Signed-off-by: Jakub Narebski <jnareb@xxxxxxxxx>
---
It would allow to include value of invalid parameter in error message
gitweb/gitweb.perl | 21 +++++----------------
1 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 9b9bf37..6f3f465 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -76,7 +76,6 @@ # input validation and dispatch
our $action = $cgi->param('a');
if (defined $action) {
if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
- undef $action;
die_error(undef, "Invalid action parameter.");
}
# action which does not check rest of parameters
@@ -89,16 +88,13 @@ if (defined $action) {
our $project = ($cgi->param('p') || $ENV{'PATH_INFO'});
if (defined $project) {
$project =~ s|^/||; $project =~ s|/$||;
- $project = validate_input($project);
- if (!defined($project)) {
+ if (!validate_input($project)) {
die_error(undef, "Invalid project parameter.");
}
if (!(-d "$projectroot/$project")) {
- undef $project;
die_error(undef, "No such directory.");
}
if (!(-e "$projectroot/$project/HEAD")) {
- undef $project;
die_error(undef, "No such project.");
}
$rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
@@ -111,32 +107,28 @@ if (defined $project) {
our $file_name = $cgi->param('f');
if (defined $file_name) {
- $file_name = validate_input($file_name);
- if (!defined($file_name)) {
+ if (!validate_input($file_name)) {
die_error(undef, "Invalid file parameter.");
}
}
our $hash = $cgi->param('h');
if (defined $hash) {
- $hash = validate_input($hash);
- if (!defined($hash)) {
+ if (!validate_input($hash)) {
die_error(undef, "Invalid hash parameter.");
}
}
our $hash_parent = $cgi->param('hp');
if (defined $hash_parent) {
- $hash_parent = validate_input($hash_parent);
- if (!defined($hash_parent)) {
+ if (!validate_input($hash_parent)) {
die_error(undef, "Invalid hash parent parameter.");
}
}
our $hash_base = $cgi->param('hb');
if (defined $hash_base) {
- $hash_base = validate_input($hash_base);
- if (!defined($hash_base)) {
+ if (!validate_input($hash_base)) {
die_error(undef, "Invalid hash base parameter.");
}
}
@@ -144,7 +136,6 @@ if (defined $hash_base) {
our $page = $cgi->param('pg');
if (defined $page) {
if ($page =~ m/[^0-9]$/) {
- undef $page;
die_error(undef, "Invalid page parameter.");
}
}
@@ -152,7 +143,6 @@ if (defined $page) {
our $searchtext = $cgi->param('s');
if (defined $searchtext) {
if ($searchtext =~ m/[^a-zA-Z0-9_\.\/\-\+\:\@ ]/) {
- undef $searchtext;
die_error(undef, "Invalid search parameter.");
}
$searchtext = quotemeta $searchtext;
@@ -182,7 +172,6 @@ my %actions = (
$action = 'summary' if (!defined($action));
if (!defined($actions{$action})) {
- undef $action;
die_error(undef, "Unknown action.");
}
$actions{$action}->();
--
1.4.1.1
-
: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html