crtxcr/cgitsb
1
0
Forc 0
Cód Saincheisteanna Iarratais Tarraingthe Scaoileann Vicí Gníomhaíocht

Fix potential XSS vulnerability in rename hint

Brabhsáil Foinse 
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Tá an tiomantas seo le fáil i:
Lukas Fleischer 2011-07-22 13:47:19 +02:00 tiomanta ag Lars Hjemli
tuismitheoir 1e25ac5b8f
tiomantas bebe89d7c1
D'athraigh 1 comhad le 6 breiseanna agus 4 scriosta
Taispeáin Staitisticí Íoslódáil an comhad paiste Íoslódáil Comhad Diff Leathnaigh gach comhaid Laghdaigh gach comhaid

10
ui-diff.c
Féach ar an gComhad

@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
htmlf("</td><td class='%s'>", class);
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
ctx.qry.sha2, info->new_path, 0);
if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
htmlf(" (%s from %s)",
info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
info->old_path);
if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
htmlf(" (%s from ",
info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
html_txt(info->old_path);
html(")");
}
html("</td><td class='right'>");
if (info->binary) {
htmlf("bin</td><td class='graph'>%ld -> %ld bytes",