summaryrefslogtreecommitdiff
path: root/gitweb
diff options
context:
space:
mode:
authorJakub Narebski <jnareb@gmail.com>2012-03-02 23:34:24 +0100
committerJunio C Hamano <gitster@pobox.com>2012-03-06 14:48:24 -0800
commite65ceb61cd7d3fabedea8cb545f8c210b48552d4 (patch)
treee672ccbb098ca1356b7db83d53aca9dce859ecc0 /gitweb
parentf174a2583c9f42315b60205890fa67a79a1f1669 (diff)
downloadgit-e65ceb61cd7d3fabedea8cb545f8c210b48552d4.tar.gz
gitweb: Fix fixed string (non-regexp) project searchjn/maint-do-not-match-with-unsanitized-searchtext
Use $search_regexp, where regex metacharacters are quoted, for searching projects list, rather than $searchtext, which contains original search term. Reported-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gitweb')
-rwxr-xr-xgitweb/gitweb.perl16
1 files changed, 8 insertions, 8 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 50a835a5bf..a7e0d8f688 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2905,10 +2905,10 @@ sub filter_forks_from_projects_list {
sub search_projects_list {
my ($projlist, %opts) = @_;
my $tagfilter = $opts{'tagfilter'};
- my $searchtext = $opts{'searchtext'};
+ my $search_re = $opts{'search_regexp'};
return @$projlist
- unless ($tagfilter || $searchtext);
+ unless ($tagfilter || $search_re);
my @projects;
PROJECT:
@@ -2920,10 +2920,10 @@ sub search_projects_list {
grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
}
- if ($searchtext) {
+ if ($search_re) {
next unless
- $pr->{'path'} =~ /$searchtext/ ||
- $pr->{'descr_long'} =~ /$searchtext/;
+ $pr->{'path'} =~ /$search_re/ ||
+ $pr->{'descr_long'} =~ /$search_re/;
}
push @projects, $pr;
@@ -5089,7 +5089,7 @@ sub git_project_list_body {
my $show_ctags = gitweb_check_feature('ctags');
my $tagfilter = $show_ctags ? $cgi->param('by_tag') : undef;
$check_forks = undef
- if ($tagfilter || $searchtext);
+ if ($tagfilter || $search_regexp);
# filtering out forks before filling info allows to do less work
@projects = filter_forks_from_projects_list(\@projects)
@@ -5097,9 +5097,9 @@ sub git_project_list_body {
@projects = fill_project_list_info(\@projects);
# searching projects require filling to be run before it
@projects = search_projects_list(\@projects,
- 'searchtext' => $searchtext,
+ 'search_regexp' => $search_regexp,
'tagfilter' => $tagfilter)
- if ($tagfilter || $searchtext);
+ if ($tagfilter || $search_regexp);
$order ||= $default_projects_order;
$from = 0 unless defined $from;