Merge branch 'jn/maint-do-not-match-with-unsanitized-searchtext' into maint
"gitweb" did use quotemeta() to prepare search string when asked to do a fixed-string project search, but did not use it by mistake and used the user-supplied string instead. By Jakub Narebski * jn/maint-do-not-match-with-unsanitized-searchtext: gitweb: Fix fixed string (non-regexp) project search
This commit is contained in:
commit
f629c233e6
@ -2978,10 +2978,10 @@ sub filter_forks_from_projects_list {
|
||||
sub search_projects_list {
|
||||
my ($projlist, %opts) = @_;
|
||||
my $tagfilter = $opts{'tagfilter'};
|
||||
my $searchtext = $opts{'searchtext'};
|
||||
my $search_re = $opts{'search_regexp'};
|
||||
|
||||
return @$projlist
|
||||
unless ($tagfilter || $searchtext);
|
||||
unless ($tagfilter || $search_re);
|
||||
|
||||
my @projects;
|
||||
PROJECT:
|
||||
@ -2993,10 +2993,10 @@ sub search_projects_list {
|
||||
grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
|
||||
}
|
||||
|
||||
if ($searchtext) {
|
||||
if ($search_re) {
|
||||
next unless
|
||||
$pr->{'path'} =~ /$searchtext/ ||
|
||||
$pr->{'descr_long'} =~ /$searchtext/;
|
||||
$pr->{'path'} =~ /$search_re/ ||
|
||||
$pr->{'descr_long'} =~ /$search_re/;
|
||||
}
|
||||
|
||||
push @projects, $pr;
|
||||
@ -5291,7 +5291,7 @@ sub git_project_list_body {
|
||||
my $show_ctags = gitweb_check_feature('ctags');
|
||||
my $tagfilter = $show_ctags ? $input_params{'ctag'} : undef;
|
||||
$check_forks = undef
|
||||
if ($tagfilter || $searchtext);
|
||||
if ($tagfilter || $search_regexp);
|
||||
|
||||
# filtering out forks before filling info allows to do less work
|
||||
@projects = filter_forks_from_projects_list(\@projects)
|
||||
@ -5299,9 +5299,9 @@ sub git_project_list_body {
|
||||
@projects = fill_project_list_info(\@projects);
|
||||
# searching projects require filling to be run before it
|
||||
@projects = search_projects_list(\@projects,
|
||||
'searchtext' => $searchtext,
|
||||
'search_regexp' => $search_regexp,
|
||||
'tagfilter' => $tagfilter)
|
||||
if ($tagfilter || $searchtext);
|
||||
if ($tagfilter || $search_regexp);
|
||||
|
||||
$order ||= $default_projects_order;
|
||||
$from = 0 unless defined $from;
|
||||
|
Loading…
Reference in New Issue
Block a user