On Thu, Jun 3, 2010 at 13:55, Pavan Kumar Sunkara
<pavan.sss1991@xxxxxxxxx> wrote:
> +sub evaluate_gitweb_config {
> + # die if there are errors parsing config file
> + if (-e $GITWEB_CONFIG) {
> + do $GITWEB_CONFIG;
> + die $@ if $@;
> + } elsif (-e $GITWEB_CONFIG_SYSTEM) {
> + do $GITWEB_CONFIG_SYSTEM;
> + die $@ if $@;
> + }
> +}
I think I mentioned this before, but why not *optionally* use
Config::Any (or something similar) and if it doesn't exists fall back
on do(), and document this, along with a way to disable Perl
execution.
It'd be completely compatible, but admins could then allow someone to
edit a gitweb config file without opening themselves up to that
someone having permission to execute code as the webserver.
Check out Gitalist (the Catalyst rewrite of Gitweb) for some prior
art.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html