gitweb: Fix escaping HTML of project owner in 'projects_list' and

'summary' views This for example allows to put email address in the project owner field in the projects index file (when $projects_list points to a file, and not to a directory), in the form of: path/to/repo.git Random+J+Developer+<random@developer.example.org> Noticed-by: N Jon Smirl <jonsmirl@gmail.com> Signed-off-by: N Jakub Narebski <jnareb@gmail.com> Signed-off-by: N Petr Baudis <pasky@suse.cz> Signed-off-by: N Junio C Hamano <gitster@pobox.com>

gitweb: Fix escaping HTML of project owner in 'projects_list' and
'summary' views This for example allows to put email address in the project owner field in the projects index file (when $projects_list points to a file, and not to a directory), in the form of: path/to/repo.git Random+J+Developer+<random@developer.example.org> Noticed-by: N Jon Smirl <jonsmirl@gmail.com> Signed-off-by: N Jakub Narebski <jnareb@gmail.com> Signed-off-by: N Petr Baudis <pasky@suse.cz> Signed-off-by: N Junio C Hamano <gitster@pobox.com>
ce312aff · Jakub Narebski · Junio C Hamano · a0050852 · ce312aff
隐藏空白更改
内联并排

Showing with 2 addition and 2 deletion

gitweb/gitweb.perl gitweb/gitweb.perl +2 -2

未找到文件。
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -3419,7 +3419,7 @@ sub git_project_list_body {
 		      "<td>" . $cgi->a({-href => href(project=>$pr->{'path'}, action=>"summary"),
 		                        -class => "list", -title => $pr->{'descr_long'}},
 		                        esc_html($pr->{'descr'})) . "</td>\n" .
-		      "<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
+		      "<td><i>" . esc_html(chop_str($pr->{'owner'}, 15)) . "</i></td>\n";
 		print "<td class=\"". age_class($pr->{'age'}) . "\">" .
 		      (defined $pr->{'age_string'} ? $pr->{'age_string'} : "No commits") . "</td>\n" .
 		      "<td class=\"link\">" .
@@ -3795,7 +3795,7 @@ sub git_summary {
 	print "<div class=\"title\">&nbsp;</div>\n";
 	print "<table cellspacing=\"0\">\n" .
 	      "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
-	      "<tr><td>owner</td><td>$owner</td></tr>\n";
+	      "<tr><td>owner</td><td>" . esc_html($owner) . "</td></tr>\n";
 	if (defined $cd{'rfc2822'}) {
 		print "<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n";
 	}