diff options
| author |  Junio C Hamano <gitster@pobox.com> | 2012-03-04 22:17:47 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2012-03-04 22:17:47 -0800 |
| commit | 3ecd0c8b4d9e245e255aa4c061d6a474eb571298 (patch) | |
| tree | d9ef843146787d554e3e39035c2542aca23022ba | |
| parent | Merge branch 'nd/maint-verify-objects' into maint (diff) | |
| parent | gitweb: Handle invalid regexp in regexp search (diff) | |
| download | tgif-3ecd0c8b4d9e245e255aa4c061d6a474eb571298.tar.xz | |
Merge branch 'jn/maint-gitweb-invalid-regexp' into maint
* jn/maint-gitweb-invalid-regexp:
gitweb: Handle invalid regexp in regexp search
| -rwxr-xr-x | gitweb/gitweb.perl | 11 | ||||
| -rwxr-xr-x | t/t9501-gitweb-standalone-http-status.sh | 10 |
2 files changed, 20 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index d5dbd6428b..20ace61b6d 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1073,7 +1073,16 @@ sub evaluate_and_validate_params { if (length($searchtext) < 2) { die_error(403, "At least two characters are required for search parameter"); } - $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext; + if ($search_use_regexp) { + $search_regexp = $searchtext; + if (!eval { qr/$search_regexp/; 1; }) { + (my $error = $@) =~ s/ at \S+ line \d+.*\n?//; + die_error(400, "Invalid search regexp '$search_regexp'", + esc_html($error)); + } + } else { + $search_regexp = quotemeta $searchtext; + } } } diff --git a/t/t9501-gitweb-standalone-http-status.sh b/t/t9501-gitweb-standalone-http-status.sh index 26102ee9b0..31076edc5b 100755 --- a/t/t9501-gitweb-standalone-http-status.sh +++ b/t/t9501-gitweb-standalone-http-status.sh @@ -134,4 +134,14 @@ our $maxload = undef; EOF +# ---------------------------------------------------------------------- +# invalid arguments + +test_expect_success 'invalid arguments: invalid regexp (in project search)' ' + gitweb_run "a=project_list;s=*\.git;sr=1" && + grep "Status: 400" gitweb.headers && + grep "400 - Invalid.*regexp" gitweb.body +' +test_debug 'cat gitweb.headers' + test_done |