private function markupObjectHandle($matches) { // TODO: These are single gets but should be okay for now, they're behind // the cache. $phid = $this->loadObjectPHID($matches[1]); diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectName.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectName.php index 859bebdc74..b81c37cc2f 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectName.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleObjectName.php @@ -15,7 +15,7 @@ abstract class PhabricatorRemarkupRuleObjectName public function apply($text) { $prefix = $this->getObjectNamePrefix(); $id = $this->getObjectIDPattern(); - return $this->replaceHTML( + return preg_replace_callback( "@\b({$prefix})({$id})(?:#([-\w\d]+))?\b@", array($this, 'markupObjectNameLink'), $text); diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRulePhriction.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRulePhriction.php index 56a84d0d75..410d507b47 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRulePhriction.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRulePhriction.php @@ -7,7 +7,7 @@ final class PhabricatorRemarkupRulePhriction extends PhutilRemarkupRule { public function apply($text) { - return $this->replaceHTML( + return preg_replace_callback( '@\B\\[\\[([^|\\]]+)(?:\\|([^\\]]+))?\\]\\]\B@U', array($this, 'markupDocumentLink'), $text); @@ -28,7 +28,7 @@ final class PhabricatorRemarkupRulePhriction $href = (string) id(new PhutilURI($slug))->setFragment($fragment); if ($this->getEngine()->getState('toc')) { - $text = $name; + $text = phutil_escape_html($name); } else { $text = phutil_tag( 'a', diff --git a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleYoutube.php b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleYoutube.php index 3b099ef3be..f4e11e4cc6 100644 --- a/src/infrastructure/markup/rule/PhabricatorRemarkupRuleYoutube.php +++ b/src/infrastructure/markup/rule/PhabricatorRemarkupRuleYoutube.php @@ -10,8 +10,7 @@ final class PhabricatorRemarkupRuleYoutube $this->uri = new PhutilURI($text); if ($this->uri->getDomain() && - preg_match('/(^|\.)youtube\.com$/', $this->uri->getDomain()) && - idx($this->uri->getQueryParams(), 'v')) { + preg_match('/(^|\.)youtube\.com$/', $this->uri->getDomain())) { return $this->markupYoutubeLink(); } @@ -20,20 +19,25 @@ final class PhabricatorRemarkupRuleYoutube public function markupYoutubeLink() { $v = idx($this->uri->getQueryParams(), 'v'); - $youtube_src = 'https://www.youtube.com/embed/'.$v; - $iframe = hsprintf( - '
    %s
    ', - phutil_tag( - 'iframe', - array( - 'width' => '650', - 'height' => '400', - 'style' => 'margin: 1em auto; border: 0px;', - 'src' => $youtube_src, - 'frameborder' => 0, - ), - '')); - return $this->getEngine()->storeText($iframe); + if ($v) { + $youtube_src = 'https://www.youtube.com/embed/'.$v; + $iframe = + '
    '. + phutil_tag( + 'iframe', + array( + 'width' => '650', + 'height' => '400', + 'style' => 'margin: 1em auto; border: 0px;', + 'src' => $youtube_src, + 'frameborder' => 0, + ), + ''). + '
    '; + return $this->getEngine()->storeText($iframe); + } else { + return $this->uri; + } } } diff --git a/src/view/AphrontDialogView.php b/src/view/AphrontDialogView.php index 5b448678bb..04122e0027 100644 --- a/src/view/AphrontDialogView.php +++ b/src/view/AphrontDialogView.php @@ -99,6 +99,7 @@ final class AphrontDialogView extends AphrontView { ), $this->cancelText); } + $buttons = implode('', $buttons); if (!$this->user) { throw new Exception( @@ -130,14 +131,6 @@ final class AphrontDialogView extends AphrontView { ); $hidden_inputs = array(); - $hidden_inputs[] = phutil_tag( - 'input', - array( - 'type' => 'hidden', - 'name' => '__dialog__', - 'value' => '1', - )); - foreach ($this->hidden as $desc) { list($key, $value) = $desc; $hidden_inputs[] = javelin_tag( @@ -149,30 +142,37 @@ final class AphrontDialogView extends AphrontView { 'sigil' => 'aphront-dialog-application-input' )); } + $hidden_inputs = implode("\n", $hidden_inputs); + $hidden_inputs = + ''. + $hidden_inputs; + if (!$this->renderAsForm) { - $buttons = array(phabricator_form( + $buttons = phabricator_render_form( $this->user, $form_attributes, - array_merge($hidden_inputs, $buttons))); + $hidden_inputs.$buttons); } - $buttons[] = phutil_tag('div', array('style' => 'clear: both;'), ''); - $children = $this->renderChildren(); - - $content = hsprintf( - '%s%s%s', - phutil_tag('div', array('class' => 'aphront-dialog-head'), $this->title), - phutil_tag('div', array('class' => 'aphront-dialog-body'), $children), - phutil_tag('div', array('class' => 'aphront-dialog-tail'), $buttons)); + $content = + hsprintf('
    %s
    ', $this->title). + '
    '. + $this->renderChildren(). + '
    '. + '
    '. + $buttons. + '
    '. + '
