summaryrefslogtreecommitdiff
path: root/contrib/fast-import
diff options
context:
space:
mode:
authorLibravatar Jakub Narebski <jnareb@gmail.com>2010-12-15 00:34:01 +0100
committerLibravatar Junio C Hamano <gitster@pobox.com>2010-12-15 11:16:31 -0800
commit3017ed62f47ce14a959e2d315c434d4980cf4243 (patch)
treede50397d2e5078ee325ea4e332b2825732639bd0 /contrib/fast-import
parentCheck size of path buffer before writing into it (diff)
downloadtgif-3017ed62f47ce14a959e2d315c434d4980cf4243.tar.xz
gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements, and not those generated using CGI.pm subroutines / methods for HTML generation. While at it, add esc_url and esc_html where needed, and prefer to use CGI.pm HTML generating methods than handcrafted HTML code. Most of those are probably unnecessary (could be exploited only by person with write access to gitweb config, or at least access to the repository). This fixes CVE-2010-3906 Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it> Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'contrib/fast-import')
0 files changed, 0 insertions, 0 deletions