Skip to content

Commit f629c23

Browse files
gitstergitster
committed
Merge branch 'jn/maint-do-not-match-with-unsanitized-searchtext' into maint
"gitweb" did use quotemeta() to prepare search string when asked to do a fixed-string project search, but did not use it by mistake and used the user-supplied string instead. By Jakub Narebski * jn/maint-do-not-match-with-unsanitized-searchtext: gitweb: Fix fixed string (non-regexp) project search
2 parents b91a13b + e65ceb6 commit f629c23

File tree

1 file changed

+8
-8
lines changed

1 file changed

+8
-8
lines changed

gitweb/gitweb.perl

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -2978,10 +2978,10 @@ sub filter_forks_from_projects_list {
29782978
sub search_projects_list {
29792979
my ($projlist, %opts) = @_;
29802980
my $tagfilter = $opts{'tagfilter'};
2981-
my $searchtext = $opts{'searchtext'};
2981+
my $search_re = $opts{'search_regexp'};
29822982

29832983
return @$projlist
2984-
unless ($tagfilter || $searchtext);
2984+
unless ($tagfilter || $search_re);
29852985

29862986
my @projects;
29872987
PROJECT:
@@ -2993,10 +2993,10 @@ sub search_projects_list {
29932993
grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
29942994
}
29952995

2996-
if ($searchtext) {
2996+
if ($search_re) {
29972997
next unless
2998-
$pr->{'path'} =~ /$searchtext/ ||
2999-
$pr->{'descr_long'} =~ /$searchtext/;
2998+
$pr->{'path'} =~ /$search_re/ ||
2999+
$pr->{'descr_long'} =~ /$search_re/;
30003000
}
30013001

30023002
push @projects, $pr;
@@ -5291,17 +5291,17 @@ sub git_project_list_body {
52915291
my $show_ctags = gitweb_check_feature('ctags');
52925292
my $tagfilter = $show_ctags ? $input_params{'ctag'} : undef;
52935293
$check_forks = undef
5294-
if ($tagfilter || $searchtext);
5294+
if ($tagfilter || $search_regexp);
52955295

52965296
# filtering out forks before filling info allows to do less work
52975297
@projects = filter_forks_from_projects_list(\@projects)
52985298
if ($check_forks);
52995299
@projects = fill_project_list_info(\@projects);
53005300
# searching projects require filling to be run before it
53015301
@projects = search_projects_list(\@projects,
5302-
'searchtext' => $searchtext,
5302+
'search_regexp' => $search_regexp,
53035303
'tagfilter' => $tagfilter)
5304-
if ($tagfilter || $searchtext);
5304+
if ($tagfilter || $search_regexp);
53055305

53065306
$order ||= $default_projects_order;
53075307
$from = 0 unless defined $from;

0 commit comments

Comments
 (0)