You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/08/01 15:27:28 UTC
airavata-php-gateway git commit: AIRAVATA-1902 Escaping project id,
name, etc.
Repository: airavata-php-gateway
Updated Branches:
refs/heads/develop 3ae5f319e -> ebaad45b4
AIRAVATA-1902 Escaping project id, name, etc.
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/ebaad45b
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/ebaad45b
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/ebaad45b
Branch: refs/heads/develop
Commit: ebaad45b4f6f04944db115ecc5cf3450a9120490
Parents: 3ae5f31
Author: Marcus Christie <ma...@iu.edu>
Authored: Tue Aug 1 11:26:49 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Tue Aug 1 11:27:10 2017 -0400
----------------------------------------------------------------------
app/controllers/ProjectController.php | 6 +++---
app/libraries/ProjectUtilities.php | 8 +++----
app/views/experiment/create-complete.blade.php | 2 +-
app/views/project/browse.blade.php | 4 ++--
app/views/project/edit.blade.php | 10 ++++-----
app/views/project/no-sharing-edit.blade.php | 6 +++---
app/views/project/no-sharing-summary.blade.php | 24 ++++++++++-----------
app/views/project/summary.blade.php | 22 +++++++++----------
8 files changed, 41 insertions(+), 41 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/controllers/ProjectController.php
----------------------------------------------------------------------
diff --git a/app/controllers/ProjectController.php b/app/controllers/ProjectController.php
index ea6efd3..f89f6eb 100755
--- a/app/controllers/ProjectController.php
+++ b/app/controllers/ProjectController.php
@@ -37,7 +37,7 @@ class ProjectController extends BaseController
{
if (isset($_POST['save'])) {
$projectId = ProjectUtilities::create_project();
- return Redirect::to('project/summary?projId=' . $projectId);
+ return Redirect::to('project/summary?projId=' . urlencode($projectId));
} else {
return Redirect::to('project/create');
}
@@ -125,7 +125,7 @@ class ProjectController extends BaseController
return $this->createEditView(Input::get("projectId"), $projectDetails, null)->with("errorMessage", "Failed to update project: " . $ex->getMessage());
}
}
- return Redirect::to("project/summary?projId=" . Input::get("projectId"))->with("project_edited", true);
+ return Redirect::to("project/summary?projId=" . urlencode(Input::get("projectId")))->with("project_edited", true);
}
/**
@@ -164,7 +164,7 @@ class ProjectController extends BaseController
"canEditSharing" => $canEditSharing
));
}else {
- return Redirect::to('project/summary?projId=' . $projectId)->with("error", "You do not have permission to edit this project.");
+ return Redirect::to('project/summary?projId=' . urlencode($projectId))->with("error", "You do not have permission to edit this project.");
}
} else {
return View::make("project/no-sharing-edit",
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/libraries/ProjectUtilities.php
----------------------------------------------------------------------
diff --git a/app/libraries/ProjectUtilities.php b/app/libraries/ProjectUtilities.php
index 3367d16..b80d24d 100755
--- a/app/libraries/ProjectUtilities.php
+++ b/app/libraries/ProjectUtilities.php
@@ -122,7 +122,7 @@ class ProjectUtilities
$selected = '';
}
- echo '<option value="' . $project->projectID . '" ' . $selected . '>' . $project->optionLabel . '</option>';
+ echo '<option value="' . htmlspecialchars($project->projectID) . '" ' . $selected . '>' . htmlspecialchars($project->optionLabel) . '</option>';
}
}
echo '</select>';
@@ -144,11 +144,11 @@ class ProjectUtilities
$projectId = Airavata::createProject(Session::get('authz-token'), Config::get('pga_config.airavata')['gateway-id'], $project);
if ($projectId) {
- CommonUtilities::print_success_message("<p>Project {$_POST['project-name']} created!</p>" .
+ CommonUtilities::print_success_message("<p>Project " . htmlspecialchars($_POST['project-name']) . " created!</p>" .
