Escape project names before creating pathinfo URLs
If a project name contains special URL characters like +, gitweb's links break in subtle ways. The solution is to pass the project name through esc_url() and using the return value. Signed-off-by: martin f. krafft <madduck@madduck.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
parent
bbd4c307fc
commit
85d17a123b
@ -628,7 +628,7 @@ sub href(%) {
|
|||||||
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
|
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
|
||||||
if ($use_pathinfo) {
|
if ($use_pathinfo) {
|
||||||
# use PATH_INFO for project name
|
# use PATH_INFO for project name
|
||||||
$href .= "/$params{'project'}" if defined $params{'project'};
|
$href .= "/".esc_url($params{'project'}) if defined $params{'project'};
|
||||||
delete $params{'project'};
|
delete $params{'project'};
|
||||||
|
|
||||||
# Summary just uses the project path URL
|
# Summary just uses the project path URL
|
||||||
@ -2570,7 +2570,7 @@ EOF
|
|||||||
my $action = $my_uri;
|
my $action = $my_uri;
|
||||||
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
|
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
|
||||||
if ($use_pathinfo) {
|
if ($use_pathinfo) {
|
||||||
$action .= "/$project";
|
$action .= "/".esc_url($project);
|
||||||
} else {
|
} else {
|
||||||
$cgi->param("p", $project);
|
$cgi->param("p", $project);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user