gitweb: esc_html (short) error message in die_error

[git.git] / gitweb / gitweb.perl

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 1f6978ac1f3ca2f915c5b87d8b196ee1e0e52aca..2ccbb6aa3482924263ff0a110891cab82f71575c 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -3372,7 +3372,7 @@ sub git_footer_html {
              "</html>";
 }
 
-# die_error(<http_status_code>, <error_message>)
+# die_error(<http_status_code>, <error_message>[, <detailed_html_description>])
 # Example: die_error(404, 'Hash not found')
 # By convention, use the following status codes (as defined in RFC 2616):
 # 400: Invalid or missing CGI parameters, or
@@ -3387,7 +3387,7 @@ sub git_footer_html {
 #      or down for maintenance).  Generally, this is a temporary state.
 sub die_error {
        my $status = shift || 500;
-       my $error = shift || "Internal server error";
+       my $error = esc_html(shift || "Internal Server Error");
        my $extra = shift;
 
        my %http_responses = (