author | Jakub Narebski <jnareb@gmail.com> | |
Sun, 7 Feb 2010 20:51:18 +0000 (21:51 +0100) | ||
committer | Junio C Hamano <gitster@pobox.com> | |
Wed, 17 Feb 2010 19:18:09 +0000 (11:18 -0800) | ||
commit | 453541fcfcbc54aa3b0035667e5d5885d407d0a5 | |
tree | 5233260f999c7a0f5f5f73c02339243bf24b9158 | tree | snapshot |
parent | 6d816301cd53e54af3398b634d47588a6f184be4 | commit | diff |
gitweb: esc_html (short) error message in die_error
The error message (second argument to die_error) is meant to be short,
one-line text description of given error. A few callers call
die_error with error message containing unescaped user supplied data
($hash, $file_name). Instead of forcing callers to escape data,
simply call esc_html on the parameter.
Note that optional third parameter, which contains detailed error
description, is meant to be HTML formatted, and therefore should be
not escaped.
While at it update esc_html synopsis/usage, and bring default error
description to read 'Internal Server Error' (titlecased).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The error message (second argument to die_error) is meant to be short,
one-line text description of given error. A few callers call
die_error with error message containing unescaped user supplied data
($hash, $file_name). Instead of forcing callers to escape data,
simply call esc_html on the parameter.
Note that optional third parameter, which contains detailed error
description, is meant to be HTML formatted, and therefore should be
not escaped.
While at it update esc_html synopsis/usage, and bring default error
description to read 'Internal Server Error' (titlecased).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitweb/gitweb.perl | diff | blob | history |