undef/git-commit-vandalism
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

gitweb: Use 's' regexp modifier to secure against filenames with LF

Browse Source 
Use 's' (treat string as single line) regexp modifier in
git_get_hash_by_path (against future changes, probably unnecessary)
and in parse_ls_tree_line (when called with '-z'=>1 option) to secure
against filenames containing newline.

[jc: the hunk on git_get_hash_by_path was unneeded, and I noticed the
 regexp was doing unnecessary capture, so fixed it up while I was at it.]

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
This commit is contained in:
Jakub Narebski 2006-10-30 22:25:11 +01:00 committed by Junio C Hamano
parent 45bd0c808d
commit 8b4b94cc79
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
gitweb/gitweb.perl
View File

@ -860,7 +860,7 @@ sub git_get_hash_by_path {
close $fd or return undef; close $fd or return undef;
#'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c' #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c'
$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/; $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t/;
if (defined $type && $type ne $2) { if (defined $type && $type ne $2) {
# type doesn't match # type doesn't match
return undef; return undef;
@ -1277,7 +1277,7 @@ sub parse_ls_tree_line ($;%) {
my %res; my %res;
#'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c' #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c'
$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/; $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/s;
$res{'mode'} = $1; $res{'mode'} = $1;
$res{'type'} = $2; $res{'type'} = $2;