Skip to content
This repository has been archived by the owner on Sep 10, 2021. It is now read-only.

Commit

Permalink
Escape variables in packages module
Browse files Browse the repository at this point in the history
  • Loading branch information
Jamie Snape committed Dec 8, 2014
1 parent 2e86efb commit 4a1b968
Show file tree
Hide file tree
Showing 5 changed files with 31 additions and 31 deletions.
4 changes: 2 additions & 2 deletions modules/packages/views/application/latest.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,8 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
<div id="platformList" style="display: none;">
<?php
foreach ($this->platforms as $platform) {
echo '<h3 os="'.$platform['os'].'" arch="'.$platform['arch'].'"><a href="#"></a></h3>';
echo '<div class="platformContainer" os="'.$platform['os'].'" arch="'.$platform['arch'].'">';
echo '<h3 os="'.$this->escape($platform['os']).'" arch="'.$this->escape($platform['arch']).'"><a href="#"></a></h3>';
echo '<div class="platformContainer" os="'.$this->escape($platform['os']).'" arch="'.$this->escape($platform['arch']).'">';
echo '</div>';
}
?>
Expand Down
20 changes: 10 additions & 10 deletions modules/packages/views/application/view.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,11 +28,11 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
<div class="viewMain">
<div class="titleWrapper">
<div class="applicationName">
<?php echo $this->application->getName(); ?>
<?php echo $this->escape($this->application->getName()); ?>
</div>
<?php
if ($this->application->getDescription() != '') {
echo '<div class="applicationDescription">'.$this->application->getDescription().'</div>';
echo '<div class="applicationDescription">'.$this->escape($this->application->getDescription()).'</div>';
}
?>
</div>
Expand All @@ -41,8 +41,8 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
<div id="packageList" style="display: none;">
<?php
foreach ($this->releases as $release) {
echo '<h3><a href="#">Version '.$release.'</a></h3>';
echo '<div class="releaseEntry" element="'.$release.'">';
echo '<h3><a href="#">Version '.$this->escape($release).'</a></h3>';
echo '<div class="releaseEntry" element="'.$this->escape($release).'">';
echo '</div>';
}
?>
Expand Down Expand Up @@ -74,8 +74,8 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
<h1>Actions</h1>
<ul>
<li>
<a href="<?php echo $this->webroot; ?>/packages/application/latest?applicationId=<?php echo $this->application->getKey(
); ?>">
<a href="<?php echo $this->webroot; ?>/packages/application/latest?applicationId=<?php echo $this->escape($this->application->getKey(
)); ?>">
<img alt="" src="<?php echo $this->coreWebroot; ?>/public/images/icons/time.png"/>
Latest nightly packages
</a>
Expand All @@ -102,18 +102,18 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
<tr>
<td>Name</td>
<td>
<input type="text" name="name" value="<?php echo $this->application->getName(); ?>"/>
<input type="text" name="name" value="<?php echo $this->escape($this->application->getName()); ?>"/>
</td>
</tr>
<tr>
<td>Description</td>
<td>
<textarea class="expanding" name="description"><?php echo htmlentities(
<textarea class="expanding" name="description"><?php echo $this->escape(
$this->application->getDescription()
); ?></textarea></td>
</tbody>
</table>
<input type="hidden" name="applicationId" value="<?php echo $this->application->getKey(); ?>"/>
<input type="hidden" name="applicationId" value="<?php echo $this->escape($this->application->getKey()); ?>"/>
<input type="submit" class="globalButton" value="Save"/>
</form>
</div>
Expand All @@ -126,7 +126,7 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/application/pac
will be deleted, but the underlying item data will remain in place.
</div>
<br/><br/>
<input type="hidden" name="applicationId" value="<?php echo $this->application->getKey(); ?>"/>
<input type="hidden" name="applicationId" value="<?php echo $this->escape($this->application->getKey()); ?>"/>

