diff --git a/src/applications/tokens/feed/PhabricatorTokenGivenFeedStory.php b/src/applications/tokens/feed/PhabricatorTokenGivenFeedStory.php index d448f0b989..370a54c55d 100644 --- a/src/applications/tokens/feed/PhabricatorTokenGivenFeedStory.php +++ b/src/applications/tokens/feed/PhabricatorTokenGivenFeedStory.php @@ -1,50 +1,54 @@ getValue('objectPHID'); } public function getRequiredHandlePHIDs() { $phids = array(); $phids[] = $this->getValue('objectPHID'); $phids[] = $this->getValue('authorPHID'); return $phids; } public function getRequiredObjectPHIDs() { $phids = array(); $phids[] = $this->getValue('tokenPHID'); return $phids; } public function renderView() { $view = $this->newStoryView(); $view->setAppIcon('token-dark'); $author_phid = $this->getValue('authorPHID'); $href = $this->getHandle($this->getPrimaryObjectPHID())->getURI(); $view->setHref($href); $token = $this->getObject($this->getValue('tokenPHID')); $title = pht( '%s awarded %s a %s token.', $this->linkTo($this->getValue('authorPHID')), $this->linkTo($this->getValue('objectPHID')), $token->getName()); $view->setTitle($title); $view->setImage($this->getHandle($author_phid)->getImageURI()); return $view; } public function renderText() { // TODO: This is grotesque; the feed notification handler relies on it. - return strip_tags(hsprintf('%s', $this->renderView()->render())); + return htmlspecialchars_decode( + strip_tags( + hsprintf( + '%s', + $this->renderView()->render()))); } } diff --git a/src/applications/transactions/feed/PhabricatorApplicationTransactionFeedStory.php b/src/applications/transactions/feed/PhabricatorApplicationTransactionFeedStory.php index 3b556b8489..a5af332ff3 100644 --- a/src/applications/transactions/feed/PhabricatorApplicationTransactionFeedStory.php +++ b/src/applications/transactions/feed/PhabricatorApplicationTransactionFeedStory.php @@ -1,72 +1,76 @@ getValue('objectPHID'); } public function getRequiredObjectPHIDs() { return $this->getValue('transactionPHIDs'); } public function getRequiredHandlePHIDs() { $phids = array(); $phids[] = $this->getValue('objectPHID'); foreach ($this->getValue('transactionPHIDs') as $xaction_phid) { $xaction = $this->getObject($xaction_phid); foreach ($xaction->getRequiredHandlePHIDs() as $handle_phid) { $phids[] = $handle_phid; } } return $phids; } protected function getPrimaryTransactionPHID() { return head($this->getValue('transactionPHIDs')); } protected function getPrimaryTransaction() { return $this->getObject($this->getPrimaryTransactionPHID()); } public function renderView() { $view = $this->newStoryView(); $handle = $this->getHandle($this->getPrimaryObjectPHID()); $view->setHref($handle->getURI()); $view->setAppIconFromPHID($handle->getPHID()); $xaction_phids = $this->getValue('transactionPHIDs'); $xaction = $this->getPrimaryTransaction(); $xaction->setHandles($this->getHandles()); $view->setTitle($xaction->getTitleForFeed($this)); foreach ($xaction_phids as $xaction_phid) { $secondary_xaction = $this->getObject($xaction_phid); $secondary_xaction->setHandles($this->getHandles()); $body = $secondary_xaction->getBodyForFeed($this); if (nonempty($body)) { $view->appendChild($body); } } $view->setImage( $this->getHandle($xaction->getAuthorPHID())->getImageURI()); return $view; } public function renderText() { // TODO: This is grotesque; the feed notification handler relies on it. - return strip_tags(hsprintf('%s', $this->renderView()->render())); + return htmlspecialchars_decode( + strip_tags( + hsprintf( + '%s', + $this->renderView()->render()))); } }