-# Copyright (C) 2019 all contributors <meta@public-inbox.org>
+# Copyright (C) 2019-2020 all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
# "Solve" blobs which don't exist in git code repositories by
# work fairly. Other PSGI servers may have trouble, though.
my $MAX_PATCH = 9999;
+my $LF = qr!\r?\n!;
+my $ANY = qr![^\r\n]+!;
+my $MODE = '100644|120000|100755';
+my $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
+my %BAD_COMPONENT = ('' => 1, '.' => 1, '..' => 1);
+
# di = diff info / a hashref with information about a diff ($di):
# {
# oid_a => abbreviated pre-image oid,
# hdr_lines => string of various header lines for mode information
# mode_a => original mode of oid_a (string, not integer),
# ibx => PublicInbox::Inbox object containing the diff
-# smsg => PublicInbox::SearchMsg object containing diff
+# smsg => PublicInbox::Smsg object containing diff
# path_a => pre-image path
# path_b => post-image path
# n => numeric path of the patch (relative to worktree)
$s =~ s/\r\n/\n/sg;
}
- state $LF = qr!\r?\n!;
- state $ANY = qr![^\r\n]+!;
- state $MODE = '100644|120000|100755';
- state $FN = qr!(?:("?[^/\n]+/[^\r\n]+)|/dev/null)!;
$s =~ m!( # $1 start header lines we save for debugging:
# get rid of path-traversal attempts and junk patches:
# it's junk at best, an attack attempt at worse:
- state $bad_component = { map { $_ => 1 } ('', '.', '..') };
- foreach (@a, @b) { return if $bad_component->{$_} }
+ foreach (@a, @b) { return if $BAD_COMPONENT{$_} }
$di->{path_a} = join('/', @a) if @a;
$di->{path_b} = join('/', @b);