Junio C Hamano wrote:
> Jakub Narebski <jnareb@xxxxxxxxx> writes:
>
>> our $action = $cgi->param('a');
>> if (defined $action) {
>> if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
>> - undef $action;
>> - die_error(undef, "Invalid action parameter.");
>> + die_error(undef, "Invalid action parameter $action");
>> }
>
> Doesn't this make us parrot what the browser threw at us without
> escaping back for HTML (iow, die_error does not seem to escape
> $error)?
I wanted to know what is the parameter gitweb considers invalid.
Perhaps the execution wasn't the best...
[...]
>> - $rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
>> - "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
>
> The reason of removal is...? Ah, you inlined it. It was not
> clear from the proposed commit log message.
I'm sorry for unrelated changes (the commit could be probably split
into four).
--
Jakub Narebski
Warsaw, Poland
ShadeHawk on #git
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html