From f76724a46dee840092905f3d819423ffd556f14e Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 16:07:00 -0500 Subject: Move inline diff headers into a vertical column. --- inc/DifferenceEngine.php | 19 +++++++++++-------- 1 file changed, 11 insertions(+), 8 deletions(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index 1b68cf6d3..1099f40eb 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1070,11 +1070,13 @@ class TableDiffFormatter extends DiffFormatter { } function addedLine($line) { - return '+' . $line.''; + return '+'. + '' . $line.''; } function deletedLine($line) { - return '-' . $line.''; + return '-'. + '' . $line.''; } function emptyLine() { @@ -1082,7 +1084,8 @@ class TableDiffFormatter extends DiffFormatter { } function contextLine($line) { - return ' '.$line.''; + return ' '. + ''.$line.''; } function _added($lines) { @@ -1121,7 +1124,7 @@ class TableDiffFormatter extends DiffFormatter { * */ class InlineDiffFormatter extends DiffFormatter { - var $colspan = 4; + var $colspan = 2; function __construct() { $this->leading_context_lines = 2; @@ -1167,19 +1170,19 @@ class InlineDiffFormatter extends DiffFormatter { function _added($lines) { foreach ($lines as $line) { - print(''. $line . "\n"); + print('+'. $line . "\n"); } } function _deleted($lines) { foreach ($lines as $line) { - print('' . $line . "\n"); + print('-' . $line . "\n"); } } function _context($lines) { foreach ($lines as $line) { - print(''.$line."\n"); + print(' '.$line."\n"); } } @@ -1188,7 +1191,7 @@ class InlineDiffFormatter extends DiffFormatter { $add = $diff->inline(); foreach ($add as $line) - print(''.$line."\n"); + print('!'.$line."\n"); } } -- cgit v1.2.3 From 56133a04d1c5dcd4825f4c0c978b8a9336d603d0 Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 18:15:13 -0500 Subject: Fix width of indicator column. --- inc/DifferenceEngine.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index 1099f40eb..2125ad879 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1151,7 +1151,7 @@ class InlineDiffFormatter extends DiffFormatter { $xbeg .= "," . $xlen; if ($ylen != 1) $ybeg .= "," . $ylen; - $r = '@@ '.$lang['line']." -$xbeg +$ybeg @@"; + $r = '@@ '.$lang['line']." -$xbeg +$ybeg @@"; $r .= ' '.$lang['deleted'].''; $r .= ' '.$lang['created'].''; $r .= "\n"; @@ -1170,19 +1170,19 @@ class InlineDiffFormatter extends DiffFormatter { function _added($lines) { foreach ($lines as $line) { - print('+'. $line . "\n"); + print('+'. $line . "\n"); } } function _deleted($lines) { foreach ($lines as $line) { - print('-' . $line . "\n"); + print('-' . $line . "\n"); } } function _context($lines) { foreach ($lines as $line) { - print(' '.$line."\n"); + print(' '.$line."\n"); } } @@ -1191,7 +1191,7 @@ class InlineDiffFormatter extends DiffFormatter { $add = $diff->inline(); foreach ($add as $line) - print('!'.$line."\n"); + print('!'.$line."\n"); } } -- cgit v1.2.3 From a69506c52fbd9c92500be4f380acc7e68d4d6560 Mon Sep 17 00:00:00 2001 From: Tom N Harris Date: Sat, 16 Feb 2013 18:27:12 -0500 Subject: Remove the prefix from inline diffs. The line prefix was not actually indicating what it should indicate. In particular, anything in a "changed" block would show a "!" even if the entire line was added or deleted. Better to print nothing than something that's wrong. --- inc/DifferenceEngine.