From 7f3c6e0ce9b41142cf2707af100992acdce059df Mon Sep 17 00:00:00 2001 From: Lukasz Janyst Date: Sat, 5 Mar 2011 14:10:55 +0100 Subject: ui-diff.c: avoid html injection When path-filtering was used in commit-view, the path filter was included without proper html escaping. This patch closes the hole. Signed-off-by: Lukasz Janyst Signed-off-by: Lars Hjemli --- ui-diff.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/ui-diff.c b/ui-diff.c index a53425d..a7bc667 100644 --- a/ui-diff.c +++ b/ui-diff.c @@ -172,8 +172,11 @@ void cgit_print_diffstat(const unsigned char *old_sha1, html("
"); cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, NULL, 0); - if (prefix) - htmlf(" (limited to '%s')", prefix); + if (prefix) { + html(" (limited to '"); + html_txt(prefix); + html("')"); + } html(" ("); ctx.qry.context = (save_context > 0 ? save_context : 3) << 1; cgit_self_link("more", NULL, NULL, &ctx); -- cgit 1.4.1-21-gabe81