vriska/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

Ensure proper escaping of /build/.../contents pages

Browse source
This commit is contained in:
Eelco Dolstra 2014-08-17 23:43:22 +02:00
parent f50066ab6f
commit 28b528c1ab
2 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
src/lib/Hydra/Controller/Build.pm
View file

@ -294,9 +294,9 @@ sub contents : Chained('buildChain') PathPart Args(1) {
$res = `cd '$path' && find . -print0 | xargs -0 ls -ld --`;
error($c, "`ls -lR' error: $?") if $? != 0;
my $baseuri = $c->uri_for('/build', $c->stash->{build}->id, 'download', $product->productnr);
$baseuri .= "/".$product->name if $product->name;
$res =~ s/(\.\/)($relPathRE)/<a href="$baseuri\/$2">$1$2<\/a>/g;
#my $baseuri = $c->uri_for('/build', $c->stash->{build}->id, 'download', $product->productnr);
#$baseuri .= "/".$product->name if $product->name;
#$res =~ s/(\.\/)($relPathRE)/<a href="$baseuri\/$2">$1$2<\/a>/g;
}
elsif ($path =~ /\.rpm$/) {
@ -337,7 +337,7 @@ sub contents : Chained('buildChain') PathPart Args(1) {
die unless $res;
$c->stash->{title} = "Contents of ".$product->path;
$c->stash->{contents} = "<pre>$res</pre>";
$c->stash->{contents} = decode("utf-8", $res);
$c->stash->{template} = 'plain.tt';
}

2
src/root/plain.tt
View file

@ -5,6 +5,6 @@
[% jobset = build.jobset %]
[% job = build.job %]
[% contents %]
<pre>[% HTML.escape(contents) %]</pre>
[% END %]