undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gitweb: fix over-eager application of esc_html().

Browse Source 
Contents of %diffinfo hash should be quoted upon output but kept
unquoted internally.  Later users of this hash expect filenames
to be filenames, not HTML gibberish.

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
Petr Baudis 2006-09-24 14:57:40 -07:00 committed by Junio C Hamano
parent 8815788e93
commit 8391548e5e
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
gitweb/gitweb.perl
View File

@ -3062,12 +3062,12 @@ sub git_blobdiff {
if (defined $file_name) {
if (defined $file_parent) {
$diffinfo{'status'} = '2';
$diffinfo{'from_file'} = esc_html($file_parent);
$diffinfo{'to_file'} = esc_html($file_name);
$diffinfo{'from_file'} = $file_parent;
$diffinfo{'to_file'} = $file_name;
} else { # assume not renamed
$diffinfo{'status'} = '1';
$diffinfo{'from_file'} = esc_html($file_name);
$diffinfo{'to_file'} = esc_html($file_name);
$diffinfo{'from_file'} = $file_name;
$diffinfo{'to_file'} = $file_name;
}
} else { # no filename given
$diffinfo{'status'} = '2';
@ -3136,8 +3136,8 @@ sub git_blobdiff {
} else {
while (my $line = <$fd>) {
$line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g;
$line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g;
$line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg;
$line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg;
print $line;