* [PATCH] gitweb: fix problem causing erroneous project list @ 2013-06-05 4:44 Charles McGarvey 2013-06-05 19:17 ` Junio C Hamano 0 siblings, 1 reply; 4+ messages in thread From: Charles McGarvey @ 2013-06-05 4:44 UTC (permalink / raw) To: git; +Cc: Jakub Narebski The bug is manifest when running gitweb in a persistent process (e.g. FastCGI, PSGI), and it's easy to reproduce. If a gitweb request includes the searchtext parameter (i.e. s), subsequent requests using the project_list action--which is the default action--and without a searchtext parameter will be filtered by the searchtext value of the first request. This is because the value of the $search_regexp global (the value of which is based on the searchtext parameter) is currently being persisted between requests. Instead, clear $search_regexp before dispatching each request. Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com> --- I don't think there are currently any persistent-process gitweb tests to copy from, so writing a test for this seems to be non-trivial. gitweb/gitweb.perl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 80950c0..8d69ada 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -1086,7 +1086,7 @@ sub evaluate_and_validate_params { our $search_use_regexp = $input_params{'search_use_regexp'}; our $searchtext = $input_params{'searchtext'}; - our $search_regexp; + our $search_regexp = undef; if (defined $searchtext) { if (length($searchtext) < 2) { die_error(403, "At least two characters are required for search parameter"); -- 1.8.1.5 ^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] gitweb: fix problem causing erroneous project list 2013-06-05 4:44 [PATCH] gitweb: fix problem causing erroneous project list Charles McGarvey @ 2013-06-05 19:17 ` Junio C Hamano 2013-06-07 20:39 ` Jakub Narębski 0 siblings, 1 reply; 4+ messages in thread From: Junio C Hamano @ 2013-06-05 19:17 UTC (permalink / raw) To: Charles McGarvey; +Cc: git, Jakub Narebski Charles McGarvey <chazmcgarvey@brokenzipper.com> writes: > The bug is manifest when running gitweb in a persistent process (e.g. > FastCGI, PSGI), and it's easy to reproduce. If a gitweb request > includes the searchtext parameter (i.e. s), subsequent requests using > the project_list action--which is the default action--and without > a searchtext parameter will be filtered by the searchtext value of the > first request. This is because the value of the $search_regexp global > (the value of which is based on the searchtext parameter) is currently > being persisted between requests. > > Instead, clear $search_regexp before dispatching each request. > > Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com> > --- > I don't think there are currently any persistent-process gitweb tests to > copy from, so writing a test for this seems to be non-trivial. The problem description makes sense to me, and clearing with "undef" is in line with the case where the CGI is run for the first time, so I think this patch is correct. Will wait for a while to give Jakub some time to comment on (like: Ack ;-) and then apply. Thanks. By the way, I looked at how $search_regexp is used in the code: * esc_html_match_hl and esc_html_match_hl__chopped (called from git_project_list_rows, for example) want to have "undef"; an empty string will not do. * search_projects_list (called from git_project_list_body) x git_search_files and git_search_grep_body assume that $search_regexp can be interpolated in m//, which is not very nice. They want an empty string. So as an independent fix, the two subs may want to be fixed if we want to be undef clean. Or am I missing something? Jakub, isn't this kind of "undef" reference t9500 was designed to catch? > gitweb/gitweb.perl | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl > index 80950c0..8d69ada 100755 > --- a/gitweb/gitweb.perl > +++ b/gitweb/gitweb.perl > @@ -1086,7 +1086,7 @@ sub evaluate_and_validate_params { > our $search_use_regexp = $input_params{'search_use_regexp'}; > > our $searchtext = $input_params{'searchtext'}; > - our $search_regexp; > + our $search_regexp = undef; > if (defined $searchtext) { > if (length($searchtext) < 2) { > die_error(403, "At least two characters are required for search parameter"); ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] gitweb: fix problem causing erroneous project list 2013-06-05 19:17 ` Junio C Hamano @ 2013-06-07 20:39 ` Jakub Narębski 2013-06-07 21:59 ` Junio C Hamano 0 siblings, 1 reply; 4+ messages in thread From: Jakub Narębski @ 2013-06-07 20:39 UTC (permalink / raw) To: Junio C Hamano; +Cc: Charles McGarvey, git On Wed, Jun 5, 2013 at 9:17 PM, Junio C Hamano <gitster@pobox.com> wrote: > Charles McGarvey <chazmcgarvey@brokenzipper.com> writes: > >> The bug is manifest when running gitweb in a persistent process (e.g. >> FastCGI, PSGI), and it's easy to reproduce. If a gitweb request >> includes the searchtext parameter (i.e. s), subsequent requests using >> the project_list action--which