diff options
| author | Kay Sievers <kay.sievers@suse.de> | 2005-11-19 17:41:29 +0100 |
|---|---|---|
| committer | Kay Sievers <kay.sievers@suse.de> | 2005-11-19 17:41:29 +0100 |
| commit | 40c138134f183e635712ceace33d04e10744607f (patch) | |
| tree | 5cfc2e57e511ad9242d1de504f7b9b50a6be0c08 | |
| parent | a9e60b7d097c6f1a0ebca058ae24e544e231f91d (diff) | |
| download | git-40c138134f183e635712ceace33d04e10744607f.tar.gz git-40c138134f183e635712ceace33d04e10744607f.tar.xz | |
replace invalid utf8 sequences by UTF-8 REPLACEMENT CHARACTER (efbfbd)
I still strongly disagree with the git maintainers not to hint people,
to use the only sane default encoding for a distributed project,
which is utf8. I'm tired of hearing filesystem development arguments.
Git is a software offered to merge forth and back across the world
and not to provide a content neutral filesystem.
Btw: I have nothing against the ability to run git in a closed environment,
with a different encoding, that's fine, sure. But that is obviously not
the case for the projects on kernel.org. It's about sane defaults,
nothing else.
You have to make decisions guy, as always in life. The problems to
allow random encoded garbage in commit messages _without_ storing
the encoding, just makes zero sense. Eighter you introduce a per-commit
encoding field, if you insist on this craziness, or you define a default
encoding. Everything else is just lazy and does not solve any problem,
besides that you can claim now, that you are not responsible for the mess
in the repository.
Gitweb shows several commits at once, you allow various encodings committed
to the same repository, without any hint what that garbage from the
individual commits is encoded with. No idea why you don't get
the problem - it's unsolvable. If you merge different peoples work, you
have to speak a common language!
Kay Sievers <kay.sievers@vrfy.org>
| -rwxr-xr-x | gitweb.cgi | 473 |
1 files changed, 241 insertions, 232 deletions
diff --git a/gitweb.cgi b/gitweb.cgi index 0822cb1e3..f2a1526da 100755 --- a/gitweb.cgi +++ b/gitweb.cgi @@ -12,17 +12,18 @@ use warnings; use CGI qw(:standard :escapeHTML -nosticky); use CGI::Util qw(unescape); use CGI::Carp qw(fatalsToBrowser); +use Encode; use Fcntl ':mode'; my $cgi = new CGI; my $version = "249"; my $my_url = $cgi->url(); my $my_uri = $cgi->url(-absolute => 1); -my $rss_link = ""; +my $rss_link = ""; # absolute fs-path which will be prepended to the project path #my $projectroot = "/pub/scm"; -my $projectroot = "/home/kay/public_html/pub/scm"; +my $projectroot = "/home/kay/public_html/pub/scm"; # location of the git-core binaries my $gitbin = "/usr/bin"; @@ -37,8 +38,8 @@ my $home_link = $my_uri; my $home_text = "indextext.html"; # source of projects list -#my $projects_list = $projectroot; -my $projects_list = "index/index.aux"; +#my $projects_list = $projectroot; +my $projects_list = "index/index.aux"; # input validation and dispatch my $action = $cgi->param('a'); @@ -78,8 +79,8 @@ if (defined $project) { undef $project; die_error(undef, "No such project."); } - $rss_link = "<link rel=\"alternate\" title=\"" . esc($project) . " log\" href=\"" . - esc("$my_uri?p=$project;a=rss") . "\" type=\"application/rss+xml\"/>"; + $rss_link = "<link rel=\"alternate\" title=\"" . esc_url($project) . " log\" href=\"" . + esc_url("$my_uri?p=$project;a=rss") . "\" type=\"application/rss+xml\"/>"; $ENV{'GIT_DIR'} = "$projectroot/$project"; } else { git_project_list(); @@ -207,13 +208,20 @@ if (!defined $action || $action eq "summary") { exit; } -sub esc { +sub esc_url { my $str = shift; $str =~ s/\+/%2B/g; $str =~ s/ /\+/g; return $str; } +sub esc_html { + my $str = shift; + $str = escapeHTML($str); + $str = decode("utf8", $str, Encode::FB_DEFAULT); + return $str; +} + sub git_header_html { my $status = shift || "200 OK"; my $expires = shift; @@ -294,11 +302,11 @@ a.rss_logo:hover { background-color:#ee5500; } EOF print "<div class=\"page_header\">\n" . "<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" . - "<img src=\"" . esc("$my_uri?a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" . + "<img src=\"" . esc_url("$my_uri?a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" . "</a>\n"; - print $cgi->a({-href => esc($home_link)}, "projects") . " / "; + print $cgi->a({-href => esc_url($home_link)}, "projects") . " / "; if (defined $project) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, escapeHTML($project)); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, esc_html($project)); if (defined $action) { print " / $action"; } @@ -331,11 +339,11 @@ sub git_footer_html { if (defined $project) { my $descr = git_read_description($project); if (defined $descr) { - print "<div class=\"page_footer_text\">" . escapeHTML($descr) . "</div>\n"; + print "<div class=\"page_footer_text\">" . esc_html($descr) . "</div>\n"; } - print $cgi->a({-href => esc("$my_uri?p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n"; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n"; } else { - print $cgi->a({-href => esc("$my_uri?a=opml"), -class => "rss_logo"}, "OPML") . "\n"; + print $cgi->a({-href => esc_url("$my_uri?a=opml"), -class => "rss_logo"}, "OPML") . "\n"; } print "</div>\n" . "</body>\n" . @@ -606,7 +614,7 @@ sub git_diff_print { $line =~ s/\t/$spaces/; } } - print "<div class=\"pre\"$color>" . escapeHTML($line) . "</div>\n"; + print "<div class=\"pre\"$color>" . esc_html($line) . "</div>\n"; } } close $fd; @@ -671,12 +679,12 @@ sub file_type { sub format_log_line_html { my $line = shift; - $line = escapeHTML($line); + $line = esc_html($line); $line =~ s/ / /g; if ($line =~ m/([0-9a-fA-F]{40})/) { my $hash_text = $1; if (git_get_type($hash_text) eq "commit") { - my $link = $cgi->a({-class => "text", -href => esc("$my_uri?p=$project;a=commit;h=$hash_text")}, $hash_text); + my $link = $cgi->a({-class => "text", -href => esc_url("$my_uri?p=$project;a=commit;h=$hash_text")}, $hash_text); $line =~ s/$hash_text/$link/; } } @@ -824,25 +832,25 @@ sub git_project_list { @projects = sort {$a->{'path'} cmp $b->{'path'}} @projects; print "<th>Project</th>\n"; } else { - print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=project")}, "Project") . "</th>\n"; + print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=project")}, "Project") . "</th>\n"; } if (defined($order) && ($order eq "descr")) { @projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects; print "<th>Description</th>\n"; } else { - print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=descr")}, "Description") . "</th>\n"; + print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=descr")}, "Description") . "</th>\n"; } if (defined($order) && ($order eq "owner")) { @projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects; print "<th>Owner</th>\n"; } else { - print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=owner")}, "Owner") . "</th>\n"; + print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=owner")}, "Owner") . "</th>\n"; } if (defined($order) && ($order eq "age")) { @projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects; print "<th>Last Change</th>\n"; } else { - print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=age")}, "Last Change") . "</th>\n"; + print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=age")}, "Last Change") . "</th>\n"; } print "<th></th>\n" . "</tr>\n"; @@ -854,7 +862,7 @@ sub git_project_list { print "<tr class=\"light\">\n"; } $alternate ^= 1; - print "<td>" . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=summary"), -class => "list"}, escapeHTML($pr->{'path'})) . "</td>\n" . + print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=summary"), -class => "list"}, esc_html($pr->{'path'})) . "</td>\n" . "<td>$pr->{'descr'}</td>\n" . "<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n"; my $colored_age; @@ -867,9 +875,9 @@ sub git_project_list { } print "<td>$colored_age</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=log")}, "log") . + $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=log")}, "log") . "</td>\n" . "</tr>\n"; } @@ -968,16 +976,16 @@ sub git_summary { git_header_html(); print "<div class=\"page_nav\">\n" . "summary". - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree")}, "tree") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree")}, "tree") . "<br/><br/>\n" . "</div>\n"; print "<div class=\"title\"> </div>\n"; print "<table cellspacing=\"0\">\n" . - "<tr><td>description</td><td>" . escapeHTML($descr) . "</td></tr>\n" . + "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" . "<tr><td>owner</td><td>$owner</td></tr>\n" . "<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n" . "</table>\n"; @@ -985,7 +993,7 @@ sub git_summary { my (@revlist) = map { chomp; $_ } <$fd>; close $fd; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog"), -class => "title"}, "shortlog") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog"), -class => "title"}, "shortlog") . "</div>\n"; my $i = 16; print "<table cellspacing=\"0\">\n"; @@ -1001,23 +1009,23 @@ sub git_summary { $alternate ^= 1; if ($i-- > 0) { print "<td><i>$co{'age_string'}</i></td>\n" . - "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" . + "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" . "<td>"; if (length($co{'title_short'}) < length($co{'title'})) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, - "<b>" . escapeHTML($co{'title_short'}) . "</b>"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, + "<b>" . esc_html($co{'title_short'}) . "</b>"); } else { - print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, - "<b>" . escapeHTML($co{'title'}) . "</b>"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, + "<b>" . esc_html($co{'title'}) . "</b>"); } print "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "</td>\n" . "</tr>"; } else { - print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "...") . "</td>\n" . + print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "...") . "</td>\n" . "</tr>"; last; } @@ -1027,7 +1035,7 @@ sub git_summary { my $taglist = git_read_refs("refs/tags"); if (defined @$taglist) { print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=tags"), -class => "title"}, "tags") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=tags"), -class => "title"}, "tags") . "</div>\n"; my $i = 16; print "<table cellspacing=\"0\">\n"; @@ -1048,27 +1056,27 @@ sub git_summary { if ($i-- > 0) { print "<td><i>$tag{'age'}</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, - "<b>" . escapeHTML($tag{'name'}) . "</b>") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, + "<b>" . esc_html($tag{'name'}) . "</b>") . "</td>\n" . "<td>"; if (defined($comment)) { - print $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment); + print $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment); } print "</td>\n" . "<td class=\"link\">"; if ($tag{'type'} eq "tag") { - print $cgi->a({-href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; } - print $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); if ($tag{'reftype'} eq "commit") { - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log"); + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log"); } print "</td>\n" . "</tr>"; } else { - print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=tags")}, "...") . "</td>\n" . + print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tags")}, "...") . "</td>\n" . "</tr>"; last; } @@ -1079,7 +1087,7 @@ sub git_summary { my $headlist = git_read_refs("refs/heads"); if (defined @$headlist) { print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=heads"), -class => "title"}, "heads") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=heads"), -class => "title"}, "heads") . "</div>\n"; my $i = 16; print "<table cellspacing=\"0\">\n"; @@ -1095,16 +1103,16 @@ sub git_summary { if ($i-- > 0) { print "<td><i>$tag{'age'}</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, - "<b>" . escapeHTML($tag{'name'}) . "</b>") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, + "<b>" . esc_html($tag{'name'}) . "</b>") . "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") . "</td>\n" . "</tr>"; } else { - print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=heads")}, "...") . "</td>\n" . + print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=heads")}, "...") . "</td>\n" . "</tr>"; last; } @@ -1118,28 +1126,28 @@ sub git_tag { my $head = git_read_hash("$project/HEAD"); git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . "<br/>\n" . "</div>\n"; my %tag = git_read_tag($hash); print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($tag{'name'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($tag{'name'})) . "\n" . "</div>\n"; print "<div class=\"title_text\">\n" . "<table cellspacing=\"0\">\n" . "<tr>\n" . "<td>object</td>\n" . - "<td>" . $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" . - "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" . + "<td>" . $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" . + "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" . "</tr>\n"; if (defined($tag{'author'})) { my %ad = date_str($tag{'epoch'}, $tag{'tz'}); - print "<tr><td>author</td><td>" . escapeHTML($tag{'author'}) . "</td></tr>\n"; + print "<tr><td>author</td><td>" . esc_html($tag{'author'}) . "</td></tr>\n"; print "<tr><td></td><td>" . $ad{'rfc2822'} . sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) . "</td></tr>\n"; } print "</table>\n\n" . @@ -1147,7 +1155,7 @@ sub git_tag { print "<div class=\"page_body\">"; my $comment = $tag{'comment'}; foreach my $line (@$comment) { - print escapeHTML($line) . "<br/>\n"; + print esc_html($line) . "<br/>\n"; } print "</div>\n"; git_footer_html(); @@ -1157,17 +1165,17 @@ sub git_tags { my $head = git_read_hash("$project/HEAD"); git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . "<br/>\n" . "</div>\n"; my $taglist = git_read_refs("refs/tags"); print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . "</div>\n"; print "<table cellspacing=\"0\">\n"; my $alternate = 0; @@ -1187,22 +1195,22 @@ sub git_tags { $alternate ^= 1; print "<td><i>$tag{'age'}</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, - "<b>" . escapeHTML($tag{'name'}) . "</b>") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, + "<b>" . esc_html($tag{'name'}) . "</b>") . "</td>\n" . "<td>"; if (defined($comment)) { - print $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment); + print $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment); } print "</td>\n" . "<td class=\"link\">"; if ($tag{'type'} eq "tag") { - print $cgi->a({-href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; } - print $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); if ($tag{'reftype'} eq "commit") { - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log"); + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log"); } print "</td>\n" . "</tr>"; @@ -1216,17 +1224,17 @@ sub git_heads { my $head = git_read_hash("$project/HEAD"); git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" . "<br/>\n" . "</div>\n"; my $taglist = git_read_refs("refs/heads"); print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . "</div>\n"; print "<table cellspacing=\"0\">\n"; my $alternate = 0; @@ -1241,11 +1249,11 @@ sub git_heads { $alternate ^= 1; print "<td><i>$tag{'age'}</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . esc_html($tag{'name'}) . "</b>") . "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") . "</td>\n" . "</tr>"; } @@ -1293,20 +1301,20 @@ sub git_blob { git_header_html(); if (defined $hash_base && (my %co = git_read_commit($hash_base))) { print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n"; + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n"; if (defined $file_name) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") . "<br/>\n"; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") . "<br/>\n"; } else { - print $cgi->a({-href => esc("$my_uri?p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n"; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n"; } print "</div>\n". "<div>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "</div>\n"; } else { print "<div class=\"page_nav\">\n" . @@ -1327,7 +1335,7 @@ sub git_blob { $line =~ s/\t/$spaces/; } } - printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, escapeHTML($line); + printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, esc_html($line); } close $fd or print "Reading blob failed.\n"; print "</div>"; @@ -1369,16 +1377,16 @@ sub git_tree { if (defined $hash_base && (my %co = git_read_commit($hash_base))) { $base_key = ";hb=$hash_base"; print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash_base")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash_base")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash_base")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash_base")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . " | tree" . "<br/><br/>\n" . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; } else { print "<div class=\"page_nav\">\n"; @@ -1411,15 +1419,15 @@ sub git_tree { print "<td style=\"font-family:monospace\">" . mode_str($t_mode) . "</td>\n"; if ($t_type eq "blob") { print "<td class=\"list\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key), -class => "list"}, $t_name) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key), -class => "list"}, $t_name) . "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key)}, "blob") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash_base" . $file_key)}, "history") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key)}, "blob") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash_base" . $file_key)}, "history") . "</td>\n"; } elsif ($t_type eq "tree") { print "<td class=\"list\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, $t_name) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, $t_name) . "</td>\n" . "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, "tree") . @@ -1442,7 +1450,7 @@ sub git_rss { "<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">\n"; print "<channel>\n"; print "<title>$project</title>\n". - "<link>" . escapeHTML("$my_url?p=$project;a=summary") . "</link>\n". + "<link>" . esc_html("$my_url?p=$project;a=summary") . "</link>\n". "<description>$project log</description>\n". "<language>en</language>\n"; @@ -1459,17 +1467,18 @@ sub git_rss { close $fd or next; print "<item>\n" . "<title>" . - sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . escapeHTML($co{'title'}) . + sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . esc_html($co{'title'}) . "</title>\n" . - "<author>" . escapeHTML($co{'author'}) . "</author>\n" . + "<author>" . esc_html($co{'author'}) . "</author>\n" . "<pubDate>$cd{'rfc2822'}</pubDate>\n" . - "<guid isPermaLink=\"true\">" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" . - "<link>" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" . - "<description>" . escapeHTML($co{'title'}) . "</description>\n" . + "<guid isPermaLink=\"true\">" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" . + "<link>" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" . + "<description>" . esc_html($co{'title'}) . "</description>\n" . "<content:encoded>" . "<![CDATA[\n"; my $comment = $co{'comment'}; foreach my $line (@$comment) { + $line = decode("utf8", $line, Encode::FB_DEFAULT); print "$line<br/>\n"; } print "<br/>\n"; @@ -1511,7 +1520,7 @@ sub git_opml { next; } - my $path = escapeHTML(chop_str($proj{'path'}, 25, 5)); + my $path = esc_html(chop_str($proj{'path'}, 25, 5)); my $rss = "$my_url?p=$proj{'path'};a=rss"; my $html = "$my_url?p=$proj{'path'};a=summary"; print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n"; @@ -1531,12 +1540,12 @@ sub git_log { } git_header_html(); print "<div class=\"page_nav\">\n"; - print $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . " | log" . