Escape project names before creating pathinfo URLs

If a project name contains special URL characters like +, gitweb's links
break in subtle ways. The solution is to pass the project name through
esc_url() and using the return value.

Signed-off-by: martin f. krafft <madduck@madduck.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
martin f. krafft 2008-04-20 23:23:38 +02:00 committed by Junio C Hamano
parent bbd4c307fc
commit 85d17a123b

View File

@ -628,7 +628,7 @@ sub href(%) {
my ($use_pathinfo) = gitweb_check_feature('pathinfo'); my ($use_pathinfo) = gitweb_check_feature('pathinfo');
if ($use_pathinfo) { if ($use_pathinfo) {
# use PATH_INFO for project name # use PATH_INFO for project name
$href .= "/$params{'project'}" if defined $params{'project'}; $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
delete $params{'project'}; delete $params{'project'};
# Summary just uses the project path URL # Summary just uses the project path URL
@ -2570,7 +2570,7 @@ EOF
my $action = $my_uri; my $action = $my_uri;
my ($use_pathinfo) = gitweb_check_feature('pathinfo'); my ($use_pathinfo) = gitweb_check_feature('pathinfo');
if ($use_pathinfo) { if ($use_pathinfo) {
$action .= "/$project"; $action .= "/".esc_url($project);
} else { } else {
$cgi->param("p", $project); $cgi->param("p", $project);
} }