commit - 0b3823fddac066935c55c29fba27822c4b70ddce
commit + 255f40228747f0671ce214c468858d83c2efe8a5
blob - b260b7fe9f656659b2df03066a6a98ffc06fbbec
blob + 14209e4ea3ddc308fe76bdb22119849a2fdc5572
--- gotwebd/got_operations.c
+++ gotwebd/got_operations.c
struct got_tree_object *tree = NULL;
struct repo_dir *repo_dir = t->repo_dir;
const char *name, *index_page_str, *folder;
- char *id_str = NULL;
+ char *id_str = NULL, *escaped_name;
char *path = NULL, *in_repo_path = NULL, *modestr = NULL;
int nentries, i, r;
}
}
+ name = got_tree_entry_get_name(te);
+ error = gotweb_escape_html(&escaped_name, name);
+ if (error)
+ goto done;
+
if (S_ISDIR(mode)) {
- name = got_tree_entry_get_name(te);
r = fcgi_printf(c,
"<div class='tree_wrapper'>\n"
"<div class='tree_line'>"
"<div class='tree_line_blank'> </div>\n"
"</div>\n", /* .tree_wrapper */
index_page_str, qs->path, rc->commit_id,
- folder, name, name, modestr);
+ folder, name, escaped_name, modestr);
if (r == -1)
goto done;
} else {
- name = got_tree_entry_get_name(te);
r = fcgi_printf(c,
"<div class='tree_wrapper'>\n"
"<div class='tree_line'>"
"</div>\n" /* .tree_line_blank */
"</div>\n", /* .tree_wrapper */
index_page_str, qs->path, rc->commit_id,
- folder, name, name, modestr,
+ folder, name, escaped_name, modestr,
index_page_str, qs->path, rc->commit_id,
folder, name,
index_page_str, qs->path, rc->commit_id,
blob - 85333b7e962aeb7d7758f8dad8a5ae6ea8764c27
blob + 8b2d5059e7c7a43bf2d06180192bb9b3b0f955ea
--- gotwebd/gotweb.c
+++ gotwebd/gotweb.c
const struct got_error *error = NULL;
struct transport *t = c->t;
struct repo_commit *rc = NULL;
- char *age = NULL;
+ char *age = NULL, *msg = NULL;
int r;
error = got_get_repo_commits(c, 1);
rc = TAILQ_FIRST(&t->repo_commits);
error = gotweb_get_time_str(&age, rc->committer_time, TM_LONG);
+ if (error)
+ goto done;
+ error = gotweb_escape_html(&msg, rc->commit_msg);
if (error)
goto done;
"<div class='dotted_line'></div>\n"
"<div id='blame'>\n",
age ? age : "",
- rc->commit_msg);
+ msg);
if (r == -1)
goto done;
fcgi_printf(c, "</div>\n" /* #blame */
"</div>\n"); /* #blame_content */
done:
+ free(msg);
return error;
}
struct repo_dir *repo_dir = t->repo_dir;
const char *index_page_str;
char *smallerthan, *newline;
- char *age = NULL;
+ char *age = NULL, *author = NULL, *msg = NULL;
int r;
index_page_str = qs->index_page_str ? qs->index_page_str : "";
if (newline)
*newline = '\0';
+ error = gotweb_escape_html(&author, rc->author);
+ if (error)
+ goto done;
+ error = gotweb_escape_html(&msg, rc->commit_msg);
+ if (error)
+ goto done;
+
r = fcgi_printf(c, "<div class='briefs_age'>%s</div>\n"
"<div class='briefs_author'>%s</div>\n"
"<div class='briefs_log'>"
"<a href='?index_page=%s&path=%s&action=diff&commit=%s"
"&headref=%s'>%s</a>",
age ? age : "",
- rc->author,
+ author,
index_page_str, repo_dir->name, rc->commit_id, qs->headref,
- rc->commit_msg);
+ msg);
if (r == -1)
goto done;
if (rc->refs_str) {
+ char *refs;
+
+ error = gotweb_escape_html(&refs, rc->refs_str);
+ if (error)
+ goto done;
r = fcgi_printf(c,
- " <span class='refs_str'>(%s)</span>",
- rc->refs_str);
+ " <span class='refs_str'>(%s)</span>", refs);
+ free(refs);
if (r == -1)
goto done;
}
free(age);
age = NULL;
+ free(author);
+ author = NULL;
+ free(msg);
+ msg = NULL;
}
if (t->next_id || t->prev_id) {
fcgi_printf(c, "</div>\n"); /* #briefs_content */
done:
free(age);
+ free(author);
+ free(msg);
return error;
}
struct querystring *qs = t->qs;
struct repo_dir *repo_dir = t->repo_dir;
const char *index_page_str;
- char *age = NULL, *author = NULL;
+ char *age = NULL, *author = NULL, *msg = NULL;
int r;
index_page_str = qs->index_page_str ? qs->index_page_str : "";
error = gotweb_escape_html(&author, rc->author);
if (error)
goto done;
+ error = gotweb_escape_html(&msg, rc->commit_msg);
+ if (error)
+ goto done;
r = fcgi_printf(c, "<div class='commits_header_wrapper'>\n"
"<div class='commits_header'>\n"
"<div class='dotted_line'></div>\n"
"<div class='commit'>\n%s</div>\n",
rc->commit_id,
- author ? author : "",
+ author,
age ? age : "",
- rc->commit_msg);
+ msg);
if (r == -1)
goto done;
age = NULL;
free(author);
author = NULL;
+ free(msg);
+ msg = NULL;
}
if (t->next_id || t->prev_id) {
fcgi_printf(c, "</div>\n"); /* .commits_content */
done:
free(age);
+ free(author);
+ free(msg);
return error;
}
goto done;
