diff options
author | martin f. krafft <madduck@madduck.net> | 2008-04-20 23:23:38 +0200 |
---|---|---|
committer | Junio C Hamano <gitster@pobox.com> | 2008-04-21 23:30:55 -0700 |
commit | 85d17a123ba59b90744e311e40f80fd8838fbdc5 (patch) | |
tree | 6b03f9f7ed1d14e6869ac6e263a53f10a0bb604f | |
parent | bbd4c307fc315847c975efd4c9aa32eb0e8470fb (diff) | |
download | git-85d17a123ba59b90744e311e40f80fd8838fbdc5.tar.gz git-85d17a123ba59b90744e311e40f80fd8838fbdc5.tar.xz |
Escape project names before creating pathinfo URLs
If a project name contains special URL characters like +, gitweb's links
break in subtle ways. The solution is to pass the project name through
esc_url() and using the return value.
Signed-off-by: martin f. krafft <madduck@madduck.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
-rwxr-xr-x | gitweb/gitweb.perl | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 4abd7ac1a..12843a484 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -628,7 +628,7 @@ sub href(%) { my ($use_pathinfo) = gitweb_check_feature('pathinfo'); if ($use_pathinfo) { # use PATH_INFO for project name - $href .= "/$params{'project'}" if defined $params{'project'}; + $href .= "/".esc_url($params{'project'}) if defined $params{'project'}; delete $params{'project'}; # Summary just uses the project path URL @@ -2570,7 +2570,7 @@ EOF my $action = $my_uri; my ($use_pathinfo) = gitweb_check_feature('pathinfo'); if ($use_pathinfo) { - $action .= "/$project"; + $action .= "/".esc_url($project); } else { $cgi->param("p", $project); } |