From: Giuseppe Bilotta Date: Tue, 13 Oct 2009 19:51:36 +0000 (+0200) Subject: gitweb: fix esc_param X-Git-Tag: v1.6.5.3~18^2 X-Git-Url: https://git.tokkee.org/?a=commitdiff_plain;h=452e2256d2d7cb5494ca10fcbbb6bdf29570f2c0;p=git.git gitweb: fix esc_param The custom CGI escaping done in esc_param failed to escape UTF-8 properly. Fix by using CGI::escape on each sequence of matched characters instead of sprintf()ing a custom escaping for each byte. Additionally, the space -> + escape was being escaped due to greedy matching on the first substitution. Fix by adding space to the list of characters not handled on the first substitution. Finally, remove an unnecessary escaping of the + sign. Signed-off-by: Giuseppe Bilotta Signed-off-by: Junio C Hamano --- diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 24b219310..4b21ad25d 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1083,8 +1083,7 @@ sub to_utf8 { # correct, but quoted slashes look too horrible in bookmarks sub esc_param { my $str = shift; - $str =~ s/([^A-Za-z0-9\-_.~()\/:@])/sprintf("%%%02X", ord($1))/eg; - $str =~ s/\+/%2B/g; + $str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg; $str =~ s/ /\+/g; return $str; }