vitalif
/
viewvc-4intranet
mirror of https://github.com/vitalif/viewvc-4intranet
1
0
Fork 0
Code Issues Releases Wiki Activity
viewvc-4intranet/conf
History
cmpilato 7feecdd512 Merge from trunk r2791 and r2792, which did the following: 
Fix issue #515 ("XSS bug in diff view (CVE-2012-4533)").

   * lib/viewvc.py
     (DiffSource._get_row): Pass the "extra" line information through the
       formatter code so that, at a minimum, it's HTML-escaped.

   Patch by: Nicolás Alvarez <nicolas.alvarez{__AT__}gmail.com>

   * conf/viewvc.conf.dist
     Show the default value of 'hr_funout' as 1 (which matches the
     programmatic default).

Also:

* CHANGES
  Note this change.

git-svn-id: http://viewvc.tigris.org/svn/viewvc/branches/1.1.x@2793 8cb11bc2-c004-0410-86c3-e597b4017df7
 		2012-10-24 13:29:49 +00:00
..
cvsgraph.conf.dist Merge from trunk r2119, whose log message read thusly: 2009-03-19 20:44:47 +00:00
mimetypes.conf.dist Merge from trunk r2119, whose log message read thusly: 2009-03-19 20:44:47 +00:00
viewvc.conf.dist Merge from trunk r2791 and r2792, which did the following: 2012-10-24 13:29:49 +00:00