From: Jakub Narebski <jnareb@gmail.com>
To: git@vger.kernel.org
Subject: [PATCH 4/9] gitweb: Don't undefine query parameter related variables before die_error
Date: Sat, 05 Aug 2006 12:58:06 +0200 [thread overview]
Message-ID: <eb1tij$6kf$4@sea.gmane.org> (raw)
In-Reply-To: 44d47813.36251c31.2553.3cf7@mx.gmail.com
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
---
It would allow to include value of invalid parameter in error message
gitweb/gitweb.perl | 21 +++++----------------
1 files changed, 5 insertions(+), 16 deletions(-)
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 9b9bf37..6f3f465 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -76,7 +76,6 @@ # input validation and dispatch
our $action = $cgi->param('a');
if (defined $action) {
if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
- undef $action;
die_error(undef, "Invalid action parameter.");
}
# action which does not check rest of parameters
@@ -89,16 +88,13 @@ if (defined $action) {
our $project = ($cgi->param('p') || $ENV{'PATH_INFO'});
if (defined $project) {
$project =~ s|^/||; $project =~ s|/$||;
- $project = validate_input($project);
- if (!defined($project)) {
+ if (!validate_input($project)) {
die_error(undef, "Invalid project parameter.");
}
if (!(-d "$projectroot/$project")) {
- undef $project;
die_error(undef, "No such directory.");
}
if (!(-e "$projectroot/$project/HEAD")) {
- undef $project;
die_error(undef, "No such project.");
}
$rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
@@ -111,32 +107,28 @@ if (defined $project) {
our $file_name = $cgi->param('f');
if (defined $file_name) {
- $file_name = validate_input($file_name);
- if (!defined($file_name)) {
+ if (!validate_input($file_name)) {
die_error(undef, "Invalid file parameter.");
}
}
our $hash = $cgi->param('h');
if (defined $hash) {
- $hash = validate_input($hash);
- if (!defined($hash)) {
+ if (!validate_input($hash)) {
die_error(undef, "Invalid hash parameter.");
}
}
our $hash_parent = $cgi->param('hp');
if (defined $hash_parent) {
- $hash_parent = validate_input($hash_parent);
- if (!defined($hash_parent)) {
+ if (!validate_input($hash_parent)) {
die_error(undef, "Invalid hash parent parameter.");
}
}
our $hash_base = $cgi->param('hb');
if (defined $hash_base) {
- $hash_base = validate_input($hash_base);
- if (!defined($hash_base)) {
+ if (!validate_input($hash_base)) {
die_error(undef, "Invalid hash base parameter.");
}
}
@@ -144,7 +136,6 @@ if (defined $hash_base) {
our $page = $cgi->param('pg');
if (defined $page) {
if ($page =~ m/[^0-9]$/) {
- undef $page;
die_error(undef, "Invalid page parameter.");
}
}
@@ -152,7 +143,6 @@ if (defined $page) {
our $searchtext = $cgi->param('s');
if (defined $searchtext) {
if ($searchtext =~ m/[^a-zA-Z0-9_\.\/\-\+\:\@ ]/) {
- undef $searchtext;
die_error(undef, "Invalid search parameter.");
}
$searchtext = quotemeta $searchtext;
@@ -182,7 +172,6 @@ my %actions = (
$action = 'summary' if (!defined($action));
if (!defined($actions{$action})) {
- undef $action;
die_error(undef, "Unknown action.");
}
$actions{$action}->();
--
1.4.1.1
next prev parent reply other threads:[~2006-08-05 11:10 UTC|newest]
Thread overview: 26+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-04 22:36 [PATCH 0/5] Some further gitweb patches Jakub Narebski
2006-08-04 22:38 ` [PATCH 1/5] gitweb: Cleanup input validation and error messages Jakub Narebski
2006-08-04 23:54 ` Luben Tuikov
2006-08-05 0:02 ` [PATCH 6/5] gitweb: No periods for " Jakub Narebski
2006-08-04 23:54 ` [PATCH 1/5] gitweb: Cleanup input validation and " Luben Tuikov
2006-08-05 0:15 ` Junio C Hamano
2006-08-05 0:26 ` Jakub Narebski
2006-08-05 10:51 ` [PATCH 0/9] gitweb: First patch corrected and split into separate patches Jakub Narebski
2006-08-05 10:55 ` [PATCH 1/9] gitweb: Separate input validation and dispatch, add comment about opml action Jakub Narebski
2006-08-05 10:56 ` [PATCH 2/9] gitweb: die_error first (optional) parameter is HTTP status Jakub Narebski
2006-08-05 10:56 ` [PATCH 3/9] gitweb: Use undef for die_error to use default first (status) parameter value Jakub Narebski
2006-08-05 10:58 ` Jakub Narebski [this message]
2006-08-05 11:12 ` [PATCH 5/9] gitweb: Cleanup and uniquify error messages Jakub Narebski
2006-08-05 11:13 ` [PATCH 6/9] gitweb: No periods for " Jakub Narebski
2006-08-05 15:55 ` Luben Tuikov
2006-08-05 16:15 ` Jakub Narebski
2006-08-05 11:15 ` [PATCH 7/9] gitweb: No error messages with unescaped/unprotected user input Jakub Narebski
2006-08-05 11:16 ` [PATCH 8/9] gitweb: PATH_INFO=/ means no project Jakub Narebski
2006-08-05 11:18 ` [PATCH 9/9] gitweb: Inline $rss_link Jakub Narebski
2006-08-04 22:39 ` [PATCH 2/5] gitweb: Great subroutines renaming Jakub Narebski
2006-08-04 22:40 ` [PATCH 3/5] gitweb: Separate ref parsing in git_read_refs into parse_ref Jakub Narebski
2006-08-04 22:42 ` [PATCH 4/5] gitweb: git_heads cleanup Jakub Narebski
2006-08-04 22:43 ` [PATCH 5/5] gitweb: Change appereance of marker of refs pointing to given object Jakub Narebski
2006-08-05 11:42 ` [PATCH 7/5] Merge changes in "split patch 1" series Jakub Narebski
2006-08-05 14:55 ` Johannes Schindelin
2006-08-05 15:05 ` Jakub Narebski
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='eb1tij$6kf$4@sea.gmane.org' \
--to=jnareb@gmail.com \
--cc=git@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.