    '; if ($this->renderAsForm) { - return phabricator_form( + return phabricator_render_form( $this->user, $form_attributes + $attributes, - array($hidden_inputs, $content)); + $hidden_inputs. + $content); } else { - return javelin_tag( + return javelin_render_tag( 'div', $attributes, $content); diff --git a/src/view/AphrontJavelinView.php b/src/view/AphrontJavelinView.php index a563c4aecb..eb71b3100a 100644 --- a/src/view/AphrontJavelinView.php +++ b/src/view/AphrontJavelinView.php @@ -21,7 +21,7 @@ final class AphrontJavelinView extends AphrontView { public function render() { $id = celerity_generate_unique_node_id(); - $placeholder = phutil_tag('span', array('id' => $id)); + $placeholder = ""; require_celerity_resource($this->getCelerityResource()); @@ -32,7 +32,7 @@ final class AphrontJavelinView extends AphrontView { 'id' => $id, 'view' => $this->getName(), 'params' => $this->getParameters(), - 'children' => implode('', $this->renderChildren()), + 'children' => $this->renderChildren(), 'trigger_id' => $render_context, )); diff --git a/src/view/AphrontNullView.php b/src/view/AphrontNullView.php index 2a218e700a..cfcf48350e 100644 --- a/src/view/AphrontNullView.php +++ b/src/view/AphrontNullView.php @@ -3,7 +3,7 @@ final class AphrontNullView extends AphrontView { public function render() { - return phutil_implode_html('', $this->renderChildren()); + return $this->renderChildren(); } } diff --git a/src/view/AphrontTagView.php b/src/view/AphrontTagView.php index 514c8826f6..8e9595f0b6 100644 --- a/src/view/AphrontTagView.php +++ b/src/view/AphrontTagView.php @@ -87,7 +87,7 @@ abstract class AphrontTagView extends AphrontView { } protected function getTagContent() { - return $this->renderChildren(); + return $this->renderHTMLChildren(); } protected function willRender() { diff --git a/src/view/AphrontView.php b/src/view/AphrontView.php index 59c7a2172a..bfe6f9d624 100644 --- a/src/view/AphrontView.php +++ b/src/view/AphrontView.php @@ -33,6 +33,14 @@ abstract class AphrontView extends Phobject { foreach ($this->children as $child) { $out[] = $this->renderSingleView($child); } + return implode('', $out); + } + + final protected function renderHTMLChildren() { + $out = array(); + foreach ($this->children as $child) { + $out[] = $this->renderHTMLView($child); + } return $out; } @@ -44,12 +52,28 @@ abstract class AphrontView extends Phobject { foreach ($child as $element) { $out[] = $this->renderSingleView($element); } - return phutil_implode_html('', $out); + return implode('', $out); } else { return $child; } } + final protected function renderHTMLView($child) { + if ($child instanceof AphrontView) { + return phutil_safe_html($child->render()); + } else if ($child instanceof PhutilSafeHTML) { + return $child; + } else if (is_array($child)) { + $out = array(); + foreach ($child as $element) { + $out[] = $this->renderHTMLView($element); + } + return phutil_safe_html(implode('', $out)); + } else { + return phutil_safe_html(phutil_escape_html($child)); + } + } + final protected function isEmptyContent($content) { if (is_array($content)) { foreach ($content as $element) { diff --git a/src/view/control/AphrontAttachedFileView.php b/src/view/control/AphrontAttachedFileView.php index 37668525ae..a3e1cad357 100644 --- a/src/view/control/AphrontAttachedFileView.php +++ b/src/view/control/AphrontAttachedFileView.php @@ -44,18 +44,14 @@ final class AphrontAttachedFileView extends AphrontView { ), "\xE2\x9C\x96"); // "Heavy Multiplication X" - return hsprintf( + return ' - - - + + + -
    %s%s
    %s    		%s'.$thumb.''.$name.'
    '.$size.'    		'.$remove.'
    ', - $thumb, - $name, - $size, - $remove); + '; } } diff --git a/src/view/control/AphrontCursorPagerView.php b/src/view/control/AphrontCursorPagerView.php index ecfde94417..f02f165fb9 100644 --- a/src/view/control/AphrontCursorPagerView.php +++ b/src/view/control/AphrontCursorPagerView.php @@ -120,10 +120,10 @@ final class AphrontCursorPagerView extends AphrontView { "Next \xE2\x80\xBA"); } - return phutil_tag( - 'div', - array('class' => 'aphront-pager-view'), - $links); + return + '
    '. + implode('', $links). + '
    '; } } diff --git a/src/view/control/AphrontPagerView.php b/src/view/control/AphrontPagerView.php index fe9340c0ae..00a405273d 100644 --- a/src/view/control/AphrontPagerView.php +++ b/src/view/control/AphrontPagerView.php @@ -115,7 +115,7 @@ final class AphrontPagerView extends AphrontView { if ($max - $min > $last) { $max = $min + $last; if ($max == $min) { - return phutil_tag('div', array('class' => 'aphront-pager-view'), ''); + return '
    '; } } @@ -196,10 +196,10 @@ final class AphrontPagerView extends AphrontView { $label); } - return phutil_tag( - 'div', - array('class' => 'aphront-pager-view'), - $rendered_links); + return + '
    '. + implode('', $rendered_links). + '
