This seems to fix it but I have no idea what it breaks. Command
injection should be stopped a few lines above that, and no other
parameter is ever quoted using quotemeta, so I'm not sure what the point
is, but I suppose it is actually necessary because the search text is
then wrapped into a regular expression or something?
--- git.orig/gitweb/gitweb.perl 2007-05-01 11:58:27.000000000 +0200
+++ git/gitweb/gitweb.perl 2007-05-01 12:11:56.000000000 +0200
@@ -368,7 +368,6 @@ if (defined $searchtext) {
if (length($searchtext) < 2) {
die_error(undef, "At least two characters are required for search parameter");
}
- $searchtext = quotemeta $searchtext;
}
our $searchtype = $cgi->param('st');
Attachment:
signature.asc
Description: This is a digitally signed message part