Fix unescaped user input in tree/blob filenames
[gitphp.git] / templates / path.tpl
Chris Han 1 {*
2 * Path
3 *
4 * Path template
5 *
6 * @author Christopher Han <xiphux@gmail.com>
7 * @copyright Copyright (c) 2010 Christopher Han
8 * @package GitPHP
9 * @subpackage Template
10 *}
11 <div class="page_path">
12 {if $pathobject}
13 {assign var=pathobjectcommit value=$pathobject->GetCommit()}
Chris Han 14 {assign var=pathobjecttree value=$pathobjectcommit->GetTree()}
Christian Weiske 15 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=tree&amp;hb={$pathobjectcommit->GetHash()}&amp;h={$pathobjecttree->GetHash()}"><strong>[{$project->GetProject()}]</strong></a> /
Chris Han 16 {foreach from=$pathobject->GetPathTree() item=pathtreepiece}
Chris Han 17 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=tree&amp;hb={$pathobjectcommit->GetHash()}&amp;h={$pathtreepiece->GetHash()}&amp;f={$pathtreepiece->GetPath()|escape:'url'}"><strong>{$pathtreepiece->GetName()|escape}</strong></a> /
Chris Han 18 {/foreach}
19 {if $pathobject instanceof GitPHP_Blob}
20 {if $target == 'blobplain'}
Chris Han 21 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=blob_plain&amp;h={$pathobject->GetHash()}&amp;hb={$pathobjectcommit->GetHash()}&amp;f={$pathobject->GetPath()|escape:'url'}"><strong>{$pathobject->GetName()|escape}</strong></a>
Chris Han 22 {elseif $target == 'blob'}
Chris Han 23 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=blob&amp;h={$pathobject->GetHash()}&amp;hb={$pathobjectcommit->GetHash()}&amp;f={$pathobject->GetPath()|escape:'url'}"><strong>{$pathobject->GetName()|escape}</strong></a>
Chris Han 24 {else}
Chris Han 25 <strong>{$pathobject->GetName()|escape}</strong>
Chris Han 26 {/if}
Chris Han 27 {elseif $pathobject->GetName()}
Chris Han 28 {if $target == 'tree'}
Chris Han 29 <a href="{$SCRIPT_NAME}?p={$project->GetProject()|urlencode}&amp;a=tree&amp;hb={$pathobjectcommit->GetHash()}&amp;h={$pathobject->GetHash()}&amp;f={$pathobject->GetPath()|escape:'url'}"><strong>{$pathobject->GetName()|escape}</strong></a> /
Chris Han 30 {else}
Chris Han 31 <strong>{$pathobject->GetName()|escape}</strong> /
Chris Han 32 {/if}
33 {/if}
34 {else}
35 &nbsp;
36 {/if}
37 </div>
38
comments