crtxcr
/
cgitsb
1
0
複製 0
程式碼 問題管理 合併請求 版本發佈 Wiki Activity

Fix potential XSS vulnerability in rename hint 

The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
Lukas Fleischer 2011-07-22 13:47:19 +02:00 committed by Lars Hjemli
父節點 1e25ac5b8f
當前提交 bebe89d7c1
共有 1 個文件被更改,包括 6 次插入4 次删除
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ui-diff.c
查看文件

@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
htmlf("</td><td class='%s'>", class); htmlf("</td><td class='%s'>", class);
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
ctx.qry.sha2, info->new_path, 0); ctx.qry.sha2, info->new_path, 0);
if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
htmlf(" (%s from %s)", htmlf(" (%s from ",
info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
info->old_path); html_txt(info->old_path);
html(")");
}
html("</td><td class='right'>"); html("</td><td class='right'>");
if (info->binary) { if (info->binary) {
htmlf("bin</td><td class='graph'>%ld -> %ld bytes", htmlf("bin</td><td class='graph'>%ld -> %ld bytes",