From: Florian Forster <octo@verplant.org>
Date: Sun, 16 Jan 2011 13:56:35 +0000 (+0100)
Subject: plugin.php: Fix issues with shell_exec().
X-Git-Url: https://git.octo.it/?p=yourls-gitweb.git;a=commitdiff_plain;h=884f1b69cfb98fe3752a7fa0f4a5e21dda0ee16d

plugin.php: Fix issues with shell_exec().
---

diff --git a/plugin.php b/plugin.php
index 9759767..028d3e6 100644
--- a/plugin.php
+++ b/plugin.php
@@ -34,45 +34,56 @@ Author URI: http://octo.it/
  *   Florian Forster <ff at octo.it>
  **/
 
-function gitweb_check_repository ($obj, $repo, $dir, $url) /* {{{ */
+function gitweb_check_repository ($obj, $repo, $dir, $base_url) /* {{{ */
 {
   $output = array ();
   $retval = 0;
 
-  $obj_name = shell_exec ('git --git-dir=' . escapeshellarg ($dir)
-    . ' rev-parse ' . escapeshellarg ($obj)
-    . ' 2>/dev/null');
-  if (!$obj_type)
+  $cmd = 'git --git-dir=' . escapeshellarg ($dir)
+    . ' rev-parse --verify ' . escapeshellarg ($obj)
+    . ' 2>/dev/null';
+  $obj_name = trim (shell_exec ($cmd));
+  if (!$obj_name)
     return (false);
 
-  $obj_type = shell_exec ('git --git-dir=' . escapeshellarg ($dir)
+  if (!preg_match ('/^[0-9a-fA-F]{40}$/', $obj_name))
+  {
+    error_log ("git-rev-parse(1) returned unexpected object name: $obj_name");
+    return (false);
+  }
+
+  $cmd = 'git --git-dir=' . escapeshellarg ($dir)
     . ' cat-file -t ' . escapeshellarg ($obj_name)
-    . ' 2>/dev/null');
+    . ' 2>/dev/null';
+  $obj_type = trim (shell_exec ($cmd));
   if (!$obj_type)
+  {
+    error_log ("gitweb_check_repository: git-cat-file(1) failed.");
     return (false);
+  }
 
   if ($obj_type == 'commit')
   {
-    $to_url = "$url?p=" . urlencode ($repo) . ';a=commitdiff;h=' . urlencode ($obj_name);
+    $to_url = "$base_url?p=" . urlencode ($repo) . ';a=commitdiff;h=' . urlencode ($obj_name);
     yourls_redirect ($to_url, /* status = */ 301);
     return (true);
   }
   elseif ($obj_type == 'tag')
   {
-    $to_url = "$url?p=" . urlencode ($repo) . ';a=tag;h=' . urlencode ($obj_name);
+    $to_url = "$base_url?p=" . urlencode ($repo) . ';a=tag;h=' . urlencode ($obj_name);
     yourls_redirect ($to_url, /* status = */ 301);
     return (true);
 
   }
   elseif ($obj_type == 'tree')
   {
-    $to_url = "$url?p=" . urlencode ($repo) . ";a=tree;h=" . urlencode ($obj_name);
+    $to_url = "$base_url?p=" . urlencode ($repo) . ";a=tree;h=" . urlencode ($obj_name);
     yourls_redirect ($to_url, /* status = */ 301);
     return (true);
   }
   elseif ($obj_type == 'blob')
   {
-    $to_url = "$url?p=" . urlencode ($repo) . ";a=blob;h=" . urlencode ($obj_name);
+    $to_url = "$base_url?p=" . urlencode ($repo) . ";a=blob;h=" . urlencode ($obj_name);
     yourls_redirect ($to_url, /* status = */ 301);
     return (true);
   }
