25 lines
1.0 KiB
Plaintext
25 lines
1.0 KiB
Plaintext
$OpenBSD: patch-ui-diff_c,v 1.2 2012/03/06 17:17:09 landry Exp $
|
|
|
|
Security fix for CVE-2011-2711, cgit Rename Hint Script Insertion Vulnerability
|
|
http://hjemli.net/pipermail/cgit/2011-July/000276.html
|
|
|
|
--- ui-diff.c.orig Thu Jul 21 16:24:10 2011
|
|
+++ ui-diff.c Tue Mar 6 18:02:02 2012
|
|
@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
|
|
htmlf("</td><td class='%s'>", class);
|
|
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
|
|
ctx.qry.sha2, info->new_path, 0);
|
|
- if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
|
|
- htmlf(" (%s from %s)",
|
|
- info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
|
|
- info->old_path);
|
|
+ if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
|
|
+ htmlf(" (%s from ",
|
|
+ info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
|
|
+ html_txt(info->old_path);
|
|
+ html(")");
|
|
+ }
|
|
html("</td><td class='right'>");
|
|
if (info->binary) {
|
|
htmlf("bin</td><td class='graph'>%ld -> %ld bytes",
|