Fossil

Check-in [30f60a58]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix an XSS problem in the chng= query parameter to /timeline.
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA3-256:30f60a58a5ee9d89ba3ecc1efbeeb5514614fa26d4985be60f7573db94ba7217
User & Date: drh 2018-06-06 17:55:02
Context
2018-06-07
00:45
Disable the feature that changes the foreground color of the graph based on the background color of the item, as the item background color no longer extends under the graph. check-in: 7ac88481 user: drh tags: trunk
2018-06-06
17:55
Fix an XSS problem in the chng= query parameter to /timeline. check-in: 30f60a58 user: drh tags: trunk
2018-06-05
23:06
Fix a bug in the pivot-finder introduced by check-in [917f1c21e52a29904] from 5 days ago. check-in: 83789c6e user: drh tags: trunk
Changes
Hide Diffs Side-by-Side Diffs Ignore Whitespace Patch

Changes to src/timeline.c.

  1112   1112         glob_expr("filename.name", zChng));
  1113   1113   }
  1114   1114   static void addFileGlobDescription(
  1115   1115     const char *zChng,        /* The filename GLOB list */
  1116   1116     Blob *pDescription        /* Result description */
  1117   1117   ){
  1118   1118     if( zChng==0 || zChng[0]==0 ) return;
  1119         -  blob_appendf(pDescription, " that include changes to files matching %Q",
         1119  +  blob_appendf(pDescription, " that include changes to files matching '%h'",
  1120   1120                  zChng);
  1121   1121   }
  1122   1122   
  1123   1123   /*
  1124   1124   ** Tag match expression type code.
  1125   1125   */
  1126   1126   typedef enum {