25 lines
1.0 KiB
Plaintext
25 lines
1.0 KiB
Plaintext
$OpenBSD: patch-ui-diff_c,v 1.1 2011/07/27 13:34:05 jasper Exp $
|
|
|
|
Security fix for CVE-2011-2711, cgit Rename Hint Script Insertion Vulnerability
|
|
http://hjemli.net/pipermail/cgit/2011-July/000276.html
|
|
|
|
--- ui-diff.c.orig Sat Mar 5 13:52:39 2011
|
|
+++ ui-diff.c Wed Jul 27 15:32:37 2011
|
|
@@ -84,10 +84,12 @@ static void print_fileinfo(struct fileinfo *info)
|
|
htmlf("</td><td class='%s'>", class);
|
|
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
|
|
ctx.qry.sha2, info->new_path);
|
|
- if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
|
|
- htmlf(" (%s from %s)",
|
|
- info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
|
|
- info->old_path);
|
|
+ if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
|
|
+ htmlf(" (%s from ",
|
|
+ info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
|
|
+ html_txt(info->old_path);
|
|
+ html(")");
|
|
+ }
|
|
html("</td><td class='right'>");
|
|
if (info->binary) {
|
|
htmlf("bin</td><td class='graph'>%d -> %d bytes",
|