From: Petr Baudis <redacted>
Date: Sun, 24 Sep 2006 21:57:40 +0000 (-0700)
Subject: gitweb: fix over-eager application of esc_html().
X-Git-Url: https://git.ladys.computer/Gitweb/commitdiff_plain/3e58b3c8e3c9ff21c2e0e6f6a8289a6b4cf96f76d7d121ce9c57aab795fd5c39

gitweb: fix over-eager application of esc_html().

Contents of %diffinfo hash should be quoted upon output but kept
unquoted internally.  Later users of this hash expect filenames
to be filenames, not HTML gibberish.

Signed-off-by: Petr Baudis <redacted>
Signed-off-by: Junio C Hamano <redacted>
---

diff --git a/gitweb.perl b/gitweb.perl
index 0f4c1c3..9c984dc 100755
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -3062,12 +3062,12 @@ sub git_blobdiff {
 		if (defined $file_name) {
 			if (defined $file_parent) {
 				$diffinfo{'status'} = '2';
-				$diffinfo{'from_file'} = esc_html($file_parent);
-				$diffinfo{'to_file'}   = esc_html($file_name);
+				$diffinfo{'from_file'} = $file_parent;
+				$diffinfo{'to_file'}   = $file_name;
 			} else { # assume not renamed
 				$diffinfo{'status'} = '1';
-				$diffinfo{'from_file'} = esc_html($file_name);
-				$diffinfo{'to_file'}   = esc_html($file_name);
+				$diffinfo{'from_file'} = $file_name;
+				$diffinfo{'to_file'}   = $file_name;
 			}
 		} else { # no filename given
 			$diffinfo{'status'} = '2';
@@ -3136,8 +3136,8 @@ sub git_blobdiff {
 
 	} else {
 		while (my $line = <$fd>) {
-			$line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g;
-			$line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g;
+			$line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg;
+			$line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg;
 
 			print $line;