]> granicus.if.org Git - cgit/commitdiff
Fix potential XSS vulnerability in rename hint
authorLukas Fleischer <cgit@cryptocrack.de>
Fri, 22 Jul 2011 11:47:19 +0000 (13:47 +0200)
committerLars Hjemli <hjemli@gmail.com>
Fri, 22 Jul 2011 12:21:28 +0000 (12:21 +0000)
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
ui-diff.c

index d21541bd4d2b79d19222fc9dd09ae14e70d59e51..383a5347c2dbcb1ca9ae2bea53539a68d3ca94a3 100644 (file)
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
        htmlf("</td><td class='%s'>", class);
        cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
                       ctx.qry.sha2, info->new_path, 0);
-       if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
-               htmlf(" (%s from %s)",
-                     info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
-                     info->old_path);
+       if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+               htmlf(" (%s from ",
+                     info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+               html_txt(info->old_path);
+               html(")");
+       }
        html("</td><td class='right'>");
        if (info->binary) {
                htmlf("bin</td><td class='graph'>%ld -> %ld bytes",