crtxcr/cgitsb
1
0
Fork 0
程式碼 問題 合併請求 版本發布 Wiki 動態

Fix potential XSS vulnerability in rename hint

瀏覽代碼 
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
此提交包含在:
Lukas Fleischer
2011-07-22 13:47:19 +02:00
提交者 Lars Hjemli
父節點 1e25ac5b8f
當前提交 bebe89d7c1
共有 1 個檔案被更改,包括 6 行新增4 行删除
下載 Patch 檔 下載差異檔 展開所有檔案 折疊所有檔案

10
ui-diff.c
查看文件

@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
htmlf("</td><td class='%s'>", class); htmlf("</td><td class='%s'>", class);
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
ctx.qry.sha2, info->new_path, 0); ctx.qry.sha2, info->new_path, 0);
if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
htmlf(" (%s from %s)", htmlf(" (%s from ",
info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
info->old_path); html_txt(info->old_path);
html(")");
}
html("</td><td class='right'>"); html("</td><td class='right'>");
if (info->binary) { if (info->binary) {
htmlf("bin</td><td class='graph'>%ld -> %ld bytes", htmlf("bin</td><td class='graph'>%ld -> %ld bytes",