ui-diff.c: avoid html injection

[cgit.git] / ui-shared.c
diff --git a/ui-shared.c b/ui-shared.c

index e9917993fb2d4181bf3adb6ff4c01dea0cb52f26..5aa911956aa3cbf344b437e15aad761f5cd11d86 100644 (file)
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -341,6 +341,18 @@ void cgit_commit_link(char *name, const char *title, const char *class,
         if ((ctx.qry.ssdiff && !toggle_ssdiff) || (!ctx.qry.ssdiff && toggle_ssdiff)) {
                 html(delim);
                 html("ss=1");
+               delim = "&amp;";
+       }
+       if (ctx.qry.context > 0 && ctx.qry.context != 3) {
+               html(delim);
+               html("context=");
+               htmlf("%d", ctx.qry.context);
+               delim = "&amp;";
+       }
+       if (ctx.qry.ignorews) {
+               html(delim);
+               html("ignorews=1");
+               delim = "&amp;";
         }
         html("'>");
         html_txt(name);
@@ -382,6 +394,18 @@ void cgit_diff_link(const char *name, const char *title, const char *class,
         if ((ctx.qry.ssdiff && !toggle_ssdiff) || (!ctx.qry.ssdiff && toggle_ssdiff)) {
                 html(delim);
                 html("ss=1");
+               delim = "&amp;";
+       }
+       if (ctx.qry.context > 0 && ctx.qry.context != 3) {
+               html(delim);
+               html("context=");
+               htmlf("%d", ctx.qry.context);
+               delim = "&amp;";
+       }
+       if (ctx.qry.ignorews) {
+               html(delim);
+               html("ignorews=1");
+               delim = "&amp;";
         }
         html("'>");
         html_txt(name);
@@ -550,7 +574,7 @@ void cgit_print_http_headers(struct cgit_context *ctx)
         else if (ctx->page.mimetype)
                 htmlf("Content-Type: %s\n", ctx->page.mimetype);
         if (ctx->page.size)
-               htmlf("Content-Length: %ld\n", ctx->page.size);
+               htmlf("Content-Length: %zd\n", ctx->page.size);
         if (ctx->page.filename)
                 htmlf("Content-Disposition: inline; filename=\"%s\"\n",
                       ctx->page.filename);
@@ -732,17 +756,27 @@ static void cgit_print_path_crumbs(struct cgit_context *ctx, char *path)
  
  static void print_header(struct cgit_context *ctx)
  {
+       char *logo = NULL, *logo_link = NULL;
+
         html("<table id='header'>\n");
         html("<tr>\n");
  
-       if (ctx->cfg.logo && ctx->cfg.logo[0] != 0) {
+       if (ctx->repo && ctx->repo->logo && *ctx->repo->logo)
+               logo = ctx->repo->logo;
+       else
+               logo = ctx->cfg.logo;
+       if (ctx->repo && ctx->repo->logo_link && *ctx->repo->logo_link)
+               logo_link = ctx->repo->logo_link;
+       else
+               logo_link = ctx->cfg.logo_link;
+       if (logo && *logo) {
                 html("<td class='logo' rowspan='2'><a href='");
-               if (ctx->cfg.logo_link)
-                       html_attr(ctx->cfg.logo_link);
+               if (logo_link && *logo_link)
+                       html_attr(logo_link);
                 else
                         html_attr(cgit_rooturl());
                 html("'><img src='");
-               html_attr(ctx->cfg.logo);
+               html_attr(logo);
                 html("' alt='cgit logo'/></a></td>\n");
         }
  
@@ -816,6 +850,7 @@ void cgit_print_pageheader(struct cgit_context *ctx)
                 html_option("grep", "log msg", ctx->qry.grep);
                 html_option("author", "author", ctx->qry.grep);
                 html_option("committer", "committer", ctx->qry.grep);
+               html_option("range", "range", ctx->qry.grep);
                 html("</select>\n");
                 html("<input class='txt' type='text' size='10' name='q' value='");
                 html_attr(ctx->qry.search);