# work fairly. Other PSGI servers may have trouble, though.
my $MAX_PATCH = 9999;
+my $LF = qr!\r?\n!;
+my $ANY = qr![^\r\n]+!;
+my $MODE = '100644|120000|100755';
+my $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
+my %BAD_COMPONENT = ('' => 1, '.' => 1, '..' => 1);
+
# di = diff info / a hashref with information about a diff ($di):
# {
# oid_a => abbreviated pre-image oid,
$s =~ s/\r\n/\n/sg;
}
- state $LF = qr!\r?\n!;
- state $ANY = qr![^\r\n]+!;
- state $MODE = '100644|120000|100755';
- state $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
$s =~ m!( # $1 start header lines we save for debugging:
# get rid of path-traversal attempts and junk patches:
# it's junk at best, an attack attempt at worse:
- state $bad_component = { map { $_ => 1 } ('', '.', '..') };
- foreach (@a, @b) { return if $bad_component->{$_} }
+ foreach (@a, @b) { return if $BAD_COMPONENT{$_} }
$di->{path_a} = join('/', @a) if @a;
$di->{path_b} = join('/', @b);
my $OID_NULL = '0{7,40}';
my $OID_BLOB = '[a-f0-9]{7,40}';
+my $LF = qr!\n!;
+my $ANY = qr![^\n]!;
+my $FN = qr!(?:"?[^/\n]+/[^\n]+|/dev/null)!;
# cf. git diff.c :: get_compact_summary
my $DIFFSTAT_COMMENT = qr/\((?:new|gone|(?:(?:new|mode) [\+\-][lx]))\)/;
# callers must do CRLF => LF conversion before calling this
sub flush_diff ($$$) {
my ($dst, $ctx, $cur) = @_;
- state $LF = qr!\n!;
- state $ANY = qr![^\n]!;
- state $FN = qr!(?:"?[^/\n]+/[^\n]+|/dev/null)!;
my @top = split(/(
(?: # begin header stuff, don't capture filenames, here,