All new accounts created on Gitlab now require administrator approval. If you invite any collaborators, please let Flux staff know so they can approve the accounts.

Commit 27a6767a authored by Leigh B Stoller's avatar Leigh B Stoller

Some quick fixes for how we encode the extension text into JSON; there was

an interaction between htmlentities and json_encode. I got rid of the
former and added options to json_encode, but that is not safe, so need to
make sure we use jquery .text() and underscore template <%- when displaying
that text.
parent 30afbb02
......@@ -120,7 +120,7 @@ if (count($extensions)) {
$foo[$extension->idx()] = $extension->info;
}
echo "<script type='text/plain' id='extensions-json'>\n";
echo json_encode($foo);
echo json_encode($foo, JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_TAG);
echo "</script>\n";
}
SPITFOOTER();
......
......@@ -836,8 +836,8 @@ class ExtensionInfo
return;
}
$this->info = mysql_fetch_assoc($query_result);
$this->info["reason"] = trim(CleanString($this->info["reason"]));
$this->info["message"] = trim(CleanString($this->info["message"]));
$this->info["reason"] = trim($this->info["reason"]);
$this->info["message"] = trim($this->info["message"]);
}
# accessors
function field($name) {
......
......@@ -282,12 +282,9 @@ if (count($extensions)) {
$foo[$extension->idx()] = $extension->info;
}
echo "<script type='text/plain' id='extensions-json'>\n";
echo json_encode($foo);
echo json_encode($foo, JSON_HEX_APOS|JSON_HEX_QUOT|JSON_HEX_TAG|JSON_HEX_TAG);
echo "</script>\n";
}
if ($extension_history != "") {
echo "<pre class='hidden' id='extension_history'>$extension_history</pre>\n";
}
if ($extension_denied_reason != "") {
echo "<pre class='hidden' id='extension_denied_reason'>$extension_denied_reason</pre>\n";
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment