]> Sergey Matveev's repositories - public-inbox.git/commitdiff
projects / public-inbox.git / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bbfa42a)
www: require ASCII digit for git epoch
authorEric Wong <e@80x24.org>
Tue, 4 Jun 2019 08:36:18 +0000 (08:36 +0000)
committerEric Wong <e@80x24.org>
Tue, 4 Jun 2019 10:06:18 +0000 (10:06 +0000)
Don't inadvertantly serve git repos containing non-ASCII
digit characters.

lib/PublicInbox/WWW.pm patch | blob | history

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 7670224f0a45db71f13a2b6da2da8bfa8af6c1f2..b0fad7fed256e62af666cb91ef096ba02716ae80 100644 (file)
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -74,7 +74,8 @@ sub call {
        my $method = $env->{REQUEST_METHOD};
 
        if ($method eq 'POST') {
-               if ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?(git-upload-pack)\z!) {
+               if ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
+                                       (git-upload-pack)\z!x) {
                        my ($part, $path) = ($2, $3);
                        return invalid_inbox($ctx, $1) ||
                                serve_git($ctx, $part, $path);
@@ -97,7 +98,7 @@ sub call {
                invalid_inbox($ctx, $1) || get_atom($ctx);
        } elsif ($path_info =~ m!$INBOX_RE/new\.html\z!o) {
                invalid_inbox($ctx, $1) || get_new($ctx);
-       } elsif ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?
+       } elsif ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
                                ($PublicInbox::GitHTTPBackend::ANY)\z!ox) {
                my ($part, $path) = ($2, $3);
                invalid_inbox($ctx, $1) || serve_git($ctx, $part, $path);
My patches to https://public-inbox.org/public-inbox.git