escape '+' and ' ' in url's
diff --git a/gitweb.cgi b/gitweb.cgi
index 615af99..c477bf1 100755
--- a/gitweb.cgi
+++ b/gitweb.cgi
@@ -78,7 +78,8 @@
undef $project;
die_error(undef, "No such project.");
}
- $rss_link = "<link rel=\"alternate\" title=\"$project log\" href=\"$my_uri?p=$project;a=rss\" type=\"application/rss+xml\"/>";
+ $rss_link = "<link rel=\"alternate\" title=\"" . esc($project) . " log\" href=\"" .
+ esc("$my_uri?p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
$ENV{'GIT_DIR'} = "$projectroot/$project";
} else {
git_project_list();
@@ -206,6 +207,13 @@
exit;
}
+sub esc {
+ my $str = shift;
+ $str =~ s/ /\+/g;
+ $str =~ s/\+/%2b/g;
+ return $str;
+}
+
sub git_header_html {
my $status = shift || "200 OK";
my $expires = shift;
@@ -286,11 +294,11 @@
EOF
print "<div class=\"page_header\">\n" .
"<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" .
- "<img src=\"$my_uri?a=git-logo.png\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
+ "<img src=\"" . esc("$my_uri?a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
"</a>\n";
- print $cgi->a({-href => $home_link}, "projects") . " / ";
+ print $cgi->a({-href => esc($home_link)}, "projects") . " / ";
if (defined $project) {
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, escapeHTML($project));
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, escapeHTML($project));
if (defined $action) {
print " / $action";
}
@@ -306,7 +314,7 @@
}
$cgi->param("a", "search");
$cgi->param("h", $search_hash);
- print $cgi->startform(-method => "get", -action => "$my_uri") .
+ print $cgi->startform(-method => "get", -action => $my_uri) .
"<div class=\"search\">\n" .
$cgi->hidden(-name => "p") . "\n" .
$cgi->hidden(-name => "a") . "\n" .
@@ -325,9 +333,9 @@
if (defined $descr) {
print "<div class=\"page_footer_text\">" . escapeHTML($descr) . "</div>\n";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=rss", -class => "rss_logo"}, "RSS") . "\n";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n";
} else {
- print $cgi->a({-href => "$my_uri?a=opml", -class => "rss_logo"}, "OPML") . "\n";
+ print $cgi->a({-href => esc("$my_uri?a=opml"), -class => "rss_logo"}, "OPML") . "\n";
}
print "</div>\n" .
"</body>\n" .
@@ -668,7 +676,7 @@
if ($line =~ m/([0-9a-fA-F]{40})/) {
my $hash_text = $1;
if (git_get_type($hash_text) eq "commit") {
- my $link = $cgi->a({-class => "text", -href => "$my_uri?p=$project;a=commit;h=$hash_text"}, $hash_text);
+ my $link = $cgi->a({-class => "text", -href => esc("$my_uri?p=$project;a=commit;h=$hash_text")}, $hash_text);
$line =~ s/$hash_text/$link/;
}
}
@@ -816,25 +824,25 @@
@projects = sort {$a->{'path'} cmp $b->{'path'}} @projects;
print "<th>Project</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=project"}, "Project") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=project")}, "Project") . "</th>\n";
}
if (defined($order) && ($order eq "descr")) {
@projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects;
print "<th>Description</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=descr"}, "Description") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=descr")}, "Description") . "</th>\n";
}
if (defined($order) && ($order eq "owner")) {
@projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects;
print "<th>Owner</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=owner"}, "Owner") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=owner")}, "Owner") . "</th>\n";
}
if (defined($order) && ($order eq "age")) {
@projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects;
print "<th>Last Change</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=age"}, "Last Change") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc("$my_uri?o=age")}, "Last Change") . "</th>\n";
}
print "<th></th>\n" .
"</tr>\n";
@@ -846,7 +854,7 @@
print "<tr class=\"light\">\n";
}
$alternate ^= 1;
- print "<td>" . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary", -class => "list"}, escapeHTML($pr->{'path'})) . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=summary"), -class => "list"}, escapeHTML($pr->{'path'})) . "</td>\n" .
"<td>$pr->{'descr'}</td>\n" .
"<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
my $colored_age;
@@ -859,9 +867,9 @@
}
print "<td>$colored_age</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=log"}, "log") .
+ $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$pr->{'path'};a=log")}, "log") .
"</td>\n" .
"</tr>\n";
}
@@ -960,11 +968,11 @@
git_header_html();
print "<div class=\"page_nav\">\n" .
"summary".
