Commit 70f8ac6f authored by webchick's avatar webchick

Issue #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use...

Issue #2457887 by prateekMehta, stefan.r, rpayanm, alexpott: Use Utility\SafeMarkup class instead of Utility\String for placeholder(), checkPlain(),format() functions
parent ed6b8823
...@@ -15,9 +15,8 @@ ...@@ -15,9 +15,8 @@
use Drupal\Component\Utility\Crypt; use Drupal\Component\Utility\Crypt;
use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\Number; use Drupal\Component\Utility\Number;
use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\SortArray; use Drupal\Component\Utility\SortArray;
use Drupal\Component\Utility\String; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\Tags; use Drupal\Component\Utility\Tags;
use Drupal\Component\Utility\UrlHelper; use Drupal\Component\Utility\UrlHelper;
use Drupal\Core\Asset\AttachedAssets; use Drupal\Core\Asset\AttachedAssets;
...@@ -280,10 +279,10 @@ function valid_email_address($mail) { ...@@ -280,10 +279,10 @@ function valid_email_address($mail) {
* \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead. * \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() instead.
* *
* @see \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols() * @see \Drupal\Component\Utility\UrlHelper::stripDangerousProtocols()
* @see \Drupal\Component\Utility\String::checkPlain() * @see \Drupal\Component\Utility\SafeMarkup::checkPlain()
*/ */
function check_url($uri) { function check_url($uri) {
return String::checkPlain(UrlHelper::stripDangerousProtocols($uri)); return SafeMarkup::checkPlain(UrlHelper::stripDangerousProtocols($uri));
} }
/** /**
...@@ -325,7 +324,7 @@ function format_xml_elements($array) { ...@@ -325,7 +324,7 @@ function format_xml_elements($array) {
} }
if (isset($value['value']) && $value['value'] != '') { if (isset($value['value']) && $value['value'] != '') {
$output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : String::checkPlain($value['value'])) . '</' . $value['key'] . ">\n"; $output .= '>' . (is_array($value['value']) ? format_xml_elements($value['value']) : SafeMarkup::checkPlain($value['value'])) . '</' . $value['key'] . ">\n";
} }
else { else {
$output .= " />\n"; $output .= " />\n";
...@@ -333,7 +332,7 @@ function format_xml_elements($array) { ...@@ -333,7 +332,7 @@ function format_xml_elements($array) {
} }
} }
else { else {
$output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : String::checkPlain($value)) . "</$key>\n"; $output .= ' <' . $key . '>' . (is_array($value) ? format_xml_elements($value) : SafeMarkup::checkPlain($value)) . "</$key>\n";
} }
} }
// @todo This is marking the output string as safe HTML, but we have only // @todo This is marking the output string as safe HTML, but we have only
...@@ -570,7 +569,7 @@ function _drupal_add_html_head_link($attributes, $header = FALSE) { ...@@ -570,7 +569,7 @@ function _drupal_add_html_head_link($attributes, $header = FALSE) {
if ($header) { if ($header) {
// Also add a HTTP header "Link:". // Also add a HTTP header "Link:".
$href = '<' . String::checkPlain($attributes['href']) . '>;'; $href = '<' . SafeMarkup::checkPlain($attributes['href']) . '>;';
unset($attributes['href']); unset($attributes['href']);
$element['#attached']['http_header'][] = array('Link', $href . drupal_http_header_attributes($attributes), TRUE); $element['#attached']['http_header'][] = array('Link', $href . drupal_http_header_attributes($attributes), TRUE);
} }
...@@ -1581,7 +1580,7 @@ function _drupal_flush_css_js() { ...@@ -1581,7 +1580,7 @@ function _drupal_flush_css_js() {
*/ */
function debug($data, $label = NULL, $print_r = TRUE) { function debug($data, $label = NULL, $print_r = TRUE) {
// Print $data contents to string. // Print $data contents to string.
$string = String::checkPlain($print_r ? print_r($data, TRUE) : var_export($data, TRUE)); $string = SafeMarkup::checkPlain($print_r ? print_r($data, TRUE) : var_export($data, TRUE));
// Display values with pre-formatting to increase readability. // Display values with pre-formatting to increase readability.
