gitweb: fix over-eager application of esc_html().

Contents of %diffinfo hash should be quoted upon output but kept unquoted internally. Later users of this hash expect filenames to be filenames, not HTML gibberish. Signed-off-by: N Petr Baudis <pasky@suse.cz> Signed-off-by: N Junio C Hamano <junkio@cox.net>

gitweb: fix over-eager application of esc_html().
Contents of %diffinfo hash should be quoted upon output but kept unquoted internally. Later users of this hash expect filenames to be filenames, not HTML gibberish. Signed-off-by: N Petr Baudis <pasky@suse.cz> Signed-off-by: N Junio C Hamano <junkio@cox.net>
8391548e · Petr Baudis · Junio C Hamano · 8815788e · 8391548e
隐藏空白更改
内联并排

Showing with 6 addition and 6 deletion

gitweb/gitweb.perl gitweb/gitweb.perl +6 -6

未找到文件。
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -3062,12 +3062,12 @@ sub git_blobdiff {
 		if (defined $file_name) {
 			if (defined $file_parent) {
 				$diffinfo{'status'} = '2';
-				$diffinfo{'from_file'} = esc_html($file_parent);
-				$diffinfo{'to_file'}   = esc_html($file_name);
+				$diffinfo{'from_file'} = $file_parent;
+				$diffinfo{'to_file'}   = $file_name;
 			} else { # assume not renamed
 				$diffinfo{'status'} = '1';
-				$diffinfo{'from_file'} = esc_html($file_name);
-				$diffinfo{'to_file'}   = esc_html($file_name);
+				$diffinfo{'from_file'} = $file_name;
+				$diffinfo{'to_file'}   = $file_name;
 			}
 		} else { # no filename given
 			$diffinfo{'status'} = '2';
@@ -3136,8 +3136,8 @@ sub git_blobdiff {

 	} else {
 		while (my $line = <$fd>) {
-			$line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g;
-			$line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g;
+			$line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg;
+			$line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg;

 			print $line;