Jeff King <peff@xxxxxxxx> writes:
> On Tue, Mar 06, 2007 at 06:31:23PM +0800, Li Yang-r58472 wrote:
>
>> Yes, it also fixed the problem. I'm not very familiar with perl. Will
>> CGI::autoEscape(1) change CGI action for other users of CGI module on
>> the system? If so, maybe it will break other CGIs.
>
> I don't know enough about mod_perl to say, but if all scripts share the
> package globals from CGI, then yes, you're affecting all other scripts.
> Without mod_perl, obviously you have no impact.
>
> If it is the case, then your original fix is probably better.
But then you are letting _other_ mod_perl users to affect your
behaviour, aren't you? "sub autoEscape" does this:
sub autoEscape {
my($self,$escape) = self_or_default(@_);
my $d = $self->{'escape'};
$self->{'escape'} = $escape;
$d;
}
If we worry about mod_perl (provided if $CGI::Q is shared across
mod_perl users), I suspect we would need to be a bit more
paranoid, perhaps like this, woudln't we?
---
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 653ca3c..9c4e060 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -26,6 +26,7 @@ our $cgi = new CGI;
our $version = "++GIT_VERSION++";
our $my_url = $cgi->url();
our $my_uri = $cgi->url(-absolute => 1);
+$cgi->autoEscape(1);
# core git executable to use
# this can just be "git" if your webserver has a sensible PATH
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html