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n"; + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n"; my $limit = sprintf("--max-count=%i", (100 * ($page+1))); open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed."); @@ -1544,19 +1553,19 @@ sub git_log { close $fd; if ($hash ne $head || $page) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "HEAD"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "HEAD"); } else { print "HEAD"; } if ($page > 0) { print " ⋅ " . - $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); } else { print " ⋅ prev"; } if ($#revlist >= (100 * ($page+1)-1)) { print " ⋅ " . - $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); } else { print " ⋅ next"; } @@ -1564,7 +1573,7 @@ sub git_log { "</div>\n"; if (!@revlist) { print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . "</div>\n"; my %co = git_read_commit($hash); print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n"; @@ -1575,16 +1584,16 @@ sub git_log { next if !%co; my %ad = date_str($co{'author_epoch'}); print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "title"}, - "<span class=\"age\">$co{'age_string'}</span>" . escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "title"}, + "<span class=\"age\">$co{'age_string'}</span>" . esc_html($co{'title'})) . "\n" . "</div>\n"; print "<div class=\"title_text\">\n" . "<div class=\"log_link\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "<br/>\n" . "</div>\n" . - "<i>" . escapeHTML($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" . + "<i>" . esc_html($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" . "</div>\n" . "<div class=\"log_body\">\n"; my $comment = $co{'comment'}; @@ -1637,27 +1646,27 @@ sub git_commit { } git_header_html(undef, $expires); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") . " | commit"; if (defined $co{'parent'}) { - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff"); + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff"); } - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" . + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" . "<br/><br/></div>\n"; if (defined $co{'parent'}) { print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; } else { print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; } print "<div class=\"title_text\">\n" . "<table cellspacing=\"0\">\n"; - print "<tr><td>author</td><td>" . escapeHTML($co{'author'}) . "</td></tr>\n". + print "<tr><td>author</td><td>" . esc_html($co{'author'}) . "</td></tr>\n". "<tr>" . "<td></td><td> $ad{'rfc2822'}"; if ($ad{'hour_local'} < 6) { @@ -1667,25 +1676,25 @@ sub git_commit { } print "</td>" . "</tr>\n"; - print "<tr><td>committer</td><td>" . escapeHTML($co{'committer'}) . "</td></tr>\n"; + print "<tr><td>committer</td><td>" . esc_html($co{'committer'}) . "</td></tr>\n"; print "<tr><td></td><td> $cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "</td></tr>\n"; print "<tr><td>commit</td><td style=\"font-family:monospace\">$co{'id'}</td></tr>\n"; print "<tr>" . "<td>tree</td>" . "<td style=\"font-family:monospace\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) . "</td>" . - "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . + "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "</td>" . "</tr>\n"; my $parents = $co{'parents'}; foreach my $par (@$parents) { print "<tr>" . "<td>parent</td>" . - "<td style=\"font-family:monospace\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" . + "<td style=\"font-family:monospace\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$par")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$par")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") . "</td>" . "</tr>\n"; } @@ -1707,7 +1716,7 @@ sub git_commit { } if ($line =~ m/^ *(signed[ \-]off[ \-]by[ :]|acked[ \-]by[ :]|cc[ :])/i) { $signed = 1; - print "<span style=\"color: #888888\">" . escapeHTML($line) . "</span><br/>\n"; + print "<span style=\"color: #888888\">" . esc_html($line) . "</span><br/>\n"; } else { $signed = 0; print format_log_line_html($line) . "<br/>\n"; @@ -1746,16 +1755,16 @@ sub git_commit { $mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777); } print "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)) . "</td>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" . "<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" . - "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n"; + "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n"; } elsif ($status eq "D") { print "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)) . "</td>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" . "<td><span style=\"color: #c00000;\">[deleted " . file_type($from_mode). "]</span></td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . "</td>\n" } elsif ($status eq "M" || $status eq "T") { my $mode_chnge = ""; @@ -1775,18 +1784,18 @@ sub git_commit { } print "<td>"; if ($to_id ne $from_id) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)); } else { - print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)); } print "</td>\n" . "<td>$mode_chnge</td>\n" . "<td class=\"link\">"; - print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob"); if ($to_id ne $from_id) { - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff"); + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff"); } - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . "\n"; + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . "\n"; print "</td>\n"; } elsif ($status eq "R") { my ($from_file, $to_file) = split "\t", $file; @@ -1795,14 +1804,14 @@ sub git_commit { $mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777); } print "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, escapeHTML($to_file)) . "</td>\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, esc_html($to_file)) . "</td>\n" . "<td><span style=\"color: #777777;\">[moved from " . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, escapeHTML($from_file)) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, esc_html($from_file)) . " with " . (int $similarity) . "% similarity$mode_chng]</span></td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob"); + $cgi->a({-href => esc_uresc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob"); if ($to_id ne $from_id) { - print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff"); + print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff"); } print "</td>\n"; } @@ -1817,17 +1826,17 @@ sub git_blobdiff { git_header_html(); if (defined $hash_base && (my %co = git_read_commit($hash_base))) { print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n"; - print $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; } else { print "<div class=\"page_nav\">\n" . @@ -1839,9 +1848,9 @@ sub git_blobdiff { } print "<div class=\"page_body\">\n" . "<div class=\"diff_info\">blob:" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) . " -> blob:" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) . "</div>\n"; git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash); print "</div>"; @@ -1874,16 +1883,16 @@ sub git_commitdiff { } git_header_html(undef, $expires); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . " | commitdiff" . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n"; - print $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n"; + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; print "<div class=\"page_body\">\n"; my $comment = $co{'comment'}; @@ -1922,20 +1931,20 @@ sub git_commitdiff { my $file = $6; if ($status eq "A") { print "<div class=\"diff_info\">" . file_type($to_mode) . ":" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" . "</div>\n"; git_diff_print(undef, "/dev/null", $to_id, "b/$file"); } elsif ($status eq "D") { print "<div class=\"diff_info\">" . file_type($from_mode) . ":" . - $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" . "</div>\n"; git_diff_print($from_id, "a/$file", undef, "/dev/null"); } elsif ($status eq "M") { if ($from_id ne $to_id) { print "<div class=\"diff_info\">" . - file_type($from_mode) . ":" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . + file_type($from_mode) . ":" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . " -> " . - file_type($to_mode) . ":" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id); + file_type($to_mode) . ":" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id); print "</div>\n"; git_diff_print($from_id, "a/$file", $to_id, "b/$file"); } @@ -2016,16 +2025,16 @@ sub git_history { } git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/><br/>\n" . