projects
/
yourls-gitweb.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
de1881d
)
plugin.php: Fix issues with shell_exec().
author
Florian Forster
<octo@verplant.org>
Sun, 16 Jan 2011 13:56:35 +0000
(14:56 +0100)
committer
Florian Forster
<octo@verplant.org>
Sun, 16 Jan 2011 13:56:35 +0000
(14:56 +0100)
plugin.php
patch
|
blob
|
history
diff --git
a/plugin.php
b/plugin.php
index
9759767
..
028d3e6
100644
(file)
--- a/
plugin.php
+++ b/
plugin.php
@@
-34,45
+34,56
@@
Author URI: http://octo.it/
* Florian Forster <ff at octo.it>
\r
**/
\r
\r
* Florian Forster <ff at octo.it>
\r
**/
\r
\r
-function gitweb_check_repository ($obj, $repo, $dir, $url) /* {{{ */
\r
+function gitweb_check_repository ($obj, $repo, $dir, $
base_
url) /* {{{ */
\r
{
\r
$output = array ();
\r
$retval = 0;
\r
\r
{
\r
$output = array ();
\r
$retval = 0;
\r
\r
- $obj_name = shell_exec ('git --git-dir=' . escapeshellarg ($dir)
\r
- . ' rev-parse ' . escapeshellarg ($obj)
\r
- . ' 2>/dev/null');
\r
- if (!$obj_type)
\r
+ $cmd = 'git --git-dir=' . escapeshellarg ($dir)
\r
+ . ' rev-parse --verify ' . escapeshellarg ($obj)
\r
+ . ' 2>/dev/null';
\r
+ $obj_name = trim (shell_exec ($cmd));
\r
+ if (!$obj_name)
\r
return (false);
\r
\r
return (false);
\r
\r
- $obj_type = shell_exec ('git --git-dir=' . escapeshellarg ($dir)
\r
+ if (!preg_match ('/^[0-9a-fA-F]{40}$/', $obj_name))
\r
+ {
\r
+ error_log ("git-rev-parse(1) returned unexpected object name: $obj_name");
\r
+ return (false);
\r
+ }
\r
+
\r
+ $cmd = 'git --git-dir=' . escapeshellarg ($dir)
\r
. ' cat-file -t ' . escapeshellarg ($obj_name)
\r
. ' cat-file -t ' . escapeshellarg ($obj_name)
\r
- . ' 2>/dev/null');
\r
+ . ' 2>/dev/null';
\r
+ $obj_type = trim (shell_exec ($cmd));
\r
if (!$obj_type)
\r
if (!$obj_type)
\r
+ {
\r
+ error_log ("gitweb_check_repository: git-cat-file(1) failed.");
\r
return (false);
\r
return (false);
\r
+ }
\r
\r
if ($obj_type == 'commit')
\r
{
\r
\r
if ($obj_type == 'commit')
\r
{
\r
- $to_url = "$url?p=" . urlencode ($repo) . ';a=commitdiff;h=' . urlencode ($obj_name);
\r
+ $to_url = "$
base_
url?p=" . urlencode ($repo) . ';a=commitdiff;h=' . urlencode ($obj_name);
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r
elseif ($obj_type == 'tag')
\r
{
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r
elseif ($obj_type == 'tag')
\r
{
\r
- $to_url = "$url?p=" . urlencode ($repo) . ';a=tag;h=' . urlencode ($obj_name);
\r
+ $to_url = "$
base_
url?p=" . urlencode ($repo) . ';a=tag;h=' . urlencode ($obj_name);
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
\r
}
\r
elseif ($obj_type == 'tree')
\r
{
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
\r
}
\r
elseif ($obj_type == 'tree')
\r
{
\r
- $to_url = "$url?p=" . urlencode ($repo) . ";a=tree;h=" . urlencode ($obj_name);
\r
+ $to_url = "$
base_
url?p=" . urlencode ($repo) . ";a=tree;h=" . urlencode ($obj_name);
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r
elseif ($obj_type == 'blob')
\r
{
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r
elseif ($obj_type == 'blob')
\r
{
\r
- $to_url = "$url?p=" . urlencode ($repo) . ";a=blob;h=" . urlencode ($obj_name);
\r
+ $to_url = "$
base_
url?p=" . urlencode ($repo) . ";a=blob;h=" . urlencode ($obj_name);
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r
yourls_redirect ($to_url, /* status = */ 301);
\r
return (true);
\r
}
\r