From: Jakub Narebski <jnareb@gmail.com>
To: git@vger.kernel.org
Subject: [PATCH 1/5] gitweb: Cleanup input validation and error messages
Date: Sat, 5 Aug 2006 00:38:20 +0200 [thread overview]
Message-ID: <200608050038.20534.jnareb@gmail.com> (raw)
In-Reply-To: <200608050036.06490.jnareb@gmail.com>
Clean up input validation, including removing $rss_link variable and
making error messages more explicit. Expand and uniquify other error
messages.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
---
This probably conflicts "[PATCH 4/4] gitweb: No periods for error messages".
It uses periods for error messages which does not end in with some
value of some variable.
gitweb/gitweb.perl | 88 ++++++++++++++++++++++++----------------------------
1 files changed, 40 insertions(+), 48 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 58eb5b1..dfc2d09 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -71,13 +71,15 @@ if (! -d $git_temp) {
mkdir($git_temp, 0700) || die_error("Couldn't mkdir $git_temp");
}
+
+# ======================================================================
# input validation and dispatch
our $action = $cgi->param('a');
if (defined $action) {
if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
- undef $action;
- die_error(undef, "Invalid action parameter.");
+ die_error(undef, "Invalid action parameter $action");
}
+ # action which does not check rest of parameters
if ($action eq "opml") {
git_opml();
exit;
@@ -85,22 +87,17 @@ if (defined $action) {
}
our $project = ($cgi->param('p') || $ENV{'PATH_INFO'});
-if (defined $project) {
- $project =~ s|^/||; $project =~ s|/$||;
- $project = validate_input($project);
- if (!defined($project)) {
- die_error(undef, "Invalid project parameter.");
+$project =~ s|^/||; $project =~ s|/$||;
+if (defined $project || $project) {
+ if (!validate_input($project)) {
+ die_error(undef, "Invalid project parameter $project");
}
if (!(-d "$projectroot/$project")) {
- undef $project;
- die_error(undef, "No such directory.");
+ die_error(undef, "No such directory $project");
}
if (!(-e "$projectroot/$project/HEAD")) {
- undef $project;
- die_error(undef, "No such project.");
+ die_error(undef, "No such project $project");
}
- $rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
- "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
$ENV{'GIT_DIR'} = "$projectroot/$project";
} else {
git_project_list();
@@ -109,49 +106,43 @@ if (defined $project) {
our $file_name = $cgi->param('f');
if (defined $file_name) {
- $file_name = validate_input($file_name);
- if (!defined($file_name)) {
- die_error(undef, "Invalid file parameter.");
+ if (!validate_input($file_name)) {
+ die_error(undef, "Invalid file parameter $file_name");
}
}
our $hash = $cgi->param('h');
if (defined $hash) {
- $hash = validate_input($hash);
- if (!defined($hash)) {
- die_error(undef, "Invalid hash parameter.");
+ if (!validate_input($hash)) {
+ die_error(undef, "Invalid hash parameter $hash");
}
}
our $hash_parent = $cgi->param('hp');
if (defined $hash_parent) {
- $hash_parent = validate_input($hash_parent);
- if (!defined($hash_parent)) {
- die_error(undef, "Invalid hash parent parameter.");
+ if (!validate_input($hash_parent)) {
+ die_error(undef, "Invalid hash parent parameter $hash_parent");
}
}
our $hash_base = $cgi->param('hb');
if (defined $hash_base) {
- $hash_base = validate_input($hash_base);
- if (!defined($hash_base)) {
- die_error(undef, "Invalid hash base parameter.");
+ if (!validate_input($hash_base)) {
+ die_error(undef, "Invalid hash base parameter $hash_base");
}
}
our $page = $cgi->param('pg');
if (defined $page) {
if ($page =~ m/[^0-9]$/) {
- undef $page;
- die_error(undef, "Invalid page parameter.");
+ die_error(undef, "Invalid page parameter $page");
}
}
our $searchtext = $cgi->param('s');
if (defined $searchtext) {
if ($searchtext =~ m/[^a-zA-Z0-9_\.\/\-\+\:\@ ]/) {
- undef $searchtext;
- die_error(undef, "Invalid search parameter.");
+ die_error(undef, "Invalid search parameter $searchtext");
}
$searchtext = quotemeta $searchtext;
}
@@ -180,8 +171,7 @@ my %actions = (
$action = 'summary' if (!defined($action));
if (!defined($actions{$action})) {
- undef $action;
- die_error(undef, "Unknown action.");
+ die_error(undef, "Unknown action $action");
}
$actions{$action}->();
exit;
@@ -871,11 +861,13 @@ sub git_header_html {
<meta name="robots" content="index, nofollow"/>
<title>$title</title>
<link rel="stylesheet" type="text/css" href="$stylesheet"/>
-$rss_link
-</head>
-<body>
EOF
- print "<div class=\"page_header\">\n" .
