git.shiar.nl
/
minimedit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
077d629
)
login/commits: escape html characters in commit messages
author
Mischa POSLAWSKY
<perl@shiar.org>
Mon, 18 Nov 2019 21:20:45 +0000
(22:20 +0100)
committer
Mischa POSLAWSKY
<perl@shiar.org>
Mon, 18 Nov 2019 21:20:45 +0000
(22:20 +0100)
widget/login/commits.php
patch
|
blob
|
history
diff --git
a/widget/login/commits.php
b/widget/login/commits.php
index b86b6c5f8d76f2034fe722070916efd047290f47..b9cae451be89d515367d0e0c9d91a3948b4f1d1d 100644
(file)
--- a/
widget/login/commits.php
+++ b/
widget/login/commits.php
@@
-18,7
+18,8
@@
if ( $log = popen($gitcmd, 'r') ) {
list ($atime, $author, $message) = explode("\t", $line, 3);
list ($author) = explode(' ', $author); # first name only
printf('<li>%s <small class="date">%s • %s</small></li>'."\n",
- $message, $author, strftime('%F %H:%M', $atime)
+ htmlspecialchars($message),
+ htmlspecialchars($author), strftime('%F %H:%M', $atime)
);
$lines++;
}