---
Junio C Hamano <junkio@xxxxxxx> wrote:
> Matthias Lederhofer <matled@xxxxxxx> writes:
> The PATHINFO stuff Martin Waitz did mucks with $project somewhat
> later than this part of the patch, possibly bypassing your
> checks. Could you check what's in 'master' to see if it is
> reasonable and if not fix it up please?
This patch replaces the other two warning fixes by Jakub and me. I've
put the whole thing in a sub-routine to keep the indentation level
low.
---
gitweb/gitweb.perl | 34 +++++++++++++++++++++-------------
1 files changed, 21 insertions(+), 13 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 497129a..0fb8638 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -189,9 +189,6 @@ do $GITWEB_CONFIG if -e $GITWEB_CONFIG;
# version of the core git binary
our $git_version = qx($GIT --version) =~ m/git version (.*)$/ ? $1 : "unknown";
-# path to the current git repository
-our $git_dir;
-
$projects_list ||= $projectroot;
# ======================================================================
@@ -273,30 +270,41 @@ if (defined $searchtext) {
}
# now read PATH_INFO and use it as alternative to parameters
-our $path_info = $ENV{"PATH_INFO"};
-$path_info =~ s|^/||;
-$path_info =~ s|/$||;
-if (validate_input($path_info) && !defined $project) {
+sub evaluate_path_info {
+ return if defined $project;
+ my $path_info = $ENV{"PATH_INFO"};
+ return if !$path_info;
+ $path_info =~ s,(^/|/$),,gs;
+ $path_info = validate_input($path_info);
+ return if !$path_info;
$project = $path_info;
while ($project && !-e "$projectroot/$project/HEAD") {
$project =~ s,/*[^/]*$,,;
}
- if (defined $project) {
- $project = undef unless $project;
+ if (!$project ||
+ ($export_ok && !-e "$projectroot/$project/$export_ok") ||
+ ($strict_export && !project_in_list($project))) {
+ undef $project;
+ return;
}
+ # do not change any parameters if an action is given using the query string
+ return if $action;
if ($path_info =~ m,^$project/([^/]+)/(.+)$,) {
# we got "project.git/branch/filename"
$action ||= "blob_plain";
- $hash_base ||= $1;
- $file_name ||= $2;
+ $hash_base ||= validate_input($1);
+ $file_name ||= validate_input($2);
} elsif ($path_info =~ m,^$project/([^/]+)$,) {
# we got "project.git/branch"
$action ||= "shortlog";
- $hash ||= $1;
+ $hash ||= validate_input($1);
}
}
+evaluate_path_info();
-$git_dir = "$projectroot/$project";
+# path to the current git repository
+our $git_dir;
+$git_dir = "$projectroot/$project" if $project;
# dispatch
my %actions = (
--
1.4.2.1.ge767
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html