gitweb: Use 's' regexp modifier to secure against filenames with LF

Use 's' (treat string as single line) regexp modifier in git_get_hash_by_path (against future changes, probably unnecessary) and in parse_ls_tree_line (when called with '-z'=>1 option) to secure against filenames containing newline. [jc: the hunk on git_get_hash_by_path was unneeded, and I noticed the regexp was doing unnecessary capture, so fixed it up while I was at it.] Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
git-mirror · Nov 1, 2006 · 8b4b94c · 8b4b94c
1 parent 45bd0c8
commit 8b4b94c
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
@@ -860,7 +860,7 @@ sub git_get_hash_by_path {
 	close $fd or return undef;
 
 	#'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa	panic.c'
-	$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
+	$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t/;
 	if (defined $type && $type ne $2) {
 		# type doesn't match
 		return undef;
@@ -1277,7 +1277,7 @@ ($;%)
 	my %res;
 
 	#'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa	panic.c'
-	$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
+	$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/s;
 
 	$res{'mode'} = $1;
 	$res{'type'} = $2;