From 061cc7cdcfda9527f5afb986e0396e393ed0c9f5 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 7 Aug 2005 20:15:57 +0200 Subject: [PATCH] v056 --- gitweb.cgi | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/gitweb.cgi b/gitweb.cgi index 8c46a3a0..c702c9a2 100755 --- a/gitweb.cgi +++ b/gitweb.cgi @@ -14,7 +14,7 @@ use CGI::Carp qw(fatalsToBrowser); my $cgi = new CGI; -my $version = "055"; +my $version = "056"; my $projectroot = "/home/kay/public_html/pub/scm"; my $defaultprojects = "linux/kernel/git"; my $gitbin = "/home/kay/bin/git"; @@ -31,19 +31,19 @@ $ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/objects"; # validate input if (defined($project) && $project =~ /(^|\/)(|\.|\.\.)($|\/)/) { - error_page("403 Permission denied", "Invalid project parameter."); + die_error("", "Invalid project parameter."); } if (defined($action) && !$action =~ m/^[0-9a-zA-Z\.\-]+$/) { - error_page("403 Permission denied", "Invalid action parameter."); + die_error("", "Invalid action parameter."); } if (defined($hash) && !($hash =~ m/^[0-9a-fA-F]{40}$/)) { - error_page("403 Permission denied", "Invalid hash parameter."); + die_error("", "Invalid hash parameter."); } if (defined($hash_parent) && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) { - error_page("403 Permission denied", "Invalid parent hash parameter."); + die_error("", "Invalid parent hash parameter."); } if (defined($time_back) && !($time_back =~ m/^[0-9]+$/)) { - error_page("403 Permission denied", "Invalid time parameter."); + die_error("", "Invalid time parameter."); } else { $time_back = 1; } @@ -131,8 +131,8 @@ sub git_footer_html { print "\n"; } -sub error_page { - my $status = shift || "403 Permission denied"; +sub die_error { + my $status = shift || "403 Forbidden"; my $error = shift || "Malformed query, file missing or permission denied"; git_header_html($status); print "
\n" . @@ -145,7 +145,7 @@ sub error_page { sub git_head { my $path = shift; - open my $fd, "$projectroot/$path/HEAD"; + open(my $fd, "$projectroot/$path/HEAD") || die_error("", "Invalid project directory.");; my $head = <$fd>; close $fd; chomp $head; @@ -179,6 +179,7 @@ sub git_commit { $co{'committer_name'} =~ s/ <.*//; } } + if (!defined($co{'tree'})) { die_error("", "Invalid commit object."); } $co{'parents'} = \@parents; $co{'parent'} = $parents[0]; my (@comment) = map { chomp; $_ } <$fd>; @@ -203,7 +204,7 @@ sub git_diff_html { # create tmp from-file if ($from ne "") { $from_tmp = "$gittmp/gitweb_" . $$ . "_from"; - open my $fd2, "> $from_tmp"; + open(my $fd2, "> $from_tmp"); open my $fd, "-|", "$gitbin/cat-file blob $from"; my @file = <$fd>; print $fd2 @file; @@ -317,7 +318,7 @@ if ($action eq "git-logo.png") { # show list of default projects if ($project eq "") { - opendir(my $fd, "$projectroot/$defaultprojects"); + opendir(my $fd, "$projectroot/$defaultprojects") || die_error("", "No projects found."); my (@users) = sort grep(!/^\./, readdir($fd)); closedir($fd); git_header_html(); @@ -345,7 +346,7 @@ if ($action eq "") { if ($action eq "blob") { git_header_html(); print "


\n"; - open my $fd, "-|", "$gitbin/cat-file blob $hash"; + open(my $fd, "-|", "$gitbin/cat-file blob $hash"); my $nr; while (my $line = <$fd>) { $nr++; @@ -595,5 +596,5 @@ if ($action eq "blob") { print "
"; git_footer_html(); } else { - error_page("403 Forbidden", "unknown action"); + die_error("", "unknown action"); } -- 2.11.0