escape HTML in paths

[stagit.git] / stagit.c

diff --git a/stagit.c b/stagit.c
index c2b2f2cb7c48c7ec0932f35b587cd1faea14a30d..a6cfebc043b62d54695612a0482ff097a061fb2e 100644 (file)
--- a/stagit.c
+++ b/stagit.c
@@ -76,7 +76,7 @@ joinpath(char *buf, size_t bufsiz, const char *path, const char *path2)
 
        r = snprintf(buf, bufsiz, "%s%s%s",
                path, path[0] && path[strlen(path) - 1] != '/' ? "/" : "", path2);
-       if (r == -1 || (size_t)r >= bufsiz)
+       if (r < 0 || (size_t)r >= bufsiz)
                errx(1, "path truncated: '%s%s%s'",
                        path, path[0] && path[strlen(path) - 1] != '/' ? "/" : "", path2);
 }
@@ -532,9 +532,15 @@ printshowfile(FILE *fp, struct commitinfo *ci)
        for (i = 0; i < ci->ndeltas; i++) {
                patch = ci->deltas[i]->patch;
                delta = git_patch_get_delta(patch);
-               fprintf(fp, "<b>diff --git a/<a id=\"h%zu\" href=\"%sfile/%s.html\">%s</a> b/<a href=\"%sfile/%s.html\">%s</a></b>\n",
-                       i, relpath, delta->old_file.path, delta->old_file.path,
-                       relpath, delta->new_file.path, delta->new_file.path);
+               fprintf(fp, "<b>diff --git a/<a id=\"h%zu\" href=\"%sfile/", i, relpath);
+               xmlencode(fp, delta->old_file.path, strlen(delta->old_file.path));
+               fputs(".html\">", fp);
+               xmlencode(fp, delta->old_file.path, strlen(delta->old_file.path));
+               fprintf(fp, "</a> b/<a href=\"%sfile/", relpath);
+               xmlencode(fp, delta->new_file.path, strlen(delta->new_file.path));
+               fprintf(fp, ".html\">");
+               xmlencode(fp, delta->new_file.path, strlen(delta->new_file.path));
+               fprintf(fp, "</a></b>\n");
 
                /* check binary data */
                if (delta->flags & GIT_DIFF_FLAG_BINARY) {
@@ -606,7 +612,6 @@ writelog(FILE *fp, const git_oid *oid)
 
        git_revwalk_new(&w, repo);
        git_revwalk_push(w, oid);
-       git_revwalk_sorting(w, GIT_SORT_TIME);
        git_revwalk_simplify_first_parent(w);
 
        while (!git_revwalk_next(&id, w)) {
@@ -617,7 +622,7 @@ writelog(FILE *fp, const git_oid *oid)
 
                git_oid_tostr(oidstr, sizeof(oidstr), &id);
                r = snprintf(path, sizeof(path), "commit/%s.html", oidstr);
-               if (r == -1 || (size_t)r >= sizeof(path))
+               if (r < 0 || (size_t)r >= sizeof(path))
                        errx(1, "path truncated: 'commit/%s.html'", oidstr);
                r = access(path, F_OK);
 
@@ -736,7 +741,6 @@ writeatom(FILE *fp)
 
        git_revwalk_new(&w, repo);
        git_revwalk_push_head(w);
-       git_revwalk_sorting(w, GIT_SORT_TIME);
        git_revwalk_simplify_first_parent(w);
 
        for (i = 0; i < m && !git_revwalk_next(&id, w); i++) {
@@ -858,7 +862,7 @@ writefilestree(FILE *fp, git_tree *tree, const char *path)
 
                r = snprintf(filepath, sizeof(filepath), "file/%s.html",
                         entrypath);
-               if (r == -1 || (size_t)r >= sizeof(filepath))
+               if (r < 0 || (size_t)r >= sizeof(filepath))
                        errx(1, "path truncated: 'file/%s.html'", entrypath);
 
                if (!git_tree_entry_to_object(&obj, repo, entry)) {
@@ -883,7 +887,9 @@ writefilestree(FILE *fp, git_tree *tree, const char *path)
 
                        fputs("<tr><td>", fp);
                        fputs(filemode(git_tree_entry_filemode(entry)), fp);
-                       fprintf(fp, "</td><td><a href=\"%s%s\">", relpath, filepath);
+                       fprintf(fp, "</td><td><a href=\"%s", relpath);
+                       xmlencode(fp, filepath, strlen(filepath));
+                       fputs("\">", fp);
                        xmlencode(fp, entrypath, strlen(entrypath));
                        fputs("</a></td><td class=\"num\" align=\"right\">", fp);
                        if (lc > 0)