Francois Gouget : testbot/web: Standardise escaping of the job details page URLs.
Alexandre Julliard
julliard at winehq.org
Mon May 2 15:19:07 CDT 2022
Module: tools
Branch: master
Commit: a035f917da8e21ecd29d97ef554fe69d49857c19
URL: https://source.winehq.org/git/tools.git/?a=commit;h=a035f917da8e21ecd29d97ef554fe69d49857c19
Author: Francois Gouget <fgouget at codeweavers.com>
Date: Mon May 2 19:23:05 2022 +0200
testbot/web: Standardise escaping of the job details page URLs.
There is no need to call uri_escape() on integers.
Also don't call escapeHTML() on simple URLs that contain no ampersand.
But do call it any time they may contain one such as the return value of
GetMoreInfoLink().
Signed-off-by: Francois Gouget <fgouget at codeweavers.com>
Signed-off-by: Alexandre Julliard <julliard at winehq.org>
---
testbot/web/JobDetails.pl | 32 +++++++++++++++-----------------
1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/testbot/web/JobDetails.pl b/testbot/web/JobDetails.pl
index c042663..748153f 100644
--- a/testbot/web/JobDetails.pl
+++ b/testbot/web/JobDetails.pl
@@ -91,7 +91,7 @@ sub GenerateDataView($$$)
my $PropertyName = $Col->{Descriptor}->GetName();
if ($PropertyName eq "VM")
{
- print "<a href='#k", $self->escapeHTML($Row->{Item}->GetKey()), "'>";
+ print "<a href='#k", $StepTask->GetKey(), "'>";
print $self->escapeHTML($StepTask->VM->Name);
print "</a>";
}
@@ -101,11 +101,9 @@ sub GenerateDataView($$$)
if ($FileName and -r $FileName)
{
my $JobId = $self->{EnclosingPage}->GetJob()->Id;
- my $URI = "/GetFile.pl?JobKey=" . uri_escape($JobId) .
- "&StepKey=" . uri_escape($StepTask->StepNo);
- print "<a href='" . $self->escapeHTML($URI) . "'>";
- print $self->escapeHTML($StepTask->FileName);
- print "</a>";
+ my $URI = "/GetFile.pl?JobKey=$JobId&StepKey=". $StepTask->StepNo;
+ print "<a href='", $self->escapeHTML($URI), "'>",
+ $self->escapeHTML($StepTask->FileName), "</a>";
}
else
{
@@ -371,7 +369,7 @@ sub GetMoreInfoLink($$$$;$)
{
my ($self, $LinkKey, $Label, $Set, $Value) = @_;
- my $Url = $ENV{"SCRIPT_NAME"} ."?Key=". uri_escape($self->{JobId});
+ my $Url = $ENV{"SCRIPT_NAME"} ."?Key=$self->{JobId}";
my $Action = "Show". ($Set eq "Full" and $Label !~ /old/ ? " full" : "");
foreach my $Key (sort keys %{$self->{More}})
@@ -423,11 +421,11 @@ sub GenerateMoreInfoLink($$$$;$$)
my $Html = "<a href='". $self->escapeHTML($Url) ."'$Title>$Action $Label</a>";
if (defined $Value)
{
- $Url = "/GetTaskFile.pl?Job=". uri_escape($self->{JobId})
- ."&Step=". uri_escape($StepTask->StepNo)
- ."&Task=". uri_escape($StepTask->TaskNo)
+ $Url = "/GetTaskFile.pl?Job=$self->{JobId}"
+ ."&Step=". $StepTask->StepNo
+ ."&Task=". $StepTask->TaskNo
."&File=". uri_escape($Value);
- $Html = "<a href='$Url'>↓</a> $Html";
+ $Html = "<a href='". $self->escapeHTML($Url) ."'>↓</a> $Html";
}
if ($Action eq "Hide")
{
@@ -585,11 +583,11 @@ EOF
{
if ($MoreInfo->{Screenshot})
{
- my $URI = "/Screenshot.pl?JobKey=" . uri_escape($self->{JobId}) .
- "&StepKey=" . uri_escape($StepTask->StepNo) .
- "&TaskKey=" . uri_escape($StepTask->TaskNo);
- print "<div class='Screenshot'><img src='" .
- $self->escapeHTML($URI) . "' alt='Screenshot' /></div>\n";
+ my $URI = "/Screenshot.pl?JobKey=$self->{JobId}"
+ ."&StepKey=". $StepTask->StepNo
+ ."&TaskKey=". $StepTask->TaskNo;
+ print "<div class='Screenshot'><img src='", $self->escapeHTML($URI),
+ "' alt='Screenshot'/></div>\n";
}
$self->GenerateMoreInfoLink($Key, "final screenshot", "Screenshot");
}
@@ -665,7 +663,7 @@ EOF
if (defined $LogInfo->{BadLog})
{
my ($_Action, $Url) = $self->GetMoreInfoLink($Key, GetLogLabel($LogName), "Full", $LogName);
- print "<pre class='log-note'>The error summary is not available (<a href='$Url'>see full log instead</a>): $LogInfo->{BadLog}</pre>\n";
+ print "<pre class='log-note'>The error summary is not available (<a href='", $self->escapeHTML($Url), "'>see full log instead</a>): $LogInfo->{BadLog}</pre>\n";
}
elsif ($LogInfo->{NoRef} and !defined $LogInfo->{BadRef})
{
More information about the wine-cvs
mailing list