From: Eric Wong <e@80x24.org>
Date: Sun, 19 Feb 2017 03:44:27 +0000 (+0000)
Subject: repobrowse: return git errors as text/plain, for now
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a2d5afa6a83ab8f97dd344d72be537952255b3e8;p=thirdparty%2Fpublic-inbox.git

repobrowse: return git errors as text/plain, for now

For now, this avoids an HTML injection vector.  We'll try to
have more consistent error reporting in the future.
---

diff --git a/lib/PublicInbox/RepoGitDiff.pm b/lib/PublicInbox/RepoGitDiff.pm
index 0e79f119c..267284021 100644
--- a/lib/PublicInbox/RepoGitDiff.pm
+++ b/lib/PublicInbox/RepoGitDiff.pm
@@ -54,7 +54,7 @@ sub call_git_diff {
 	$qsp->psgi_return($env, undef, sub { # parse header
 		my ($r) = @_;
 		if (!defined $r) {
-			[ 500, [ 'Content-Type', 'text/html' ], [ $git->err ]];
+			[ 500, [ 'Content-Type', 'text/plain' ], [ $git->err ]];
 		} elsif ($r == 0) {
 			[ 200, [ 'Content-Type', 'text/html' ], [
 				delete($req->{dhtml}).