author | Junio C Hamano <gitster@pobox.com> | |
Mon, 5 Mar 2012 06:17:47 +0000 (22:17 -0800) | ||
committer | Junio C Hamano <gitster@pobox.com> | |
Mon, 5 Mar 2012 06:17:47 +0000 (22:17 -0800) |
* jn/maint-gitweb-invalid-regexp:
gitweb: Handle invalid regexp in regexp search
gitweb: Handle invalid regexp in regexp search
gitweb/gitweb.perl | patch | blob | history | |
t/t9501-gitweb-standalone-http-status.sh | patch | blob | history |
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index d5dbd6428b599bc937c50cb87de85099fc1af04c..20ace61b6d158934068bb1e25408336f2058781f 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
if (length($searchtext) < 2) {
die_error(403, "At least two characters are required for search parameter");
}
- $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
+ if ($search_use_regexp) {
+ $search_regexp = $searchtext;
+ if (!eval { qr/$search_regexp/; 1; }) {
+ (my $error = $@) =~ s/ at \S+ line \d+.*\n?//;
+ die_error(400, "Invalid search regexp '$search_regexp'",
+ esc_html($error));
+ }
+ } else {
+ $search_regexp = quotemeta $searchtext;
+ }
}
}
index 26102ee9b0c36a87ba17a75b0ca644cc42e2c1c4..31076edc5bd45261f5874b10dad6376e49fb9002 100755 (executable)
EOF
+# ----------------------------------------------------------------------
+# invalid arguments
+
+test_expect_success 'invalid arguments: invalid regexp (in project search)' '
+ gitweb_run "a=project_list;s=*\.git;sr=1" &&
+ grep "Status: 400" gitweb.headers &&
+ grep "400 - Invalid.*regexp" gitweb.body
+'
+test_debug 'cat gitweb.headers'
+
test_done