diff options
author | Jay Soffian <jaysoffian@gmail.com> | 2012-08-08 22:29:26 -0400 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2012-08-15 11:47:43 -0700 |
commit | cacfc09ba82bfc6b0e1c047247785d56a6054b2f (patch) | |
tree | 5cd09dd23e9dfc4024db891f69be9107fb575d84 /hash.c | |
parent | Git 1.7.10.5 (diff) | |
download | tgif-cacfc09ba82bfc6b0e1c047247785d56a6054b2f.tar.xz |
gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO
When gitweb is used as a DirectoryIndex, it attempts to strip
PATH_INFO on its own, as $cgi->url() fails to do so.
However, it fails to account for the fact that PATH_INFO has
already been URL-decoded by the web server, but the value
returned by $cgi->url() has not been. This causes the stripping
to fail whenever the URL contains encoded characters.
To see this in action, setup gitweb as a DirectoryIndex and
then use it on a repository with a directory containing a
space in the name. Navigate to tree view, examine the gitweb
generated html and you'll see a link such as:
<a href="/test.git/tree/HEAD:/directory with spaces">directory with spaces</a>
When clicked on, the browser will URL-encode this link, giving
a $cgi->url() of the form:
/test.git/tree/HEAD:/directory%20with%20spaces
While PATH_INFO is:
/test.git/tree/HEAD:/directory with spaces
Fix this by calling unescape() on both $my_url and $my_uri before
stripping PATH_INFO from them.
Signed-off-by: Jay Soffian <jaysoffian@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'hash.c')
0 files changed, 0 insertions, 0 deletions