From: Jakub Narebski <jnareb@gmail.com>
Date: Sat, 5 Aug 2006 11:15:24 +0000 (+0200)
Subject: gitweb: No error messages with unescaped/unprotected user input
X-Git-Tag: v1.4.3-rc1~274^2~11
X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=e2860ead31579a15ee94831f2b9b55e43caa2cac;p=git.git

gitweb: No error messages with unescaped/unprotected user input

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
---

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 628490145..2e2629ca5 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1265,7 +1265,7 @@ sub git_diff_print {
 sub git_project_list {
 	my $order = $cgi->param('o');
 	if (defined $order && $order !~ m/project|descr|owner|age/) {
-		die_error(undef, "Invalid order parameter '$order'");
+		die_error(undef, "Unknown order parameter");
 	}
 
 	my @list = git_read_projects();