aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Lukas Fleischer <cgit@cryptocrack.de>2011-07-22 20:47:19 (JST)
committerGravatar Lars Hjemli <hjemli@gmail.com>2011-07-22 21:21:28 (JST)
commitbebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 (patch)
tree33e28db20cbae2aa513ccec38c7d4706654eed46
parent1e25ac5b8fe0ca8760b2786b20d36013a6197e02 (diff)
downloadcgit-bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5.zip
cgit-bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5.tar.gz
Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid XSS. Note that this vulnerability is only applicable when an attacker has gained push access to the repository. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r--ui-diff.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/ui-diff.c b/ui-diff.c
index d21541b..383a534 100644
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
97 htmlf("</td><td class='%s'>", class); 97 htmlf("</td><td class='%s'>", class);
98 cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, 98 cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
99 ctx.qry.sha2, info->new_path, 0); 99 ctx.qry.sha2, info->new_path, 0);
100 if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) 100 if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
101 htmlf(" (%s from %s)", 101 htmlf(" (%s from ",
102 info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", 102 info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
103 info->old_path); 103 html_txt(info->old_path);
104 html(")");
105 }
104 html("</td><td class='right'>"); 106 html("</td><td class='right'>");
105 if (info->binary) { 107 if (info->binary) {
106 htmlf("bin</td><td class='graph'>%ld -> %ld bytes", 108 htmlf("bin</td><td class='graph'>%ld -> %ld bytes",