From: Jakub Narebski <jnareb@gmail.com>
To: git@vger.kernel.org
Subject: [PATCH 7/9] gitweb: No error messages with unescaped/unprotected user input
Date: Sat, 05 Aug 2006 13:15:24 +0200 [thread overview]
Message-ID: <eb1uj0$8ti$3@sea.gmane.org> (raw)
In-Reply-To: 44d47813.36251c31.2553.3cf7@mx.gmail.com
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
---
Probably some error messages with unescaped user input are left...
gitweb/gitweb.perl | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index d8ba016..013bfe7 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1265,7 +1265,7 @@ ## actions
sub git_project_list {
my $order = $cgi->param('o');
if (defined $order && $order !~ m/project|descr|owner|age/) {
- die_error(undef, "Invalid order parameter '$order'");
+ die_error(undef, "Unknown order parameter");
}
my @list = git_read_projects();
--
1.4.1.1
next prev parent reply other threads:[~2006-08-05 11:25 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-04 22:36 [PATCH 0/5] Some further gitweb patches Jakub Narebski
2006-08-04 22:38 ` [PATCH 1/5] gitweb: Cleanup input validation and error messages Jakub Narebski
2006-08-04 23:54 ` Luben Tuikov
2006-08-05 0:02 ` [PATCH 6/5] gitweb: No periods for " Jakub Narebski
2006-08-04 23:54 ` [PATCH 1/5] gitweb: Cleanup input validation and " Luben Tuikov
2006-08-05 0:15 ` Junio C Hamano
2006-08-05 0:26 ` Jakub Narebski
2006-08-05 10:51 ` [PATCH 0/9] gitweb: First patch corrected and split into separate patches Jakub Narebski
2006-08-05 10:55 ` [PATCH 1/9] gitweb: Separate input validation and dispatch, add comment about opml action Jakub Narebski
2006-08-05 10:56 ` [PATCH 2/9] gitweb: die_error first (optional) parameter is HTTP status Jakub Narebski
2006-08-05 10:56 ` [PATCH 3/9] gitweb: Use undef for die_error to use default first (status) parameter value Jakub Narebski
2006-08-05 10:58 ` [PATCH 4/9] gitweb: Don't undefine query parameter related variables before die_error Jakub Narebski
2006-08-05 11:12 ` [PATCH 5/9] gitweb: Cleanup and uniquify error messages Jakub Narebski
2006-08-05 11:13 ` [PATCH 6/9] gitweb: No periods for " Jakub Narebski
2006-08-05 15:55 ` Luben Tuikov
2006-08-05 16:15 ` Jakub Narebski
2006-08-05 11:15 ` Jakub Narebski [this message]
2006-08-05 11:16 ` [PATCH 8/9] gitweb: PATH_INFO=/ means no project Jakub Narebski
2006-08-05 11:18 ` [PATCH 9/9] gitweb: Inline $rss_link Jakub Narebski
2006-08-04 22:39 ` [PATCH 2/5] gitweb: Great subroutines renaming Jakub Narebski
2006-08-04 22:40 ` [PATCH 3/5] gitweb: Separate ref parsing in git_read_refs into parse_ref Jakub Narebski
2006-08-04 22:42 ` [PATCH 4/5] gitweb: git_heads cleanup Jakub Narebski
2006-08-04 22:43 ` [PATCH 5/5] gitweb: Change appereance of marker of refs pointing to given object Jakub Narebski
2006-08-05 11:42 ` [PATCH 7/5] Merge changes in "split patch 1" series Jakub Narebski
2006-08-05 14:55 ` Johannes Schindelin
2006-08-05 15:05 ` Jakub Narebski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='eb1uj0$8ti$3@sea.gmane.org' \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).