| author | Lukasz Janyst <ljanyst@cern.ch> | 2011-03-05 13:10:55 (UTC) |
|---|---|---|
| committer | Lars Hjemli <hjemli@gmail.com> | 2011-03-05 13:13:06 (UTC) |
| commit | 7f3c6e0ce9b41142cf2707af100992acdce059df (patch) (unidiff) | |
| tree | 119a1920c85adcc65017afc8d9d95ab3e2bafef4 /ui-diff.c | |
| parent | 1b09cbd303d889ec2636127584d57b7f1b70c25e (diff) | |
| download | cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.zip cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.gz cgit-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.bz2 | |
ui-diff.c: avoid html injection
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| -rw-r--r-- | ui-diff.c | 7 |
1 files changed, 5 insertions, 2 deletions
| @@ -159,34 +159,37 @@ static void inspect_filepair(struct diff_filepair *pair) | |||
| 159 | items[files-1].new_size = new_size; | 159 | items[files-1].new_size = new_size; |
| 160 | items[files-1].binary = binary; | 160 | items[files-1].binary = binary; |
| 161 | if (lines_added + lines_removed > max_changes) | 161 | if (lines_added + lines_removed > max_changes) |
| 162 | max_changes = lines_added + lines_removed; | 162 | max_changes = lines_added + lines_removed; |
| 163 | total_adds += lines_added; | 163 | total_adds += lines_added; |
| 164 | total_rems += lines_removed; | 164 | total_rems += lines_removed; |
| 165 | } | 165 | } |
| 166 | 166 | ||
| 167 | void cgit_print_diffstat(const unsigned char *old_sha1, | 167 | void cgit_print_diffstat(const unsigned char *old_sha1, |
| 168 | const unsigned char *new_sha1, const char *prefix) | 168 | const unsigned char *new_sha1, const char *prefix) |
| 169 | { | 169 | { |
| 170 | int i, save_context = ctx.qry.context; | 170 | int i, save_context = ctx.qry.context; |
| 171 | 171 | ||
| 172 | html("<div class='diffstat-header'>"); | 172 | html("<div class='diffstat-header'>"); |
| 173 | cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1, | 173 | cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1, |
| 174 | ctx.qry.sha2, NULL, 0); | 174 | ctx.qry.sha2, NULL, 0); |
| 175 | if (prefix) | 175 | if (prefix) { |
| 176 | htmlf(" (limited to '%s')", prefix); | 176 | html(" (limited to '"); |
| 177 | html_txt(prefix); | ||
| 178 | html("')"); | ||
| 179 | } | ||
| 177 | html(" ("); | 180 | html(" ("); |
| 178 | ctx.qry.context = (save_context > 0 ? save_context : 3) << 1; | 181 | ctx.qry.context = (save_context > 0 ? save_context : 3) << 1; |
| 179 | cgit_self_link("more", NULL, NULL, &ctx); | 182 | cgit_self_link("more", NULL, NULL, &ctx); |
| 180 | html("/"); | 183 | html("/"); |
| 181 | ctx.qry.context = (save_context > 3 ? save_context : 3) >> 1; | 184 | ctx.qry.context = (save_context > 3 ? save_context : 3) >> 1; |
| 182 | cgit_self_link("less", NULL, NULL, &ctx); | 185 | cgit_self_link("less", NULL, NULL, &ctx); |
| 183 | ctx.qry.context = save_context; | 186 | ctx.qry.context = save_context; |
| 184 | html(" context)"); | 187 | html(" context)"); |
| 185 | html(" ("); | 188 | html(" ("); |
| 186 | ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; | 189 | ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; |
| 187 | cgit_self_link(ctx.qry.ignorews ? "ignore" : "show", NULL, NULL, &ctx); | 190 | cgit_self_link(ctx.qry.ignorews ? "ignore" : "show", NULL, NULL, &ctx); |
| 188 | ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; | 191 | ctx.qry.ignorews = (ctx.qry.ignorews + 1) % 2; |
| 189 | html(" whitespace changes)"); | 192 | html(" whitespace changes)"); |
| 190 | html("</div>"); | 193 | html("</div>"); |
| 191 | html("<table summary='diffstat' class='diffstat'>"); | 194 | html("<table summary='diffstat' class='diffstat'>"); |
| 192 | max_changes = 0; | 195 | max_changes = 0; |