about summary refs log tree commit diff
path: root/git
diff options
context:
space:
mode:
authorLars Hjemli <hjemli@gmail.com>2011-06-12 20:49:35 +0000
committerLars Hjemli <hjemli@gmail.com>2011-06-12 21:21:30 +0000
commit7f88d20823ad9d375900657334bc27793860f6ee (patch)
treec9f9a0048cae2d94e97138e9ea82e2a103b215ad /git
parentscan-tree.c: avoid memory leak (diff)
downloadcgit-pink-7f88d20823ad9d375900657334bc27793860f6ee.tar.gz
cgit-pink-7f88d20823ad9d375900657334bc27793860f6ee.zip
ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
  without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
  relative urls would be incorrect
* using unescaped paths allows XSS

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (limited to 'git')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2026-06-10 16:15:34 +0000


 


span>ui-shared: do not allow negative minutesJason A. Donenfeld
2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld
2014-01-17repolist: make owner clickable to searchJason A. Donenfeld
2014-01-17ui-shared: move about tab all the way to the leftJason A. Donenfeld
2014-01-17filter: don't forget to reap the auth filterJason A. Donenfeld
2014-01-17cgit.c: free tmp variableJason A. Donenfeld
2014-01-17Switch to exclusively using global ctxLukas Fleischer
2014-01-16auth: have cgit calculate login addressJason A. Donenfeld
2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld
2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld
2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld
2014-01-16t0111: Additions and fixesLukas Fleischer
2014-01-16parsing.c: Remove leading space from committerLukas Fleischer