Skip to content

Commit 1df4876

Browse files
jnarebgitster
jnareb
authored and
gitster
committed
gitweb: Protect escaping functions against calling on undef
This is a bit of future-proofing esc_html and friends: when called with undefined value they would now would return undef... which would probably mean that error would still occur, but closer to the source of problem. This means that we can safely use esc_html(shift) || "Internal Server Error" in die_error() instead of esc_html(shift || "Internal Server Error") Signed-off-by: Jakub Narebski <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent 453541f commit 1df4876

File tree

1 file changed

+8
-1
lines changed

1 file changed

+8
-1
lines changed

gitweb/gitweb.perl

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1143,6 +1143,7 @@ sub validate_refname {
11431143
# in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
11441144
sub to_utf8 {
11451145
my $str = shift;
1146+
return undef unless defined $str;
11461147
if (utf8::valid($str)) {
11471148
utf8::decode($str);
11481149
return $str;
@@ -1155,6 +1156,7 @@ sub to_utf8 {
11551156
# correct, but quoted slashes look too horrible in bookmarks
11561157
sub esc_param {
11571158
my $str = shift;
1159+
return undef unless defined $str;
11581160
$str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg;
11591161
$str =~ s/ /\+/g;
11601162
return $str;
@@ -1163,6 +1165,7 @@ sub esc_param {
11631165
# quote unsafe chars in whole URL, so some charactrs cannot be quoted
11641166
sub esc_url {
11651167
my $str = shift;
1168+
return undef unless defined $str;
11661169
$str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
11671170
$str =~ s/\+/%2B/g;
11681171
$str =~ s/ /\+/g;
@@ -1174,6 +1177,8 @@ sub esc_html {
11741177
my $str = shift;
11751178
my %opts = @_;
11761179

1180+
return undef unless defined $str;
1181+
11771182
$str = to_utf8($str);
11781183
$str = $cgi->escapeHTML($str);
11791184
if ($opts{'-nbsp'}) {
@@ -1188,6 +1193,8 @@ sub esc_path {
11881193
my $str = shift;
11891194
my %opts = @_;
11901195

1196+
return undef unless defined $str;
1197+
11911198
$str = to_utf8($str);
11921199
$str = $cgi->escapeHTML($str);
11931200
if ($opts{'-nbsp'}) {
@@ -3387,7 +3394,7 @@ sub git_footer_html {
33873394
# or down for maintenance). Generally, this is a temporary state.
33883395
sub die_error {
33893396
my $status = shift || 500;
3390-
my $error = esc_html(shift || "Internal Server Error");
3397+
my $error = esc_html(shift) || "Internal Server Error";
33913398
my $extra = shift;
33923399

33933400
my %http_responses = (

0 commit comments

Comments
 (0)