Re: [PATCH 1/2] ui-repolist: provide hyperlinks on section names

John Keeping Mon, 12 Sep 2016 16:09:06 -0700

On Mon, Sep 12, 2016 at 05:01:49PM -0500, Andy Doan wrote:
> This makes it easier to traverse into a section of git repositories.
> 
> Signed-off-by: Andy Doan <andy.d...@linaro.org>
> ---
>  ui-repolist.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/ui-repolist.c b/ui-repolist.c
> index 30915df..f6b6b47 100644
> --- a/ui-repolist.c
> +++ b/ui-repolist.c
> @@ -322,7 +322,7 @@ void cgit_print_repolist(void)
>                    strcmp(section, last_section)))) {
>                       htmlf("<tr class='nohover'><td colspan='%d' 
> class='reposection'>",
>                             columns);
> -                     html_txt(section);
> +                     htmlf("<a href='%s'>%s</a>", section, section);


I probably should have spotted this before, but "section" isn't being
properly escaped after this patch.  This needs to be:

        html("<a href='");
        html_attr(section);
        html("'>");
        html_txt(section);
        html("</a>");

(although the first and last strings could be combined with the
surrounding statements).

>                       html("</td></tr>");
>                       last_section = section;
>               }
> -- 
> 2.7.4
_______________________________________________
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit

Re: [PATCH 1/2] ui-repolist: provide hyperlinks on section names

Reply via email to