pool/git
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2aa79abc71
git/cgit-CVE-2011-2711-fix.diff
Sascha Peilicke cfe759d035 Accepting request 78321 from devel:tools:scm 
- Fix VUL-0: cgit: XSS flaw in rename hint (CVE-2011-2711,
  bnc#707929)

OBS-URL: https://build.opensuse.org/request/show/78321
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/git?expand=0&rev=68
2011-08-09 08:56:05 +00:00

36 lines
1.3 KiB
Diff
Raw Blame History

From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001
From: Lukas Fleischer <cgit@cryptocrack.de>
Date: Fri, 22 Jul 2011 11:47:19 +0000
Subject: Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
---
ui-diff.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -97,10 +97,12 @@
htmlf("</td><td class='%s'>", class);
cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
ctx.qry.sha2, info->new_path, 0);
- if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
- htmlf(" (%s from %s)",
- info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
- info->old_path);
+ if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+ htmlf(" (%s from ",
+ info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+ html_txt(info->old_path);
+ html(")");
+ }
html("</td><td class='right'>");
if (info->binary) {
htmlf("bin</td><td class='graph'>%ld -> %ld bytes",
Reference in New Issue View Git Blame Copy Permalink