Git 1.7.0.9

Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --cc Documentation/RelNotes/1.7.0.9.txt
index 0000000,0000000..bfb3166
new file mode 100644 (file)
--- /dev/null
--- /dev/null
+++ b/Documentation/RelNotes/1.7.0.9.txt
@@@ -1,0 -1,0 +1,8 @@@
++Git v1.7.0.9 Release Notes
++==========================
++
++Fixes since v1.7.0.8
++--------------------
++
++ * "gitweb" can sometimes be tricked into parrotting a filename argument
++   given in a request without properly quoting.

diff --cc GIT-VERSION-GEN
index 4149fa9,7d16b01..c07c595
--- 1/GIT-VERSION-GEN
--- 2/GIT-VERSION-GEN
+++ b/GIT-VERSION-GEN
@@@ -1,7 -1,7 +1,7 @@@
  #!/bin/sh
  
  GVF=GIT-VERSION-FILE
- DEF_VER=v1.7.0.8
 -DEF_VER=v1.6.6.3
++DEF_VER=v1.7.0.9
  
  LF='
  '

diff --cc RelNotes
index 882532b,3dad238..2e4322a
--- 1/RelNotes
--- 2/RelNotes
+++ b/RelNotes
@@@ -1,1 -1,1 +1,1 @@@
- Documentation/RelNotes/1.7.0.8.txt
 -Documentation/RelNotes/1.6.6.3.txt
++Documentation/RelNotes/1.7.0.9.txt

diff --cc gitweb/gitweb.perl
index 9d4c582,0fe8539..f1d8579
--- 1/gitweb/gitweb.perl
--- 2/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@@ -3364,9 -3334,8 +3371,9 @@@ sub git_footer_html 
                insert_file($site_footer);
        }
  
-       print qq!<script type="text/javascript" src="$javascript"></script>\n!;
+       print qq!<script type="text/javascript" src="!.esc_url($javascript).qq!"></script>\n!;
 -      if ($action eq 'blame_incremental') {
 +      if (defined $action &&
 +          $action eq 'blame_incremental') {
                print qq!<script type="text/javascript">\n!.
                      qq!startBlame("!. href(action=>"blame_data", -replay=>1) .qq!",\n!.
                      qq!           "!. href() .qq!");\n!.