From: Junio C Hamano <gitster@pobox.com>
Date: Wed, 15 Dec 2010 19:45:36 +0000 (-0800)
Subject: Git 1.7.2.5
X-Git-Tag: v1.7.2.5^0
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=b91779f17eb19ffc2e63e84728e785cf274b47df;p=git.git

Git 1.7.2.5

Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

b91779f17eb19ffc2e63e84728e785cf274b47df
diff --cc Documentation/RelNotes/1.7.2.5.txt
index 000000000,000000000..bf976c40d
new file mode 100644
--- /dev/null
+++ b/Documentation/RelNotes/1.7.2.5.txt
@@@ -1,0 -1,0 +1,8 @@@
++Git v1.7.2.5 Release Notes
++==========================
++
++Fixes since v1.7.2.4
++--------------------
++
++ * "gitweb" can sometimes be tricked into parrotting a filename argument
++   given in a request without properly quoting.
diff --cc GIT-VERSION-GEN
index 1c0f85c2b,5e8077ebf..ec4c49a90
--- a/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@@ -1,7 -1,7 +1,7 @@@
  #!/bin/sh
  
  GVF=GIT-VERSION-FILE
- DEF_VER=v1.7.2.4
 -DEF_VER=v1.7.1.4
++DEF_VER=v1.7.2.5
  
  LF='
  '
diff --cc RelNotes
index c81a98e07,86af99bd3..17d37af54
--- a/RelNotes
+++ b/RelNotes
@@@ -1,1 -1,1 +1,1 @@@
- Documentation/RelNotes/1.7.2.4.txt
 -Documentation/RelNotes/1.7.1.4.txt
++Documentation/RelNotes/1.7.2.5.txt
diff --cc gitweb/gitweb.perl
index 84261bba3,b51f5bfb2..8b8ab2960
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@@ -5629,8 -5408,10 +5636,8 @@@ sub git_blob 
  			chomp $line;
  			$nr++;
  			$line = untabify($line);
 -			printf "<div class=\"pre\"><a id=\"l%i\" href=\""
 -				. esc_attr(href(-replay => 1))
 -				. "#l%i\" class=\"linenr\">%4i</a> %s</div>\n",
 -			       $nr, $nr, $nr, esc_html($line, -nbsp=>1);
 +			printf qq!<div class="pre"><a id="l%i" href="%s#l%i" class="linenr">%4i</a> %s</div>\n!,
- 			       $nr, href(-replay => 1), $nr, $nr, $syntax ? $line : esc_html($line, -nbsp=>1);
++			       $nr, esc_attr(href(-replay => 1)), $nr, $nr, $syntax ? $line : esc_html($line, -nbsp=>1);
  		}
  	}
  	close $fd