ui-plain.c: fix html and links generated by print_dir() and print_dir_entry() - cgit-pink - web frontend for git

about summary refs log tree commit diff

path: root/shared.c

diff options

author	Lars Hjemli <hjemli@gmail.com>	2011-06-12 20:49:35 +0000
committer	Lars Hjemli <hjemli@gmail.com>	2011-06-12 21:21:30 +0000
commit	7f88d20823ad9d375900657334bc27793860f6ee (patch)
tree	c9f9a0048cae2d94e97138e9ea82e2a103b215ad /shared.c
parent	scan-tree.c: avoid memory leak (diff)
download	cgit-pink-7f88d20823ad9d375900657334bc27793860f6ee.tar.gz cgit-pink-7f88d20823ad9d375900657334bc27793860f6ee.zip

ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()

This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
  without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
  relative urls would be incorrect
* using unescaped paths allows XSS

Signed-off-by: Lars Hjemli <hjemli@gmail.com>

Diffstat (limited to 'shared.c')

0 files changed, 0 insertions, 0 deletions

;id=e3e41e5125b1ce270b5afb42beb83e14c0f350cb&follow=1'>patch: use cgit_print_error_page() for HTTP status codesJohn Keeping 2015-08-14blob: use cgit_print_error_page() to add HTTP headersJohn Keeping 2015-08-14snapshot: use cgit_print_error_page() instead of html_status()John Keeping 2015-08-14plain: use cgit_print_error_page() instead of html_status()John Keeping 2015-08-14clone: use cgit_print_error_page() instead of html_status()John Keeping 2015-08-14cgit: use cgit_print_error_page() where appropriateJohn Keeping 2015-08-14ui-shared: add cgit_print_error_page() functionJohn Keeping 2015-08-14ui-patch: make sure to send http headersChristian Hesse 2015-08-13Makefile: make "git/config.mak.uname" inclusion optionalJohn Keeping 2015-08-13ui-shared: show full date in tooltip if longer ago than max_relativeJohn Keeping 2015-08-13ui-shared: use common function in print_rel_date()John Keeping 2015-08-13ui-shared: extract date formatting to a functionJohn Keeping 2015-08-13filter: don't use dlsym unnecessarilyJohn Keeping 2015-08-13ui-tree: use "sane" isgraph()John Keeping 2015-08-13cgit.h: move stdbool.h from ui-shared.hJohn Keeping 2015-08-13cache.c: fix header orderJohn Keeping 2015-08-13configfile.c: don't include system headers directlyJohn Keeping 2015-08-13Remove redundant includesJohn Keeping 2015-08-13Makefile: include Git's config.mak.unameJohn Keeping 2015-08-13tests: allow shell to be overriddenJohn Keeping 2015-08-13redirect: cleanlinessJason A. Donenfeld 2015-08-13redirect: be more careful for different cgi setupsJason A. Donenfeld 2015-08-12ui-log: fix double countingJohn Keeping 2015-08-12log: allow users to follow a fileJohn Keeping 2015-08-12shared: make cgit_diff_tree_cb publicJohn Keeping 2015-08-12t0110: Chain together using &&Jason A. Donenfeld 2015-08-12about: always ensure page has a trailing slashJason A. Donenfeld 2015-08-12filters: apply HTML escapingLazaros Koromilas 2015-08-12git: update to v2.5.0Christian Hesse 2015-08-12Fix processing of repo.hide and repo.ignoreDaniel Reichelt