$string = '<pre>' . $string . '</pre>'; $string = '<pre>' . $string . '</pre>';
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
use Drupal\Component\Utility\UrlHelper; use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\PhpStorage\FileStorage; use Drupal\Component\PhpStorage\FileStorage;
use Drupal\Component\Utility\Bytes; use Drupal\Component\Utility\Bytes;
use Drupal\Component\Utility\String; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\File\FileSystem; use Drupal\Core\File\FileSystem;
use Drupal\Core\StreamWrapper\PublicStream; use Drupal\Core\StreamWrapper\PublicStream;
use Drupal\Core\StreamWrapper\StreamWrapperInterface; use Drupal\Core\StreamWrapper\StreamWrapperInterface;
...@@ -463,7 +463,7 @@ function file_save_htaccess($directory, $private = TRUE, $force_overwrite = FALS ...@@ -463,7 +463,7 @@ function file_save_htaccess($directory, $private = TRUE, $force_overwrite = FALS
return drupal_chmod($htaccess_path, 0444); return drupal_chmod($htaccess_path, 0444);
} }
else { else {
$variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(String::checkPlain($htaccess_lines))); $variables = array('%directory' => $directory, '!htaccess' => '<br />' . nl2br(SafeMarkup::checkPlain($htaccess_lines)));
\Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables); \Drupal::logger('security')->error("Security warning: Couldn't write .htaccess file. Please create a .htaccess file in your %directory directory which contains the following lines: <code>!htaccess</code>", $variables);
return FALSE; return FALSE;
} }
......
...@@ -7,7 +7,6 @@ ...@@ -7,7 +7,6 @@
use Drupal\Component\Utility\NestedArray; use Drupal\Component\Utility\NestedArray;
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\UrlHelper; use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss; use Drupal\Component\Utility\Xss;
use Drupal\Core\Database\Database; use Drupal\Core\Database\Database;
...@@ -109,7 +108,7 @@ function form_select_options($element, $choices = NULL) { ...@@ -109,7 +108,7 @@ function form_select_options($element, $choices = NULL) {
$options = ''; $options = '';
foreach ($choices as $key => $choice) { foreach ($choices as $key => $choice) {
if (is_array($choice)) { if (is_array($choice)) {
$options .= '<optgroup label="' . String::checkPlain($key) . '">'; $options .= '<optgroup label="' . SafeMarkup::checkPlain($key) . '">';
$options .= form_select_options($element, $choice); $options .= form_select_options($element, $choice);
$options .= '</optgroup>'; $options .= '</optgroup>';
} }
...@@ -125,7 +124,7 @@ function form_select_options($element, $choices = NULL) { ...@@ -125,7 +124,7 @@ function form_select_options($element, $choices = NULL) {
else { else {
$selected = ''; $selected = '';
} }
$options .= '<option value="' . String::checkPlain($key) . '"' . $selected . '>' . String::checkPlain($choice) . '</option>'; $options .= '<option value="' . SafeMarkup::checkPlain($key) . '"' . $selected . '>' . SafeMarkup::checkPlain($choice) . '</option>';
} }
} }
return SafeMarkup::set($options); return SafeMarkup::set($options);
...@@ -364,7 +363,7 @@ function template_preprocess_textarea(&$variables) { ...@@ -364,7 +363,7 @@ function template_preprocess_textarea(&$variables) {
Element\RenderElement::setAttributes($element, array('form-textarea')); Element\RenderElement::setAttributes($element, array('form-textarea'));
$variables['wrapper_attributes'] = new Attribute(); $variables['wrapper_attributes'] = new Attribute();
$variables['attributes'] = new Attribute($element['#attributes']); $variables['attributes'] = new Attribute($element['#attributes']);
$variables['value'] = String::checkPlain($element['#value']); $variables['value'] = SafeMarkup::checkPlain($element['#value']);
$variables['resizable'] = !empty($element['#resizable']) ? $element['#resizable'] : NULL; $variables['resizable'] = !empty($element['#resizable']) ? $element['#resizable'] : NULL;
$variables['required'] = !empty($element['#required']) ? $element['#required'] : NULL; $variables['required'] = !empty($element['#required']) ? $element['#required'] : NULL;
} }
...@@ -553,7 +552,7 @@ function template_preprocess_form_element_label(&$variables) { ...@@ -553,7 +552,7 @@ function template_preprocess_form_element_label(&$variables) {
* Note: if the batch 'title', 'init_message', 'progress_message', or * Note: if the batch 'title', 'init_message', 'progress_message', or
* 'error_message' could contain any user input, it is the responsibility of * 'error_message' could contain any user input, it is the responsibility of
* the code calling batch_set() to sanitize them first with a function like * the code calling batch_set() to sanitize them first with a function like
* \Drupal\Component\Utility\String::checkPlain() or * \Drupal\Component\Utility\SafeMarkup::checkPlain() or
* \Drupal\Component\Utility\Xss::filter(). Furthermore, if the batch operation * \Drupal\Component\Utility\Xss::filter(). Furthermore, if the batch operation
* returns any user input in the 'results' or 'message' keys of $context, it * returns any user input in the 'results' or 'message' keys of $context, it
* must also sanitize them first. * must also sanitize them first.
