Fix unescaped user input in tree/blob filenames
[gitphp.git] / templates / blame.tpl
Chris Han 1 {*
2 * blame.tpl
3 * gitphp: A PHP git repository browser
4 * Component: Blame view template
5 *
6 * Copyright (C) 2010 Christopher Han <xiphux@gmail.com>
7 *}
Chris Han 8 {extends file='projectbase.tpl'}
Chris Han 9
Chris Han 10 {block name=css}
11 {if $geshicss}
12 <style type="text/css">
13 {$geshicss}
14 </style>
15 {/if}
16 {/block}
17
Chris Han 18 {block name=main}
Chris Han 19
20 <div class="page_nav">
Chris Han 21 {include file='nav.tpl' treecommit=$commit}
22 <br />
Chris Han 23 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=blob_plain&amp;h={$blob->GetHash()}&amp;f={$blob->GetPath()|escape:'url'}">{t}plain{/t}</a> |
Chris Han 24 {if $commit->GetHash() != $head->GetHash()}
Chris Han 25 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=blame&amp;hb=HEAD&amp;f={$blob->GetPath()|escape:'url'}">{t}HEAD{/t}</a>
Chris Han 26 {else}
Chris Han 27 {t}HEAD{/t}
Chris Han 28 {/if}
Chris Han 29 | blame
30 <br />
Chris Han 31 </div>
Chris Han 32
Chris Han 33 {include file='title.tpl' titlecommit=$commit}
Chris Han 34
Chris Han 35 {include file='path.tpl' pathobject=$blob target='blob'}
Chris Han 36
Chris Han 37 <div class="page_body">
Chris Han 38 {if $geshi}
39 {$geshihead}
Chris Han 40 <td class="ln de1" id="blameData">
41 {include file='blamedata.tpl'}
42 </td>
Chris Han 43 {$geshibody}
44 {$geshifoot}
45 {else}
Chris Han 46 <table class="code">
Chris Han 47 {foreach from=$blob->GetData(true) item=blobline name=blob}
Chris Han 48 {assign var=blamecommit value=$blame[$smarty.foreach.blob.iteration]}
49 {if $blamecommit}
50 {cycle values="light,dark" assign=rowclass}
51 {/if}
52 <tr class="{$rowclass}">
53 <td class="date">
54 {if $blamecommit}
Christian Weiske 55 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=commit&amp;h={$blamecommit->GetHash()}" title="{$blamecommit->GetTitle()}" class="commitTip">{$blamecommit->GetAuthorEpoch()|date_format:"%Y-%m-%d %H:%M:%S"}</a>
Chris Han 56 {/if}
57 </td>
58 <td class="author">
59 {if $blamecommit}
60 {$blamecommit->GetAuthor()}
61 {/if}
62 </td>
63 <td class="num"><a id="l{$smarty.foreach.blob.iteration}" href="#l{$smarty.foreach.blob.iteration}" class="linenr">{$smarty.foreach.blob.iteration}</a></td>
64 <td class="codeline">{$blobline|escape}</td>
65 </tr>
Chris Han 66 {/foreach}
67 </table>
Chris Han 68 {/if}
Chris Han 69 </div>
70
Chris Han 71 {/block}
72
comments