    '; } private function getDisplayIndex($page_index) { diff --git a/src/view/control/AphrontTableView.php b/src/view/control/AphrontTableView.php index db3b12eb95..10c723c96a 100644 --- a/src/view/control/AphrontTableView.php +++ b/src/view/control/AphrontTableView.php @@ -111,7 +111,18 @@ final class AphrontTableView extends AphrontView { public function render() { require_celerity_resource('aphront-table-view-css'); - $table = array(); + $table_class = $this->className; + + if ($this->deviceReadyTable) { + $table_class .= ' aphront-table-view-device-ready'; + } + + if ($table_class !== null) { + $table_class = ' class="aphront-table-view '.$table_class.'"'; + } else { + $table_class = ' class="aphront-table-view"'; + } + $table = array(''); $col_classes = array(); foreach ($this->columnClasses as $key => $class) { @@ -140,8 +151,7 @@ final class AphrontTableView extends AphrontView { while (count($headers) > count($sort_values)) { $sort_values[] = null; } - - $tr = array(); + $table[] = ''; foreach ($headers as $col_num => $header) { if (!$visibility[$col_num]) { continue; @@ -192,7 +202,7 @@ final class AphrontTableView extends AphrontView { } if ($classes) { - $class = implode(' ', $classes); + $class = ' class="'.implode(' ', $classes).'"'; } else { $class = null; } @@ -211,12 +221,12 @@ final class AphrontTableView extends AphrontView { ), $short_headers[$col_num]); - $header = hsprintf('%s %s', $header_nodevice, $header_device); + $header = $header_nodevice.$header_device; } - $tr[] = phutil_tag('th', array('class' => $class), $header); + $table[] = ''.$header.''; } - $table[] = phutil_tag('tr', array(), $tr); + $table[] = ''; } foreach ($col_classes as $key => $value) { @@ -241,7 +251,18 @@ final class AphrontTableView extends AphrontView { while (count($row) > count($visibility)) { $visibility[] = true; } - $tr = array(); + $class = idx($this->rowClasses, $row_num); + if ($this->zebraStripes && ($row_num % 2)) { + if ($class !== null) { + $class = 'alt alt-'.$class; + } else { + $class = 'alt'; + } + } + if ($class !== null) { + $class = ' class="'.$class.'"'; + } + $table[] = ''; // NOTE: Use of a separate column counter is to allow this to work // correctly if the row data has string or non-sequential keys. $col_num = 0; @@ -254,40 +275,26 @@ final class AphrontTableView extends AphrontView { if (!empty($this->cellClasses[$row_num][$col_num])) { $class = trim($class.' '.$this->cellClasses[$row_num][$col_num]); } - $tr[] = phutil_tag('td', array('class' => $class), $value); + if ($class !== null) { + $table[] = ''; + } else { + $table[] = ''; + } + $table[] = $value.''; ++$col_num; } - - $class = idx($this->rowClasses, $row_num); - if ($this->zebraStripes && ($row_num % 2)) { - if ($class !== null) { - $class = 'alt alt-'.$class; - } else { - $class = 'alt'; - } - } - - $table[] = phutil_tag('tr', array('class' => $class), $tr); ++$row_num; } } else { $colspan = max(count(array_filter($visibility)), 1); - $table[] = hsprintf( - '%s', - $colspan, - coalesce($this->noDataString, 'No data available.')); + $table[] = + ''. + coalesce($this->noDataString, 'No data available.'). + ''; } - - $table_class = 'aphront-table-view'; - if ($this->className !== null) { - $table_class .= ' '.$this->className; - } - if ($this->deviceReadyTable) { - $table_class .= ' aphront-table-view-device-ready'; - } - - $html = phutil_tag('table', array('class' => $table_class), $table); - return hsprintf('
    %s
    ', $html); + $table[] = ''; + $html = implode('', $table); + return '
    '.$html.'
    '; } public static function renderSingleDisplayLine($line) { diff --git a/src/view/control/PhabricatorObjectSelectorDialog.php b/src/view/control/PhabricatorObjectSelectorDialog.php index 1456c26c52..1466d4918c 100644 --- a/src/view/control/PhabricatorObjectSelectorDialog.php +++ b/src/view/control/PhabricatorObjectSelectorDialog.php @@ -101,51 +101,50 @@ final class PhabricatorObjectSelectorDialog { ), $label); } + $options = implode("\n", $options); $instructions = null; if ($this->instructions) { - $instructions = phutil_tag( - 'p', - array('class' => 'phabricator-object-selector-instructions'), - $this->instructions); + $instructions = + '

    '. + $this->instructions. + '

    '; } - $search_box = phabricator_form( + $search_box = phabricator_render_form( $user, array( 'method' => 'POST', 'action' => $this->submitURI, 'id' => $search_id, ), - hsprintf( - ' - - - - -
    %s%s
    ', - phutil_tag('select', array('id' => $filter_id), $options), - phutil_tag('input', array('id' => $query_id)))); - - $result_box = phutil_tag( - 'div', - array( - 'class' => 'phabricator-object-selector-results', - 'id' => $results_id, - ), - ''); - - $attached_box = hsprintf( + ' + + + + +
    + + + +
    '); + $result_box = + '
    '. + '
    '; + $attached_box = '
    '. '
    '. - '
    %s
    '. - '
    '. - '%s'. + hsprintf( + '
    %s
    ', + $this->header). + '
    '. + '
    '. + $instructions. '
    '. - '
    ', - $this->header, - $current_id, - $instructions); + '
