There is no need to call uri_escape() on integers. Also don't call escapeHTML() on simple URLs that contain no ampersand. But do call it any time they may contain one such as the return value of GetMoreInfoLink().
Signed-off-by: Francois Gouget fgouget@codeweavers.com --- testbot/web/JobDetails.pl | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-)
diff --git a/testbot/web/JobDetails.pl b/testbot/web/JobDetails.pl index c04266330..748153f28 100644 --- a/testbot/web/JobDetails.pl +++ b/testbot/web/JobDetails.pl @@ -91,7 +91,7 @@ sub GenerateDataView($$$) my $PropertyName = $Col->{Descriptor}->GetName(); if ($PropertyName eq "VM") { - print "<a href='#k", $self->escapeHTML($Row->{Item}->GetKey()), "'>"; + print "<a href='#k", $StepTask->GetKey(), "'>"; print $self->escapeHTML($StepTask->VM->Name); print "</a>"; } @@ -101,11 +101,9 @@ sub GenerateDataView($$$) if ($FileName and -r $FileName) { my $JobId = $self->{EnclosingPage}->GetJob()->Id; - my $URI = "/GetFile.pl?JobKey=" . uri_escape($JobId) . - "&StepKey=" . uri_escape($StepTask->StepNo); - print "<a href='" . $self->escapeHTML($URI) . "'>"; - print $self->escapeHTML($StepTask->FileName); - print "</a>"; + my $URI = "/GetFile.pl?JobKey=$JobId&StepKey=". $StepTask->StepNo; + print "<a href='", $self->escapeHTML($URI), "'>", + $self->escapeHTML($StepTask->FileName), "</a>"; } else { @@ -371,7 +369,7 @@ sub GetMoreInfoLink($$$$;$) { my ($self, $LinkKey, $Label, $Set, $Value) = @_;
- my $Url = $ENV{"SCRIPT_NAME"} ."?Key=". uri_escape($self->{JobId}); + my $Url = $ENV{"SCRIPT_NAME"} ."?Key=$self->{JobId}";
my $Action = "Show". ($Set eq "Full" and $Label !~ /old/ ? " full" : ""); foreach my $Key (sort keys %{$self->{More}}) @@ -423,11 +421,11 @@ sub GenerateMoreInfoLink($$$$;$$) my $Html = "<a href='". $self->escapeHTML($Url) ."'$Title>$Action $Label</a>"; if (defined $Value) { - $Url = "/GetTaskFile.pl?Job=". uri_escape($self->{JobId}) - ."&Step=". uri_escape($StepTask->StepNo) - ."&Task=". uri_escape($StepTask->TaskNo) + $Url = "/GetTaskFile.pl?Job=$self->{JobId}" + ."&Step=". $StepTask->StepNo + ."&Task=". $StepTask->TaskNo ."&File=". uri_escape($Value); - $Html = "<a href='$Url'>↓</a> $Html"; + $Html = "<a href='". $self->escapeHTML($Url) ."'>↓</a> $Html"; } if ($Action eq "Hide") { @@ -585,11 +583,11 @@ EOF { if ($MoreInfo->{Screenshot}) { - my $URI = "/Screenshot.pl?JobKey=" . uri_escape($self->{JobId}) . - "&StepKey=" . uri_escape($StepTask->StepNo) . - "&TaskKey=" . uri_escape($StepTask->TaskNo); - print "<div class='Screenshot'><img src='" . - $self->escapeHTML($URI) . "' alt='Screenshot' /></div>\n"; + my $URI = "/Screenshot.pl?JobKey=$self->{JobId}" + ."&StepKey=". $StepTask->StepNo + ."&TaskKey=". $StepTask->TaskNo; + print "<div class='Screenshot'><img src='", $self->escapeHTML($URI), + "' alt='Screenshot'/></div>\n"; } $self->GenerateMoreInfoLink($Key, "final screenshot", "Screenshot"); } @@ -665,7 +663,7 @@ EOF if (defined $LogInfo->{BadLog}) { my ($_Action, $Url) = $self->GetMoreInfoLink($Key, GetLogLabel($LogName), "Full", $LogName); - print "<pre class='log-note'>The error summary is not available (<a href='$Url'>see full log instead</a>): $LogInfo->{BadLog}</pre>\n"; + print "<pre class='log-note'>The error summary is not available (<a href='", $self->escapeHTML($Url), "'>see full log instead</a>): $LogInfo->{BadLog}</pre>\n"; } elsif ($LogInfo->{NoRef} and !defined $LogInfo->{BadRef}) {
-
Francois Gouget