diff options
| author | Junio C Hamano <gitster@pobox.com> | 2012-03-01 14:44:38 -0800 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2012-03-01 14:44:38 -0800 |
| commit | 6a3a3db73f999af530490868c005f70d62d3391f (patch) | |
| tree | 0d4363d119cb0e1625e4769de04da65ad22a1ffe | |
| parent | 57a424917b0c08c91399c5de311b642bf19a77ee (diff) | |
| parent | 36612e4daf8b5b5eaf16315aa13c66925f878cd6 (diff) | |
| download | git-6a3a3db73f999af530490868c005f70d62d3391f.tar.gz | |
Merge branch 'jn/maint-gitweb-invalid-regexp'
* jn/maint-gitweb-invalid-regexp:
gitweb: Handle invalid regexp in regexp search
| -rwxr-xr-x | gitweb/gitweb.perl | 11 | ||||
| -rwxr-xr-x | t/t9501-gitweb-standalone-http-status.sh | 10 |
2 files changed, 20 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index eaf5f94250..7729ed26b5 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1081,7 +1081,16 @@ sub evaluate_and_validate_params { if (length($searchtext) < 2) { die_error(403, "At least two characters are required for search parameter"); } - $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext; + if ($search_use_regexp) { + $search_regexp = $searchtext; + if (!eval { qr/$search_regexp/; 1; }) { + (my $error = $@) =~ s/ at \S+ line \d+.*\n?//; + die_error(400, "Invalid search regexp '$search_regexp'", + esc_html($error)); + } + } else { + $search_regexp = quotemeta $searchtext; + } } } diff --git a/t/t9501-gitweb-standalone-http-status.sh b/t/t9501-gitweb-standalone-http-status.sh index 26102ee9b0..31076edc5b 100755 --- a/t/t9501-gitweb-standalone-http-status.sh +++ b/t/t9501-gitweb-standalone-http-status.sh @@ -134,4 +134,14 @@ our $maxload = undef; EOF +# ---------------------------------------------------------------------- +# invalid arguments + +test_expect_success 'invalid arguments: invalid regexp (in project search)' ' + gitweb_run "a=project_list;s=*\.git;sr=1" && + grep "Status: 400" gitweb.headers && + grep "400 - Invalid.*regexp" gitweb.body +' +test_debug 'cat gitweb.headers' + test_done |