summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Narebski <jnareb@gmail.com>2010-02-07 21:52:25 +0100
committerJunio C Hamano <gitster@pobox.com>2010-02-17 11:18:12 -0800
commit1df48766137f2040e2e992d7d278d5aca26406cf (patch)
tree015d89e7b088a0d94af8a726e1028f5e149466e1
parent453541fcfcbc54aa3b0035667e5d5885d407d0a5 (diff)
downloadgit-1df48766137f2040e2e992d7d278d5aca26406cf.tar.gz
gitweb: Protect escaping functions against calling on undef
This is a bit of future-proofing esc_html and friends: when called with undefined value they would now would return undef... which would probably mean that error would still occur, but closer to the source of problem. This means that we can safely use esc_html(shift) || "Internal Server Error" in die_error() instead of esc_html(shift || "Internal Server Error") Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rwxr-xr-xgitweb/gitweb.perl9
1 files changed, 8 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 2ccbb6aa34..3c879b88fe 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1143,6 +1143,7 @@ sub validate_refname {
# in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
sub to_utf8 {
my $str = shift;
+ return undef unless defined $str;
if (utf8::valid($str)) {
utf8::decode($str);
return $str;
@@ -1155,6 +1156,7 @@ sub to_utf8 {
# correct, but quoted slashes look too horrible in bookmarks
sub esc_param {
my $str = shift;
+ return undef unless defined $str;
$str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg;
$str =~ s/ /\+/g;
return $str;
@@ -1163,6 +1165,7 @@ sub esc_param {
# quote unsafe chars in whole URL, so some charactrs cannot be quoted
sub esc_url {
my $str = shift;
+ return undef unless defined $str;
$str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
$str =~ s/\+/%2B/g;
$str =~ s/ /\+/g;
@@ -1174,6 +1177,8 @@ sub esc_html {
my $str = shift;
my %opts = @_;
+ return undef unless defined $str;
+
$str = to_utf8($str);
$str = $cgi->escapeHTML($str);
if ($opts{'-nbsp'}) {
@@ -1188,6 +1193,8 @@ sub esc_path {
my $str = shift;
my %opts = @_;
+ return undef unless defined $str;
+
$str = to_utf8($str);
$str = $cgi->escapeHTML($str);
if ($opts{'-nbsp'}) {
@@ -3387,7 +3394,7 @@ sub git_footer_html {
# or down for maintenance). Generally, this is a temporary state.
sub die_error {
my $status = shift || 500;
- my $error = esc_html(shift || "Internal Server Error");
+ my $error = esc_html(shift) || "Internal Server Error";
my $extra = shift;
my %http_responses = (