cgit-70

a gopher interface forked from the popular cgit

History

Jason A. Donenfeld 7ea35f9f8e syntax-highlighting.sh: Fix command injection. By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting.	13 years ago
..
commit-links.sh	commit-links.sh: improve regular expressions	14 years ago
syntax-highlighting.sh	syntax-highlighting.sh: Fix command injection.	13 years ago

Jason A. Donenfeld 7ea35f9f8e syntax-highlighting.sh: Fix command injection.

By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.

This patch adds simple argument quoting.

commit-links.sh

commit-links.sh: improve regular expressions

syntax-highlighting.sh

syntax-highlighting.sh: Fix command injection.