Merge branch 'jn/maint-do-not-match-with-unsanitized-searchtext' into maint

"gitweb" did use quotemeta() to prepare search string when asked to
do a fixed-string project search, but did not use it by mistake and
used the user-supplied string instead.

By Jakub Narebski
* jn/maint-do-not-match-with-unsanitized-searchtext:
  gitweb: Fix fixed string (non-regexp) project search
This commit is contained in:
Junio C Hamano 2012-03-12 15:45:57 -07:00
commit f629c233e6

View File

@ -2978,10 +2978,10 @@ sub filter_forks_from_projects_list {
sub search_projects_list {
my ($projlist, %opts) = @_;
my $tagfilter = $opts{'tagfilter'};
my $searchtext = $opts{'searchtext'};
my $search_re = $opts{'search_regexp'};
return @$projlist
unless ($tagfilter || $searchtext);
unless ($tagfilter || $search_re);
my @projects;
PROJECT:
@ -2993,10 +2993,10 @@ sub search_projects_list {
grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
}
if ($searchtext) {
if ($search_re) {
next unless
$pr->{'path'} =~ /$searchtext/ ||
$pr->{'descr_long'} =~ /$searchtext/;
$pr->{'path'} =~ /$search_re/ ||
$pr->{'descr_long'} =~ /$search_re/;
}
push @projects, $pr;
@ -5291,7 +5291,7 @@ sub git_project_list_body {
my $show_ctags = gitweb_check_feature('ctags');
my $tagfilter = $show_ctags ? $input_params{'ctag'} : undef;
$check_forks = undef
if ($tagfilter || $searchtext);
if ($tagfilter || $search_regexp);
# filtering out forks before filling info allows to do less work
@projects = filter_forks_from_projects_list(\@projects)
@ -5299,9 +5299,9 @@ sub git_project_list_body {
@projects = fill_project_list_info(\@projects);
# searching projects require filling to be run before it
@projects = search_projects_list(\@projects,
'searchtext' => $searchtext,
'search_regexp' => $search_regexp,
'tagfilter' => $tagfilter)
if ($tagfilter || $searchtext);
if ($tagfilter || $search_regexp);
$order ||= $default_projects_order;
$from = 0 unless defined $from;