Re: [PATCH] gitweb: Fix escaping HTML of project owner in 'projects_list' and 'summary' views

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 8/28/07, Jakub Narebski <jnareb@xxxxxxxxx> wrote:
> This for example allows to put email address in the project owner
> field in the projects index file (when $projects_list points to
> a file, and not to a directory), in the form of:

hometext.html has the same problem.

Also, hometext.html should be rename hometxt.xhtml, it uses xml syntax not html.


> path/to/repo.git Random+J+Developer+<random@xxxxxxxxxxxxxxxxxxxxx>
>
> Noticed-by: Jon Smirl <jonsmirl@xxxxxxxxx>
> Signed-off-by: Jakub Narebski <jnareb@xxxxxxxxx>
> ---
> This is resend of a patch which appeared at the bottom of email
> deep in the "gitweb-projects", as
>   Message-Id: <200708240935.59089.jnareb@xxxxxxxxx>
>
> Because this is bugfix (of sorts) it should I think go (if possible)
> before 1.5.3 is released.
>
>  gitweb/gitweb.perl |    4 ++--
>  1 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
> index f282a67..9bee68e 100755
> --- a/gitweb/gitweb.perl
> +++ b/gitweb/gitweb.perl
> @@ -3422,7 +3422,7 @@ sub git_project_list_body {
>                       "<td>" . $cgi->a({-href => href(project=>$pr->{'path'}, action=>"summary"),
>                                         -class => "list", -title => $pr->{'descr_long'}},
>                                         esc_html($pr->{'descr'})) . "</td>\n" .
> -                     "<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
> +                     "<td><i>" . esc_html(chop_str($pr->{'owner'}, 15)) . "</i></td>\n";
>                 print "<td class=\"". age_class($pr->{'age'}) . "\">" .
>                       (defined $pr->{'age_string'} ? $pr->{'age_string'} : "No commits") . "</td>\n" .
>                       "<td class=\"link\">" .
> @@ -3798,7 +3798,7 @@ sub git_summary {
>         print "<div class=\"title\">&nbsp;</div>\n";
>         print "<table cellspacing=\"0\">\n" .
>               "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
> -             "<tr><td>owner</td><td>$owner</td></tr>\n";
> +             "<tr><td>owner</td><td>" . esc_html($owner) . "</td></tr>\n";
>         if (defined $cd{'rfc2822'}) {
>                 print "<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n";
>         }
> --
> 1.5.2.5
>
>


-- 
Jon Smirl
jonsmirl@xxxxxxxxx
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux