about summary refs log tree commit diff
path: root/cache.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-10-27 20:03:41 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2012-10-27 20:05:50 -0600
commit7ea35f9f8ecf61ab42be9947aae1176ab6e089bd (patch)
treee6639ab10546026d9ff73dd6e9381a5808218ed9 /cache.c
parentFix man page typo. (diff)
downloadcgit-pink-7ea35f9f8ecf61ab42be9947aae1176ab6e089bd.tar.gz
cgit-pink-7ea35f9f8ecf61ab42be9947aae1176ab6e089bd.zip
syntax-highlighting.sh: Fix command injection.
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.

This patch adds simple argument quoting.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
'2014-01-14 02:00:07 +0100'>2014-01-14filter: add fprintf_filter functionJohn Keeping 2014-01-14authors: specify maintainersJason A. Donenfeld 2014-01-13filters: Improved syntax-highlighting.pyStefan Tatschner 2014-01-12tests: add CGIT_TEST_OPTS variable to MakefileJohn Keeping 2014-01-12ui-repolist: HTML-escape cgit_rooturl() responseJohn Keeping 2014-01-12ui-shared: URL-escape script_nameJohn Keeping 2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping 2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping 2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping 2014-01-12html: remove redundant htmlfd variableJohn Keeping 2014-01-12tests: add Valgrind supportJohn Keeping 2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping 2014-01-10filter: split filter functions into their own fileJason A. Donenfeld 2014-01-10filter: make exit status localJason A. Donenfeld 2014-01-10parsing: fix header typoJason A. Donenfeld 2014-01-10cgit.c: Fix comment on bit mask hackLukas Fleischer 2014-01-10cgit.c: Use "else" for mutually exclusive branchesLukas Fleischer 2014-01-10ui-snapshot.c: Do not reinvent suffixcmp()Lukas Fleischer 2014-01-10Refactor cgit_parse_snapshots_mask()Lukas Fleischer 2014-01-10Disallow use of undocumented snapshot delimitersLukas Fleischer 2014-01-10Replace most uses of strncmp() with prefixcmp()Lukas Fleischer 2014-01-09README: Fix dependenciesLukas Fleischer 2014-01-08README: Spelling and formatting fixesLukas Fleischer 2014-01-08Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch 2014-01-08Add a suggestion to the manpagePřemysl Janouch 2014-01-08Fix the example configurationPřemysl Janouch 2014-01-08Fix about-formatting.shPřemysl Janouch 2014-01-08Fix some spelling errorsPřemysl Janouch 2014-01-08filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts