Skip to content

Commit

Permalink
gitweb: Don't use quotemeta on internally generated strings
Browse files Browse the repository at this point in the history 
Do not use quotemeta on internally generated strings
such as filenames of snapshot, blobs, etc.
quotemeta quotes any characters not matching /A-Za-z_0-9/.
Which means that we get strings like this:

before: linux\-2\.6\.git\-5c2d97cb31fb77981797fec46230ca005b865799\.tar\.gz
after:  linux-2.6.git-5c2d97cb31fb77981797fec46230ca005b865799.tar.gz

This patch fixes this.

Signed-off-by: Luben Tuikov <ltuikov@yahoo.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
  • Loading branch information
Luben Tuikov authored and Junio C Hamano committed Sep 29, 2006
1 parent ba6ef81 commit a2a3bf7
Showing 1 changed file with 4 additions and 5 deletions.
9 changes: 4 additions & 5 deletions gitweb/gitweb.perl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2660,7 +2660,7 @@ sub git_blob_plain {
print $cgi->header(
-type => "$type",
-expires=>$expires,
-content_disposition => 'inline; filename="' . quotemeta($save_as) . '"');
-content_disposition => 'inline; filename="' . "$save_as" . '"');
undef $/;
binmode STDOUT, ':raw';
print <$fd>;
Expand Down Expand Up @@ -2835,7 +2835,7 @@ sub git_snapshot {
print $cgi->header(
-type => 'application/x-tar',
-content_encoding => $ctype,
-content_disposition => 'inline; filename="' . quotemeta($filename) . '"',
-content_disposition => 'inline; filename="' . "$filename" . '"',
-status => '200 OK');

my $git_command = git_cmd_str();
Expand Down Expand Up @@ -2933,7 +2933,6 @@ sub git_commit {

my @views_nav = ();
if (defined $file_name && defined $co{'parent'}) {
my $parent = $co{'parent'};
push @views_nav,
$cgi->a({-href => href(action=>"blame", hash_parent=>$parent, file_name=>$file_name)},
"blame");
Expand Down Expand Up @@ -3145,7 +3144,7 @@ sub git_blobdiff {
-type => 'text/plain',
-charset => 'utf-8',
-expires => $expires,
-content_disposition => 'inline; filename="' . quotemeta($file_name) . '.patch"');
-content_disposition => 'inline; filename="' . "$file_name" . '.patch"');

print "X-Git-Url: " . $cgi->self_url() . "\n\n";

Expand Down Expand Up @@ -3248,7 +3247,7 @@ sub git_commitdiff {
-type => 'text/plain',
-charset => 'utf-8',
-expires => $expires,
-content_disposition => 'inline; filename="' . quotemeta($filename) . '"');
-content_disposition => 'inline; filename="' . "$filename" . '"');
my %ad = parse_date($co{'author_epoch'}, $co{'author_tz'});
print <<TEXT;
From: $co{'author'}
Expand Down

0 comments on commit a2a3bf7

Please sign in to comment.