about summary refs log tree commit diff
path: root/git
diff options
context:
space:
mode:
authorLukasz Janyst <ljanyst@cern.ch>2011-03-05 14:10:55 +0100
committerLars Hjemli <hjemli@gmail.com>2011-03-05 14:13:06 +0100
commit7f3c6e0ce9b41142cf2707af100992acdce059df (patch)
tree119a1920c85adcc65017afc8d9d95ab3e2bafef4 /git
parentMerge branch 'stable' (diff)
downloadcgit-pink-7f3c6e0ce9b41142cf2707af100992acdce059df.tar.gz
cgit-pink-7f3c6e0ce9b41142cf2707af100992acdce059df.zip
ui-diff.c: avoid html injection
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.

Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (limited to 'git')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-01-12 13:10:40 +0000


 


f1e4609f8de05e73cec4&follow=1'>ui-patch: make sure to send http headersChristian Hesse
2015-08-13Makefile: make "git/config.mak.uname" inclusion optionalJohn Keeping
2015-08-13ui-shared: show full date in tooltip if longer ago than max_relativeJohn Keeping
2015-08-13ui-shared: use common function in print_rel_date()John Keeping
2015-08-13ui-shared: extract date formatting to a functionJohn Keeping
2015-08-13filter: don't use dlsym unnecessarilyJohn Keeping
2015-08-13ui-tree: use "sane" isgraph()John Keeping
2015-08-13cgit.h: move stdbool.h from ui-shared.hJohn Keeping
2015-08-13cache.c: fix header orderJohn Keeping
2015-08-13configfile.c: don't include system headers directlyJohn Keeping
2015-08-13Remove redundant includesJohn Keeping
2015-08-13Makefile: include Git's config.mak.unameJohn Keeping
2015-08-13tests: allow shell to be overriddenJohn Keeping
2015-08-13redirect: cleanlinessJason A. Donenfeld
2015-08-13redirect: be more careful for different cgi setupsJason A. Donenfeld
2015-08-12ui-log: fix double countingJohn Keeping
2015-08-12log: allow users to follow a fileJohn Keeping
2015-08-12shared: make cgit_diff_tree_cb publicJohn Keeping
2015-08-12t0110: Chain together using &&Jason A. Donenfeld
2015-08-12about: always ensure page has a trailing slashJason A. Donenfeld
2015-08-12filters: apply HTML escapingLazaros Koromilas
2015-08-12git: update to v2.5.0Christian Hesse
2015-08-12Fix processing of repo.hide and repo.ignoreDaniel Reichelt