Mon May 29 15:04:37 UTC 2006 Alberto Bertogli <albertogli@telpin.com.ar>
* Escape repository descriptions.
Escape all repository descriptions, because they might contain unfrendly
characters for XML (including HTML, ATOM and RSS).
Thanks to Clive Crous for the report and a slightly different patch.
diff -rN -u old-darcsweb/darcsweb.cgi new-darcsweb/darcsweb.cgi
--- old-darcsweb/darcsweb.cgi 2013-07-29 09:13:25.000000000 +0000
+++ new-darcsweb/darcsweb.cgi 2013-07-29 09:13:25.000000000 +0000
@@ -1339,7 +1339,8 @@
print '<div class="title"> </div>'
print '<table cellspacing="0">'
- print ' <tr><td>description</td><td>%s</td></tr>' % config.repodesc
+ print ' <tr><td>description</td><td>%s</td></tr>' % \
+ escape(config.repodesc)
if owner:
print ' <tr><td>owner</td><td>%s</td></tr>' % escape(owner)
if len(ps) > 0:
@@ -1870,7 +1871,7 @@
""" % {
'reponame': config.reponame,
'url': config.myurl + '/' + config.myreponame,
- 'desc': config.repodesc,
+ 'desc': escape(config.repodesc),
'lastmod': str_lastmod,
}
@@ -1944,7 +1945,7 @@
""" % {
'reponame': config.reponame,
'url': config.myurl + '/' + config.myreponame,
- 'desc': config.repodesc,
+ 'desc': escape(config.repodesc),
}
ps = get_last_patches(20)