is the default action--and without >> a searchtext parameter will be filtered by the searchtext value of the >> first request. This is because the value of the $search_regexp global >> (the value of which is based on the searchtext parameter) is currently >> being persisted between requests. >> >> Instead, clear $search_regexp before dispatching each request. >> >> Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com> Acked-by: Jakub Narebski <jnareb@gmail.com> >> --- >> I don't think there are currently any persistent-process gitweb tests to >> copy from, so writing a test for this seems to be non-trivial. Well, there is Plack::Test, and gitweb supports running as PSGI app. Though all such test would have to be under new PLACK or PSGI prerequisite. > The problem description makes sense to me, and clearing with "undef" > is in line with the case where the CGI is run for the first time, so > I think this patch is correct. > > Will wait for a while to give Jakub some time to comment on (like: > Ack ;-) and then apply. Thanks. > > By the way, I looked at how $search_regexp is used in the code: How $search_regexp is used does not matter. What was intended (but was not implemented) is for $search_regexp to matter and to be used only if $searchtext is defined. $searchtext is reset on each request, so $search_regexp should be also reset... like in Charles's patch. Anyway in the analysis below we need to check if code checks $searchtext first. > * esc_html_match_hl and esc_html_match_hl__chopped (called from > git_project_list_rows, for example) want to have "undef"; an > empty string will not do. > > * search_projects_list (called from git_project_list_body) > > x git_search_files and git_search_grep_body assume that > $search_regexp can be interpolated in m//, which is not very > nice. They want an empty string. But both git_search_files() and git_search_grep_body() are run from git_search(), which "dies" (returns HTTP 400 "Text field is empty" error) if $searchtext is not defined; if $searchtext is defined then $search_regexp is string and is never undef. > So as an independent fix, the two subs may want to be fixed if we > want to be undef clean. Or am I missing something? Jakub, isn't > this kind of "undef" reference t9500 was designed to catch? > >> gitweb/gitweb.perl | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl >> index 80950c0..8d69ada 100755 >> --- a/gitweb/gitweb.perl >> +++ b/gitweb/gitweb.perl >> @@ -1086,7 +1086,7 @@ sub evaluate_and_validate_params { >> our $search_use_regexp = $input_params{'search_use_regexp'}; >> >> our $searchtext = $input_params{'searchtext'}; >> - our $search_regexp; >> + our $search_regexp = undef; >> if (defined $searchtext) { >> if (length($searchtext) < 2) { >> die_error(403, "At least two characters are required for search parameter"); -- Jakub Narebski ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] gitweb: fix problem causing erroneous project list 2013-06-07 20:39 ` Jakub Narębski @ 2013-06-07 21:59 ` Junio C Hamano 0 siblings, 0 replies; 4+ messages in thread From: Junio C Hamano @ 2013-06-07 21:59 UTC (permalink / raw) To: Jakub Narębski; +Cc: Charles McGarvey, git Jakub Narębski <jnareb@gmail.com> writes: >>> Instead, clear $search_regexp before dispatching each request. >>> >>> Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com> > > Acked-by: Jakub Narebski <jnareb@gmail.com> Thanks (the ack was a few hours too late and the commit is already in 'next', so I won't be able to rewind it though). >> By the way, I looked at how $search_regexp is used in the code: > > How $search_regexp is used does not matter. What was intended > (but was not implemented) is for $search_regexp to matter and to > be used only if $searchtext is defined. $searchtext is reset on each > request, so $search_regexp should be also reset... like in Charles's > patch. Oh, we are in total agreement about that. That is why the part is marked with "By the way"---it is an orthogonal issue (which turned out to be a non-issue). >> x git_search_files and git_search_grep_body assume that >> $search_regexp can be interpolated in m//, which is not very >> nice. They want an empty string. > > But both git_search_files() and git_search_grep_body() are run from > git_search(), which "dies" (returns HTTP 400 "Text field is empty" error) > if $searchtext is not defined; if $searchtext is defined then $search_regexp > is string and is never undef. Thanks; that is what I missed. >> So as an independent fix, the two subs may want to be fixed if we >> want to be undef clean. Or am I missing something? ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2013-06-07 21:59 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2013-06-05 4:44 [PATCH] gitweb: fix problem causing erroneous project list Charles McGarvey 2013-06-05 19:17 ` Junio C Hamano 2013-06-07 20:39 ` Jakub Narębski 2013-06-07 21:59 ` Junio C Hamano
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).