    '; + $dialog = new AphrontDialogView(); $dialog diff --git a/src/view/form/AphrontErrorView.php b/src/view/form/AphrontErrorView.php index 938f0ae9ec..cd97ff6a2f 100644 --- a/src/view/form/AphrontErrorView.php +++ b/src/view/form/AphrontErrorView.php @@ -92,7 +92,7 @@ final class AphrontErrorView extends AphrontView { $classes[] = 'aphront-error-severity-'.$this->severity; $classes = implode(' ', $classes); - $children = $this->renderChildren(); + $children = $this->renderHTMLChildren(); $children[] = $list; return phutil_tag( diff --git a/src/view/form/AphrontFormInsetView.php b/src/view/form/AphrontFormInsetView.php index 1e504c4598..014cdfffdd 100644 --- a/src/view/form/AphrontFormInsetView.php +++ b/src/view/form/AphrontFormInsetView.php @@ -102,7 +102,7 @@ final class AphrontFormInsetView extends AphrontView { $content[] = $this->content; } - $content = array_merge($content, $this->renderChildren()); + $content = array_merge($content, $this->renderHTMLChildren()); return phutil_tag('div', $div_attributes, $content); } diff --git a/src/view/form/AphrontFormLayoutView.php b/src/view/form/AphrontFormLayoutView.php index 83561491bb..300c7370e0 100644 --- a/src/view/form/AphrontFormLayoutView.php +++ b/src/view/form/AphrontFormLayoutView.php @@ -38,6 +38,6 @@ final class AphrontFormLayoutView extends AphrontView { array( 'class' => $classes, ), - $this->renderChildren()); + $this->renderHTMLChildren()); } } diff --git a/src/view/form/AphrontFormView.php b/src/view/form/AphrontFormView.php index 5d5af2a430..76342830b8 100644 --- a/src/view/form/AphrontFormView.php +++ b/src/view/form/AphrontFormView.php @@ -68,7 +68,7 @@ final class AphrontFormView extends AphrontView { $layout ->appendChild($this->renderDataInputs()) - ->appendChild($this->renderChildren()); + ->appendChild($this->renderHTMLChildren()); if (!$this->user) { throw new Exception('You must pass the user to AphrontFormView.'); diff --git a/src/view/form/control/AphrontFormCropControl.php b/src/view/form/control/AphrontFormCropControl.php index 94b65cd7d4..26cb70c0e4 100644 --- a/src/view/form/control/AphrontFormCropControl.php +++ b/src/view/form/control/AphrontFormCropControl.php @@ -29,7 +29,7 @@ final class AphrontFormCropControl extends AphrontFormControl { $file = $this->getValue(); if ($file === null) { - return phutil_tag( + return phutil_render_tag( 'img', array( 'src' => PhabricatorUser::getDefaultProfileImageURI() diff --git a/src/view/form/control/PhabricatorRemarkupControl.php b/src/view/form/control/PhabricatorRemarkupControl.php index 3ca49c2120..e34f090fcb 100644 --- a/src/view/form/control/PhabricatorRemarkupControl.php +++ b/src/view/form/control/PhabricatorRemarkupControl.php @@ -154,7 +154,7 @@ final class PhabricatorRemarkupControl extends AphrontFormTextAreaControl { array( 'sigil' => 'remarkup-assist-control', ), - $this->renderSingleView( + $this->renderHTMLView( array( $buttons, parent::renderInput(), diff --git a/src/view/layout/AphrontContextBarView.php b/src/view/layout/AphrontContextBarView.php index 07c640fbb5..57793ff4c7 100644 --- a/src/view/layout/AphrontContextBarView.php +++ b/src/view/layout/AphrontContextBarView.php @@ -15,16 +15,18 @@ final class AphrontContextBarView extends AphrontView { require_celerity_resource('aphront-contextbar-view-css'); - return hsprintf( + return '
    '. '
    '. - '
    %s
    '. - '
    %s
    '. + '
    '. + $view->render(). + '
    '. + '
    '. + $this->renderChildren(). + '
    '. '
    '. '
    '. - '
    ', - $view->render(), - $this->renderChildren()); + ''; } } diff --git a/src/view/layout/AphrontCrumbsView.php b/src/view/layout/AphrontCrumbsView.php index f73901f687..2a249dc9b9 100644 --- a/src/view/layout/AphrontCrumbsView.php +++ b/src/view/layout/AphrontCrumbsView.php @@ -17,15 +17,18 @@ final class AphrontCrumbsView extends AphrontView { foreach ($this->crumbs as $crumb) { $out[] = $this->renderSingleView($crumb); } - $out = phutil_implode_html( - hsprintf(''."\xC2\xBB".''), + $out = implode( + ''. + "\xC2\xBB". + '', $out); - return hsprintf( + return '
    '. - '
    %s
    '. - '
    ', - $out); + '
    '. + $out. + '
    '. + ''; } } diff --git a/src/view/layout/AphrontListFilterView.php b/src/view/layout/AphrontListFilterView.php index cca43fa770..a79d68046b 100644 --- a/src/view/layout/AphrontListFilterView.php +++ b/src/view/layout/AphrontListFilterView.php @@ -4,13 +4,14 @@ final class AphrontListFilterView extends AphrontView { public function render() { require_celerity_resource('aphront-list-filter-view-css'); - return hsprintf( + return ''. ''. - ''. + ''. ''. - '
    %s'. + $this->renderChildren(). + '
    ', - $this->renderChildren()); + ''; } } diff --git a/src/view/layout/AphrontMiniPanelView.php b/src/view/layout/AphrontMiniPanelView.php index 474eff4686..9beb8e65d9 100644 --- a/src/view/layout/AphrontMiniPanelView.php +++ b/src/view/layout/AphrontMiniPanelView.php @@ -3,10 +3,10 @@ final class AphrontMiniPanelView extends AphrontView { public function render() { - return phutil_tag( - 'div', - array('class' => 'aphront-mini-panel-view'), - $this->renderChildren()); + return + '
    '. + $this->renderChildren(). + '
    '; } } diff --git a/src/view/layout/AphrontPanelView.php b/src/view/layout/AphrontPanelView.php index 0ae35ef0df..651e2a0e80 100644 --- a/src/view/layout/AphrontPanelView.php +++ b/src/view/layout/AphrontPanelView.php @@ -63,7 +63,7 @@ final class AphrontPanelView extends AphrontView { public function render() { if ($this->header !== null) { - $header = phutil_tag('h1', array(), $this->header); + $header = '

    '.$this->header.'