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index 2125ad879..c15c8b163 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1170,13 +1170,13 @@ class InlineDiffFormatter extends DiffFormatter { function _added($lines) { foreach ($lines as $line) { - print('+'. $line . "\n"); + print(' '. $line . "\n"); } } function _deleted($lines) { foreach ($lines as $line) { - print('-' . $line . "\n"); + print(' ' . $line . "\n"); } } @@ -1191,7 +1191,7 @@ class InlineDiffFormatter extends DiffFormatter { $add = $diff->inline(); foreach ($add as $line) - print('!'.$line."\n"); + print(' '.$line."\n"); } } -- cgit v1.2.3 From 60056e697fb1666e9b491b6f9f5654b694e3b8c9 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 17 Feb 2013 14:56:12 +0000 Subject: ensure diff formatters escape their output --- inc/DifferenceEngine.php | 58 +++++++++++++++++++++++++++++++++++------------- 1 file changed, 42 insertions(+), 16 deletions(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index 1b68cf6d3..42975b208 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -797,7 +797,7 @@ class DiffFormatter { function _lines($lines, $prefix = ' ') { foreach ($lines as $line) - echo "$prefix $line\n"; + echo "$prefix ".$this->_escape($line)."\n"; } function _context($lines) { @@ -816,6 +816,10 @@ class DiffFormatter { echo "---\n"; $this->_added($closing); } + + function _escape($str){ + return $str; + } } /** @@ -871,13 +875,13 @@ class _HWLDF_WordAccumulator { function _flushGroup($new_tag) { if ($this->_group !== '') { if ($this->_tag == 'mark') - $this->_line .= ''.$this->_group.''; + $this->_line .= ''.$this->_escape($this->_group).''; elseif ($this->_tag == 'add') - $this->_line .= ''.$this->_group.''; + $this->_line .= ''.$this->_escape($this->_group).''; elseif ($this->_tag == 'del') - $this->_line .= ''.$this->_group.''; + $this->_line .= ''.$this->_escape($this->_group).''; else - $this->_line .= $this->_group; + $this->_line .= $this->_escape($this->_group); } $this->_group = ''; $this->_tag = $new_tag; @@ -912,6 +916,10 @@ class _HWLDF_WordAccumulator { $this->_flushLine('~done'); return $this->_lines; } + + function _escape($str){ + return hsc($str); + } } class WordLevelDiff extends MappedDiff { @@ -1069,11 +1077,17 @@ class TableDiffFormatter extends DiffFormatter { function _lines($lines, $prefix=' ', $color="white") { } - function addedLine($line) { + function addedLine($line,$escaped=false) { + if (!$escaped){ + $line = $this->_escape($line); + } return '+' . $line.''; } - function deletedLine($line) { + function deletedLine($line,$escaped=false) { + if (!$escaped){ + $line = $this->_escape($line); + } return '-' . $line.''; } @@ -1082,12 +1096,16 @@ class TableDiffFormatter extends DiffFormatter { } function contextLine($line) { - return ' '.$line.''; + return ' '.$this->_escape($line).''; } function _added($lines) { + $this->_addedLines($lines,false); + } + + function _addedLines($lines,$escaped=false){ foreach ($lines as $line) { - print('' . $this->emptyLine() . $this->addedLine($line) . "\n"); + print('' . $this->emptyLine() . $this->addedLine($line,$escaped) . "\n"); } } @@ -1104,15 +1122,19 @@ class TableDiffFormatter extends DiffFormatter { } function _changed($orig, $closing) { - $diff = new WordLevelDiff($orig, $closing); + $diff = new WordLevelDiff($orig, $closing); // this escapes the diff data $del = $diff->orig(); $add = $diff->closing(); while ($line = array_shift($del)) { $aline = array_shift($add); - print('' . $this->deletedLine($line) . $this->addedLine($aline) . "\n"); + print('' . $this->deletedLine($line,true) . $this->addedLine($aline,true) . "\n"); } - $this->_added($add); # If any leftovers + $this->_addedLines($add,true); # If any leftovers + } + + function _escape($str) { + return hsc($str); } } @@ -1167,29 +1189,33 @@ class InlineDiffFormatter extends DiffFormatter { function _added($lines) { foreach ($lines as $line) { - print(''. $line . "\n"); + print(''. $this->_escape($line) . "\n"); } } function _deleted($lines) { foreach ($lines as $line) { - print('' . $line . "\n"); + print('' . $this->_escape($line) . "\n"); } } function _context($lines) { foreach ($lines as $line) { - print(''.