about summary refs log tree commit diff stats
diff options
context:
space:
mode:
authorLukas Fleischer2011-07-22 13:47:19 +0200
committerLars Hjemli2011-07-22 12:21:28 +0000
commitbebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 (patch)
tree33e28db20cbae2aa513ccec38c7d4706654eed46
parentRemove dead initialization in cgit_parse_commit() (diff)
downloadcgit-bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5.tar.gz
cgit-bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5.zip
Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
-rw-r--r--ui-diff.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/ui-diff.c b/ui-diff.c index d21541b..383a534 100644 --- a/ui-diff.c +++ b/ui-diff.c
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
97 htmlf("</td><td class='%s'>", class); 97 htmlf("</td><td class='%s'>", class);
98 cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, 98 cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
99 ctx.qry.sha2, info->new_path, 0); 99 ctx.qry.sha2, info->new_path, 0);
100 if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) 100 if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
101 htmlf(" (%s from %s)", 101 htmlf(" (%s from ",
102 info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", 102 info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
103 info->old_path); 103 html_txt(info->old_path);
104 html(")");
105 }
104 html("</td><td class='right'>"); 106 html("</td><td class='right'>");
105 if (info->binary) { 107 if (info->binary) {
106 htmlf("bin</td><td class='graph'>%ld -> %ld bytes", 108 htmlf("bin</td><td class='graph'>%ld -> %ld bytes",