Search texts may very likely include characters like '@' when grepping
for author names. Currently, gitweb produces first/prev/next links with
incorrectly escaped characters.
Make gitweb escape searchtext and parameters which are reused in href()
when replay is set. (cgi params are de-escaped when put into the
parameter dictionary and need to be re-escaped when reused.)
Signed-off-by: Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx>
---
Maybe something like this? Highly untested!
Cheers,
Michael
gitweb/gitweb.perl | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 3f99361..e1b09f8 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -848,7 +848,7 @@ sub href (%) {
if ($params{-replay}) {
while (my ($name, $symbol) = each %cgi_param_mapping) {
if (!exists $params{$name}) {
- $params{$name} = $input_params{$name};
+ $params{$name} = esc_url($input_params{$name});
}
}
}
@@ -5775,7 +5775,7 @@ sub git_search {
if ($page > 0) {
$paging_nav .=
$cgi->a({-href => href(action=>"search", hash=>$hash,
- searchtext=>$searchtext,
+ searchtext=>esc_url($searchtext),
searchtype=>$searchtype)},
"first");
$paging_nav .= " ⋅ " .
--
1.6.3.rc3
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html