Merge branch 'jn/maint-do-not-match-with-unsanitized-searchtext' into maint

"gitweb" did use quotemeta() to prepare search string when asked to
do a fixed-string project search, but did not use it by mistake and
used the user-supplied string instead.

By Jakub Narebski
* jn/maint-do-not-match-with-unsanitized-searchtext:
  gitweb: Fix fixed string (non-regexp) project search

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 20ace61b6d158934068bb1e25408336f2058781f..b9c33ba31d538e87f69a8f742b1f8ff2134cfd8c 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -2978,10 +2978,10 @@ sub filter_forks_from_projects_list {
 sub search_projects_list {
        my ($projlist, %opts) = @_;
        my $tagfilter  = $opts{'tagfilter'};
-       my $searchtext = $opts{'searchtext'};
+       my $search_re = $opts{'search_regexp'};
 
        return @$projlist
-               unless ($tagfilter || $searchtext);
+               unless ($tagfilter || $search_re);
 
        my @projects;
  PROJECT:
@@ -2993,10 +2993,10 @@ sub search_projects_list {
                                grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
                }
 
-               if ($searchtext) {
+               if ($search_re) {
                        next unless
-                               $pr->{'path'} =~ /$searchtext/ ||
-                               $pr->{'descr_long'} =~ /$searchtext/;
+                               $pr->{'path'} =~ /$search_re/ ||
+                               $pr->{'descr_long'} =~ /$search_re/;
                }
 
                push @projects, $pr;
@@ -5291,7 +5291,7 @@ sub git_project_list_body {
        my $show_ctags  = gitweb_check_feature('ctags');
        my $tagfilter = $show_ctags ? $input_params{'ctag'} : undef;
        $check_forks = undef
-               if ($tagfilter || $searchtext);
+               if ($tagfilter || $search_regexp);
 
        # filtering out forks before filling info allows to do less work
        @projects = filter_forks_from_projects_list(\@projects)
@@ -5299,9 +5299,9 @@ sub git_project_list_body {
        @projects = fill_project_list_info(\@projects);
        # searching projects require filling to be run before it
        @projects = search_projects_list(\@projects,
-                                        'searchtext' => $searchtext,
+                                        'search_regexp' => $search_regexp,
                                         'tagfilter'  => $tagfilter)
-               if ($tagfilter || $searchtext);
+               if ($tagfilter || $search_regexp);
 
        $order ||= $default_projects_order;
        $from = 0 unless defined $from;