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div class=\"title\"> </div>\n";
@@ -977,7 +985,7 @@
my (@revlist) = map { chomp; $_ } <$fd>;
close $fd;
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog", -class => "title"}, "shortlog") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog"), -class => "title"}, "shortlog") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
@@ -996,20 +1004,20 @@
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
"<td>";
if (length($co{'title_short'}) < length($co{'title'})) {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
"<b>" . escapeHTML($co{'title_short'}) . "</b>");
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"},
"<b>" . escapeHTML($co{'title'}) . "</b>");
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "...") . "</td>\n" .
"</tr>";
last;
}
@@ -1019,7 +1027,7 @@
my $taglist = git_read_refs("refs/tags");
if (defined @$taglist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tags", -class => "title"}, "tags") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tags"), -class => "title"}, "tags") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
@@ -1040,27 +1048,27 @@
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
+ $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
"<b>" . escapeHTML($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=tags"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=tags")}, "...") . "</td>\n" .
"</tr>";
last;
}
@@ -1071,7 +1079,7 @@
my $headlist = git_read_refs("refs/heads");
if (defined @$headlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=heads", -class => "title"}, "heads") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=heads"), -class => "title"}, "heads") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
@@ -1087,16 +1095,16 @@
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"},
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"},
"<b>" . escapeHTML($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=heads"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=heads")}, "...") . "</td>\n" .
"</tr>";
last;
}
@@ -1110,24 +1118,24 @@
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my %tag = git_read_tag($hash);
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($tag{'name'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($tag{'name'})) . "\n" .
"</div>\n";
print "<div class=\"title_text\">\n" .
"<table cellspacing=\"0\">\n" .
"<tr>\n" .
"<td>object</td>\n" .
- "<td>" . $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'object'}) . "</td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'type'}) . "</td>\n" .
+ "<td>" . $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" .
+ "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" .
"</tr>\n";
if (defined($tag{'author'})) {
my %ad = date_str($tag{'epoch'}, $tag{'tz'});
@@ -1149,17 +1157,17 @@
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/tags");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
@@ -1179,22 +1187,22 @@
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
+ $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
"<b>" . escapeHTML($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
@@ -1208,17 +1216,17 @@
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/heads");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
@@ -1233,11 +1241,11 @@
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
}
@@ -1285,20 +1293,20 @@
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") . "<br/>\n";
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n";
if (defined $file_name) {
- print $cgi->a({-href => "$my_uri?p=$project;a=blob_plain;h=$hash;f=$file_name"}, "plain") . "<br/>\n";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") . "<br/>\n";
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=blob_plain;h=$hash"}, "plain") . "<br/>\n";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n";
}
print "</div>\n".
"<div>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
@@ -1361,16 +1369,16 @@
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
$base_key = ";hb=$hash_base";
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash_base"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash_base"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash_base")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash_base")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
" | tree" .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n";
@@ -1403,18 +1411,18 @@
print "<td style=\"font-family:monospace\">" . mode_str($t_mode) . "</td>\n";
if ($t_type eq "blob") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key, -class => "list"}, $t_name) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key), -class => "list"}, $t_name) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key)}, "blob") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash_base" . $file_key)}, "history") .
"</td>\n";
} elsif ($t_type eq "tree") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, $t_name) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, $t_name) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, "tree") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, "tree") .
"</td>\n";
}
print "</tr>\n";
@@ -1523,12 +1531,12 @@
}
git_header_html();
print "<div class=\"page_nav\">\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
" | log" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
@@ -1536,19 +1544,19 @@
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=log"}, "HEAD");
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
@@ -1556,7 +1564,7 @@
"</div>\n";
if (!@revlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
my %co = git_read_commit($hash);
print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n";
@@ -1567,13 +1575,13 @@
next if !%co;
my %ad = date_str($co{'author_epoch'});
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "title"},
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "title"},
"<span class=\"age\">$co{'age_string'}</span>" . escapeHTML($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"title_text\">\n" .
"<div class=\"log_link\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"<br/>\n" .
"</div>\n" .
"<i>" . escapeHTML($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
@@ -1629,22 +1637,22 @@
}
git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") .
" | commit";
if (defined $co{'parent'}) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff");
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "\n" .
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" .
"<br/><br/></div>\n";
if (defined $co{'parent'}) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
}
print "<div class=\"title_text\">\n" .
@@ -1665,19 +1673,19 @@
print "<tr>" .
"<td>tree</td>" .
"<td style=\"font-family:monospace\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", class => "list"}, $co{'tree'}) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) .
"</td>" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"</td>" .
"</tr>\n";
my $parents = $co{'parents'};
foreach my $par (@$parents) {
print "<tr>" .
"<td>parent</td>" .
- "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par", class => "list"}, $par) . "</td>" .
+ "<td style=\"font-family:monospace\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par"}, "commitdiff") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$par")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") .
"</td>" .
