aboutsummaryrefslogtreecommitdiffstats
path: root/perllib/FixMyStreet/App
diff options
context:
space:
mode:
Diffstat (limited to 'perllib/FixMyStreet/App')
-rw-r--r--perllib/FixMyStreet/App/Controller/Contact.pm6
-rw-r--r--perllib/FixMyStreet/App/Controller/Report/New.pm3
-rw-r--r--perllib/FixMyStreet/App/Controller/Report/Update.pm3
-rw-r--r--perllib/FixMyStreet/App/View/Web.pm20
4 files changed, 23 insertions, 9 deletions
diff --git a/perllib/FixMyStreet/App/Controller/Contact.pm b/perllib/FixMyStreet/App/Controller/Contact.pm
index 8477dd694..9ce89a9e2 100644
--- a/perllib/FixMyStreet/App/Controller/Contact.pm
+++ b/perllib/FixMyStreet/App/Controller/Contact.pm
@@ -7,6 +7,7 @@ BEGIN { extends 'Catalyst::Controller'; }
use MIME::Base64;
use mySociety::EmailUtil;
use FixMyStreet::Email;
+use FixMyStreet::Template::SafeString;
=head1 NAME
@@ -253,8 +254,9 @@ generally required to stash
sub setup_request : Private {
my ( $self, $c ) = @_;
- $c->stash->{contact_email} = $c->cobrand->contact_email;
- $c->stash->{contact_email} =~ s/\@/@/;
+ my $email = $c->cobrand->contact_email;
+ $email =~ s/\@/@/;
+ $c->stash->{contact_email} = FixMyStreet::Template::SafeString->new($email);
for my $param (qw/em subject message/) {
$c->stash->{$param} = $c->get_param($param);
diff --git a/perllib/FixMyStreet/App/Controller/Report/New.pm b/perllib/FixMyStreet/App/Controller/Report/New.pm
index 270ad2ddb..899028ee9 100644
--- a/perllib/FixMyStreet/App/Controller/Report/New.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/New.pm
@@ -4,6 +4,7 @@ use Moose;
use namespace::autoclean;
BEGIN { extends 'Catalyst::Controller'; }
+use utf8;
use Encode;
use List::MoreUtils qw(uniq);
use List::Util 'first';
@@ -895,7 +896,7 @@ sub process_user : Private {
oauth_report => { $report->get_inflated_columns }
};
unless ( $c->forward( '/auth/sign_in', [ $params{username} ] ) ) {
- $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.');
+ $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.');
return 1;
}
my $user = $c->user->obj;
diff --git a/perllib/FixMyStreet/App/Controller/Report/Update.pm b/perllib/FixMyStreet/App/Controller/Report/Update.pm
index 1dc337c48..610f0f4eb 100644
--- a/perllib/FixMyStreet/App/Controller/Report/Update.pm
+++ b/perllib/FixMyStreet/App/Controller/Report/Update.pm
@@ -4,6 +4,7 @@ use Moose;
use namespace::autoclean;
BEGIN { extends 'Catalyst::Controller'; }
+use utf8;
use Path::Class;
use List::Util 'first';
use Utils;
@@ -143,7 +144,7 @@ sub process_user : Private {
oauth_update => { $update->get_inflated_columns }
};
unless ( $c->forward( '/auth/sign_in', [ $params{username} ] ) ) {
- $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.');
+ $c->stash->{field_errors}->{password} = _('There was a problem with your login information. If you cannot remember your password, or do not have one, please fill in the ‘No’ section of the form.');
return 1;
}
my $user = $c->user->obj;
diff --git a/perllib/FixMyStreet/App/View/Web.pm b/perllib/FixMyStreet/App/View/Web.pm
index 93aa0e2fb..1e1b50094 100644
--- a/perllib/FixMyStreet/App/View/Web.pm
+++ b/perllib/FixMyStreet/App/View/Web.pm
@@ -6,6 +6,7 @@ use warnings;
use FixMyStreet;
use FixMyStreet::Template;
+use FixMyStreet::Template::SafeString;
use Utils;
__PACKAGE__->config(
@@ -19,6 +20,7 @@ __PACKAGE__->config(
'tprintf', 'prettify_dt',
'version', 'decode',
'prettify_state',
+ 'mark_safe',
],
FILTERS => {
add_links => \&add_links,
@@ -59,7 +61,15 @@ sprintf (different name to avoid clash)
sub tprintf {
my ( $self, $c, $format, @args ) = @_;
@args = @{$args[0]} if ref $args[0] eq 'ARRAY';
- return sprintf $format, @args;
+ #$format = $format->plain if UNIVERSAL::isa($format, 'Template::HTML::Variable');
+ my $s = sprintf $format, @args;
+ return FixMyStreet::Template::SafeString->new($s);
+}
+
+sub mark_safe {
+ my ($self, $c, $s) = @_;
+ $s = $s->plain if UNIVERSAL::isa($s, 'FixMyStreet::Template::Variable');
+ return FixMyStreet::Template::SafeString->new($s);
}
=head2 Utils::prettify_dt
@@ -82,16 +92,16 @@ sub prettify_dt {
[% text | add_links | html_para %]
-Add some links to some text (and thus HTML-escapes the other text.
+Add some links to some text (and thus HTML-escapes the other text).
=cut
sub add_links {
my $text = shift;
+ $text = FixMyStreet::Template::conditional_escape($text);
$text =~ s/\r//g;
- $text = FixMyStreet::Template::html_filter($text);
$text =~ s{(https?://)([^\s]+)}{"<a href=\"$1$2\">$1" . _space_slash($2) . '</a>'}ge;
- return $text;
+ return FixMyStreet::Template::SafeString->new($text);
}
sub _space_slash {
@@ -113,7 +123,7 @@ sub markup_factory {
my $text = shift;
return $text unless $user && ($user->from_body || $user->is_superuser);
$text =~ s{\*(\S.*?\S)\*}{<i>$1</i>};
- $text;
+ FixMyStreet::Template::SafeString->new($text);
}
}
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-05 21:05:09 +0000