From bbd4c307fc315847c975efd4c9aa32eb0e8470fb Mon Sep 17 00:00:00 2001
From: "martin f. krafft" <madduck@madduck.net>
Date: Sun, 20 Apr 2008 23:03:56 +0200
Subject: Escape project name in regexp

The project name, when used in a regular expression, needs to be quoted
properly, so that stuff like '++' in the project name does not cause
Perl to barf.

Related info: http://bugs.debian.org/476076
This is a bug in Perl's CGI.pm, but fixing that exposed a similar bug in
gitweb.perl

Signed-off-by: martin f. krafft <madduck@madduck.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 gitweb/gitweb.perl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'gitweb/gitweb.perl')

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 746153ffe8..4abd7ac1ad 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -506,7 +506,7 @@ sub evaluate_path_info {
 	}
 	# do not change any parameters if an action is given using the query string
 	return if $action;
-	$path_info =~ s,^$project/*,,;
+	$path_info =~ s,^\Q$project\E/*,,;
 	my ($refname, $pathname) = split(/:/, $path_info, 2);
 	if (defined $pathname) {
 		# we got "project.git/branch:filename" or "project.git/branch:dir/"
-- 
cgit v1.2.3


From 85d17a123ba59b90744e311e40f80fd8838fbdc5 Mon Sep 17 00:00:00 2001
From: "martin f. krafft" <madduck@madduck.net>
Date: Sun, 20 Apr 2008 23:23:38 +0200
Subject: Escape project names before creating pathinfo URLs

If a project name contains special URL characters like +, gitweb's links
break in subtle ways. The solution is to pass the project name through
esc_url() and using the return value.

Signed-off-by: martin f. krafft <madduck@madduck.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
 gitweb/gitweb.perl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'gitweb/gitweb.perl')

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 4abd7ac1ad..12843a4846 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -628,7 +628,7 @@ sub href(%) {
 	my ($use_pathinfo) = gitweb_check_feature('pathinfo');
 	if ($use_pathinfo) {
 		# use PATH_INFO for project name
-		$href .= "/$params{'project'}" if defined $params{'project'};
+		$href .= "/".esc_url($params{'project'}) if defined $params{'project'};
 		delete $params{'project'};
 
 		# Summary just uses the project path URL
@@ -2570,7 +2570,7 @@ EOF
 		my $action = $my_uri;
 		my ($use_pathinfo) = gitweb_check_feature('pathinfo');
 		if ($use_pathinfo) {
-			$action .= "/$project";
+			$action .= "/".esc_url($project);
 		} else {
 			$cgi->param("p", $project);
 		}
-- 
cgit v1.2.3