On 2019-06-19, Heiko Schlittermann via Exim-users <[email protected]> wrote: > > --===============0789655678== > Content-Type: multipart/signed; micalg=pgp-sha512; > protocol="application/pgp-signature"; boundary="mlyb34ecdekgbwyp" > Content-Disposition: inline > > > --mlyb34ecdekgbwyp > Content-Type: text/plain; charset=utf-8 > Content-Disposition: inline > > Russell King via Exim-users <[email protected]> (Di 11 Jun 2019 16:08:28 > CEST): >> >> As I stated in my original post, I've tried subsituting the " " with >> both + and %2b. I was using Firefox, I've also used elinks as well. >> Nothing works to get a commitdiff. >> >> > https://git.exim.org/exim.git/shortlog/refs/heads/exim-4_91%2Bfixes >> >> That URL is not a problem - getting the shortlog is not a problem. >> Following any of the links from the shortlog _is_ a problem as my >> original post stated. > > Hm. Starting with the link you describe here (using %2B) an can follow > many, if not all (didn't test *all*) links, shortlog -> commitdiff > works.
That modified link works in firefox too, It seems that problem is the server displays a page with bad links if '+' is used incorrectly in the URL, this may be because in URLs '+' represents space. This behavious seems odd, there may be an XSS vuln in there somewhere. -- When I tried casting out nines I made a hash of it. -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
