diff options
| author | Jakub Narebski <jnareb@gmail.com> | 2006-10-30 21:25:11 (GMT) |
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2006-11-01 20:26:29 (GMT) |
| commit | 8b4b94cc7998d6312025fe3350be57c89b803f9c (patch) | |
| tree | d73d8205dade1d2e9c3cab50a80270d7deb90bf8 | |
| parent | 45bd0c808d2a89254ee50807a99b7cf1147aa6d7 (diff) | |
| download | git-8b4b94cc7998d6312025fe3350be57c89b803f9c.zip git-8b4b94cc7998d6312025fe3350be57c89b803f9c.tar.gz git-8b4b94cc7998d6312025fe3350be57c89b803f9c.tar.bz2 | |
gitweb: Use 's' regexp modifier to secure against filenames with LF
Use 's' (treat string as single line) regexp modifier in
git_get_hash_by_path (against future changes, probably unnecessary)
and in parse_ls_tree_line (when called with '-z'=>1 option) to secure
against filenames containing newline.
[jc: the hunk on git_get_hash_by_path was unneeded, and I noticed the
regexp was doing unnecessary capture, so fixed it up while I was at it.]
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
| -rwxr-xr-x | gitweb/gitweb.perl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 6035980..bf5f829 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -860,7 +860,7 @@ sub git_get_hash_by_path { close $fd or return undef; #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c' - $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/; + $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t/; if (defined $type && $type ne $2) { # type doesn't match return undef; @@ -1277,7 +1277,7 @@ sub parse_ls_tree_line ($;%) { my %res; #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c' - $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/; + $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/s; $res{'mode'} = $1; $res{'type'} = $2; |