+ print "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
+ "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>\n" .
+ "</head>\n";
+
+ print "<body>\n" .
+ "<div class=\"page_header\">\n" .
"<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" .
"<img src=\"$logo\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
"</a>\n";
@@ -1471,18 +1463,18 @@ sub git_blame2 {
my $fd;
my $ftype;
die_error(undef, "Permission denied.") if (!git_get_project_config_bool ('blame'));
- die_error('404 Not Found', "File name not defined") if (!$file_name);
+ die_error('404 Not Found', "File name not defined.") if (!$file_name);
$hash_base ||= git_read_head($project);
- die_error(undef, "Reading commit failed") unless ($hash_base);
+ die_error(undef, "Couldn't find base commit.") unless ($hash_base);
my %co = git_read_commit($hash_base)
- or die_error(undef, "Reading commit failed");
+ or die_error(undef, "Reading commit failed.");
if (!defined $hash) {
$hash = git_get_hash_by_path($hash_base, $file_name, "blob")
- or die_error(undef, "Error looking up file");
+ or die_error(undef, "Error looking up file $file_name");
}
$ftype = git_get_type($hash);
if ($ftype !~ "blob") {
- die_error("400 Bad Request", "object is not a blob");
+ die_error("400 Bad Request", "Object is not a blob.");
}
open ($fd, "-|", $GIT, "blame", '-l', $file_name, $hash_base)
or die_error(undef, "Open git-blame failed.");
@@ -1529,14 +1521,14 @@ sub git_blame2 {
sub git_blame {
my $fd;
die_error('403 Permission denied', "Permission denied.") if (!git_get_project_config_bool ('blame'));
- die_error('404 Not Found', "What file will it be, master?") if (!$file_name);
+ die_error('404 Not Found', "File name not defined.") if (!$file_name);
$hash_base ||= git_read_head($project);
- die_error(undef, "Reading commit failed.") unless ($hash_base);
+ die_error(undef, "Couldn't find base commit.") unless ($hash_base);
my %co = git_read_commit($hash_base)
or die_error(undef, "Reading commit failed.");
if (!defined $hash) {
$hash = git_get_hash_by_path($hash_base, $file_name, "blob")
- or die_error(undef, "Error lookup file.");
+ or die_error(undef, "Error lookup file $file_name");
}
open ($fd, "-|", $GIT, "annotate", '-l', '-t', '-r', $file_name, $hash_base)
or die_error(undef, "Open git-annotate failed.");
@@ -1649,7 +1641,7 @@ sub git_blob_plain {
if (defined $file_name) {
my $base = $hash_base || git_read_head($project);
$hash = git_get_hash_by_path($base, $file_name, "blob")
- or die_error(undef, "Error lookup file.");
+ or die_error(undef, "Error lookup file $file_name");
} else {
die_error(undef, "No file name defined.");
}
@@ -1682,7 +1674,7 @@ sub git_blob {
if (defined $file_name) {
my $base = $hash_base || git_read_head($project);
$hash = git_get_hash_by_path($base, $file_name, "blob")
- or die_error(undef, "Error lookup file.");
+ or die_error(undef, "Error lookup file $file_name");
} else {
die_error(undef, "No file name defined.");
}
@@ -2122,7 +2114,7 @@ sub git_commitdiff {
open my $fd, "-|", $GIT, "diff-tree", '-r', $hash_parent, $hash
or die_error(undef, "Open git-diff-tree failed.");
my @difftree = map { chomp; $_ } <$fd>;
- close $fd or die_error(undef, "Reading diff-tree failed.");
+ close $fd or die_error(undef, "Reading git-diff-tree failed.");
