about summary refs log tree commit diff
path: root/ui-diff.c
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2012-10-27 20:03:41 -0600
committerJason A. Donenfeld <Jason@zx2c4.com>2012-10-27 20:05:50 -0600
commit7ea35f9f8ecf61ab42be9947aae1176ab6e089bd (patch)
treee6639ab10546026d9ff73dd6e9381a5808218ed9 /ui-diff.c
parentFix man page typo. (diff)
downloadcgit-pink-7ea35f9f8ecf61ab42be9947aae1176ab6e089bd.tar.gz
cgit-pink-7ea35f9f8ecf61ab42be9947aae1176ab6e089bd.zip
syntax-highlighting.sh: Fix command injection.
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.

This patch adds simple argument quoting.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions
 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-11-16 23:21:34 +0000


 


commit/bin/ttpre.c?id=15195e49830a918ef98a9131ab2b56a2e4dcf111&follow=1'>Avoid excessive tags in ttpreJune McEnroe


2019-02-10Generate html for binsJune McEnroe


2019-02-10Use italic for underline in nvim man modeJune McEnroe

This doesn't yet work in Terminal.app:
<https://github.com/neovim/neovim/issues/9598>.



2019-02-10Add plain text "language" to hiJune McEnroe


2019-02-10Don't match DQ string inside SQ stringJune McEnroe


2019-02-10Skip only one character if a match fails due to parentJune McEnroe

Really it should skip forward until the parent changes, but this is
simpler.



2019-02-10Remove pattend from hiJune McEnroe


2019-02-10Replace uses of pattend with newline patternsJune McEnroe


2019-02-10Add hi debug outputJune McEnroe


2019-02-10Actually do HTML &quot; escapingJune McEnroe


2019-02-10Set git commit.verboseJune McEnroe


2019-02-10Add back missing static keywordJune McEnroe