Skip to content

Commit 84d9e2d

Browse files
jnarebgitster
jnareb
authored and
gitster
committed
gitweb: Allow UTF-8 encoded CGI query parameters and path_info
Gitweb forgot to turn query parameters into UTF-8. This results in a bug that one cannot search for a string with characters outside US-ASCII. For example searching for "Michał Kiedrowicz" (containing letter 'ł' - LATIN SMALL LETTER L WITH STROKE, with Unicode codepoint U+0142, represented with 0xc5 0x82 bytes in UTF-8 and percent-encoded as %C5%82) result in the following incorrect data in search field MichaÅ\202 Kiedrowicz This is caused by CGI by default treating '0xc5 0x82' bytes as two characters in Perl legacy encoding latin-1 (iso-8859-1), because 's' query parameter is not processed explicitly as UTF-8 encoded string. The solution used here follows "Using Unicode in a Perl CGI script" article on http://www.lemoda.net/cgi/perl-unicode/index.html: use CGI; use Encode 'decode_utf8; my $value = params('input'); $value = decode_utf8($value); Decoding UTF-8 is done when filling %input_params hash and $path_info variable; the former requires to move from explicit $cgi->param(<label>) to $input_params{<name>} in a few places, which is a good idea anyway. Also add -override=>1 parameter to $cgi->textfield() invocation in search form. Otherwise CGI would use values from query string if it is present, filling value from $cgi->param... without decode_utf8(). As we are using value of appropriate parameter anyway, -override=>1 doesn't change the situation but makes gitweb fill search field correctly. We could simply use the '-utf8' pragma (via "use CGI '-utf8';") to solve this, but according to CGI.pm documentation, it may cause problems with POST requests containing binary files, and it requires CGI 3.31 (I think), released with perl v5.8.9. Reported-by: Michał Kiedrowicz <[email protected]> Signed-off-by: Jakub Narębski <[email protected]> Tested-by: Michał Kiedrowicz <[email protected]> Signed-off-by: Junio C Hamano <[email protected]>
1 parent 828ea97 commit 84d9e2d

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

gitweb/gitweb.perl

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ sub evaluate_uri {
5252
# as base URL.
5353
# Therefore, if we needed to strip PATH_INFO, then we know that we have
5454
# to build the base URL ourselves:
55-
our $path_info = $ENV{"PATH_INFO"};
55+
our $path_info = decode_utf8($ENV{"PATH_INFO"});
5656
if ($path_info) {
5757
if ($my_url =~ s,\Q$path_info\E$,, &&
5858
$my_uri =~ s,\Q$path_info\E$,, &&
@@ -816,9 +816,9 @@ sub evaluate_query_params {
816816

817817
while (my ($name, $symbol) = each %cgi_param_mapping) {
818818
if ($symbol eq 'opt') {
819-
$input_params{$name} = [ $cgi->param($symbol) ];
819+
$input_params{$name} = [ map { decode_utf8($_) } $cgi->param($symbol) ];
820820
} else {
821-
$input_params{$name} = $cgi->param($symbol);
821+
$input_params{$name} = decode_utf8($cgi->param($symbol));
822822
}
823823
}
824824
}
@@ -2765,7 +2765,7 @@ sub git_populate_project_tagcloud {
27652765
}
27662766

27672767
my $cloud;
2768-
my $matched = $cgi->param('by_tag');
2768+
my $matched = $input_params{'ctag'};
27692769
if (eval { require HTML::TagCloud; 1; }) {
27702770
$cloud = HTML::TagCloud->new;
27712771
foreach my $ctag (sort keys %ctags_lc) {
@@ -3871,7 +3871,7 @@ sub print_search_form {
38713871
-values => ['commit', 'grep', 'author', 'committer', 'pickaxe']) .
38723872
$cgi->sup($cgi->a({-href => href(action=>"search_help")}, "?")) .
38733873
" search:\n",
3874-
$cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
3874+
$cgi->textfield(-name => "s", -value => $searchtext, -override => 1) . "\n" .
38753875
"<span title=\"Extended regular expression\">" .
38763876
$cgi->checkbox(-name => 'sr', -value => 1, -label => 're',
38773877
-checked => $search_use_regexp) .
@@ -5280,7 +5280,7 @@ sub git_project_list_body {
52805280

52815281
my $check_forks = gitweb_check_feature('forks');
52825282
my $show_ctags = gitweb_check_feature('ctags');
5283-
my $tagfilter = $show_ctags ? $cgi->param('by_tag') : undef;
5283+
my $tagfilter = $show_ctags ? $input_params{'ctag'} : undef;
52845284
$check_forks = undef
52855285
if ($tagfilter || $searchtext);
52865286

@@ -5992,7 +5992,7 @@ sub git_project_list {
59925992
}
59935993
print $cgi->startform(-method => "get") .
59945994
"<p class=\"projsearch\">Search:\n" .
5995-
$cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
5995+
$cgi->textfield(-name => "s", -value => $searchtext, -override => 1) . "\n" .
59965996
"</p>" .
59975997
$cgi->end_form() . "\n";
59985998
git_project_list_body(\@list, $order);
@@ -6195,7 +6195,7 @@ sub git_tag {
61956195

61966196
sub git_blame_common {
61976197
my $format = shift || 'porcelain';
6198-
if ($format eq 'porcelain' && $cgi->param('js')) {
6198+
if ($format eq 'porcelain' && $input_params{'javascript'}) {
61996199
$format = 'incremental';
62006200
$action = 'blame_incremental'; # for page title etc
62016201
}

0 commit comments

Comments
 (0)