...@@ -580,8 +579,8 @@ function template_preprocess_form_element_label(&$variables) { ...@@ -580,8 +579,8 @@ function template_preprocess_form_element_label(&$variables) {
* *
* $nodes = entity_load_multiple_by_properties('node', array('uid' => $uid, 'type' => $type)); * $nodes = entity_load_multiple_by_properties('node', array('uid' => $uid, 'type' => $type));
* $node = reset($nodes); * $node = reset($nodes);
* $context['results'][] = $node->id() . ' : ' . String::checkPlain($node->label()); * $context['results'][] = $node->id() . ' : ' . SafeMarkup::checkPlain($node->label());
* $context['message'] = String::checkPlain($node->label()); * $context['message'] = SafeMarkup::checkPlain($node->label());
* } * }
* *
* // A more advanced example is a multi-step operation that loads all rows, * // A more advanced example is a multi-step operation that loads all rows,
...@@ -600,10 +599,10 @@ function template_preprocess_form_element_label(&$variables) { ...@@ -600,10 +599,10 @@ function template_preprocess_form_element_label(&$variables) {
* ->range(0, $limit) * ->range(0, $limit)
* ->execute(); * ->execute();
* foreach ($result as $row) { * foreach ($result as $row) {
* $context['results'][] = $row->id . ' : ' . String::checkPlain($row->title); * $context['results'][] = $row->id . ' : ' . SafeMarkup::checkPlain($row->title);
* $context['sandbox']['progress']++; * $context['sandbox']['progress']++;
* $context['sandbox']['current_id'] = $row->id; * $context['sandbox']['current_id'] = $row->id;
* $context['message'] = String::checkPlain($row->title); * $context['message'] = SafeMarkup::checkPlain($row->title);
* } * }
* if ($context['sandbox']['progress'] != $context['sandbox']['max']) { * if ($context['sandbox']['progress'] != $context['sandbox']['max']) {
* $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max']; * $context['finished'] = $context['sandbox']['progress'] / $context['sandbox']['max'];
......
...@@ -11,7 +11,6 @@ ...@@ -11,7 +11,6 @@
*/ */
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Core\Render\Element; use Drupal\Core\Render\Element;
...@@ -38,12 +37,12 @@ function template_preprocess_menu_local_task(&$variables) { ...@@ -38,12 +37,12 @@ function template_preprocess_menu_local_task(&$variables) {
$variables['attributes']['class'] = array('active'); $variables['attributes']['class'] = array('active');
// Add text to indicate active tab for non-visual users. // Add text to indicate active tab for non-visual users.
$active = String::format('<span class="visually-hidden">@label</span>', array('@label' => t('(active tab)'))); $active = SafeMarkup::format('<span class="visually-hidden">@label</span>', array('@label' => t('(active tab)')));
$link_text = t('@local-task-title@active', array('@local-task-title' => $link_text, '@active' => $active)); $link_text = t('@local-task-title@active', array('@local-task-title' => $link_text, '@active' => $active));
} }
else { else {
// @todo Remove this once https://www.drupal.org/node/2338081 is fixed. // @todo Remove this once https://www.drupal.org/node/2338081 is fixed.
$link_text = String::checkPlain($link_text); $link_text = SafeMarkup::checkPlain($link_text);
} }
$link['localized_options']['set_active_class'] = TRUE; $link['localized_options']['set_active_class'] = TRUE;
......
...@@ -221,7 +221,7 @@ function drupal_install_schema($module) { ...@@ -221,7 +221,7 @@ function drupal_install_schema($module) {
* An array of arrays with the following key/value pairs: * An array of arrays with the following key/value pairs:
* - success: a boolean indicating whether the query succeeded. * - success: a boolean indicating whether the query succeeded.