# non-textual hash id's can be cached
my $expires;
@@ -2202,7 +2194,7 @@ sub git_commitdiff_plain {
open my $fd, "-|", $GIT, "diff-tree", '-r', $hash_parent, $hash
or die_error(undef, "Open git-diff-tree failed.");
my @difftree = map { chomp; $_ } <$fd>;
- close $fd or die_error(undef, "Reading diff-tree failed.");
+ close $fd or die_error(undef, "Reading git-diff-tree failed.");
# try to figure out the next tag after this commit
my $tagname;
@@ -2493,7 +2485,7 @@ sub git_rss {
open my $fd, "-|", $GIT, "rev-list", "--max-count=150", git_read_head($project)
or die_error(undef, "Open git-rev-list failed.");
my @revlist = map { chomp; $_ } <$fd>;
- close $fd or die_error(undef, "Reading rev-list failed.");
+ close $fd or die_error(undef, "Reading git-rev-list failed.");
print $cgi->header(-type => 'text/xml', -charset => 'utf-8');
print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n".
"<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">\n";
--
1.4.1.1
next prev parent reply other threads:[~2006-08-04 22:42 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-04 22:36 [PATCH 0/5] Some further gitweb patches Jakub Narebski
2006-08-04 22:38 ` Jakub Narebski [this message]
2006-08-04 23:54 ` [PATCH 1/5] gitweb: Cleanup input validation and error messages Luben Tuikov
2006-08-05 0:02 ` [PATCH 6/5] gitweb: No periods for " Jakub Narebski
2006-08-04 23:54 ` [PATCH 1/5] gitweb: Cleanup input validation and " Luben Tuikov
2006-08-05 0:15 ` Junio C Hamano
2006-08-05 0:26 ` Jakub Narebski
2006-08-05 10:51 ` [PATCH 0/9] gitweb: First patch corrected and split into separate patches Jakub Narebski
2006-08-05 10:55 ` [PATCH 1/9] gitweb: Separate input validation and dispatch, add comment about opml action Jakub Narebski
2006-08-05 10:56 ` [PATCH 2/9] gitweb: die_error first (optional) parameter is HTTP status Jakub Narebski
2006-08-05 10:56 ` [PATCH 3/9] gitweb: Use undef for die_error to use default first (status) parameter value Jakub Narebski
2006-08-05 10:58 ` [PATCH 4/9] gitweb: Don't undefine query parameter related variables before die_error Jakub Narebski
2006-08-05 11:12 ` [PATCH 5/9] gitweb: Cleanup and uniquify error messages Jakub Narebski
2006-08-05 11:13 ` [PATCH 6/9] gitweb: No periods for " Jakub Narebski
2006-08-05 15:55 ` Luben Tuikov
2006-08-05 16:15 ` Jakub Narebski
2006-08-05 11:15 ` [PATCH 7/9] gitweb: No error messages with unescaped/unprotected user input Jakub Narebski
2006-08-05 11:16 ` [PATCH 8/9] gitweb: PATH_INFO=/ means no project Jakub Narebski
2006-08-05 11:18 ` [PATCH 9/9] gitweb: Inline $rss_link Jakub Narebski
2006-08-04 22:39 ` [PATCH 2/5] gitweb: Great subroutines renaming Jakub Narebski
2006-08-04 22:40 ` [PATCH 3/5] gitweb: Separate ref parsing in git_read_refs into parse_ref Jakub Narebski
2006-08-04 22:42 ` [PATCH 4/5] gitweb: git_heads cleanup Jakub Narebski
2006-08-04 22:43 ` [PATCH 5/5] gitweb: Change appereance of marker of refs pointing to given object Jakub Narebski
2006-08-05 11:42 ` [PATCH 7/5] Merge changes in "split patch 1" series Jakub Narebski
2006-08-05 14:55 ` Johannes Schindelin
2006-08-05 15:05 ` Jakub Narebski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200608050038.20534.jnareb@gmail.com \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.