From 7f3c6e0ce9b41142cf2707af100992acdce059df Mon Sep 17 00:00:00 2001
From: Lukasz Janyst <ljanyst@cern.ch>
Date: Sat, 5 Mar 2011 14:10:55 +0100
Subject: ui-diff.c: avoid html injection

When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.

Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
---
 ui-diff.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'ui-diff.c')

diff --git a/ui-diff.c b/ui-diff.c
index a53425d..a7bc667 100644
--- a/ui-diff.c
+++ b/ui-diff.c
@@ -172,8 +172,11 @@ void cgit_print_diffstat(const unsigned char *old_sha1,
 	html("<div class='diffstat-header'>");
 	cgit_diff_link("Diffstat", NULL, NULL, ctx.qry.head, ctx.qry.sha1,
 		       ctx.qry.sha2, NULL, 0);
-	if (prefix)
-		htmlf(" (limited to '%s')", prefix);
+	if (prefix) {
+		html(" (limited to '");
+		html_txt(prefix);
+		html("')");
+	}
 	html(" (");
 	ctx.qry.context = (save_context > 0 ? save_context : 3) << 1;
 	cgit_self_link("more", NULL, NULL, &ctx);
-- 
cgit v1.2.3-59-g8ed1b