* - query: the SQL query(s) executed, passed through * - query: the SQL query(s) executed, passed through
* \Drupal\Component\Utility\String::checkPlain(). * \Drupal\Component\Utility\SafeMarkup::checkPlain().
*/ */
function drupal_uninstall_schema($module) { function drupal_uninstall_schema($module) {
$schema = drupal_get_schema_unprocessed($module); $schema = drupal_get_schema_unprocessed($module);
......
<?php <?php
use Drupal\Component\Utility\String; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Url; use Drupal\Core\Url;
use Drupal\Component\Utility\UrlHelper; use Drupal\Component\Utility\UrlHelper;
...@@ -60,7 +60,7 @@ function tablesort_header(&$cell_content, array &$cell_attributes, array $header ...@@ -60,7 +60,7 @@ function tablesort_header(&$cell_content, array &$cell_attributes, array $header
$ts['sort'] = 'asc'; $ts['sort'] = 'asc';
$image = ''; $image = '';
} }
$cell_content = \Drupal::l(String::format('@cell_content@image', array('@cell_content' => $cell_content, '@image' => $image)), new Url('<current>', [], [ $cell_content = \Drupal::l(SafeMarkup::format('@cell_content@image', array('@cell_content' => $cell_content, '@image' => $image)), new Url('<current>', [], [
'attributes' => array('title' => $title), 'attributes' => array('title' => $title),
'query' => array_merge($ts['query'], array( 'query' => array_merge($ts['query'], array(
'sort' => $ts['sort'], 'sort' => $ts['sort'],
......
...@@ -11,7 +11,6 @@ ...@@ -11,7 +11,6 @@
use Drupal\Component\Serialization\Json; use Drupal\Component\Serialization\Json;
use Drupal\Component\Utility\Html; use Drupal\Component\Utility\Html;
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\UrlHelper; use Drupal\Component\Utility\UrlHelper;
use Drupal\Component\Utility\Xss; use Drupal\Component\Utility\Xss;
...@@ -574,7 +573,7 @@ function template_preprocess_links(&$variables) { ...@@ -574,7 +573,7 @@ function template_preprocess_links(&$variables) {
); );
// Convert the attributes array into an Attribute object. // Convert the attributes array into an Attribute object.
$heading['attributes'] = new Attribute($heading['attributes']); $heading['attributes'] = new Attribute($heading['attributes']);
$heading['text'] = String::checkPlain($heading['text']); $heading['text'] = SafeMarkup::checkPlain($heading['text']);
} }
$variables['links'] = array(); $variables['links'] = array();
...@@ -1272,7 +1271,7 @@ function template_preprocess_html(&$variables) { ...@@ -1272,7 +1271,7 @@ function template_preprocess_html(&$variables) {
if (!empty($variables['page']['#title'])) { if (!empty($variables['page']['#title'])) {
$head_title = array( $head_title = array(
'title' => SafeMarkup::set(trim(strip_tags($variables['page']['#title']))), 'title' => SafeMarkup::set(trim(strip_tags($variables['page']['#title']))),
'name' => String::checkPlain($site_config->get('name')), 'name' => SafeMarkup::checkPlain($site_config->get('name')),
); );
} }
// @todo Remove once views is not bypassing the view subscriber anymore. // @todo Remove once views is not bypassing the view subscriber anymore.
