Fix potential XSS vulnerability in rename hint

The file name displayed in the rename hint should be escaped to avoid XSS. Note that this vulnerability is only applicable when an attacker has gained push access to the repository. Signed-off-by: Lukas Fleischer <[email protected]> Signed-off-by: Lars Hjemli <[email protected]>
author: Lukas Fleischer <[email protected]> 2011-07-22 13:47:19 +0200
committer: Lars Hjemli <[email protected]> 2011-07-22 12:21:28 +0000
commit: bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 (patch)
tree: 33e28db20cbae2aa513ccec38c7d4706654eed46 /ui-diff.c
parent: 1e25ac5b8fe0ca8760b2786b20d36013a6197e02 (diff)
1 files changed, 6 insertions, 4 deletions
diff --git a/ui-diff.c b/ui-diff.c
index d21541b..383a534 100644
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
 	htmlf("</td><td class='%s'>", class);
 	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
 		       ctx.qry.sha2, info->new_path, 0);
-	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
-		htmlf(" (%s from %s)",
-		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
-		      info->old_path);
+	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+		htmlf(" (%s from ",
+		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+		html_txt(info->old_path);
+		html(")");
+	}
 	html("</td><td class='right'>");
 	if (info->binary) {
 		htmlf("bin</td><td class='graph'>%ld -> %ld bytes",
author	Lukas Fleischer <[email protected]>	2011-07-22 13:47:19 +0200
committer	Lars Hjemli <[email protected]>	2011-07-22 12:21:28 +0000
commit	bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 (patch)
tree	33e28db20cbae2aa513ccec38c7d4706654eed46 /ui-diff.c
parent	1e25ac5b8fe0ca8760b2786b20d36013a6197e02 (diff)