'<p>You will be redirected to the summary page shortly, or you can
- <a href="project/summary?projId=' . $projectId . '">go directly</a> to the project summary page.</p>');
+ <a href="project/summary?projId=' . urlencode($projectId) . '">go directly</a> to the project summary page.</p>');
} else {
- CommonUtilities::print_error_message("Error creating project {$_POST['project-name']}!");
+ CommonUtilities::print_error_message("Error creating project ". htmlspecialchars($_POST['project-name']) . "!");
}
} catch (InvalidRequestException $ire) {
CommonUtilities::print_error_message('InvalidRequestException!<br><br>' . $ire->getMessage());
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/experiment/create-complete.blade.php
----------------------------------------------------------------------
diff --git a/app/views/experiment/create-complete.blade.php b/app/views/experiment/create-complete.blade.php
index 0ac6bd6..b8d48b6 100755
--- a/app/views/experiment/create-complete.blade.php
+++ b/app/views/experiment/create-complete.blade.php
@@ -48,7 +48,7 @@
var users = {{ $users }};
var owner = {{ $owner }};
var projectOwner = {{ $projectOwner }};
- $('#entity-share').data({url: "{{URL::to('/')}}/project/unshared-users", resourceId: "{{$expInputs['project']}}"})
+ $('#entity-share').data({url: "{{URL::to('/')}}/project/unshared-users", resourceId: {{json_encode($expInputs['project'])}}})
</script>
{{ HTML::script('js/sharing/sharing_utils.js') }}
{{ HTML::script('js/sharing/share.js') }}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/project/browse.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/browse.blade.php b/app/views/project/browse.blade.php
index a7e322e..5383fb7 100755
--- a/app/views/project/browse.blade.php
+++ b/app/views/project/browse.blade.php
@@ -106,7 +106,7 @@
?>
<tr>
<td>
- {{$project->name}}
+ {{{$project->name}}}
@if($can_write[$project->projectID])
<a href="{{URL::to('/')}}/project/edit?projId={{urlencode($project->projectID)}}" title="Edit">
<span class="glyphicon glyphicon-pencil"></span>
@@ -114,7 +114,7 @@
@endif
</td>
<td>
- {{$project->owner}}
+ {{{$project->owner}}}
</td>
<td class="time" unix-time="
<?php echo $project->creationTime / 1000 ?>">
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/project/edit.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/edit.blade.php b/app/views/project/edit.blade.php
index 8f38848..2ed473f 100755
--- a/app/views/project/edit.blade.php
+++ b/app/views/project/edit.blade.php
@@ -33,15 +33,15 @@
class="form-control"
name="project-name"
id="project-name"
- value="{{ $project->name }}" required maxlength="50">
+ value="{{{ $project->name }}}" required maxlength="50">
</div>
<div class="form-group">
<label for="project-description">Project Description</label>
<textarea class="form-control"
name="project-description"
- id="project-description" maxlength="200">{{ $project->description }}</textarea>
- <input type="hidden" name="projectId" value="{{ $projectId }}"/>
- <input type="hidden" name="projectOwner" value="{{ $project->owner}}"/>
+ id="project-description" maxlength="200">{{{ $project->description }}}</textarea>
+ <input type="hidden" name="projectId" value="{{{ $projectId }}}"/>
+ <input type="hidden" name="projectOwner" value="{{{ $project->owner }}}"/>
</div>
<div class="form-group">
@@ -69,7 +69,7 @@
<script>
var users = {{ $users }};
var owner = {{ $owner }};
- $('#entity-share').data({url: "{{ URL::to('/') }}/project/unshared-users", resourceId: "{{ $projectId }}"})
+ $('#entity-share').data({url: "{{ URL::to('/') }}/project/unshared-users", resourceId: {{ json_encode($projectId) }}})
</script>
{{ HTML::script('js/sharing/sharing_utils.js') }}
{{ HTML::script('js/sharing/share.js') }}
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/project/no-sharing-edit.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/no-sharing-edit.blade.php b/app/views/project/no-sharing-edit.blade.php
index c7da3f9..ac30a1e 100755
--- a/app/views/project/no-sharing-edit.blade.php
+++ b/app/views/project/no-sharing-edit.blade.php
@@ -27,14 +27,14 @@
class="form-control"
name="project-name"
id="project-name"
- value="{{ $project->name }}" required maxlength="50">
+ value="{{{ $project->name }}}" required maxlength="50">
</div>
<div class="form-group">
<label for="project-description">Project Description</label>
<textarea class="form-control"
name="project-description"
- id="project-description" maxlength="200">{{ $project->description }}</textarea>
- <input type="hidden" name="projectId" value="{{ Input::get('projId') }}"/>
+ id="project-description" maxlength="200">{{{ $project->description }}}</textarea>
+ <input type="hidden" name="projectId" value="{{{ Input::get('projId') }}}"/>
</div>
<div class="btn-toolbar">
