From 609ecacf462b68bade5abd6848363ca71662918a Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Mon, 12 Sep 2005 00:04:13 +0000
Subject: [PATCH] Sanitize the browse.php message

---
 browse.php                   | 2 ++
 templates/default/browse.tpl | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/browse.php b/browse.php
index 87de2e9..b985247 100644
--- a/browse.php
+++ b/browse.php
@@ -49,6 +49,8 @@ if ($show['prev'])
 
 $revinfo = $viewsvn->svn->common->fetch_log($path, $viewsvn->paths->fetch_rev_num());
 
+$revinfo['message_clean'] = nl2br(htmlspecialchars($revinfo['messag']));
+
 $listing = $viewsvn->svn->ls($repos, $relpath, $viewsvn->paths->fetch_rev_num());
 
 $nodes = '';
diff --git a/templates/default/browse.tpl b/templates/default/browse.tpl
index e696967..2f74bc3 100644
--- a/templates/default/browse.tpl
+++ b/templates/default/browse.tpl
@@ -12,7 +12,7 @@ $header
 	<div><strong>Revision:</strong> $revinfo[rev]</div>
 	<div><strong>Author:</strong> $revinfo[author]</div>
 	<div><strong>Date:</strong> $revinfo[date] $revinfo[timezone]</div>
-	<div><strong>Message:</strong> $revinfo[message]</div>
+	<div><strong>Message:</strong> $revinfo[message_clean]</div>
 </div>
 
 <div class="head" style="border-width: 0px 1px 1px 1px">
-- 
2.22.5