$line."\n"); + print(''.$this->_escape($line)."\n"); } } function _changed($orig, $closing) { - $diff = new InlineWordLevelDiff($orig, $closing); + $diff = new InlineWordLevelDiff($orig, $closing); // this escapes the diff data $add = $diff->inline(); foreach ($add as $line) print(''.$line."\n"); } + + function _escape($str) { + return hsc($str); + } } -- cgit v1.2.3 From 3a4ea35cfcc40e754577cb6a1e41442d14b6a0a6 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Sun, 17 Feb 2013 19:30:55 +0000 Subject: replace remaining hardcoded 'colspan' values with ->colspan --- inc/DifferenceEngine.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index f6ed9aa13..e0fbf8e03 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1037,6 +1037,7 @@ class UnifiedDiffFormatter extends DiffFormatter { * */ class TableDiffFormatter extends DiffFormatter { + var $colspan = 2; function __construct() { $this->leading_context_lines = 2; @@ -1061,8 +1062,8 @@ class TableDiffFormatter extends DiffFormatter { global $lang; $l1 = $lang['line'].' '.$xbeg; $l2 = $lang['line'].' '.$ybeg; - $r = ''.$l1.":\n". - ''.$l2.":\n". + $r = ''.$l1.":\n". + ''.$l2.":\n". "\n"; return $r; } @@ -1094,7 +1095,7 @@ class TableDiffFormatter extends DiffFormatter { } function emptyLine() { - return ' '; + return ' '; } function contextLine($line) { @@ -1173,7 +1174,7 @@ class InlineDiffFormatter extends DiffFormatter { $xbeg .= "," . $xlen; if ($ylen != 1) $ybeg .= "," . $ylen; - $r = '@@ '.$lang['line']." -$xbeg +$ybeg @@"; + $r = '@@ '.$lang['line']." -$xbeg +$ybeg @@"; $r .= ' '.$lang['deleted'].''; $r .= ' '.$lang['created'].''; $r .= "\n"; -- cgit v1.2.3 From df9752e9c1bfd3eaff132b15817baa1c6e989506 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Wed, 10 Apr 2013 18:01:04 +0100 Subject: add comment to Unified Diff Formatter making it clear the output is unsafe for use in HTML as is --- inc/DifferenceEngine.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index e0fbf8e03..783d6bea5 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -1004,6 +1004,8 @@ class InlineWordLevelDiff extends MappedDiff { * "Unified" diff formatter. * * This class formats the diff in classic "unified diff" format. + * + * NOTE: output is plain text and unsafe for use in HTML without escaping. */ class UnifiedDiffFormatter extends DiffFormatter { -- cgit v1.2.3 From bfd197d22f32f74940afadf1e308828773dbde18 Mon Sep 17 00:00:00 2001 From: hArpanet Date: Mon, 20 May 2013 20:12:52 +0200 Subject: Added comment to DiffFormatter _escape() method Clarify use of _escape() method in base class. --- inc/DifferenceEngine.php | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'inc/DifferenceEngine.php') diff --git a/inc/DifferenceEngine.php b/inc/DifferenceEngine.php index 783d6bea5..07df7a4be 100644 --- a/inc/DifferenceEngine.php +++ b/inc/DifferenceEngine.php @@ -817,7 +817,16 @@ class DiffFormatter { $this->_added($closing); } - function _escape($str){ + /** + * Escape string + * + * Override this method within other formatters if escaping required. + * Base class requires $str to be returned WITHOUT escaping. + * + * @param $str string Text string to escape + * @return string The escaped string. + */ + function _escape($str){ return $str; } } -- cgit v1.2.3