    '; } else { $header = null; } @@ -79,17 +79,16 @@ final class AphrontPanelView extends AphrontView { $buttons = null; if ($this->buttons) { - $buttons = hsprintf( - '
    %s
    ', - phutil_implode_html(" ", $this->buttons)); + $buttons = + '
    '. + implode(" ", $this->buttons). + '
    '; } - $header_elements = hsprintf( - '
    %s%s%s
    ', - $buttons, - $header, - $caption); - - $table = phutil_implode_html('', $this->renderChildren()); + $header_elements = + '
    '. + $buttons.$header.$caption. + '
    '; + $table = $this->renderChildren(); require_celerity_resource('aphront-panel-view-css'); @@ -99,13 +98,13 @@ final class AphrontPanelView extends AphrontView { $classes[] = 'aphront-panel-width-'.$this->width; } - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => implode(' ', $classes), 'id' => $this->id, ), - array($header_elements, $table)); + $header_elements.$table); } } diff --git a/src/view/layout/AphrontSideNavFilterView.php b/src/view/layout/AphrontSideNavFilterView.php index e4b2b7c9b9..ffbe0ca0bc 100644 --- a/src/view/layout/AphrontSideNavFilterView.php +++ b/src/view/layout/AphrontSideNavFilterView.php @@ -231,7 +231,7 @@ final class AphrontSideNavFilterView extends AphrontView { ), ''); - $local_menu = $this->renderSingleView( + $local_menu = $this->renderHTMLView( array( $menu_background, phutil_tag( @@ -277,26 +277,21 @@ final class AphrontSideNavFilterView extends AphrontView { $nav_classes = array_merge($nav_classes, $this->classes); - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => implode(' ', $nav_classes), 'id' => $main_id, ), - array( - $local_menu, - $flex_bar, - phutil_tag( - 'div', - array( - 'class' => 'phabricator-nav-content', - 'id' => $content_id, - ), - array( - $crumbs, - phutil_implode_html('', $this->renderChildren()), - )) - )); + $local_menu. + $flex_bar. + phutil_render_tag( + 'div', + array( + 'class' => 'phabricator-nav-content', + 'id' => $content_id, + ), + $crumbs.$this->renderChildren())); } } diff --git a/src/view/layout/PhabricatorActionListView.php b/src/view/layout/PhabricatorActionListView.php index 3240a821ed..d4a9a22fdf 100644 --- a/src/view/layout/PhabricatorActionListView.php +++ b/src/view/layout/PhabricatorActionListView.php @@ -42,7 +42,7 @@ final class PhabricatorActionListView extends AphrontView { array( 'class' => 'phabricator-action-list-view', ), - $this->renderSingleView($actions)); + $this->renderHTMLView($actions)); } diff --git a/src/view/layout/PhabricatorAnchorView.php b/src/view/layout/PhabricatorAnchorView.php index 6ffd7e59fe..44e8f33730 100644 --- a/src/view/layout/PhabricatorAnchorView.php +++ b/src/view/layout/PhabricatorAnchorView.php @@ -39,7 +39,7 @@ final class PhabricatorAnchorView extends AphrontView { ), ''); - return $this->renderSingleView(array($marker, $anchor)); + return $this->renderHTMLView(array($marker, $anchor)); } } diff --git a/src/view/layout/PhabricatorCrumbsView.php b/src/view/layout/PhabricatorCrumbsView.php index 2ee9d48022..f621394f1e 100644 --- a/src/view/layout/PhabricatorCrumbsView.php +++ b/src/view/layout/PhabricatorCrumbsView.php @@ -55,7 +55,7 @@ final class PhabricatorCrumbsView extends AphrontView { array( 'class' => 'phabricator-crumbs-actions', ), - $this->renderSingleView($actions)); + $this->renderHTMLView($actions)); } if ($this->crumbs) { @@ -68,7 +68,7 @@ final class PhabricatorCrumbsView extends AphrontView { 'class' => 'phabricator-crumbs-view '. 'sprite-gradient gradient-breadcrumbs', ), - $this->renderSingleView( + $this->renderHTMLView( array( $action_view, $this->crumbs, diff --git a/src/view/layout/PhabricatorFileLinkListView.php b/src/view/layout/PhabricatorFileLinkListView.php index 0eaf519d33..8ba21fc68c 100644 --- a/src/view/layout/PhabricatorFileLinkListView.php +++ b/src/view/layout/PhabricatorFileLinkListView.php @@ -31,7 +31,10 @@ final class PhabricatorFileLinkListView extends AphrontView { $file_links[] = $view->render(); } - return phutil_implode_html(phutil_tag('br'), $file_links); + return $this->renderHTMLView( + array_interleave( + phutil_tag('br'), + $file_links)); } } diff --git a/src/view/layout/PhabricatorHeaderView.php b/src/view/layout/PhabricatorHeaderView.php index 63e0d9e930..8652de7095 100644 --- a/src/view/layout/PhabricatorHeaderView.php +++ b/src/view/layout/PhabricatorHeaderView.php @@ -44,7 +44,7 @@ final class PhabricatorHeaderView extends AphrontView { array( 'class' => 'phabricator-header-tags', ), - $this->renderSingleView($this->tags)); + $this->renderHTMLView($this->tags)); } return phutil_tag( diff --git a/src/view/layout/PhabricatorMenuItemView.php b/src/view/layout/PhabricatorMenuItemView.php index 6e021c8c97..934c93c940 100644 --- a/src/view/layout/PhabricatorMenuItemView.php +++ b/src/view/layout/PhabricatorMenuItemView.php @@ -117,9 +117,9 @@ final class PhabricatorMenuItemView extends AphrontTagView { $this->name.