Re: [PATCH] gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Jakub Narebski <jnareb@xxxxxxxxx> writes:

> On Thu, 9 Aug 2012, Junio C Hamano wrote:
>> Jay Soffian <jaysoffian@xxxxxxxxx> writes:
>> 
>> > When gitweb is used as a DirectoryIndex, it attempts to strip
>> > PATH_INFO on its own, as $cgi->url() fails to do so.
>> >
>> > However, it fails to account for the fact that PATH_INFO has
>> > already been URL-decoded by the web server, but the value
>> > returned by $cgi->url() has not been. This causes the stripping
>> > to fail whenever the URL contains encoded characters.
>> >
>> > To see this in action, setup gitweb as a DirectoryIndex and
>> > then use it on a repository with a directory containing a
>> > space in the name. Navigate to tree view, examine the gitweb
>> > generated html and you'll see a link such as:
>> >
>> >   <a href="/test.git/tree/HEAD:/directory with spaces">directory with spaces</a>
>> >
>> > When clicked on, the browser will URL-encode this link, giving
>> > a $cgi->url() of the form:
>> >
>> >    /test.git/tree/HEAD:/directory%20with%20spaces
>> >
>> > While PATH_INFO is:
>> >
>> >    /test.git/tree/HEAD:/directory with spaces
>> >
>> > Fix this by calling unescape() on both $my_url and $my_uri before
>> > stripping PATH_INFO from them.
>> >
>> > Signed-off-by: Jay Soffian <jaysoffian@xxxxxxxxx>
>> > ---
>> 
>> Thanks.  From a cursory look, with the help from the explanation in
>> the proposed commit log message, the change looks sensible.
>> 
>> I wonder if a breakage like this is something we can catch in one of
>> the t95xx series of tests, though.
>
> No, it is unfortunately not possible with current test infrastructure
> for gitweb.  The gitweb_run from t/gitweb-lib.sh allows to set
> PATH_INFO and QUERY_STRING, but does not allow to set up URL.
>
> That might change in the future...
>
>> Jakub, Ack?
>
> Acked-by: Jakub Narebski <jnareb@xxxxxxxxx>
>
> Uf ut us bot too late...

Thanks.
--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]