...@@ -1280,11 +1279,11 @@ function template_preprocess_html(&$variables) { ...@@ -1280,11 +1279,11 @@ function template_preprocess_html(&$variables) {
elseif ($is_front_page) { elseif ($is_front_page) {
$head_title = array( $head_title = array(
'title' => t('Home'), 'title' => t('Home'),
'name' => String::checkPlain($site_config->get('name')), 'name' => SafeMarkup::checkPlain($site_config->get('name')),
); );
} }
else { else {
$head_title = array('name' => String::checkPlain($site_config->get('name'))); $head_title = array('name' => SafeMarkup::checkPlain($site_config->get('name')));
if ($site_config->get('slogan')) { if ($site_config->get('slogan')) {
$head_title['slogan'] = strip_tags(Xss::filterAdmin($site_config->get('slogan'))); $head_title['slogan'] = strip_tags(Xss::filterAdmin($site_config->get('slogan')));
} }
...@@ -1362,7 +1361,7 @@ function template_preprocess_page(&$variables) { ...@@ -1362,7 +1361,7 @@ function template_preprocess_page(&$variables) {
$variables['front_page'] = \Drupal::url('<front>'); $variables['front_page'] = \Drupal::url('<front>');
$variables['language'] = $language_interface; $variables['language'] = $language_interface;
$variables['logo'] = theme_get_setting('logo.url'); $variables['logo'] = theme_get_setting('logo.url');
$variables['site_name'] = (theme_get_setting('features.name') ? String::checkPlain($site_config->get('name')) : ''); $variables['site_name'] = (theme_get_setting('features.name') ? SafeMarkup::checkPlain($site_config->get('name')) : '');
$variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_config->get('slogan')) : ''); $variables['site_slogan'] = (theme_get_setting('features.slogan') ? Xss::filterAdmin($site_config->get('slogan')) : '');
// An exception might be thrown. // An exception might be thrown.
...@@ -1495,7 +1494,7 @@ function template_preprocess_install_page(&$variables) { ...@@ -1495,7 +1494,7 @@ function template_preprocess_install_page(&$variables) {
// Override the site name that is displayed on the page, since Drupal is // Override the site name that is displayed on the page, since Drupal is
// still in the process of being installed. // still in the process of being installed.
$distribution_name = String::checkPlain(drupal_install_profile_distribution_name()); $distribution_name = SafeMarkup::checkPlain(drupal_install_profile_distribution_name());
$variables['site_name'] = $distribution_name; $variables['site_name'] = $distribution_name;
$variables['head_title_array']['name'] = $distribution_name; $variables['head_title_array']['name'] = $distribution_name;
...@@ -1547,7 +1546,7 @@ function template_preprocess_field(&$variables, $hook) { ...@@ -1547,7 +1546,7 @@ function template_preprocess_field(&$variables, $hook) {
// Always set the field label - allow themes to decide whether to display it. // Always set the field label - allow themes to decide whether to display it.
// In addition the label should be rendered but hidden to support screen // In addition the label should be rendered but hidden to support screen
// readers. // readers.
$variables['label'] = String::checkPlain($element['#title']); $variables['label'] = SafeMarkup::checkPlain($element['#title']);
static $default_attributes; static $default_attributes;
if (!isset($default_attributes)) { if (!isset($default_attributes)) {
......
...@@ -9,7 +9,7 @@ ...@@ -9,7 +9,7 @@
*/ */
use Drupal\Component\Graph\Graph; use Drupal\Component\Graph\Graph;
use Drupal\Component\Utility\String; use Drupal\Component\Utility\SafeMarkup;
use Drupal\Core\Entity\EntityStorageException; use Drupal\Core\Entity\EntityStorageException;
use Drupal\Core\Utility\Error; use Drupal\Core\Utility\Error;
...@@ -189,7 +189,7 @@ function update_do_one($module, $number, $dependency_map, &$context) { ...@@ -189,7 +189,7 @@ function update_do_one($module, $number, $dependency_map, &$context) {
$variables = Error::decodeException($e); $variables = Error::decodeException($e);
unset($variables['backtrace']); unset($variables['backtrace']);
// The exception message is run through // The exception message is run through
// \Drupal\Component\Utility\String::checkPlain() by // \Drupal\Component\Utility\SafeMarkup::checkPlain() by
// \Drupal\Core\Utility\Error::decodeException(). // \Drupal\Core\Utility\Error::decodeException().
$ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables)); $ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
} }
...@@ -218,7 +218,7 @@ function update_do_one($module, $number, $dependency_map, &$context) { ...@@ -218,7 +218,7 @@ function update_do_one($module, $number, $dependency_map, &$context) {
drupal_set_installed_schema_version($module, $number); drupal_set_installed_schema_version($module, $number);
} }
$context['message'] = 'Updating ' . String::checkPlain($module) . ' module'; $context['message'] = 'Updating ' . SafeMarkup::checkPlain($module) . ' module';
} }
/** /**
...@@ -240,7 +240,7 @@ function update_entity_definitions($module, $number, &$context) { ...@@ -240,7 +240,7 @@ function update_entity_definitions($module, $number, &$context) {
$variables = Error::decodeException($e); $variables = Error::decodeException($e);
unset($variables['backtrace']); unset($variables['backtrace']);
// The exception message is run through // The exception message is run through
// \Drupal\Component\Utility\String::checkPlain() by // \Drupal\Component\Utility\SafeMarkup::checkPlain() by
// \Drupal\Core\Utility\Error::decodeException(). // \Drupal\Core\Utility\Error::decodeException().
$ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables)); $ret['#abort'] = array('success' => FALSE, 'query' => t('%type: !message in %function (line %line of %file).', $variables));
$context['results'][$module][$number] = $ret; $context['results'][$module][$number] = $ret;
......
...@@ -2,7 +2,6 @@ ...@@ -2,7 +2,6 @@
namespace Drupal\Component\Diff\Engine; namespace Drupal\Component\Diff\Engine;
use Drupal\Component\Utility\String;
use Drupal\Component\Utility\Unicode; use Drupal\Component\Utility\Unicode;
use Drupal\Component\Utility\SafeMarkup; use Drupal\Component\Utility\SafeMarkup;
...@@ -34,10 +33,10 @@ class HWLDFWordAccumulator { ...@@ -34,10 +33,10 @@ class HWLDFWordAccumulator {
protected function _flushGroup($new_tag) { protected function _flushGroup($new_tag) {
if ($this->group !== '') { if ($this->group !== '') {
if ($this->tag == 'mark') { if ($this->tag == 'mark') {
$this->line .= '<span class="diffchange">' . String::checkPlain($this->group) . '</span>'; $this->line .= '<span class="diffchange">' . SafeMarkup::checkPlain($this->group) . '</span>';
} }
else { else {
$this->line .= String::checkPlain($this->group); $this->line .= SafeMarkup::checkPlain($this->group);
} }
} }
$this->group = ''; $this->group = '';
......
...@@ -10,7 +10,7 @@ ...@@ -10,7 +10,7 @@
use Drupal\Component\Gettext\PoReaderInterface; use Drupal\Component\Gettext\PoReaderInterface;
use Drupal\Component\Gettext\PoStreamInterface; use Drupal\Component\Gettext\PoStreamInterface;
use Drupal\Component\Gettext\PoHeader; use Drupal\Component\Gettext\PoHeader;
use Drupal\Component\Utility\String; use Drupal\Component\Utility\SafeMarkup;
/** /**
* Implements Gettext PO stream reader. * Implements Gettext PO stream reader.
...@@ -298,7 +298,7 @@ private function readLine() { ...@@ -298,7 +298,7 @@ private function readLine() {
} }
else { else {
// A comment following any other context is a syntax error. // A comment following any other context is a syntax error.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgstr" was expected but not found on line %line.', $log_vars); $this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgstr" was expected but not found on line %line.', $log_vars);
return FALSE; return FALSE;
} }
return; return;
...@@ -308,7 +308,7 @@ private function readLine() { ...@@ -308,7 +308,7 @@ private function readLine() {
if ($this->_context != 'MSGID') { if ($this->_context != 'MSGID') {
// A plural form can only be added to an msgid directly. // A plural form can only be added to an msgid directly.
$this->_errors[] = String::format('The translation stream %uri contains an error: "msgid_plural" was expected but not found on line %line.', $log_vars); $this->_errors[] = SafeMarkup::format('The translation stream %uri contains an error: "msgid_plural" was expected but not found on line %line.', $log_vars);
return FALSE; return FALSE;
} }
...@@ -319,7 +319,7 @@ private function readLine() { ...@@ -319,7 +319,7 @@ private function readLine() {
$quoted = $this->parseQuoted($line); $quoted = $this->parseQuoted($line);
if ($quoted === FALSE) { if ($quoted === FALSE) {
// The plural form must be wrapped in quotes. // The plural form must be wrapped in quotes.
$this->_errors[] = String::format('The translation stream %uri contains a syntax error on line %line.', $log_vars); $this->_errors[] = SafeMarkup::format('The translation stream %uri contains a syntax error on line %line.', $log_vars);
return FALSE; return FALSE;
} }
...@@ -346,7 +346,7 @@ private function readLine() { ...@@ -346,7 +346,7 @@ private function readLine() {
} }
elseif ($this->_context == 'MSGID') { elseif ($this->_context == 'MSGID') {
// We are currently already in the context, meaning we passed an id with no data. // We are currently already in the context, meaning we passed an id with no data.