7feecdd512
Fix issue #515 ("XSS bug in diff view (CVE-2012-4533)"). * lib/viewvc.py (DiffSource._get_row): Pass the "extra" line information through the formatter code so that, at a minimum, it's HTML-escaped. Patch by: Nicolás Alvarez <nicolas.alvarez{__AT__}gmail.com> * conf/viewvc.conf.dist Show the default value of 'hr_funout' as 1 (which matches the programmatic default). Also: * CHANGES Note this change. git-svn-id: http://viewvc.tigris.org/svn/viewvc/branches/1.1.x@2793 8cb11bc2-c004-0410-86c3-e597b4017df7 |
||
---|---|---|
.. | ||
cvsgraph.conf.dist | ||
mimetypes.conf.dist | ||
viewvc.conf.dist |