"</tr>\n";
}
@@ -1738,16 +1746,16 @@
$mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)) . "</td>\n" .
"<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob") . "</td>\n";
+ "<td class=\"link\">" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n";
} elsif ($status eq "D") {
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file)) . "</td>\n" .
"<td><span style=\"color: #c00000;\">[deleted " . file_type($from_mode). "]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") .
"</td>\n"
} elsif ($status eq "M" || $status eq "T") {
my $mode_chnge = "";
@@ -1767,18 +1775,18 @@
}
print "<td>";
if ($to_id ne $from_id) {
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file));
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, escapeHTML($file));
}
print "</td>\n" .
"<td>$mode_chnge</td>\n" .
"<td class=\"link\">";
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob");
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"}, "diff");
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . "\n";
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . "\n";
print "</td>\n";
} elsif ($status eq "R") {
my ($from_file, $to_file) = split "\t", $file;
@@ -1787,14 +1795,14 @@
$mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file", -class => "list"}, escapeHTML($to_file)) . "</td>\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, escapeHTML($to_file)) . "</td>\n" .
"<td><span style=\"color: #777777;\">[moved from " .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file", -class => "list"}, escapeHTML($from_file)) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, escapeHTML($from_file)) .
" with " . (int $similarity) . "% similarity$mode_chng]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"}, "blob");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file"}, "diff");
+ print " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff");
}
print "</td>\n";
}
@@ -1809,17 +1817,17 @@
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") .
"<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent"}, "plain") .
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
@@ -1831,9 +1839,9 @@
}
print "<div class=\"page_body\">\n" .
"<div class=\"diff_info\">blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name"}, $hash_parent) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) .
" -> blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name"}, $hash) .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) .
"</div>\n";
git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash);
print "</div>";
@@ -1866,16 +1874,16 @@
}
git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
" | commitdiff" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent"}, "plain") . "\n" .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n";
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"page_body\">\n";
my $comment = $co{'comment'};
@@ -1914,20 +1922,20 @@
my $file = $6;
if ($status eq "A") {
print "<div class=\"diff_info\">" . file_type($to_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id) . "(new)" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" .
"</div>\n";
git_diff_print(undef, "/dev/null", $to_id, "b/$file");
} elsif ($status eq "D") {
print "<div class=\"diff_info\">" . file_type($from_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) . "(deleted)" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" .
"</div>\n";
git_diff_print($from_id, "a/$file", undef, "/dev/null");
} elsif ($status eq "M") {
if ($from_id ne $to_id) {
print "<div class=\"diff_info\">" .
- file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) .
+ file_type($from_mode) . ":" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) .
" -> " .
- file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id);
+ file_type($to_mode) . ":" . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id);
print "</div>\n";
git_diff_print($from_id, "a/$file", $to_id, "b/$file");
}
@@ -2008,16 +2016,16 @@
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"page_path\"><b>/$file_name</b><br/></div>\n";
@@ -2043,17 +2051,17 @@
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
- "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" .
+ "<td>" . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" .
escapeHTML(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=blob;hb=$commit;f=$file_name"}, "blob");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=blob;hb=$commit;f=$file_name")}, "blob");
my $blob = git_get_hash_by_path($hash, $file_name);
my $blob_parent = git_get_hash_by_path($commit, $file_name);
if (defined $blob && defined $blob_parent && $blob ne $blob_parent) {
print " | " .
- $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name"},
+ $cgi->a({-href => esc("$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")},
"diff to current");
}
print "</td>\n" .
@@ -2093,17 +2101,17 @@
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary;h=$hash"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary;h=$hash")}, "summary") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, escapeHTML($co{'title'})) . "\n" .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
@@ -2134,7 +2142,7 @@
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
my $comment = $co{'comment'};
foreach my $line (@$comment) {
if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
@@ -2149,8 +2157,8 @@
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
@@ -2187,18 +2195,18 @@
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "<b>" .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" .
escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
while (my $setref = shift @files) {
my %set = %$setref;
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}", class => "list"},
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"},
"<span style=\"color:#e00000\">" . escapeHTML($set{'file'}) . "</span>") .
"<br/>\n";
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
@@ -2221,12 +2229,12 @@
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary")}, "summary") .
" | shortlog" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
@@ -2234,26 +2242,26 @@
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "HEAD");
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
print "<br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
@@ -2271,23 +2279,23 @@
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
"<td>";
if (length($co{'title_short'}) < length($co{'title'})) {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
"<b>" . escapeHTML($co{'title_short'}) . "</b>");
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
+ print $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"},
"<b>" . escapeHTML($co{'title_short'}) . "</b>");
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print "<tr>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -title => "Alt-n"}, "next") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") .
"</td>\n" .
"</tr>\n";
}