$external); } - return $this->renderSingleView( + return $this->renderHTMLView( array( - $this->renderChildren(), + $this->renderHTMLChildren(), $name, )); } diff --git a/src/view/layout/PhabricatorMenuView.php b/src/view/layout/PhabricatorMenuView.php index c350d00351..c3a27a173a 100644 --- a/src/view/layout/PhabricatorMenuView.php +++ b/src/view/layout/PhabricatorMenuView.php @@ -167,6 +167,6 @@ final class PhabricatorMenuView extends AphrontTagView { } protected function getTagContent() { - return $this->renderSingleView($this->items); + return $this->renderHTMLView($this->items); } } diff --git a/src/view/layout/PhabricatorObjectItemListView.php b/src/view/layout/PhabricatorObjectItemListView.php index d98feaef38..cc9abb01a4 100644 --- a/src/view/layout/PhabricatorObjectItemListView.php +++ b/src/view/layout/PhabricatorObjectItemListView.php @@ -48,7 +48,7 @@ final class PhabricatorObjectItemListView extends AphrontView { } if ($this->items) { - $items = $this->renderSingleView($this->items); + $items = $this->renderHTMLView($this->items); } else { $string = nonempty($this->noDataString, pht('No data.')); $items = id(new AphrontErrorView()) @@ -58,7 +58,7 @@ final class PhabricatorObjectItemListView extends AphrontView { $pager = null; if ($this->pager) { - $pager = $this->renderSingleView($this->pager); + $pager = $this->renderHTMLView($this->pager); } $classes[] = 'phabricator-object-item-list-view'; @@ -71,7 +71,7 @@ final class PhabricatorObjectItemListView extends AphrontView { array( 'class' => implode(' ', $classes), ), - $this->renderSingleView( + $this->renderHTMLView( array( $header, $items, diff --git a/src/view/layout/PhabricatorObjectItemView.php b/src/view/layout/PhabricatorObjectItemView.php index 09b9c16f88..c6646f2f9e 100644 --- a/src/view/layout/PhabricatorObjectItemView.php +++ b/src/view/layout/PhabricatorObjectItemView.php @@ -166,11 +166,11 @@ final class PhabricatorObjectItemView extends AphrontView { array( 'class' => 'phabricator-object-item-content', ), - $this->renderSingleView( + $this->renderHTMLView( array( $header, $attrs, - $this->renderChildren(), + $this->renderHTMLChildren(), ))); return phutil_tag( diff --git a/src/view/layout/PhabricatorPinboardItemView.php b/src/view/layout/PhabricatorPinboardItemView.php index 3154eadb10..683a6cf4dd 100644 --- a/src/view/layout/PhabricatorPinboardItemView.php +++ b/src/view/layout/PhabricatorPinboardItemView.php @@ -55,7 +55,7 @@ final class PhabricatorPinboardItemView extends AphrontView { 'height' => $this->imageHeight, ))); - $content = $this->renderChildren(); + $content = $this->renderHTMLChildren(); if ($content) { $content = phutil_tag( 'div', @@ -70,7 +70,7 @@ final class PhabricatorPinboardItemView extends AphrontView { array( 'class' => 'phabricator-pinboard-item-view', ), - $this->renderSingleView( + $this->renderHTMLView( array( $header, $image, diff --git a/src/view/layout/PhabricatorPinboardView.php b/src/view/layout/PhabricatorPinboardView.php index ace3b0b34f..f62a2be459 100644 --- a/src/view/layout/PhabricatorPinboardView.php +++ b/src/view/layout/PhabricatorPinboardView.php @@ -31,7 +31,7 @@ final class PhabricatorPinboardView extends AphrontView { array( 'class' => 'phabricator-pinboard-view', ), - $this->renderSingleView($this->items)); + $this->renderHTMLView($this->items)); } } diff --git a/src/view/layout/PhabricatorProfileHeaderView.php b/src/view/layout/PhabricatorProfileHeaderView.php index c99b802907..ce86f56285 100644 --- a/src/view/layout/PhabricatorProfileHeaderView.php +++ b/src/view/layout/PhabricatorProfileHeaderView.php @@ -65,12 +65,11 @@ final class PhabricatorProfileHeaderView extends AphrontView { %s - - %s', + ', $this->profileName, - self::renderSingleView($this->profileActions), + phutil_safe_html(self::renderSingleView($this->profileActions)), $image, - $description, - phutil_implode_html('', $this->renderChildren())); + $description). + $this->renderChildren(); } } diff --git a/src/view/layout/PhabricatorPropertyListView.php b/src/view/layout/PhabricatorPropertyListView.php index b0e0afbfbb..3cedcdbbf9 100644 --- a/src/view/layout/PhabricatorPropertyListView.php +++ b/src/view/layout/PhabricatorPropertyListView.php @@ -78,7 +78,7 @@ final class PhabricatorPropertyListView extends AphrontView { array( 'class' => 'phabricator-property-list-view', ), - $this->renderSingleView($items)); + $this->renderHTMLView($items)); } private function renderPropertyPart(array $part) { @@ -99,7 +99,7 @@ final class PhabricatorPropertyListView extends AphrontView { array( 'class' => 'phabricator-property-list-value', ), - $this->renderSingleView($value)); + $this->renderHTMLView($value)); } $list = phutil_tag( @@ -107,7 +107,7 @@ final class PhabricatorPropertyListView extends AphrontView { array( 'class' => 'phabricator-property-list-properties', ), - $this->renderSingleView($items)); + $this->renderHTMLView($items)); $shortcuts = null; if ($this->hasKeyboardShortcuts) { diff --git a/src/view/layout/PhabricatorSourceCodeView.php b/src/view/layout/PhabricatorSourceCodeView.php index f957c6ef88..790ea663d3 100644 --- a/src/view/layout/PhabricatorSourceCodeView.php +++ b/src/view/layout/PhabricatorSourceCodeView.php @@ -38,19 +38,21 @@ final class PhabricatorSourceCodeView extends AphrontView { ), pht('...')); } else { - $content_number = $line_number; - $content_line = hsprintf("\xE2\x80\x8B%s", $line); + $content_number = phutil_escape_html($line_number); + $content_line = "\xE2\x80\x8B".