diff options
author | Lukas Fleischer <[email protected]> | 2011-07-22 13:47:19 +0200 |
---|---|---|
committer | Lars Hjemli <[email protected]> | 2011-07-22 12:21:28 +0000 |
commit | bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 (patch) | |
tree | 33e28db20cbae2aa513ccec38c7d4706654eed46 /ui-diff.c | |
parent | 1e25ac5b8fe0ca8760b2786b20d36013a6197e02 (diff) |
Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <[email protected]>
Signed-off-by: Lars Hjemli <[email protected]>
Diffstat (limited to 'ui-diff.c')
-rw-r--r-- | ui-diff.c | 10 |
1 files changed, 6 insertions, 4 deletions
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info) htmlf("</td><td class='%s'>", class); cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, info->new_path, 0); - if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) - htmlf(" (%s from %s)", - info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", - info->old_path); + if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) { + htmlf(" (%s from ", + info->status == DIFF_STATUS_COPIED ? "copied" : "renamed"); + html_txt(info->old_path); + html(")"); + } html("</td><td class='right'>"); if (info->binary) { htmlf("bin</td><td class='graph'>%ld -> %ld bytes", |