[cgit] Add XSS patch file

Todd Zullinger tmz at fedoraproject.org
Fri Jul 22 13:46:45 UTC 2011 

commit bb87dd973f2253b81a2d8486e776915f7eec7f9a
Author: Todd Zullinger <tmz at pobox.com>
Date:   Fri Jul 22 09:45:40 2011 -0400

    Add XSS patch file

 ...otential-XSS-vulnerability-in-rename-hint.patch |   39 ++++++++++++++++++++
 1 files changed, 39 insertions(+), 0 deletions(-)
---
diff --git a/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch b/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch
new file mode 100644
index 0000000..9344e77
--- /dev/null
+++ b/0001-Fix-potential-XSS-vulnerability-in-rename-hint.patch
@@ -0,0 +1,39 @@
+From bebe89d7c11a92bf206bf6e528c51ffa8ecbc0d5 Mon Sep 17 00:00:00 2001
+From: Lukas Fleischer <cgit at cryptocrack.de>
+Date: Fri, 22 Jul 2011 13:47:19 +0200
+Subject: [PATCH] Fix potential XSS vulnerability in rename hint
+
+The file name displayed in the rename hint should be escaped to avoid
+XSS. Note that this vulnerability is only applicable when an attacker
+has gained push access to the repository.
+
+Signed-off-by: Lukas Fleischer <cgit at cryptocrack.de>
+Signed-off-by: Lars Hjemli <hjemli at gmail.com>
+---
+ ui-diff.c |   10 ++++++----
+ 1 files changed, 6 insertions(+), 4 deletions(-)
+
+diff --git a/ui-diff.c b/ui-diff.c
+index d21541b..383a534 100644
+--- a/ui-diff.c
++++ b/ui-diff.c
+@@ -97,10 +97,12 @@ static void print_fileinfo(struct fileinfo *info)
+ 	htmlf("</td><td class='%s'>", class);
+ 	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
+ 		       ctx.qry.sha2, info->new_path, 0);
+-	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
+-		htmlf(" (%s from %s)",
+-		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
+-		      info->old_path);
++	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
++		htmlf(" (%s from ",
++		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
++		html_txt(info->old_path);
++		html(")");
++	}
+ 	html("</td><td class='right'>");
+ 	if (info->binary) {
+ 		htmlf("bin</td><td class='graph'>%ld -> %ld bytes",
+-- 
+1.7.6.rc1
+

More information about the scm-commits mailing list