$line; } // TODO: Provide nice links. - $rows[] = hsprintf( + $rows[] = ''. - '%s'. - '%s'. - '', - $content_number, - $content_line); + ''. + $content_number. + ''. + ''. + $content_line. + ''. + ''; if ($hit_limit) { break; @@ -74,7 +76,7 @@ final class PhabricatorSourceCodeView extends AphrontView { array( 'class' => implode(' ', $classes), ), - phutil_implode_html('', $rows))); + new PhutilSafeHTML(implode('', $rows)))); } } diff --git a/src/view/layout/PhabricatorTimelineEventView.php b/src/view/layout/PhabricatorTimelineEventView.php index fdc477340f..97c1970d61 100644 --- a/src/view/layout/PhabricatorTimelineEventView.php +++ b/src/view/layout/PhabricatorTimelineEventView.php @@ -100,7 +100,7 @@ final class PhabricatorTimelineEventView extends AphrontView { } public function render() { - $content = $this->renderChildren(); + $content = $this->renderHTMLChildren(); $title = $this->title; if (($title === null) && $this->isEmptyContent($content)) { @@ -138,7 +138,7 @@ final class PhabricatorTimelineEventView extends AphrontView { ), array($title, $extra)); - $title = $this->renderSingleView(array($icon, $title)); + $title = $this->renderHTMLView(array($icon, $title)); } $wedge = phutil_tag( @@ -275,7 +275,7 @@ final class PhabricatorTimelineEventView extends AphrontView { ->setAnchorName($this->anchor) ->render(); - $date = $this->renderSingleView( + $date = $this->renderHTMLView( array( $anchor, phutil_tag( @@ -296,7 +296,7 @@ final class PhabricatorTimelineEventView extends AphrontView { array( 'class' => 'phabricator-timeline-extra', ), - phutil_implode_html(" \xC2\xB7 ", $extra)); + array_interleave(" \xC2\xB7 ", $extra)); } return $extra; diff --git a/src/view/layout/PhabricatorTransactionView.php b/src/view/layout/PhabricatorTransactionView.php index 89f0fb85ae..64e5bf54d1 100644 --- a/src/view/layout/PhabricatorTransactionView.php +++ b/src/view/layout/PhabricatorTransactionView.php @@ -58,26 +58,24 @@ final class PhabricatorTransactionView extends AphrontView { $actions = $this->renderTransactionActions(); $style = $this->renderTransactionStyle(); $content = $this->renderTransactionContent(); - $classes = implode(' ', $this->classes); + $classes = phutil_escape_html(implode(' ', $this->classes)); $transaction_id = $this->anchorName ? 'anchor-'.$this->anchorName : null; - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => 'phabricator-transaction-view', 'id' => $transaction_id, 'style' => $style, ), - hsprintf( - '
    '. - '
    %s%s
    '. - '%s'. - '
    ', - $classes, - $info, - $actions, - $content)); + '
    '. + '
    '. + $info. + $actions. + '
    '. + $content. + '
    '); } @@ -107,24 +105,24 @@ final class PhabricatorTransactionView extends AphrontView { ->setAnchorName($this->anchorName) ->render(); - $info[] = hsprintf( - '%s%s', - $anchor, - phutil_tag( - 'a', - array('href' => '#'.$this->anchorName), - $this->anchorText)); + $info[] = $anchor.phutil_tag( + 'a', + array( + 'href' => '#'.$this->anchorName, + ), + $this->anchorText); } - $info = phutil_implode_html(" \xC2\xB7 ", $info); + $info = implode(' · ', $info); - return hsprintf( - '%s', - $info); + return + ''. + $info. + ''; } private function renderTransactionActions() { - return phutil_implode_html('', $this->actions); + return implode('', $this->actions); } private function renderTransactionStyle() { @@ -140,10 +138,10 @@ final class PhabricatorTransactionView extends AphrontView { if (!$content) { return null; } - return phutil_tag( - 'div', - array('class' => 'phabricator-transaction-content'), - $this->renderSingleView($content)); + return + '
    '. + $content. + '
    '; } } diff --git a/src/view/page/AphrontPageView.php b/src/view/page/AphrontPageView.php index 8f3704dca2..8381176ee1 100644 --- a/src/view/page/AphrontPageView.php +++ b/src/view/page/AphrontPageView.php @@ -22,7 +22,7 @@ abstract class AphrontPageView extends AphrontView { } protected function getBody() { - return phutil_implode_html('', $this->renderChildren()); + return $this->renderChildren(); } protected function getTail() { @@ -45,36 +45,34 @@ abstract class AphrontPageView extends AphrontView { $this->willRenderPage(); - $title = $this->getTitle(); + $title = phutil_escape_html($this->getTitle()); $head = $this->getHead(); $body = $this->getBody(); $tail = $this->getTail(); $body_classes = $this->getBodyClasses(); - $body = phutil_tag( + $body = phutil_render_tag( 'body', array( 'class' => nonempty($body_classes, null), ), - array($body, $tail)); + $body.$tail); - $response = hsprintf( - ''. - ''. - ''. - ''. - '%s'. - '%s'. - ''. - '%s'. - '', - $title, - $head, - $body); + $response = << + + + + {$title} + {$head} + + {$body} + + +EOHTML; $response = $this->willSendResponse($response); - return $response; } diff --git a/src/view/page/AphrontRequestFailureView.php b/src/view/page/AphrontRequestFailureView.php index 1965340dd5..026f3d8b61 100644 --- a/src/view/page/AphrontRequestFailureView.php +++ b/src/view/page/AphrontRequestFailureView.php @@ -13,15 +13,15 @@ final class AphrontRequestFailureView extends AphrontView { final public function render() { require_celerity_resource('aphront-request-failure-view-css'); - return hsprintf( + return '
    '. '
    '. - '

    %s

    '. + phutil_tag('h1', array(), $this->header). '
    '. - '
    %s
    '. - '
    ', - $this->header, - $this->renderChildren()); + '
    '. + $this->renderChildren(). + '
