cgit/html.c, branch v0.9.0.2 A hyperfast web frontend for git repositories written in C. http://git.cetero.st/cgit/atom/html.c?h=v0.9.0.2 2011-07-21T14:21:52Z html.c: avoid out-of-bounds access for url_escape_table 2011-07-21T14:21:52Z Eric Wong normalperson@yhbt.net 2011-07-21T03:24:54Z urn:sha1:9cae75d040d9102d4b628ba3c828d95d0251f5c0 This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com> Properly escape ampersands inside HTML attributes 2011-05-30T21:55:19Z Lukas Fleischer cgit@cryptocrack.de 2011-05-24T18:38:40Z urn:sha1:69382320d96232ee8c73e664797da61e733c2427 Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> Fix memory leak in http_parse_querystring(). 2011-05-23T20:58:35Z Lukas Fleischer cgit@cryptocrack.de 2011-03-30T23:21:39Z urn:sha1:070e109c1413d28b54eb6123a9fd24ac98897554 Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> Fix escaping of paths with spaces 2011-05-23T20:58:06Z Jonathon Mah me@JonathonMah.com 2011-04-10T11:10:03Z urn:sha1:74152744f0d56c2d0211728206a218a33df41a5d Signed-off-by: Lars Hjemli <hjemli@gmail.com> Merge branch 'stable' 2011-03-05T13:01:59Z Lars Hjemli hjemli@gmail.com 2011-03-05T13:01:59Z urn:sha1:1b09cbd303d889ec2636127584d57b7f1b70c25e do not infloop on a query ending in %XY, for invalid hex X or Y 2011-03-05T12:38:34Z Jim Meyering meyering@redhat.com 2011-02-28T11:18:57Z urn:sha1:fc384b16fb9787380746000d3cea2d53fccc548e When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com> html.c: use '+' to escape spaces in urls 2010-11-09T23:22:41Z Lars Hjemli hjemli@gmail.com 2010-11-09T17:15:21Z urn:sha1:c2680325f68192368d32f26458fea9cfb50df6e5 Signed-off-by: Lars Hjemli <hjemli@gmail.com> prefer html_raw() to write() 2010-09-04T18:30:10Z Mark Lodato lodatom@gmail.com 2010-09-04T18:18:16Z urn:sha1:d187b98557d91b874836f286b955ba76ab26fb02 To make the code more consistent, and to not rely on the implementation of html(), always use html_raw(...) instead of write(htmlfd, ...). Signed-off-by: Mark Lodato <lodatom@gmail.com> Merge branch 'stable' 2010-08-29T15:40:51Z Lars Hjemli hjemli@gmail.com 2010-08-29T15:40:51Z urn:sha1:6940b23b9e4698ba466a4616e4de77b986560ad3 html: fix strcpy bug in convert_query_hexchar 2010-08-29T15:27:40Z Mark Lodato lodatom@gmail.com 2010-08-28T01:02:27Z urn:sha1:48434780ca62fde84337ea1e797f642de5ca50d5 The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>