Skip to content

Commit

Permalink
Merge branch 'jn/maint-gitweb-invalid-regexp'
Browse files Browse the repository at this point in the history 
* jn/maint-gitweb-invalid-regexp:
  gitweb: Handle invalid regexp in regexp search
  • Loading branch information
@gitster
gitster committed Mar 1, 2012
2 parents 57a4249 + 36612e4 commit 6a3a3db
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 1 deletion.
11 changes: 10 additions & 1 deletion gitweb/gitweb.perl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1081,7 +1081,16 @@ sub evaluate_and_validate_params {
if (length($searchtext) < 2) {
die_error(403, "At least two characters are required for search parameter");
}
$search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
if ($search_use_regexp) {
$search_regexp = $searchtext;
if (!eval { qr/$search_regexp/; 1; }) {
(my $error = $@) =~ s/ at \S+ line \d+.*\n?//;
die_error(400, "Invalid search regexp '$search_regexp'",
esc_html($error));
}
} else {
$search_regexp = quotemeta $searchtext;
}
}
}

Expand Down
10 changes: 10 additions & 0 deletions t/t9501-gitweb-standalone-http-status.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,4 +134,14 @@ our $maxload = undef;
EOF


# ----------------------------------------------------------------------
# invalid arguments

test_expect_success 'invalid arguments: invalid regexp (in project search)' '
gitweb_run "a=project_list;s=*\.git;sr=1" &&
grep "Status: 400" gitweb.headers &&
grep "400 - Invalid.*regexp" gitweb.body
'
test_debug 'cat gitweb.headers'

test_done

0 comments on commit 6a3a3db

Please sign in to comment.