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/project/no-sharing-summary.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/no-sharing-summary.blade.php b/app/views/project/no-sharing-summary.blade.php
index 595ff43..534fc13 100755
--- a/app/views/project/no-sharing-summary.blade.php
+++ b/app/views/project/no-sharing-summary.blade.php
@@ -12,18 +12,18 @@
?>
<h1>Project Summary
@if( !isset($dashboard))
- <small><a href="{{ URL::to('/') }}/project/summary?projId={{ $project->projectID }}"
+ <small><a href="{{ URL::to('/') }}/project/summary?projId={{ urlencode($project->projectID) }}"
title="Refresh"><span class="glyphicon glyphicon-refresh refresh-exp"></span></a></small>
@endif
</h1>
<div>
<div>
- <h3>{{ $project->name }}
- <a href="edit?projId={{ $project->projectID }}" title="Edit">
+ <h3>{{{ $project->name }}}
+ <a href="edit?projId={{ urlencode($project->projectID) }}" title="Edit">
<span class="glyphicon glyphicon-pencil"></span>
</a>
</h3>
- <p>{{ $project->description }}</p>
+ <p>{{{ $project->description }}}</p>
</div>
<div class="table-responsive">
<table class="table">
@@ -62,27 +62,27 @@
</a>
<a href="{{URL::to('/')}}/experiment/edit?expId={{urlencode($experiment->experimentId)}}" title="Edit"><span class="glyphicon glyphicon-pencil"></span></a>
</td>
- <td>{{ $experiment->userName }}</td>
+ <td>{{{ $experiment->userName }}}</td>
<td>
@if( $applicationInterface != null )
- {{ $applicationInterface->applicationName }}
+ {{{ $applicationInterface->applicationName }}}
@else
<span class='text-danger'>Removed</span>
@endif
</td>
- <td>{{ $resourceName }}</td>
- <td class="time" unix-time="{{$expValues["experimentTimeOfStateChange"]}}"></td>
+ <td>{{{ $resourceName }}}</td>
+ <td class="time" unix-time="{{{$expValues["experimentTimeOfStateChange"]}}}"></td>
<td>
- <div class="{{ExperimentUtilities::get_status_color_class( $expValues["experimentStatusString"])}}">
- {{ $expValues["experimentStatusString"] }}
+ <div class="{{{ExperimentUtilities::get_status_color_class( $expValues["experimentStatusString"])}}}">
+ {{{ $expValues["experimentStatusString"] }}}
</div>
</td>
<td>
@if (isset($expValues["jobState"]) )
- <div class="{{ ExperimentUtilities::get_status_color_class( $expValues["jobState"]) }}">
- {{ $expValues["jobState"] }}
+ <div class="{{{ ExperimentUtilities::get_status_color_class( $expValues["jobState"]) }}}">
+ {{{ $expValues["jobState"] }}}
</div>
@endif
</td>
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/ebaad45b/app/views/project/summary.blade.php
----------------------------------------------------------------------
diff --git a/app/views/project/summary.blade.php b/app/views/project/summary.blade.php
index 1e89102..71ad461 100755
--- a/app/views/project/summary.blade.php
+++ b/app/views/project/summary.blade.php
@@ -13,20 +13,20 @@
?>
<h1>Project Summary
@if( !isset($dashboard))
- <small><a href="{{ URL::to('/') }}/project/summary?projId={{ $project->projectID }}"
+ <small><a href="{{ URL::to('/') }}/project/summary?projId={{ urlencode($project->projectID) }}"
title="Refresh"><span class="glyphicon glyphicon-refresh refresh-exp"></span></a></small>
@endif
</h1>
<div>
<div>
- <h3>{{ $project->name }}
+ <h3>{{{ $project->name }}}
@if($project_can_write === true)
- <a href="edit?projId={{ $project->projectID }}" title="Edit">
+ <a href="edit?projId={{ urlencode($project->projectID) }}" title="Edit">
<span class="glyphicon glyphicon-pencil"></span>
</a>
@endif
</h3>
- <p>{{ $project->description }}</p>
+ <p>{{{ $project->description }}}</p>
</div>
<div class="table-responsive">
<table class="table">
@@ -67,27 +67,27 @@
<a href="{{URL::to('/')}}/experiment/edit?expId={{urlencode($experiment->experimentId)}}" title="Edit"><span class="glyphicon glyphicon-pencil"></span></a>
@endif
</td>
- <td>{{ $experiment->userName }}</td>
+ <td>{{{ $experiment->userName }}}</td>
<td>
@if( $applicationInterface != null )
- {{ $applicationInterface->applicationName }}
+ {{{ $applicationInterface->applicationName }}}
@else
<span class='text-danger'>Removed</span>
@endif
</td>
<td>{{ $resourceName }}</td>
- <td class="time" unix-time="{{$expValues["experimentCreationTime"]}}"></td>
+ <td class="time" unix-time="{{{$expValues["experimentCreationTime"]}}}"></td>
<td>
- <div class="{{ExperimentUtilities::get_status_color_class( $expValues["experimentStatusString"])}}">
- {{ $expValues["experimentStatusString"] }}
+ <div class="{{{ExperimentUtilities::get_status_color_class( $expValues["experimentStatusString"])}}}">
+ {{{ $expValues["experimentStatusString"] }}}
</div>
</td>
<td>
@if (isset($expValues["jobState"]) )
- <div class="{{ ExperimentUtilities::get_status_color_class( $expValues["jobState"]) }}">
- {{ $expValues["jobState"] }}
+ <div class="{{{ ExperimentUtilities::get_status_color_class( $expValues["jobState"]) }}}">
+ {{{ $expValues["jobState"] }}}
</div>
@endif
</td>