From 00d08473b8fd4501100119808253a2e1afc6fd7f Mon Sep 17 00:00:00 2001 From: Sandro Santilli Date: Mon, 22 Jan 2018 21:37:14 +0100 Subject: [PATCH 1/2] Use GiteaServer as the user agent for http requests (#3404) Otherwise we're still presenting ourselves as GogsServer... --- modules/httplib/httplib.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/httplib/httplib.go b/modules/httplib/httplib.go index f2d9a2bfa..88190704b 100644 --- a/modules/httplib/httplib.go +++ b/modules/httplib/httplib.go @@ -25,7 +25,7 @@ import ( "time" ) -var defaultSetting = Settings{false, "GogsServer", 60 * time.Second, 60 * time.Second, nil, nil, nil, false} +var defaultSetting = Settings{false, "GiteaServer", 60 * time.Second, 60 * time.Second, nil, nil, nil, false} var defaultCookieJar http.CookieJar var settingMutex sync.Mutex From d644e8810710bc2e5035aa25f63c597c47312404 Mon Sep 17 00:00:00 2001 From: Morgan Bazalgette Date: Mon, 22 Jan 2018 22:28:16 +0100 Subject: [PATCH 2/2] HTML escape all lines of the search result (#3402) Fixes #3383. --- modules/search/search.go | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/modules/search/search.go b/modules/search/search.go index 1c13f11f8..db0c0a616 100644 --- a/modules/search/search.go +++ b/modules/search/search.go @@ -6,6 +6,7 @@ package search import ( "bytes" + "html" gotemplate "html/template" "strings" @@ -75,17 +76,17 @@ func searchResult(result *indexer.RepoSearchResult, startIndex, endIndex int) (* closeActiveIndex := util.Min(result.EndIndex-index, len(line)) err = writeStrings(&formattedLinesBuffer, `
  • `, - line[:openActiveIndex], + html.EscapeString(line[:openActiveIndex]), ``, - line[openActiveIndex:closeActiveIndex], + html.EscapeString(line[openActiveIndex:closeActiveIndex]), ``, - line[closeActiveIndex:], + html.EscapeString(line[closeActiveIndex:]), `
    • `, ) } else { err = writeStrings(&formattedLinesBuffer, `
  • `, - line, + html.EscapeString(line), `
    • `, ) }