It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When creating path_info part of link, don't encode space as '+', because
while $cgi->param('foo') translates '+' in query param to ' ', neither
$ENV{'PATH_INFO'} nor $cgi->path_info() do.
This fixes the issue with pathnames with embedded whitespace and
$feature{'pathinfo'} / path_info links. It is done by using newly
introduced esc_path_info() instead of esc_url() in href() subroutine.
Also while links are more clear not escaping space (' ') characters in
generated links, the trailing space must be URI-encoded, otherwise would
get discarded.
Issue noticed thanks to John 'Warthog9' Hawley.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* master:
Prepare for 1.7.3.4
use persistent memory for rejected paths
do not overwrite files in leading path
lstat_cache: optionally return match_len
add function check_ok_to_remove()
t7607: add leading-path tests
t7607: use test-lib functions and check MERGE_HEAD
gitk: Add Brazilian Portuguese (pt-BR) translation
gitk: Make text selectable on Mac
gitk: Prevent the text pane from becoming editable
gitk: Add the equivalent of diff --color-words
gitk: Update Swedish translation (290t)
gitk: Show notes by default (like git log does)
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add Brazilian Portuguese (pt-BR) translation
gitk: Make text selectable on Mac
gitk: Prevent the text pane from becoming editable
gitk: Add the equivalent of diff --color-words
gitk: Update Swedish translation (290t)
gitk: Show notes by default (like git log does)
* maint:
Prepare for 1.7.3.4
use persistent memory for rejected paths
do not overwrite files in leading path
lstat_cache: optionally return match_len
add function check_ok_to_remove()
t7607: add leading-path tests
t7607: use test-lib functions and check MERGE_HEAD
Do not link with -lcrypto under NO_OPENSSL
Signed-off-by: Junio C Hamano <gitster@pobox.com>
An aborted merge prints the list of rejected paths as part of the
error message. Since commit f66caaf9 (do not overwrite files in
leading path), some of those paths do not have static buffers, so
we have to keep a copy. Use string_list's to accomplish this.
This changes the order of the list to the order in which the paths
are processed. Previously, it was reversed.
Signed-off-by: Clemens Buchacher <drizzd@aon.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If the work tree contains an untracked file x, and
unpack-trees wants to checkout a path x/*, the
file x is removed unconditionally.
Instead, apply the same checks that are normally
used for untracked files, and abort if the file
cannot be removed.
Signed-off-by: Clemens Buchacher <drizzd@aon.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Return match_len so that the caller can know which leading path
component matched.
Signed-off-by: Clemens Buchacher <drizzd@aon.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This wraps some inline code into the function check_ok_to_remove(),
which will later be used for leading path components as well.
Signed-off-by: Clemens Buchacher <drizzd@aon.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Use the test_commit and test_path_is_missing
functions from the test library.
Also make sure that a merge which fails due to
pre-merge checks aborts properly and does not
leave MERGE_HEAD behind.
The "will not overwrite removed file" test is an
exception to this. It notices the untracked file
at a stage where the merge is already well under
way. Therefore we cannot abort the merge without
major restructuring. See the following thread for
more details.
http://mid.gmane.org/7vskopwxej.fsf@gitster.siamese.dyndns.org
Signed-off-by: Clemens Buchacher <drizzd@aon.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* tc/http-urls-ends-with-slash:
http-fetch: rework url handling
http-push: add trailing slash at arg-parse time, instead of later on
http-push: check path length before using it
http-push: Normalise directory names when pushing to some WebDAV servers
http-backend: use end_url_with_slash()
url: add str wrapper for end_url_with_slash()
shift end_url_with_slash() from http.[ch] to url.[ch]
t5550-http-fetch: add test for http-fetch
t5550-http-fetch: add missing '&&'
* gc/http-with-non-ascii-username-url:
Fix username and password extraction from HTTP URLs
t5550: test HTTP authentication and userinfo decoding
Conflicts:
t/lib-httpd/apache.conf
Translating a SCM is tricky due to amount of jargon, so, I tried to
keep the wording consistent with both the German and Italian git
translations and the pt-BR translation of other SCMs.
Signed-off-by: Alexandre Erwin Ittner <alexandre@ittner.com.br>
Signed-off-by: Paul Mackerras <paulus@samba.org>
* kb/diff-C-M-synonym:
diff: use "find" instead of "detect" as prefix for long forms of -M and -C
diff: add --detect-copies-harder as a synonym for --find-copies-harder
Currently we have three test files matching t800?-blame.sh.
Rename the latter two to make it easier to spot where additions would
go.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
There are some common but minor errors we tend to make in
writing test scripts:
1. Scripts are left non-executable. This is not usually
noticed immediately because "make test" does not need
the bit, but it is a matter of git policy to make them
executable (and is a slight convenience when running
individual scripts).
2. Two scripts are allocated the same number. Usually this
happens on separate branches, and the problem only
comes about during a merge. But since there is no
textual conflict, the merger would have to be very
observant to notice.
This is also a minor error, but can make GIT_SKIP_TESTS
ambiguous.
This patch introduces a "test-lint" target which checks
both. It is not invoked by default. You can invoke it as
"make test-lint", or you can make it a prerequisite of
running the tests by specifying "TEST_LINT = test-lint" in
your config.mak or on the command line.
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
dd is a thin wrapper around read(2). As open group Issue 7 explains:
It shall read the input one block at a time, using the specified
input block size; it shall then process the block of data
actually returned, which could be smaller than the requested
block size.
Any short read --- for example from a pipe whose capacity cannot fill
a block --- results in that block being truncated. As a result, the
first cat-blob test (9300.114) fails on Mac OS X, where the pipe
capacity is around 8 KiB.
Fix the test by using a block size of 1. Each read will block until
the next byte of input is available.
It would be even nicer to use head -c which expresses the intention
more clearly. Alas, IRIX "head" does not support the -c option.
Reported-by: Brian Gernhardt <brian@gernhardtsoftware.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* gb/web--browse:
web--browse: better support for chromium
web--browse: support opera, seamonkey and elinks
web--browse: split valid_tool list
web--browse: coding style
* jn/parse-options-extra:
update-index: migrate to parse-options API
setup: save prefix (original cwd relative to toplevel) in startup_info
parse-options: make resuming easier after PARSE_OPT_STOP_AT_NON_OPTION
parse-options: allow git commands to invent new option types
parse-options: never suppress arghelp if LITERAL_ARGHELP is set
parse-options: do not infer PARSE_OPT_NOARG from option type
parse-options: sanity check PARSE_OPT_NOARG flag
parse-options: move NODASH sanity checks to parse_options_check
parse-options: clearer reporting of API misuse
parse-options: Don't call parse_options_check() so much
* tc/http-urls-ends-with-slash:
http-fetch: rework url handling
http-push: add trailing slash at arg-parse time, instead of later on
http-push: check path length before using it
http-push: Normalise directory names when pushing to some WebDAV servers
http-backend: use end_url_with_slash()
url: add str wrapper for end_url_with_slash()
shift end_url_with_slash() from http.[ch] to url.[ch]
t5550-http-fetch: add test for http-fetch
t5550-http-fetch: add missing '&&'
