Re: gitweb search page link slightly wrong

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2007-05-01 at 12:13 +0200, Johannes Berg wrote:
> This seems to fix it but I have no idea what it breaks. Command
> injection should be stopped a few lines above that, and no other
> parameter is ever quoted using quotemeta, so I'm not sure what the point
> is, but I suppose it is actually necessary because the search text is
> then wrapped into a regular expression or something?

Ah, I understand now. Here's a possibly complete fix.

From: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>
Subject: quote $searchtext only before use

$searchtext is used in two ways
 (1) to do the search
 (2) to put it back into the output

For (1) it needs to have meta chars quoted, but for (2) not, so quote
them only when needed.

Signed-off-by: Johannes Berg <johannes@xxxxxxxxxxxxxxxx>

--- git.orig/gitweb/gitweb.perl	2007-05-01 11:58:27.000000000 +0200
+++ git/gitweb/gitweb.perl	2007-05-01 12:20:27.000000000 +0200
@@ -368,7 +368,6 @@ if (defined $searchtext) {
 	if (length($searchtext) < 2) {
 		die_error(undef, "At least two characters are required for search parameter");
 	}
-	$searchtext = quotemeta $searchtext;
 }
 
 our $searchtype = $cgi->param('st');
@@ -2927,6 +2926,7 @@ sub git_heads_body {
 
 sub git_search_grep_body {
 	my ($commitlist, $from, $to, $extra) = @_;
+	my $_searchtext = quotemeta $searchtext;
 	$from = 0 unless defined $from;
 	$to = $#{$commitlist} if (!defined $to || $#{$commitlist} < $to);
 
@@ -2951,7 +2951,7 @@ sub git_search_grep_body {
 			       esc_html(chop_str($co{'title'}, 50)) . "<br/>");
 		my $comment = $co{'comment'};
 		foreach my $line (@$comment) {
-			if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
+			if ($line =~ m/^(.*)($_searchtext)(.*)$/i) {
 				my $lead = esc_html($1) || "";
 				$lead = chop_str($lead, 30, 10);
 				my $match = esc_html($2) || "";
@@ -4325,7 +4325,7 @@ sub git_search {
 		} elsif ($searchtype eq 'committer') {
 			$greptype = "--committer=";
 		}
-		$greptype .= $searchtext;
+		$greptype .= quotemeta $searchtext;
 		my @commitlist = parse_commits($hash, 101, (100 * $page), $greptype);
 
 		my $paging_nav = '';
@@ -4374,8 +4374,9 @@ sub git_search {
 		my $alternate = 1;
 		$/ = "\n";
 		my $git_command = git_cmd_str();
+		my $_searchtext = quotemeta $searchtext;
 		open my $fd, "-|", "$git_command rev-list $hash | " .
-			"$git_command diff-tree -r --stdin -S\'$searchtext\'";
+			"$git_command diff-tree -r --stdin -S\'$_searchtext\'";
 		undef %co;
 		my @files;
 		while (my $line = <$fd>) {


-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]