[tokkee]

tokkee.org

Code

projects / git.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: cbcab75 abf411e)
Git 1.7.0.9 v1.7.0.9
authorJunio C Hamano <gitster@pobox.com>
Wed, 15 Dec 2010 19:38:19 +0000 (11:38 -0800)
committerJunio C Hamano <gitster@pobox.com>
Wed, 15 Dec 2010 19:38:19 +0000 (11:38 -0800)
Signed-off-by: Junio C Hamano <gitster@pobox.com>
1  2 
Documentation/RelNotes/1.7.0.9.txt patch | | | blob
GIT-VERSION-GEN patch | diff1 | diff2 | blob | history
RelNotes patch | diff1 | diff2 | blob | history
gitweb/gitweb.perl patch | diff1 | diff2 | blob | history

diff --cc Documentation/RelNotes/1.7.0.9.txt
index 0000000000000000000000000000000000000000,0000000000000000000000000000000000000000..bfb31663873cae7a0e24097d89d1d65bb246ed4b
new file mode 100644 (file)
--- /dev/null
--- /dev/null
+++ b/Documentation/RelNotes/1.7.0.9.txt
@@@ -1,0 -1,0 +1,8 @@@
++Git v1.7.0.9 Release Notes
++==========================
++
++Fixes since v1.7.0.8
++--------------------
++
++ * "gitweb" can sometimes be tricked into parrotting a filename argument
++   given in a request without properly quoting.
diff --cc GIT-VERSION-GEN
index 4149fa9eb7a77eef45152394504eb7ab8ba2140b,7d16b013824cc6974fe49e9a49c588146b6d7e2d..c07c5959bb25ef72bbf17f6d0ac13685568236d7
--- 1/GIT-VERSION-GEN
--- 2/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@@ -1,7 -1,7 +1,7 @@@
  #!/bin/sh
  
  GVF=GIT-VERSION-FILE
- DEF_VER=v1.7.0.8
 -DEF_VER=v1.6.6.3
++DEF_VER=v1.7.0.9
  
  LF='
  '
diff --cc RelNotes
index 882532b0486688b101c5a14b758c3ced5ba82c8a,3dad2389f600053e534a75563049a66b5bdb1ebf..2e4322a073d72f242a56bc2e00c9aa84ff73806c
--- 1/RelNotes
--- 2/RelNotes
+++ b/RelNotes
@@@ -1,1 -1,1 +1,1 @@@
- Documentation/RelNotes/1.7.0.8.txt
 -Documentation/RelNotes/1.6.6.3.txt
++Documentation/RelNotes/1.7.0.9.txt
diff --cc gitweb/gitweb.perl
index 9d4c58238ea87963221d948020e928d232c0d90d,0fe8539321e6eb527aef127a17e437edb4998308..f1d857961cf7b873828e66b9873c054f46b6a7a5
--- 1/gitweb/gitweb.perl
--- 2/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@@ -3364,9 -3334,8 +3371,9 @@@ sub git_footer_html 
                insert_file($site_footer);
        }
  
-       print qq!<script type="text/javascript" src="$javascript"></script>\n!;
+       print qq!<script type="text/javascript" src="!.esc_url($javascript).qq!"></script>\n!;
 -      if ($action eq 'blame_incremental') {
 +      if (defined $action &&
 +          $action eq 'blame_incremental') {
                print qq!<script type="text/javascript">\n!.
                      qq!startBlame("!. href(action=>"blame_data", -replay=>1) .qq!",\n!.
                      qq!           "!. href() .qq!");\n!.
Git - the stupid content tracker