Fossil SCM
Fix an XSS problem in the chng= query parameter to /timeline.
Commit
30f60a58a5ee9d89ba3ecc1efbeeb5514614fa26d4985be60f7573db94ba7217
Parent
83789c6e5341624…
1 file changed
+1
-1
+1
-1
| --- src/timeline.c | ||
| +++ src/timeline.c | ||
| @@ -1114,11 +1114,11 @@ | ||
| 1114 | 1114 | static void addFileGlobDescription( |
| 1115 | 1115 | const char *zChng, /* The filename GLOB list */ |
| 1116 | 1116 | Blob *pDescription /* Result description */ |
| 1117 | 1117 | ){ |
| 1118 | 1118 | if( zChng==0 || zChng[0]==0 ) return; |
| 1119 | - blob_appendf(pDescription, " that include changes to files matching %Q", | |
| 1119 | + blob_appendf(pDescription, " that include changes to files matching '%h'", | |
| 1120 | 1120 | zChng); |
| 1121 | 1121 | } |
| 1122 | 1122 | |
| 1123 | 1123 | /* |
| 1124 | 1124 | ** Tag match expression type code. |
| 1125 | 1125 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -1114,11 +1114,11 @@ | |
| 1114 | static void addFileGlobDescription( |
| 1115 | const char *zChng, /* The filename GLOB list */ |
| 1116 | Blob *pDescription /* Result description */ |
| 1117 | ){ |
| 1118 | if( zChng==0 || zChng[0]==0 ) return; |
| 1119 | blob_appendf(pDescription, " that include changes to files matching %Q", |
| 1120 | zChng); |
| 1121 | } |
| 1122 | |
| 1123 | /* |
| 1124 | ** Tag match expression type code. |
| 1125 |
| --- src/timeline.c | |
| +++ src/timeline.c | |
| @@ -1114,11 +1114,11 @@ | |
| 1114 | static void addFileGlobDescription( |
| 1115 | const char *zChng, /* The filename GLOB list */ |
| 1116 | Blob *pDescription /* Result description */ |
| 1117 | ){ |
| 1118 | if( zChng==0 || zChng[0]==0 ) return; |
| 1119 | blob_appendf(pDescription, " that include changes to files matching '%h'", |
| 1120 | zChng); |
| 1121 | } |
| 1122 | |
| 1123 | /* |
| 1124 | ** Tag match expression type code. |
| 1125 |