diff options
author | Junio C Hamano <gitster@pobox.com> | 2012-03-01 14:44:38 -0800 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2012-03-01 14:44:38 -0800 |
commit | 6a3a3db73f999af530490868c005f70d62d3391f (patch) | |
tree | 0d4363d119cb0e1625e4769de04da65ad22a1ffe /gitweb | |
parent | 57a424917b0c08c91399c5de311b642bf19a77ee (diff) | |
parent | 36612e4daf8b5b5eaf16315aa13c66925f878cd6 (diff) | |
download | git-6a3a3db73f999af530490868c005f70d62d3391f.tar.gz |
Merge branch 'jn/maint-gitweb-invalid-regexp'
* jn/maint-gitweb-invalid-regexp:
gitweb: Handle invalid regexp in regexp search
Diffstat (limited to 'gitweb')
-rwxr-xr-x | gitweb/gitweb.perl | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index eaf5f94250..7729ed26b5 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1081,7 +1081,16 @@ sub evaluate_and_validate_params { if (length($searchtext) < 2) { die_error(403, "At least two characters are required for search parameter"); } - $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext; + if ($search_use_regexp) { + $search_regexp = $searchtext; + if (!eval { qr/$search_regexp/; 1; }) { + (my $error = $@) =~ s/ at \S+ line \d+.*\n?//; + die_error(400, "Invalid search regexp '$search_regexp'", + esc_html($error)); + } + } else { + $search_regexp = quotemeta $searchtext; + } } } |