X-Git-Url: http://www.git.stargrave.org/?a=blobdiff_plain;f=lib%2FPublicInbox%2FSolverGit.pm;h=f881e16e41c89cfdd74515401ad2b164394dde22;hb=a7c58d0ce022671c9170401054a1131b9ec15bfa;hp=06b4cdc40c220d6d849f9c05ef3b439cf0708471;hpb=021b862ac94f1c226f0778a336d4f3d566b86f9b;p=public-inbox.git
diff --git a/lib/PublicInbox/SolverGit.pm b/lib/PublicInbox/SolverGit.pm
index 06b4cdc4..f881e16e 100644
--- a/lib/PublicInbox/SolverGit.pm
+++ b/lib/PublicInbox/SolverGit.pm
@@ -1,4 +1,4 @@
-# Copyright (C) 2019 all contributors
+# Copyright (C) 2019-2020 all contributors
# License: AGPL-3.0+
# "Solve" blobs which don't exist in git code repositories by
@@ -34,6 +34,12 @@ my $OID_MIN = 7;
# work fairly. Other PSGI servers may have trouble, though.
my $MAX_PATCH = 9999;
+my $LF = qr!\r?\n!;
+my $ANY = qr![^\r\n]+!;
+my $MODE = '100644|120000|100755';
+my $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
+my %BAD_COMPONENT = ('' => 1, '.' => 1, '..' => 1);
+
# di = diff info / a hashref with information about a diff ($di):
# {
# oid_a => abbreviated pre-image oid,
@@ -110,10 +116,6 @@ sub extract_diff ($$) {
$s =~ s/\r\n/\n/sg;
}
- state $LF = qr!\r?\n!;
- state $ANY = qr![^\r\n]+!;
- state $MODE = '100644|120000|100755';
- state $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
$s =~ m!( # $1 start header lines we save for debugging:
@@ -174,8 +176,7 @@ sub extract_diff ($$) {
# get rid of path-traversal attempts and junk patches:
# it's junk at best, an attack attempt at worse:
- state $bad_component = { map { $_ => 1 } ('', '.', '..') };
- foreach (@a, @b) { return if $bad_component->{$_} }
+ foreach (@a, @b) { return if $BAD_COMPONENT{$_} }
$di->{path_a} = join('/', @a) if @a;
$di->{path_b} = join('/', @b);
@@ -530,7 +531,8 @@ sub resolve_patch ($$) {
if (my $existing = solve_existing($self, $want)) {
my ($found_git, undef, $type, undef) = @$existing;
dbg($self, "found $cur_want in " .
- join("\n", $found_git->pub_urls($self->{psgi_env})));
+ join(" ||\n\t",
+ $found_git->pub_urls($self->{psgi_env})));
if ($cur_want eq $self->{oid_want} || $type ne 'blob') {
eval { done($self, $existing) };
@@ -548,7 +550,7 @@ sub resolve_patch ($$) {
unshift @{$self->{patches}}, @$diffs;
dbg($self, "found $cur_want in ".
- join("\n\t", map { di_url($self, $_) } @$diffs));
+ join(" ||\n\t", map { di_url($self, $_) } @$diffs));
# good, we can find a path to the oid we $want, now
# lets see if we need to apply more patches: