author | Lukasz Janyst <ljanyst@cern.ch> | 2011-03-05 13:10:55 (UTC) |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2011-03-05 13:13:06 (UTC) |
commit | 7f3c6e0ce9b41142cf2707af100992acdce059df (patch) (side-by-side diff) | |
tree | 119a1920c85adcc65017afc8d9d95ab3e2bafef4 | |
parent | 1b09cbd303d889ec2636127584d57b7f1b70c25e (diff) | |
download | cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.zip cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.gz cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.bz2 |
ui-diff.c: avoid html injection
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r-- | ui-diff.c | 7 |
1 files changed, 5 insertions, 2 deletions
@@ -169,14 +169,17 @@ void cgit_print_diffstat(const unsigned char *old_sha1, { int i, save_context = ctx.qry.context; html("<div class='diffstat-header'>"); cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, NULL, 0); - if (prefix) - htmlf(" (limited to '%s')", prefix); + if (prefix) { + html(" (limited to '"); + html_txt(prefix); + html("')"); + } html(" ("); ctx.qry.context = (save_context > 0 ? save_context : 3) << 1; cgit_self_link("more", NULL, NULL, &ctx); html("/"); ctx.qry.context = (save_context > 3 ? save_context : 3) >> 1; cgit_self_link("less", NULL, NULL, &ctx); |