$OpenBSD: patch-ui-diff_c,v 1.1 2011/07/27 13:34:05 jasper Exp $

Security fix for CVE-2011-2711, cgit Rename Hint Script Insertion Vulnerability
http://hjemli.net/pipermail/cgit/2011-July/000276.html

--- ui-diff.c.orig	Sat Mar  5 13:52:39 2011
+++ ui-diff.c	Wed Jul 27 15:32:37 2011
@@ -84,10 +84,12 @@ static void print_fileinfo(struct fileinfo *info)
 	htmlf("</td><td class='%s'>", class);
 	cgit_diff_link(info->new_path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
 		       ctx.qry.sha2, info->new_path);
-	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED)
-		htmlf(" (%s from %s)",
-		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed",
-		      info->old_path);
+	if (info->status == DIFF_STATUS_COPIED || info->status == DIFF_STATUS_RENAMED) {
+		htmlf(" (%s from ",
+		      info->status == DIFF_STATUS_COPIED ? "copied" : "renamed");
+		html_txt(info->old_path);
+		html(")");
+	}
 	html("</td><td class='right'>");
 	if (info->binary) {
 		htmlf("bin</td><td class='graph'>%d -> %d bytes",
