File cgit-CVE-2011-2711-fix.diff of Package cgit

Overview Repositories Revisions Requests Users Attributes Meta

File cgit-CVE-2011-2711-fix.diff of Package cgit

From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <cgit@cryptocrack.de>
Date: Fri, 22 Jul 2011 11:47:19 +0000
Subject: Fix potential XSS vulnerability in rename hint

The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
---
 ui-diff.c |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

--- a/ui-diff.c
+++ b/ui-diff.c
@@ -84,10 +84,12 @@
 	htmlf("</td><td class='%s'>", class);
 	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
 		       ctx.qry.sha2, info->new_path);
-	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
-		htmlf(" (%s from %s)",
-		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
-		      info->old_path);
+	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+		htmlf(" (%s from ",
+		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+		html_txt(info->old_path);
+		html(")");
+	}
 	html("</td><td class='right'>");
 	if (info->binary) {
 		htmlf("bin</td><td class='graph'>%d -> %d bytes",

Places

File cgit-CVE-2011-2711-fix.diff of Package cgit

Places