githttpbackend: require Range:, Status: to be ASCII digits

Non-ASCII digits would be interpreted as a zeroes as integers.

While we're at it, ensure the Status: code is an ASCII digit,
too; though I would not expect git-http-backend(1) or cgit(1)
start spewing non-ASCII digits at us.

diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm
index 09411048db25a8d4fcb41237d4285fa46abd9960..e871bdde941901b88e2c6a02d14bf50008de6443 100644 (file)
--- a/lib/PublicInbox/GitHTTPBackend.pm
+++ b/lib/PublicInbox/GitHTTPBackend.pm
@@ -90,7 +90,7 @@ sub static_result ($$$$) {
        my $len = $size;
        my $code = 200;
        push @$h, 'Content-Type', $type;
-       if (($env->{HTTP_RANGE} || '') =~ /\bbytes=(\d*)-(\d*)\z/) {
+       if (($env->{HTTP_RANGE} || '') =~ /\bbytes=([0-9]*)-([0-9]*)\z/) {
                ($code, $len) = prepare_range($env, $in, $h, $1, $2, $size);
                if ($code == 416) {
                        push @$h, 'Content-Range', "bytes */$size";
@@ -260,7 +260,7 @@ sub parse_cgi_headers {
        foreach my $l (split(/\r?\n/, $h)) {
                my ($k, $v) = split(/:\s*/, $l, 2);
                if ($k =~ /\AStatus\z/i) {
-                       ($code) = ($v =~ /\b(\d+)\b/);
+                       ($code) = ($v =~ /\b([0-9]+)\b/);
                } else {
                        push @h, $k, $v;
                }