Junio C Hamano wrote: > Jakub Narebski <jnareb@gmail.com> writes: > >> our $action = $cgi->param('a'); >> if (defined $action) { >> if ($action =~ m/[^0-9a-zA-Z\.\-_]/) { >> - undef $action; >> - die_error(undef, "Invalid action parameter."); >> + die_error(undef, "Invalid action parameter $action"); >> } > > Doesn't this make us parrot what the browser threw at us without > escaping back for HTML (iow, die_error does not seem to escape > $error)? I wanted to know what is the parameter gitweb considers invalid. Perhaps the execution wasn't the best... [...] >> - $rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" . >> - "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>"; > > The reason of removal is...? Ah, you inlined it. It was not > clear from the proposed commit log message. I'm sorry for unrelated changes (the commit could be probably split into four). -- Jakub Narebski Warsaw, Poland ShadeHawk on #git - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.htmlReceived on Sat Aug 05 10:27:13 2006
This archive was generated by hypermail 2.1.8 : 2006-08-05 10:27:44 EST