    '. + ''; } } diff --git a/src/view/page/PhabricatorBarePageView.php b/src/view/page/PhabricatorBarePageView.php index d92836cabb..d3d849b888 100644 --- a/src/view/page/PhabricatorBarePageView.php +++ b/src/view/page/PhabricatorBarePageView.php @@ -55,13 +55,13 @@ class PhabricatorBarePageView extends AphrontPageView { protected function willRenderPage() { // We render this now to resolve static resources so they can appear in the // document head. - $this->bodyContent = phutil_implode_html('', $this->renderChildren()); + $this->bodyContent = $this->renderChildren(); } protected function getHead() { $framebust = null; if (!$this->getFrameable()) { - $framebust = '(top == self) || top.location.replace(self.location.href);'; + $framebust = '(top != self) && top.location.replace(self.location.href);'; } $viewport_tag = null; @@ -78,12 +78,22 @@ class PhabricatorBarePageView extends AphrontPageView { $response = CelerityAPI::getStaticResourceResponse(); - return hsprintf( - '%s%s', + $head = array( $viewport_tag, - $framebust, - (PhabricatorEnv::getEnvConfig('phabricator.developer-mode') ? '1' : '0'), - $response->renderResourcesOfType('css')); + + '', + + $response->renderResourcesOfType('css'), + ); + + return implode("\n", $head); } protected function getBody() { diff --git a/src/view/page/PhabricatorStandardPageView.php b/src/view/page/PhabricatorStandardPageView.php index 8b3848a3dd..80c7a37f5d 100644 --- a/src/view/page/PhabricatorStandardPageView.php +++ b/src/view/page/PhabricatorStandardPageView.php @@ -212,11 +212,15 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView { $response = CelerityAPI::getStaticResourceResponse(); - return hsprintf( - '%s%s', + $head = array( parent::getHead(), - phutil_safe_html($monospaced), - $response->renderSingleResource('javelin-magical-init')); + '', + $response->renderSingleResource('javelin-magical-init'), + ); + + return implode("\n", $head); } public function setGlyph($glyph) { @@ -235,9 +239,8 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView { $console = $request->getApplicationConfiguration()->getConsole(); if ($console) { - $response = PhutilSafeHTML::applyFunction( - 'str_replace', - hsprintf(''), + $response = str_replace( + '', $console->render($request), $response); } @@ -292,22 +295,20 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView { } return - phutil_tag( + phutil_render_tag( 'div', array( 'id' => 'base-page', 'class' => 'phabricator-standard-page', ), - hsprintf( - '%s%s%s'. - '
    '. - '%s%s
    '. - '
    ', - $developer_warning, - $setup_warning, - $header_chrome, - ($console ? hsprintf('') : null), - parent::getBody())); + $developer_warning. + $setup_warning. + $header_chrome. + '
    '. + ($console ? '' : null). + parent::getBody(). + '
    '. + '
    '); } protected function getTail() { @@ -356,7 +357,7 @@ final class PhabricatorStandardPageView extends PhabricatorBarePageView { $response->renderHTMLFooter(), ); - return phutil_implode_html("\n", $tail); + return implode("\n", $tail); } protected function getBodyClasses() { diff --git a/src/view/page/menu/PhabricatorMainMenuGroupView.php b/src/view/page/menu/PhabricatorMainMenuGroupView.php index 1eca04c3c6..31473aed4d 100644 --- a/src/view/page/menu/PhabricatorMainMenuGroupView.php +++ b/src/view/page/menu/PhabricatorMainMenuGroupView.php @@ -33,7 +33,7 @@ final class PhabricatorMainMenuGroupView extends AphrontView { array( 'class' => implode(' ', $classes), ), - $this->renderChildren()); + $this->renderHTMLChildren()); } } diff --git a/src/view/page/menu/PhabricatorMainMenuSearchView.php b/src/view/page/menu/PhabricatorMainMenuSearchView.php index 1f416a1f94..fe3ab48e71 100644 --- a/src/view/page/menu/PhabricatorMainMenuSearchView.php +++ b/src/view/page/menu/PhabricatorMainMenuSearchView.php @@ -60,19 +60,18 @@ final class PhabricatorMainMenuSearchView extends AphrontView { 'value' => $scope, )); - $form = phabricator_form( + $form = phabricator_render_form( $user, array( 'action' => '/search/', 'method' => 'POST', ), - hsprintf( - '
    '. - '%s%s%s'. - '
    ', - $input, - $scope_input, - $target)); + '
    '. + $input. + ''. + $scope_input. + $target. + '
    '); return $form; } diff --git a/src/view/page/menu/PhabricatorMainMenuView.php b/src/view/page/menu/PhabricatorMainMenuView.php index 2234f92eee..446c19f82c 100644 --- a/src/view/page/menu/PhabricatorMainMenuView.php +++ b/src/view/page/menu/PhabricatorMainMenuView.php @@ -51,7 +51,7 @@ final class PhabricatorMainMenuView extends AphrontView { $phabricator_menu = $this->renderPhabricatorMenu(); if ($alerts) { - $alerts = phutil_tag( + $alerts = phutil_render_tag( 'div', array( 'class' => 'phabricator-main-menu-alerts', @@ -65,14 +65,14 @@ final class PhabricatorMainMenuView extends AphrontView { $application_menu->addClass('phabricator-application-menu'); } - return phutil_tag( + return phutil_render_tag( 'div', array( 'class' => 'phabricator-main-menu', 'id' => $header_id, ), - array( - self::renderSingleView(array( + self::renderSingleView( + array( $this->renderPhabricatorMenuButton($header_id), $application_menu ? $this->renderApplicationMenuButton($header_id) @@ -81,9 +81,8 @@ final class PhabricatorMainMenuView extends AphrontView { $alerts, $phabricator_menu, $application_menu, - )), - self::renderSingleView($menus), - )); + ))). + self::renderSingleView($menus); } private function renderSearch() { @@ -409,9 +408,7 @@ final class PhabricatorMainMenuView extends AphrontView { ''); return array( - hsprintf('%s%s', $bubble_tag, $message_tag), - $notification_dropdown, - ); + $bubble_tag.$message_tag, $notification_dropdown); } private function renderMenuIcon($name) {