diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 48e21dad6c..8916950694 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -846,6 +846,23 @@ sub chop_str {
return "$body$tail";
}
+# takes the same arguments as chop_str, but also wraps a around the
+# result with a title attribute if it does get chopped. Additionally, the
+# string is HTML-escaped.
+sub chop_and_escape_str {
+ my $str = shift;
+ my $len = shift;
+ my $add_len = shift || 10;
+
+ my $chopped = chop_str($str, $len, $add_len);
+ if ($chopped eq $str) {
+ return esc_html($chopped);
+ } else {
+ return qq{} .
+ esc_html($chopped) . qq{};
+ }
+}
+
## ----------------------------------------------------------------------
## functions returning short strings
@@ -3395,7 +3412,7 @@ sub git_project_list_body {
"| " . $cgi->a({-href => href(project=>$pr->{'path'}, action=>"summary"),
-class => "list", -title => $pr->{'descr_long'}},
esc_html($pr->{'descr'})) . " | \n" .
- "" . esc_html(chop_str($pr->{'owner'}, 15)) . " | \n";
+ "" . chop_and_escape_str($pr->{'owner'}, 15) . " | \n";
print "{'age'}) . "\">" .
(defined $pr->{'age_string'} ? $pr->{'age_string'} : "No commits") . " | \n" .
"" .
@@ -3437,9 +3454,10 @@ sub git_shortlog_body {
print " | \n";
}
$alternate ^= 1;
+ my $author = chop_and_escape_str($co{'author_name'}, 10);
# git_summary() used print "| $co{'age_string'} | \n" .
print "$co{'age_string_date'} | \n" .
- "" . esc_html(chop_str($co{'author_name'}, 10)) . " | \n" .
+ "" . $author . " | \n" .
"";
print format_subject_html($co{'title'}, $co{'title_short'},
href(action=>"commit", hash=>$commit), $ref);
@@ -3487,9 +3505,10 @@ sub git_history_body {
print " |
\n";
}
$alternate ^= 1;
+ # shortlog uses chop_str($co{'author_name'}, 10)
+ my $author = chop_and_escape_str($co{'author_name'}, 15, 3);
print "| $co{'age_string_date'} | \n" .
- # shortlog uses chop_str($co{'author_name'}, 10)
- "" . esc_html(chop_str($co{'author_name'}, 15, 3)) . " | \n" .
+ "" . $author . " | \n" .
"";
# originally git_history used chop_str($co{'title'}, 50)
print format_subject_html($co{'title'}, $co{'title_short'},
@@ -3643,11 +3662,12 @@ sub git_search_grep_body {
print " |
\n";
}
$alternate ^= 1;
+ my $author = chop_and_escape_str($co{'author_name'}, 15, 5);
print "| $co{'age_string_date'} | \n" .
- "" . esc_html(chop_str($co{'author_name'}, 15, 5)) . " | \n" .
+ "" . $author . " | \n" .
"" .
$cgi->a({-href => href(action=>"commit", hash=>$co{'id'}), -class => "list subject"},
- esc_html(chop_str($co{'title'}, 50)) . "
");
+ chop_and_escape_str($co{'title'}, 50) . "
");
my $comment = $co{'comment'};
foreach my $line (@$comment) {
if ($line =~ m/^(.*)($search_regexp)(.*)$/i) {
@@ -5157,12 +5177,13 @@ sub git_search {
print " |
\n";
}
$alternate ^= 1;
+ my $author = chop_and_escape_str($co{'author_name'}, 15, 5);
print "| $co{'age_string_date'} | \n" .
- "" . esc_html(chop_str($co{'author_name'}, 15, 5)) . " | \n" .
+ "" . $author . " | \n" .
"" .
$cgi->a({-href => href(action=>"commit", hash=>$co{'id'}),
-class => "list subject"},
- esc_html(chop_str($co{'title'}, 50)) . "
");
+ chop_and_escape_str($co{'title'}, 50) . "
");
while (my $setref = shift @files) {
my %set = %$setref;
print $cgi->a({-href => href(action=>"blob", hash_base=>$co{'id'},
|