diff options
| author | Petr Baudis <pasky@suse.cz> | 2006-09-24 14:57:40 -0700 |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2006-09-24 20:33:09 -0700 |
| commit | 8391548e5e78677eb81f97334d998418802ea194 (patch) | |
| tree | 7ad89598e2389bc210625310a0c87d044e241b36 /gitweb | |
| parent | 8815788e93c0a5a2e47e067dfa0764b17b8d1ddd (diff) | |
| download | git-8391548e5e78677eb81f97334d998418802ea194.tar.gz git-8391548e5e78677eb81f97334d998418802ea194.tar.xz | |
gitweb: fix over-eager application of esc_html().
Contents of %diffinfo hash should be quoted upon output but kept
unquoted internally. Later users of this hash expect filenames
to be filenames, not HTML gibberish.
Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Diffstat (limited to 'gitweb')
| -rwxr-xr-x | gitweb/gitweb.perl | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 0693a833c..66be61933 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -3062,12 +3062,12 @@ sub git_blobdiff { if (defined $file_name) { if (defined $file_parent) { $diffinfo{'status'} = '2'; - $diffinfo{'from_file'} = esc_html($file_parent); - $diffinfo{'to_file'} = esc_html($file_name); + $diffinfo{'from_file'} = $file_parent; + $diffinfo{'to_file'} = $file_name; } else { # assume not renamed $diffinfo{'status'} = '1'; - $diffinfo{'from_file'} = esc_html($file_name); - $diffinfo{'to_file'} = esc_html($file_name); + $diffinfo{'from_file'} = $file_name; + $diffinfo{'to_file'} = $file_name; } } else { # no filename given $diffinfo{'status'} = '2'; @@ -3136,8 +3136,8 @@ sub git_blobdiff { } else { while (my $line = <$fd>) { - $line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g; - $line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g; + $line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg; + $line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg; print $line; |