From d77b6ea5a0b41f689abcbb09bbb54f5e0119a373 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nilg=C3=BCn=20Belma=20Bug=C3=BCner?= <nilgun@php.net>
Date: Wed, 19 May 2021 05:04:17 +0300
Subject: [PATCH] this is even safer

---
 include/lib_revcheck.inc.php | 57 ++++++++++++++++++++----------------
 www/revcheck.php             |  9 +-----
 2 files changed, 33 insertions(+), 33 deletions(-)

diff --git a/include/lib_revcheck.inc.php b/include/lib_revcheck.inc.php
index 4adc715..bdfbde1 100644
--- a/include/lib_revcheck.inc.php
+++ b/include/lib_revcheck.inc.php
@@ -238,32 +238,39 @@ function get_stats($idx, $lang, $status) {
     return array($result['total'], $result['size']);
 }
 
-function showdiff ( $dir, $gitfile, $h2, $c )
+function showdiff ()
 {
-    $cwd = getcwd();
-    chdir( $dir );
-    $file = `git diff {$h2} -- {$gitfile}`;
-    chdir( $cwd );
-    $raw = htmlspecialchars( $file, ENT_XML1, 'UTF-8' );
-    if ( $c == 'on' ) {
-        $trans = [ " " => "&nbsp;" ];
-        $lines = explode ( "\n" , $raw );
-        foreach ( $lines as $line ) {
-            $inline = strtr( $line , $trans );
-            $fc = substr( $inline , 0 , 1 );
-            if ( $fc == "+" ) {
-                echo "<div style='color:green;font-family:mono'>";
-            } elseif ( $fc == "-" ) {
-                echo "<div style='color:red;font-family:mono'>";
-            } elseif ( $fc == "@" ) {
-                echo "<div style='color:blue;font-family:mono'>";
-            } else
-                 echo "<div style='color:gray;font-family:mono'>";
-            echo "$inline</div>\n";
-        }
-        echo "<p></p>";
-    } else
-        echo "<pre style='font-family:mono'>" , $raw , "</pre>";
+    if (isset($_GET['f'])) {
+        $gitfile = $_GET['f'];
+        if (isset($_GET['hbp']))
+            $h = $_GET['hbp'];
+        if (isset($_GET['c']))
+            $c = $_GET['c'];
+        $cwd = getcwd();
+        chdir( GIT_DIR . 'en' );
+        $file = `git diff {$h} -- {$gitfile}`;
+        chdir( $cwd );
+        $raw = htmlspecialchars( $file, ENT_XML1, 'UTF-8' );
+        if ( $c == 'on' ) {
+            $trans = [ " " => "&nbsp;" ];
+            $lines = explode ( "\n" , $raw );
+            foreach ( $lines as $line ) {
+                $inline = strtr( $line , $trans );
+                $fc = substr( $inline , 0 , 1 );
+                if ( $fc == "+" ) {
+                    echo "<div style='color:green;font-family:mono'>";
+                } elseif ( $fc == "-" ) {
+                    echo "<div style='color:red;font-family:mono'>";
+                } elseif ( $fc == "@" ) {
+                    echo "<div style='color:blue;font-family:mono'>";
+                } else
+                     echo "<div style='color:gray;font-family:mono'>";
+                echo "$inline</div>\n";
+            }
+            echo "<p></p>";
+        } else
+            echo "<pre style='font-family:mono'>" , $raw , "</pre>";
+    }
 }
 
 function gen_date($file)
diff --git a/www/revcheck.php b/www/revcheck.php
index ae4f60d..5551e90 100644
--- a/www/revcheck.php
+++ b/www/revcheck.php
@@ -382,14 +382,7 @@ END_OF_MULTILINE;
  break;
 
  case 'plain':
-    if (isset($_GET['f'])) {
-        $gitfile = $_GET['f'];
-        if (isset($_GET['hbp']))
-            $h2 = $_GET['hbp'];
-        if (isset($_GET['c']))
-            $c = $_GET['c'];
-        showdiff( GIT_DIR . 'en', $gitfile, $h2, $c );
-    }
+    showdiff();
     echo gen_date($DBLANG);
  break;