Git https://git.stealer.net/cgit.cgi/user/sven/git.git/atom?h=v1.6.4.5 2010-12-15T19:16:31Z 2010-12-15T19:16:31Z Jakub Narebski jnareb@gmail.com 2010-12-14T23:34:01Z urn:sha1:3017ed62f47ce14a959e2d315c434d4980cf4243 It is needed only to escape attributes of handcrafted HTML elements, and not those generated using CGI.pm subroutines / methods for HTML generation. While at it, add esc_url and esc_html where needed, and prefer to use CGI.pm HTML generating methods than handcrafted HTML code. Most of those are probably unnecessary (could be exploited only by person with write access to gitweb config, or at least access to the repository). This fixes CVE-2010-3906 Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it> Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2009-08-28T03:42:42Z Junio C Hamano gitster@pobox.com 2009-08-28T03:42:42Z urn:sha1:749086fa090d81c10ebf16b1abfd138c3fa0232e * maint-1.6.3: Fix overridable written with an extra 'e' Documentation: git-archive: mark --format as optional in summary Round-down years in "years+months" relative date view 2009-08-28T03:42:38Z Junio C Hamano gitster@pobox.com 2009-08-28T03:42:38Z urn:sha1:5e64650d938d7a23b73532b4a68bc6bd08cfd041 * maint-1.6.2: Fix overridable written with an extra 'e' Documentation: git-archive: mark --format as optional in summary Round-down years in "years+months" relative date view Conflicts: Documentation/git-archive.txt 2009-08-28T03:41:48Z Nanako Shiraishi nanako3@lavabit.com 2009-08-28T03:18:49Z urn:sha1:93197898041fcaf84d8ac84df764cca7bf86b226 Signed-off-by: Nanako Shiraishi <nanako3@lavabit.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2009-08-21T18:34:17Z Junio C Hamano gitster@pobox.com 2009-08-21T18:34:17Z urn:sha1:d3ebb174ea0881ff1d801174d18271bfc50245e3 * zf/maint-gitweb-acname: gitweb: parse_commit_text encoding fix 2009-08-05T19:37:13Z Zoltán Füzesi zfuzesi@eaglet.hu 2009-08-02T07:42:24Z urn:sha1:5ed5bbc7e1c3a0144db42d6ec4689e01b2f37516 Call to_utf8 when parsing author and committer names, otherwise they will appear with bad encoding if they written by using chop_and_escape_str. Signed-off-by: Zoltán Füzesi <zfuzesi@eaglet.hu> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2009-08-05T19:36:38Z Jakub Narebski jnareb@gmail.com 2009-08-04T15:54:32Z urn:sha1:46068383aa825dfe9026f9255cea07da07e06253 Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2009-07-13T18:09:02Z Wincent Colaiuta win@wincent.com 2009-07-12T12:31:28Z urn:sha1:69fb8283937a18a031aeef12ea2a530c8ccf3e83 git-scm.com is now the "official" Git project page, having taken over from git.or.cz, so update the default link accordingly. This saves a redirect when people hit git.or.cz. Signed-off-by: Wincent Colaiuta <win@wincent.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> 2009-07-09T08:00:59Z Junio C Hamano gitster@pobox.com 2009-07-09T08:00:59Z urn:sha1:1d4bf0b362bbe26f6a8b6e8e278cd45986de4aeb * gb/gitweb-avatar: gitweb: add empty alt text to avatar img gitweb: picon avatar provider gitweb: gravatar url cache gitweb: (gr)avatar support gitweb: use git_print_authorship_rows in 'tag' view too gitweb: uniform author info for commit and commitdiff gitweb: refactor author name insertion 2009-06-30T18:06:37Z Giuseppe Bilotta giuseppe.bilotta@gmail.com 2009-06-29T22:00:54Z urn:sha1:7d25ef41c84850ec1405400efc95d78fa6523efc The empty alt text optimizes screen estate in text-only browsers. Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>