![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
| author | Petr Baudis <pasky@suse.cz> | |
| Sat, 23 Sep 2006 22:18:41 +0000 (00:18 +0200) | ||
| committer | Junio C Hamano <junkio@cox.net> | |
| Sun, 24 Sep 2006 06:53:18 +0000 (23:53 -0700) | ||
| commit | a2f3db2f5de2a3667b0e038aa65e3e097e642e7d | |
| tree | 521959c2df89fa89837b1dafdf5a158525fcb885 | tree | snapshot |
| parent | 8f41db8c370d535ed0132ef33d73e47edcc5af03 | commit | diff |
gitweb: Consolidate escaping/validation of query string
Consider:
http://repo.or.cz/?p=glibc-cvs.git;a=tree;h=2609cb0411389325f4ee2854cc7159756eb0671e;hb=2609cb0411389325f4ee2854cc7159756eb0671e
(click on the funny =__ify file)
We ought to handle anything in filenames and I actually see no reason why
we don't, modulo very little missing escaping that this patch hopefully
also fixes.
I have also made esc_param() escape [?=&;]. Not escaping [&;] was downright
buggy and [?=] just feels better escaped. ;-) YMMV.
Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
Consider:
http://repo.or.cz/?p=glibc-cvs.git;a=tree;h=2609cb0411389325f4ee2854cc7159756eb0671e;hb=2609cb0411389325f4ee2854cc7159756eb0671e
(click on the funny =__ify file)
We ought to handle anything in filenames and I actually see no reason why
we don't, modulo very little missing escaping that this patch hopefully
also fixes.
I have also made esc_param() escape [?=&;]. Not escaping [&;] was downright
buggy and [?=] just feels better escaped. ;-) YMMV.
Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
| gitweb/gitweb.perl | diff | blob | history |