From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001 From: Lukas Fleischer Date: Fri, 22 Jul 2011 13:47:19 +0200 Subject: Fix potential XSS vulnerability in rename hint The file name displayed in the rename hint should be escaped to avoid XSS. Note that this vulnerability is only applicable when an attacker has gained push access to the repository. Signed-off-by: Lukas Fleischer Signed-off-by: Lars Hjemli --- ui-diff.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/ui-diff.c b/ui-diff.c index d21541b..383a534 100644 --- a/ui-diff.c +++ b/ui-diff.c @@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info) htmlf("", class); cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1, ctx.qry.sha2, info->new_path, 0); - if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) - htmlf(" (%s from %s)", - info->status == DIFF_STATUS_COPIED ? "copied" : "renamed", - info->old_path); + if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) { + htmlf(" (%s from ", + info->status == DIFF_STATUS_COPIED ? "copied" : "renamed"); + html_txt(info->old_path); + html(")"); + } html(""); if (info->binary) { htmlf("bin%ld -> %ld bytes", -- cgit 1.4.1-21-gabe81