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; print "<div class=\"page_path\"><b>/$file_name</b><br/></div>\n"; @@ -2050,18 +2059,18 @@ sub git_history { } $alternate ^= 1; print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" . - "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" . - "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" . - escapeHTML(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" . + "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" . + "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" . + esc_html(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;hb=$commit;f=$file_name")}, "blob"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;hb=$commit;f=$file_name")}, "blob"); my $blob = git_get_hash_by_path($hash, $file_name); my $blob_parent = git_get_hash_by_path($commit, $file_name); if (defined $blob && defined $blob_parent && $blob ne $blob_parent) { print " | " . - $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")}, + $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")}, "diff to current"); } print "</td>\n" . @@ -2101,17 +2110,17 @@ sub git_search { } git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary;h=$hash")}, "summary") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary;h=$hash")}, "summary") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/><br/>\n" . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "</div>\n"; print "<table cellspacing=\"0\">\n"; my $alternate = 0; @@ -2140,16 +2149,16 @@ sub git_search { } $alternate ^= 1; print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" . - "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" . + "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . esc_html(chop_str($co{'title'}, 50)) . "</b><br/>"); my $comment = $co{'comment'}; foreach my $line (@$comment) { if ($line =~ m/^(.*)($searchtext)(.*)$/i) { - my $lead = escapeHTML($1) || ""; + my $lead = esc_html($1) || ""; $lead = chop_str($lead, 30, 10); - my $match = escapeHTML($2) || ""; - my $trail = escapeHTML($3) || ""; + my $match = esc_html($2) || ""; + my $trail = esc_html($3) || ""; $trail = chop_str($trail, 30, 10); my $text = "$lead<span style=\"color:#e00000\">$match</span>$trail"; print chop_str($text, 80, 5) . "<br/>\n"; @@ -2157,8 +2166,8 @@ sub git_search { } print "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); print "</td>\n" . "</tr>\n"; } @@ -2193,20 +2202,20 @@ sub git_search { } $alternate ^= 1; print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" . - "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" . + "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . - escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . + esc_html(chop_str($co{'title'}, 50)) . "</b><br/>"); while (my $setref = shift @files) { my %set = %$setref; - print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"}, - "<span style=\"color:#e00000\">" . escapeHTML($set{'file'}) . "</span>") . + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"}, + "<span style=\"color:#e00000\">" . esc_html($set{'file'}) . "</span>") . "<br/>\n"; } print "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); print "</td>\n" . "</tr>\n"; } @@ -2229,12 +2238,12 @@ sub git_shortlog { } git_header_html(); print "<div class=\"page_nav\">\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") . " | shortlog" . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n"; + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n"; my $limit = sprintf("--max-count=%i", (100 * ($page+1))); open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed."); @@ -2242,26 +2251,26 @@ sub git_shortlog { close $fd; if ($hash ne $head || $page) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "HEAD"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "HEAD"); } else { print "HEAD"; } if ($page > 0) { print " ⋅ " . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); } else { print " ⋅ prev"; } if ($#revlist >= (100 * ($page+1)-1)) { print " ⋅ " . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); } else { print " ⋅ next"; } print "<br/>\n" . "</div>\n"; print "<div>\n" . - $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") . "</div>\n"; print "<table cellspacing=\"0\">\n"; my $alternate = 0; @@ -2276,26 +2285,26 @@ sub git_shortlog { } $alternate ^= 1; print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" . - "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" . + "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" . "<td>"; if (length($co{'title_short'}) < length($co{'title'})) { - print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, - "<b>" . escapeHTML($co{'title_short'}) . "</b>"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, + "<b>" . esc_html($co{'title_short'}) . "</b>"); } else { - print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, - "<b>" . escapeHTML($co{'title_short'}) . "</b>"); + print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, + "<b>" . esc_html($co{'title_short'}) . "</b>"); } print "</td>\n" . "<td class=\"link\">" . - $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . - " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "</td>\n" . "</tr>"; } if ($#revlist >= (100 * ($page+1)-1)) { print "<tr>\n" . "<td>" . - $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") . + $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") . "</td>\n" . "</tr>\n"; } |