diff options
| author | Jakub Narebski <jnareb@gmail.com> | 2011-06-22 17:28:52 +0200 |
|---|---|---|
| committer | Junio C Hamano <gitster@pobox.com> | 2011-06-22 11:44:09 -0700 |
| commit | e0ca364551fcde3b3d825f93f4a4d44d7ab9eb35 (patch) | |
| tree | b98c8ce1beb765f07a006705a43eae942ca1c5f0 /gitweb | |
| parent | a598ded1e2e9cc9f4ce93d091808b475839e6867 (diff) | |
| download | git-e0ca364551fcde3b3d825f93f4a4d44d7ab9eb35.tar.gz git-e0ca364551fcde3b3d825f93f4a4d44d7ab9eb35.tar.xz | |
gitweb: Check permissions first in git_search
Check first if relevant features: 'search', 'pickaxe', 'grep', as
appropriate, are enabled before doing anything else in git_search.
This should make git_search code more clear.
While at it, expand a bit error message (e.g. 'Pickaxe' ->
'Pickaxe search').
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'gitweb')
| -rwxr-xr-x | gitweb/gitweb.perl | 34 |
1 files changed, 21 insertions, 13 deletions
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fd438905..cde39131f 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -313,6 +313,10 @@ our %feature = ( # Enable text search, which will list the commits which match author, # committer or commit text to a given string. Enabled by default. # Project specific override is not supported. + # + # Note that this controls all search features, which means that if + # it is disabled, then 'grep' and 'pickaxe' search would also be + # disabled. 'search' => { 'override' => 0, 'default' => [1]}, @@ -6787,7 +6791,23 @@ sub git_history { } sub git_search { - gitweb_check_feature('search') or die_error(403, "Search is disabled"); + $searchtype ||= 'commit'; + + # check if appropriate features are enabled + gitweb_check_feature('search') + or die_error(403, "Search is disabled"); + if ($searchtype eq 'pickaxe') { + # pickaxe may take all resources of your box and run for several minutes + # with every query - so decide by yourself how public you make this feature + gitweb_check_feature('pickaxe') + or die_error(403, "Pickaxe search is disabled"); + } + if ($searchtype eq 'grep') { + # grep search might be potentially CPU-intensive, too + gitweb_check_feature('grep') + or die_error(403, "Grep search is disabled"); + } + if (!defined $searchtext) { die_error(400, "Text field is empty"); } @@ -6802,18 +6822,6 @@ sub git_search { $page = 0; } - $searchtype ||= 'commit'; - if ($searchtype eq 'pickaxe') { - # pickaxe may take all resources of your box and run for several minutes - # with every query - so decide by yourself how public you make this feature - gitweb_check_feature('pickaxe') - or die_error(403, "Pickaxe is disabled"); - } - if ($searchtype eq 'grep') { - gitweb_check_feature('grep') - or die_error(403, "Grep is disabled"); - } - git_header_html(); if ($searchtype eq 'commit' or $searchtype eq 'author' or $searchtype eq 'committer') { |