<div style="float: right;">
<input style="margin-left: 0;" type="submit" class="globalButton" value="Delete"/>
Expand Down
2 changes: 1 addition & 1 deletion modules/packages/views/index/viewsidebar.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
<h1>Stats</h1>
<ul>
<?php
echo " <li>{$this->nPackages} {$this->t('package')}".(($this->nPackages > 1) ? 's' : '')."</li>";
echo " <li>{$this->escape($this->nPackages)} {$this->t('package')}".(($this->nPackages > 1) ? 's' : '')."</li>";
?>
</ul>
</div>
Expand Down
24 changes: 12 additions & 12 deletions modules/packages/views/package/manage.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/package/package
<div class="viewMain">
<div class="headerSection">
<h2>Package Metadata</h2>
<a href="<?php echo $this->webroot.'/item/'.$this->package->getItem()->getKey(); ?>">
<?php echo $this->package->getItem()->getName(); ?>
<a href="<?php echo $this->webroot.'/item/'.$this->escape($this->package->getItem()->getKey()); ?>">
<?php echo $this->escape($this->package->getItem()->getName()); ?>
</a>
</div>
<form class="genericForm packageEdit" method="POST" action="<?php echo $this->webroot; ?>/packages/package/save">
Expand All @@ -36,62 +36,62 @@ $this->headScript()->appendFile($this->moduleWebroot.'/public/js/package/package
<tr>
<td>OS</td>
<td>
<input type="text" name="os" value="<?php echo $this->package->getOs(); ?>"/>
<input type="text" name="os" value="<?php echo $this->escape($this->package->getOs()); ?>"/>
</td>
</tr>
<tr>
<td>Architecture</td>
<td>
<input type="text" name="arch" value="<?php echo $this->package->getArch(); ?>"/>
<input type="text" name="arch" value="<?php echo $this->escape($this->package->getArch()); ?>"/>
</td>
</tr>
<tr>
<td>Revision</td>
<td>
<input type="text" name="revision" value="<?php echo $this->package->getRevision(); ?>"/>
<input type="text" name="revision" value="<?php echo $this->escape($this->package->getRevision()); ?>"/>
</td>
</tr>
<tr>
<td>Submission Type</td>
<td>
<input type="text" name="submissiontype"
value="<?php echo $this->package->getSubmissiontype(); ?>"/>
value="<?php echo $this->escape($this->package->getSubmissiontype()); ?>"/>
</td>
</tr>
<tr>
<td>Package Type</td>
<td>
<input type="text" name="packagetype" value="<?php echo $this->package->getPackagetype(); ?>"/>
<input type="text" name="packagetype" value="<?php echo $this->escape($this->package->getPackagetype()); ?>"/>
</td>
</tr>
<tr>
<td>Product Name</td>
<td>
<input type="text" name="productname" value="<?php echo $this->package->getProductname(); ?>"/>
<input type="text" name="productname" value="<?php echo$this->escape($this->package->getProductname()); ?>"/>
</td>
</tr>
<tr>
<td>Codebase</td>
<td>
<input type="text" name="codebase" value="<?php echo $this->package->getCodebase(); ?>"/>
<input type="text" name="codebase" value="<?php echo $this->escape($this->package->getCodebase()); ?>"/>
</td>
</tr>
<tr>
<td>Checkout Date</td>
<td>
<input type="text" name="checkoutdate" value="<?php echo $this->package->getCheckoutdate(); ?>"/>
<input type="text" name="checkoutdate" value="<?php echo $this->escape($this->package->getCheckoutdate()); ?>"/>
</td>
</tr>
<tr>
<td>Release Tag</td>
<td>
<input type="text" name="release" value="<?php echo $this->package->getRelease(); ?>"/>
<input type="text" name="release" value="<?php echo $this->escape($this->package->getRelease()); ?>"/>
</td>
</tr>
</tbody>
</table>
<br/>
<input type="hidden" name="packageId" value="<?php echo $this->package->getKey(); ?>"/>
<input type="hidden" name="packageId" value="<?php echo $this->escape($this->package->getKey()); ?>"/>
<input class="globalButton" type="submit" value="Save"/>
</form>
</div>
12 changes: 6 additions & 6 deletions modules/packages/views/view/project.phtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
href="<?php echo $this->moduleWebroot ?>/public/css/view/packages.view.project.css"/>

<div class="packagesTabWrapper">
<div class="introText">The <?php echo $this->community->getName(); ?> project hosts packages for the following
<div class="introText">The <?php echo $this->escape($this->community->getName()); ?> project hosts packages for the following
applications:
</div>

Expand All @@ -38,11 +38,11 @@

foreach ($this->applications as $application) {
echo '<div class="applicationContainer">';
echo '<a class="applicationLink" href="'.$this->webroot.'/packages/application/view?applicationId='.$application->getKey(
).'">';
echo $application->getName().'</a>';
echo '<a class="applicationLink" href="'.$this->webroot.'/packages/application/view?applicationId='.$this->escape($application->getKey(
)).'">';
echo $this->escape($application->getName()).'</a>';
if ($application->getDescription() != '') {
echo '<div class="applicationDescription">'.$application->getDescription().'</div>';
echo '<div class="applicationDescription">'.$this->escape($application->getDescription()).'</div>';
}
echo '</div>';
}
Expand Down Expand Up @@ -75,7 +75,7 @@
</td>
</tbody>
</table>
<input type="hidden" name="projectId" value="<?php echo $this->project->getKey(); ?>"/>
<input type="hidden" name="projectId" value="<?php echo $this->escape($this->project->getKey()); ?>"/>
<input type="submit" class="globalButton" value="Create"/>
</form>
</div>

0 comments on commit 4a1b968

Please sign in to comment.