Merge branch 'jn/maint-gitweb-invalid-regexp' into maint

* jn/maint-gitweb-invalid-regexp: gitweb: Handle invalid regexp in regexp search
author: Junio C Hamano <gitster@pobox.com> 2012-03-04 22:17:47 -0800
committer: Junio C Hamano <gitster@pobox.com> 2012-03-04 22:17:47 -0800
commit: 3ecd0c8b4d9e245e255aa4c061d6a474eb571298 (patch)
tree: d9ef843146787d554e3e39035c2542aca23022ba /gitweb/gitweb.perl
parent: 3fc242f5ab8222745892047d4e481e71540425cd (diff)
parent: 36612e4daf8b5b5eaf16315aa13c66925f878cd6 (diff)
download: git-3ecd0c8b4d9e245e255aa4c061d6a474eb571298.tar.gz
git-3ecd0c8b4d9e245e255aa4c061d6a474eb571298.tar.xz
1 files changed, 10 insertions, 1 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index d5dbd6428..20ace61b6 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1073,7 +1073,16 @@ sub evaluate_and_validate_params {
 		if (length($searchtext) < 2) {
 			die_error(403, "At least two characters are required for search parameter");
 		}
-		$search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
+		if ($search_use_regexp) {
+			$search_regexp = $searchtext;
+			if (!eval { qr/$search_regexp/; 1; }) {
+				(my $error = $@) =~ s/ at \S+ line \d+.*\n?//;
+				die_error(400, "Invalid search regexp '$search_regexp'",
+				          esc_html($error));
+			}
+		} else {
+			$search_regexp = quotemeta $searchtext;
+		}
 	}
 }
author	Junio C Hamano <gitster@pobox.com>	2012-03-04 22:17:47 -0800
committer	Junio C Hamano <gitster@pobox.com>	2012-03-04 22:17:47 -0800
commit	3ecd0c8b4d9e245e255aa4c061d6a474eb571298 (patch)
tree	d9ef843146787d554e3e39035c2542aca23022ba /gitweb/gitweb.perl
parent	3fc242f5ab8222745892047d4e481e71540425cd (diff)
parent	36612e4daf8b5b5eaf16315aa13c66925f878cd6 (diff)
download	git-3ecd0c8b4d9e245e255aa4c061d6a474eb571298.tar.gz git-3ecd0c8b4d9e245e255aa4c061d6a474eb571298.tar.xz