TAILQ_FOREACH(re, &refs, entry) {
- char *refname = NULL;
+ const char *refname = NULL;
+ char *escaped_refname = NULL;
if (got_ref_is_symbolic(re->ref))
continue;
- refname = strdup(got_ref_get_name(re->ref));
+ refname = got_ref_get_name(re->ref);
if (refname == NULL) {
error = got_error_from_errno("strdup");
goto done;
if (strncmp(refname, "refs/heads/", 11) == 0)
refname += 11;
+ error = gotweb_escape_html(&escaped_refname, refname);
+ if (error)
+ goto done;
r = fcgi_printf(c, "<div class='branches_wrapper'>\n"
"<div class='branches_age'>%s</div>\n"
"</div>\n", /* .branches_wrapper */
age ? age : "",
index_page_str, qs->path, refname,
- refname,
+ escaped_refname,
index_page_str, qs->path, refname,
index_page_str, qs->path, refname,
index_page_str, qs->path, refname);
+ free(escaped_refname);
if (r == -1)
goto done;
const struct got_error *error = NULL;
struct transport *t = c->t;
struct repo_commit *rc = NULL;
- char *age = NULL;
+ char *age = NULL, *msg = NULL;
int r;
error = got_get_repo_commits(c, 1);
if (error)
goto done;
+ error = gotweb_escape_html(&msg, rc->commit_msg);
+ if (error)
+ goto done;
+
r = fcgi_printf(c, "<div id='tree_title_wrapper'>\n"
"<div id='tree_title'>Tree</div>\n"
"</div>\n" /* #tree_title_wrapper */
"<div id='tree'>\n",
rc->tree_id,
age ? age : "",
- rc->commit_msg);
+ msg);
if (r == -1)
goto done;
fcgi_printf(c, "</div>\n"); /* #tree */
fcgi_printf(c, "</div>\n"); /* #tree_content */
done:
+ free(msg);
return error;
}
const struct got_error *error = NULL;
struct transport *t = c->t;
struct repo_commit *rc = NULL;
- char *age = NULL, *author = NULL;
+ char *age = NULL, *author = NULL, *msg = NULL;
int r;
error = got_get_repo_commits(c, 1);
error = gotweb_escape_html(&author, rc->author);
if (error)
goto done;
+ error = gotweb_escape_html(&msg, rc->commit_msg);
+ if (error)
+ goto done;
r = fcgi_printf(c, "<div id='diff_title_wrapper'>\n"
"<div id='diff_title'>Commit Diff</div>\n"
rc->parent_id, rc->commit_id,
rc->commit_id,
rc->tree_id,
- author ? author : "",
+ author,
age ? age : "",
- rc->commit_msg);
+ msg);
if (r == -1)
goto done;
done:
free(age);
free(author);
+ free(msg);
return error;
}
const struct got_error *error = NULL;
struct repo_tag *rt = NULL;
struct transport *t = c->t;
- char *age = NULL, *author = NULL;
+ char *tagname = NULL, *age = NULL, *author = NULL, *msg = NULL;
error = got_get_repo_tags(c, 1);
if (error)
error = gotweb_escape_html(&author, rt->tagger);
if (error)
goto done;
+ error = gotweb_escape_html(&msg, rt->commit_msg);
+ if (error)
+ goto done;
if (strncmp(rt->tag_name, "refs/", 5) == 0)
rt->tag_name += 5;
+ error = gotweb_escape_html(&tagname, rt->tag_name);
+ if (error)
+ goto done;
fcgi_printf(c, "<div id='tags_title_wrapper'>\n"
"<div id='tags_title'>Tag</div>\n"
"<div id='tag_commit'>\n%s</div>"
"</div>", /* tag_header_wrapper */
rt->commit_id,
- rt->tag_name,
- author ? author : "",
+ tagname,
+ author,
age ? age : "",
- rt->commit_msg,
+ msg,
rt->tag_commit);
done:
free(age);
free(author);
+ free(msg);
return error;
}
struct querystring *qs = t->qs;
struct repo_dir *repo_dir = t->repo_dir;
const char *index_page_str;
- char *newline;
- char *age = NULL;
+ char *age = NULL, *tagname = NULL, *msg = NULL, *newline;
int r, commit_found = 0;
index_page_str = qs->index_page_str ? qs->index_page_str : "";
if (strncmp(rt->tag_name, "refs/tags/", 10) == 0)
rt->tag_name += 10;
+ error = gotweb_escape_html(&tagname, rt->tag_name);
+ if (error)
+ goto done;
if (rt->tag_commit != NULL) {
newline = strchr(rt->tag_commit, '\n');
if (newline)
*newline = '\0';
+ error = gotweb_escape_html(&msg, rt->tag_commit);
+ if (error)
+ goto done;
}
r = fcgi_printf(c, "<div class='tag_age'>%s</div>\n"
"</div>\n" /* .navs_wrapper */
"<div class='dotted_line'></div>\n",
age ? age : "",
- rt->tag_name,
+ tagname,
index_page_str, repo_dir->name, rt->commit_id,
- rt->tag_commit ? rt->tag_commit : "",
+ msg ? msg : "",
index_page_str, repo_dir->name, rt->commit_id,
index_page_str, repo_dir->name, rt->commit_id,
index_page_str, repo_dir->name, rt->commit_id);
free(age);
age = NULL;
+ free(tagname);
+ tagname = NULL;
+ free(msg);
+ msg = NULL;
}
if (t->next_id || t->prev_id) {
error = gotweb_render_navs(c);
fcgi_printf(c, "</div>\n"); /* #tags_content */
done:
free(age);
+ free(tagname);
+ free(msg);
return error;
}