| author | Lukasz Janyst <ljanyst@cern.ch> | 2011-03-05 13:10:55 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2011-03-05 13:13:06 (UTC) |
| commit | 7f3c6e0ce9b41142cf2707af100992acdce059df (patch) (side-by-side diff) | |
| tree | 119a1920c85adcc65017afc8d9d95ab3e2bafef4 | |
| parent | 1b09cbd303d889ec2636127584d57b7f1b70c25e (diff) | |
| download | cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.zip cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.gz cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.bz2 | |
ui-diff.c: avoid html injection
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-diff.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -127,98 +127,101 @@ static void count_diff_lines(char *line, int len) else if (line[0] == '-') lines_removed++; } } static void inspect_filepair(struct diff_filepair *pair) { int binary = 0; unsigned long old_size = 0; unsigned long new_size = 0; files++; lines_added = 0; lines_removed = 0; cgit_diff_files(pair->one->sha1, pair->two->sha1, &old_size, &new_size, &binary, 0, ctx.qry.ignorews, count_diff_lines); if (files >= slots) { if (slots == 0) slots = 4; else slots = slots * 2; items = xrealloc(items, slots * sizeof(struct fileinfo)); } items[files-1].status = pair->status; hashcpy(items[files-1].old_sha1, pair->one->sha1); hashcpy(items[files-1].new_sha1, pair->two->sha1); items[files-1].old_mode = pair->one->mode; items[files-1].new_mode = pair->two->mode; items[files-1].old_path = xstrdup(pair->one->path); items[files-1].new_path = xstrdup(pair->two->path); items[files-1].added = lines_added; items[files-1].removed = lines_removed; items[files-1].old_size = old_size; items[files-1].new_size = new_size; items[files-1].binary = binary; if (lines_added + lines_removed > max_changes) max_changes = lines_added + lines_removed; total_adds += lines_added; total_rems += lines_removed; } void cgit_print_diffstat(const unsigned char *old_sha1, const unsigned char *new_sha1, const char *prefix) { int i, save_context = ctx.qry.context; html("<div class='diffstat-header'>"); cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, NULL, 0); - if (prefix) - htmlf(" (limited to '%s')", prefix); + if (prefix) { + html(" (limited to '"); + html_txt(prefix); + html("')"); + } html(" ("); ctx.qry.context = (save_context > 0 ? save_context : 3) << 1; cgit_self_link("more", NULL, NULL, &ctx); html("/"); ctx.qry.context = (save_context > 3 ? save_context : 3) >> 1; cgit_self_link("less", NULL, NULL, &ctx); ctx.qry.context = save_context; html(" context)"); html(" ("); ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; cgit_self_link(ctx.qry.ignorews ? "ignore" : "show", NULL, NULL, &ctx); ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; html(" whitespace changes)"); html("</div>"); html("<table summary='diffstat' class='diffstat'>"); max_changes = 0; cgit_diff_tree(old_sha1, new_sha1, inspect_filepair, prefix, ctx.qry.ignorews); for(i = 0; i<files; i++) print_fileinfo(&items[i]); html("</table>"); html("<div class='diffstat-summary'>"); htmlf("%d files changed, %d insertions, %d deletions", files, total_adds, total_rems); html("</div>"); } /* * print a single line returned from xdiff */ static void print_line(char *line, int len) { char *class = "ctx"; char c = line[len-1]; if (line[0] == '+') class = "add"; else if (line[0] == '-') class = "del"; else if (line[0] == '@') class = "hunk"; htmlf("<div class='%s'>", class); line[len-1] = '\0'; html_txt(line); html("</div>"); line[len-1] = c; |