summaryrefslogtreecommitdiff
path: root/gitweb/gitweb.perl
diff options
context:
space:
mode:
authormartin f. krafft <madduck@madduck.net>2008-04-20 23:23:38 +0200
committerJunio C Hamano <gitster@pobox.com>2008-04-21 23:30:55 -0700
commit85d17a123ba59b90744e311e40f80fd8838fbdc5 (patch)
tree6b03f9f7ed1d14e6869ac6e263a53f10a0bb604f /gitweb/gitweb.perl
parentbbd4c307fc315847c975efd4c9aa32eb0e8470fb (diff)
downloadgit-85d17a123ba59b90744e311e40f80fd8838fbdc5.tar.gz
Escape project names before creating pathinfo URLs
If a project name contains special URL characters like +, gitweb's links break in subtle ways. The solution is to pass the project name through esc_url() and using the return value. Signed-off-by: martin f. krafft <madduck@madduck.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gitweb/gitweb.perl')
-rwxr-xr-xgitweb/gitweb.perl4
1 files changed, 2 insertions, 2 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 4abd7ac1ad..12843a4846 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -628,7 +628,7 @@ sub href(%) {
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
if ($use_pathinfo) {
# use PATH_INFO for project name
- $href .= "/$params{'project'}" if defined $params{'project'};
+ $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
delete $params{'project'};
# Summary just uses the project path URL
@@ -2570,7 +2570,7 @@ EOF
my $action = $my_uri;
my ($use_pathinfo) = gitweb_check_feature('pathinfo');
if ($use_pathinfo) {
- $action .= "/$project";
+ $action .= "/".esc_url($project);
} else {
$cgi->param("p", $project);
}