diff options
author | Lars Hjemli <hjemli@gmail.com> | 2011-06-12 22:49:35 +0200 |
---|---|---|
committer | Lars Hjemli <hjemli@gmail.com> | 2011-06-12 23:21:30 +0200 |
commit | 7f88d20823ad9d375900657334bc27793860f6ee (patch) | |
tree | c9f9a0048cae2d94e97138e9ea82e2a103b215ad /html.c | |
parent | 2a8f553163d642e60092ced20631e1020581273b (diff) | |
download | cgit-7f88d20823ad9d375900657334bc27793860f6ee.tar.gz cgit-7f88d20823ad9d375900657334bc27793860f6ee.tar.xz |
ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
relative urls would be incorrect
* using unescaped paths allows XSS
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (limited to 'html.c')
0 files changed, 0 insertions, 0 deletions