undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gitweb: Return 1 on validation success instead of passed input

Browse Source 
Users of validate_* passing "0" might get failures on correct name
because of coercion of "0" to false in code like:
die_error(500, "invalid ref") unless (check_ref_format ("0"));

Also, the validate_foo subs are renamed to is_valid_foo.

Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Krzesimir Nowak 2013-12-11 12:54:42 +01:00 committed by Junio C Hamano
parent c0bc2265ef
commit 23faf546ae
1 changed files with 32 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
gitweb/gitweb.perl
View File

@ -994,7 +994,7 @@ our ($action, $project, $file_name, $file_parent, $hash, $hash_parent, $hash_bas
sub evaluate_and_validate_params { sub evaluate_and_validate_params {
our $action = $input_params{'action'}; our $action = $input_params{'action'};
if (defined $action) { if (defined $action) {
if (!validate_action($action)) { if (!is_valid_action($action)) {
die_error(400, "Invalid action parameter"); die_error(400, "Invalid action parameter");
} }
} }
@ -1002,7 +1002,7 @@ sub evaluate_and_validate_params {
# parameters which are pathnames # parameters which are pathnames
our $project = $input_params{'project'}; our $project = $input_params{'project'};
if (defined $project) { if (defined $project) {
if (!validate_project($project)) { if (!is_valid_project($project)) {
undef $project; undef $project;
die_error(404, "No such project"); die_error(404, "No such project");
} }
@ -1010,21 +1010,21 @@ sub evaluate_and_validate_params {
our $project_filter = $input_params{'project_filter'}; our $project_filter = $input_params{'project_filter'};
if (defined $project_filter) { if (defined $project_filter) {
if (!validate_pathname($project_filter)) { if (!is_valid_pathname($project_filter)) {
die_error(404, "Invalid project_filter parameter"); die_error(404, "Invalid project_filter parameter");
} }
} }
our $file_name = $input_params{'file_name'}; our $file_name = $input_params{'file_name'};
if (defined $file_name) { if (defined $file_name) {
if (!validate_pathname($file_name)) { if (!is_valid_pathname($file_name)) {
die_error(400, "Invalid file parameter"); die_error(400, "Invalid file parameter");
} }
} }
our $file_parent = $input_params{'file_parent'}; our $file_parent = $input_params{'file_parent'};
if (defined $file_parent) { if (defined $file_parent) {
if (!validate_pathname($file_parent)) { if (!is_valid_pathname($file_parent)) {
die_error(400, "Invalid file parent parameter"); die_error(400, "Invalid file parent parameter");
} }
} }
@ -1032,21 +1032,21 @@ sub evaluate_and_validate_params {
# parameters which are refnames # parameters which are refnames
our $hash = $input_params{'hash'}; our $hash = $input_params{'hash'};
if (defined $hash) { if (defined $hash) {
if (!validate_refname($hash)) { if (!is_valid_refname($hash)) {
die_error(400, "Invalid hash parameter"); die_error(400, "Invalid hash parameter");
} }
} }
our $hash_parent = $input_params{'hash_parent'}; our $hash_parent = $input_params{'hash_parent'};
if (defined $hash_parent) { if (defined $hash_parent) {
if (!validate_refname($hash_parent)) { if (!is_valid_refname($hash_parent)) {
die_error(400, "Invalid hash parent parameter"); die_error(400, "Invalid hash parent parameter");
} }
} }
our $hash_base = $input_params{'hash_base'}; our $hash_base = $input_params{'hash_base'};
if (defined $hash_base) { if (defined $hash_base) {
if (!validate_refname($hash_base)) { if (!is_valid_refname($hash_base)) {
die_error(400, "Invalid hash base parameter"); die_error(400, "Invalid hash base parameter");
} }
} }
@ -1066,7 +1066,7 @@ sub evaluate_and_validate_params {
our $hash_parent_base = $input_params{'hash_parent_base'}; our $hash_parent_base = $input_params{'hash_parent_base'};
if (defined $hash_parent_base) { if (defined $hash_parent_base) {
if (!validate_refname($hash_parent_base)) { if (!is_valid_refname($hash_parent_base)) {
die_error(400, "Invalid hash parent base parameter"); die_error(400, "Invalid hash parent base parameter");
} }
} }
@ -1418,27 +1418,30 @@ sub href {
## ====================================================================== ## ======================================================================
## validation, quoting/unquoting and escaping ## validation, quoting/unquoting and escaping
sub validate_action { sub is_valid_action {
my $input = shift || return undef; my $input = shift;
return undef unless exists $actions{$input}; return undef unless exists $actions{$input};
return $input; return 1;
} }
sub validate_project { sub is_valid_project {
my $input = shift || return undef; my $input = shift;
if (!validate_pathname($input) ||
return unless defined $input;
if (!is_valid_pathname($input) ||
!(-d "$projectroot/$input") || !(-d "$projectroot/$input") ||
!check_export_ok("$projectroot/$input") || !check_export_ok("$projectroot/$input") ||
($strict_export && !project_in_list($input))) { ($strict_export && !project_in_list($input))) {
return undef; return undef;
} else { } else {
return $input; return 1;
} }
} }
sub validate_pathname { sub is_valid_pathname {
my $input = shift || return undef; my $input = shift;
return undef unless defined $input;
# no '.' or '..' as elements of path, i.e. no '.' nor '..' # no '.' or '..' as elements of path, i.e. no '.' nor '..'
# at the beginning, at the end, and between slashes. # at the beginning, at the end, and between slashes.
# also this catches doubled slashes # also this catches doubled slashes
@ -1449,33 +1452,33 @@ sub validate_pathname {
if ($input =~ m!\0!) { if ($input =~ m!\0!) {
return undef; return undef;
} }
return $input; return 1;
} }
sub is_valid_ref_format { sub is_valid_ref_format {
my $input = shift || return undef; my $input = shift;
return undef unless defined $input;
# restrictions on ref name according to git-check-ref-format # restrictions on ref name according to git-check-ref-format
if ($input =~ m!(/\.|\.\.|[\000-\040\177 ~^:?*\[]|/$)!) { if ($input =~ m!(/\.|\.\.|[\000-\040\177 ~^:?*\[]|/$)!) {
return undef; return undef;
} }
return $input; return 1;
} }
sub validate_refname { sub is_valid_refname {
my $input = shift || return undef; my $input = shift;
return undef unless defined $input;
# textual hashes are O.K. # textual hashes are O.K.
if ($input =~ m/^[0-9a-fA-F]{40}$/) { if ($input =~ m/^[0-9a-fA-F]{40}$/) {
return $input; return 1;
} }
# it must be correct pathname # it must be correct pathname
$input = validate_pathname($input) is_valid_pathname($input) or return undef;
or return undef;
# check git-check-ref-format restrictions # check git-check-ref-format restrictions
is_valid_ref_format($input) is_valid_ref_format($input) or return undef;
or return undef; return 1;
return $input;
} }
# decode sequences of octets in utf8 into Perl's internal form, # decode sequences of octets in utf8 into Perl's internal form,