escape HTML in paths
- escape paths in diff line. - escape path in anchor href attribute in files.html
| 1 files changed, 12 insertions(+), 4 deletions(-) | |||
|---|---|---|---|
| M | stagit.c | +12 | -4 |
1@@ -532,9 +532,15 @@ printshowfile(FILE *fp, struct commitinfo *ci)
2 for (i = 0; i < ci->ndeltas; i++) {
3 patch = ci->deltas[i]->patch;
4 delta = git_patch_get_delta(patch);
5- fprintf(fp, "<b>diff --git a/<a id=\"h%zu\" href=\"%sfile/%s.html\">%s</a> b/<a href=\"%sfile/%s.html\">%s</a></b>\n",
6- i, relpath, delta->old_file.path, delta->old_file.path,
7- relpath, delta->new_file.path, delta->new_file.path);
8+ fprintf(fp, "<b>diff --git a/<a id=\"h%zu\" href=\"%sfile/", i, relpath);
9+ xmlencode(fp, delta->old_file.path, strlen(delta->old_file.path));
10+ fputs(".html\">", fp);
11+ xmlencode(fp, delta->old_file.path, strlen(delta->old_file.path));
12+ fprintf(fp, "</a> b/<a href=\"%sfile/", relpath);
13+ xmlencode(fp, delta->new_file.path, strlen(delta->new_file.path));
14+ fprintf(fp, ".html\">");
15+ xmlencode(fp, delta->new_file.path, strlen(delta->new_file.path));
16+ fprintf(fp, "</a></b>\n");
17
18 /* check binary data */
19 if (delta->flags & GIT_DIFF_FLAG_BINARY) {
20@@ -881,7 +887,9 @@ writefilestree(FILE *fp, git_tree *tree, const char *path)
21
22 fputs("<tr><td>", fp);
23 fputs(filemode(git_tree_entry_filemode(entry)), fp);
24- fprintf(fp, "</td><td><a href=\"%s%s\">", relpath, filepath);
25+ fprintf(fp, "</td><td><a href=\"%s", relpath);
26+ xmlencode(fp, filepath, strlen(filepath));
27+ fputs("\">", fp);
28 xmlencode(fp, entrypath, strlen(entrypath));
29 fputs("</a></td><td class=\"num\" align=\"right\">", fp);
30 if (lc > 0)