[Fusionforge-commits] FusionForge branch master updated. 1f7adf8273a5c5a2ef46d8816550fad63a9d6ca0
Sylvain Beucler
beuc-inria at fusionforge.org
Tue Dec 16 17:10:42 CET 2014
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, master has been updated
via 1f7adf8273a5c5a2ef46d8816550fad63a9d6ca0 (commit)
from b566fdc8f60bd496cf961c7ecf1838162f2f3ec2 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 1f7adf8273a5c5a2ef46d8816550fad63a9d6ca0
Author: Sylvain Beucler <sylvain.beucler at inria.fr>
Date: Tue Dec 16 17:10:22 2014 +0100
viewvc: properly set content-type and charset: only in a download mode, and not only when the content-type is unsafe
diff --git a/src/www/scm/viewvc.php b/src/www/scm/viewvc.php
index 717ae36..48c5439 100644
--- a/src/www/scm/viewvc.php
+++ b/src/www/scm/viewvc.php
@@ -163,11 +163,12 @@ switch ($_GET['view']) {
case 'patch':
$sysdebug_enable = false;
// Force content-type for any text/* or */javascript, to avoid XSS
- if (!empty($content_type) &&
- (preg_match('/text\/.*/', $content_type) ||
- preg_match('/.*\/javascript/', $content_type))) {
- header('Content-Type: text/plain'
- . (!empty($charset) ? ";charset=$charset" : ''));
+ if (!empty($content_type)) {
+ if ((preg_match('/text\/.*/', $content_type) ||
+ preg_match('/.*\/javascript/', $content_type)))
+ $content_type = 'text/plain';
+ header("Content-Type: $content_type"
+ . (!empty($charset) ? ";charset=$charset" : ''));
}
echo $body;
break;
-----------------------------------------------------------------------
Summary of changes:
src/www/scm/viewvc.php | 11 ++++++-----
1 file changed, 6 insertions(+), 5 deletions(-)
hooks/post-receive
--
FusionForge
More information about the Fusionforge-commits
mailing list