On Tue, Feb 12 2019, brian m. carlson wrote:
> The cat_blob function was matching on exactly 40 hex characters. This
> won't work with SHA-256, which uses 64-character hex object IDs. While
> it should be fine to simply match any number of hex characters since the
> output is space delimited, be extra safe by matching either exactly 40
> or exactly 64 hex characters.
>
> Signed-off-by: brian m. carlson <sandals@xxxxxxxxxxxxxxxxxxxx>
> ---
> perl/Git.pm | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/perl/Git.pm b/perl/Git.pm
> index d856930b2e..62c472e0ce 100644
> --- a/perl/Git.pm
> +++ b/perl/Git.pm
> @@ -980,7 +980,7 @@ sub cat_blob {
> return -1;
> }
>
> - if ($description !~ /^[0-9a-fA-F]{40} \S+ (\d+)$/) {
> + if ($description !~ /^[0-9a-fA-F]{40}(?:[0-9a-fA-F]{24})? \S+ (\d+)$/) {
> carp "Unexpected result returned from git cat-file";
> return -1;
> }
The gitweb code doesn't load Git.pm now, but does anyone know a reason
for why we'd avoid any perl/* dependency in the gitweb code? If not the
regex here & in gitweb could be factored into e.g. a tiny Git::OID
library which would either just expose a $GIT::OID_REGEX, or something
like the sort of interface (might not be worth it) that I suggested in
my feedback to 31/31.
