Re: [PATCH] gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO
Jakub Narebski writes: > On Thu, 9 Aug 2012, Junio C Hamano wrote: >> Jay Soffian writes: >> >> > When gitweb is used as a DirectoryIndex, it attempts to strip >> > PATH_INFO on its own, as $cgi->url() fails to do so. >> > >> > However, it fails to account for the fact that PATH_INFO has >> > already been URL-decoded by the web server, but the value >> > returned by $cgi->url() has not been. This causes the stripping >> > to fail whenever the URL contains encoded characters. >> > >> > To see this in action, setup gitweb as a DirectoryIndex and >> > then use it on a repository with a directory containing a >> > space in the name. Navigate to tree view, examine the gitweb >> > generated html and you'll see a link such as: >> > >> > directory with >> > spaces >> > >> > When clicked on, the browser will URL-encode this link, giving >> > a $cgi->url() of the form: >> > >> >/test.git/tree/HEAD:/directory%20with%20spaces >> > >> > While PATH_INFO is: >> > >> >/test.git/tree/HEAD:/directory with spaces >> > >> > Fix this by calling unescape() on both $my_url and $my_uri before >> > stripping PATH_INFO from them. >> > >> > Signed-off-by: Jay Soffian >> > --- >> >> Thanks. From a cursory look, with the help from the explanation in >> the proposed commit log message, the change looks sensible. >> >> I wonder if a breakage like this is something we can catch in one of >> the t95xx series of tests, though. > > No, it is unfortunately not possible with current test infrastructure > for gitweb. The gitweb_run from t/gitweb-lib.sh allows to set > PATH_INFO and QUERY_STRING, but does not allow to set up URL. > > That might change in the future... > >> Jakub, Ack? > > Acked-by: Jakub Narebski > > Uf ut us bot too late... Thanks. -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO
On Thu, 9 Aug 2012, Junio C Hamano wrote: > Jay Soffian writes: > > > When gitweb is used as a DirectoryIndex, it attempts to strip > > PATH_INFO on its own, as $cgi->url() fails to do so. > > > > However, it fails to account for the fact that PATH_INFO has > > already been URL-decoded by the web server, but the value > > returned by $cgi->url() has not been. This causes the stripping > > to fail whenever the URL contains encoded characters. > > > > To see this in action, setup gitweb as a DirectoryIndex and > > then use it on a repository with a directory containing a > > space in the name. Navigate to tree view, examine the gitweb > > generated html and you'll see a link such as: > > > > directory with > > spaces > > > > When clicked on, the browser will URL-encode this link, giving > > a $cgi->url() of the form: > > > >/test.git/tree/HEAD:/directory%20with%20spaces > > > > While PATH_INFO is: > > > >/test.git/tree/HEAD:/directory with spaces > > > > Fix this by calling unescape() on both $my_url and $my_uri before > > stripping PATH_INFO from them. > > > > Signed-off-by: Jay Soffian > > --- > > Thanks. From a cursory look, with the help from the explanation in > the proposed commit log message, the change looks sensible. > > I wonder if a breakage like this is something we can catch in one of > the t95xx series of tests, though. No, it is unfortunately not possible with current test infrastructure for gitweb. The gitweb_run from t/gitweb-lib.sh allows to set PATH_INFO and QUERY_STRING, but does not allow to set up URL. That might change in the future... > Jakub, Ack? Acked-by: Jakub Narebski Uf ut us bot too late... -- Jakub Narebski Poland -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH] gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO
Jay Soffian writes: > When gitweb is used as a DirectoryIndex, it attempts to strip > PATH_INFO on its own, as $cgi->url() fails to do so. > > However, it fails to account for the fact that PATH_INFO has > already been URL-decoded by the web server, but the value > returned by $cgi->url() has not been. This causes the stripping > to fail whenever the URL contains encoded characters. > > To see this in action, setup gitweb as a DirectoryIndex and > then use it on a repository with a directory containing a > space in the name. Navigate to tree view, examine the gitweb > generated html and you'll see a link such as: > > directory with > spaces > > When clicked on, the browser will URL-encode this link, giving > a $cgi->url() of the form: > >/test.git/tree/HEAD:/directory%20with%20spaces > > While PATH_INFO is: > >/test.git/tree/HEAD:/directory with spaces > > Fix this by calling unescape() on both $my_url and $my_uri before > stripping PATH_INFO from them. > > Signed-off-by: Jay Soffian > --- Thanks. From a cursory look, with the help from the explanation in the proposed commit log message, the change looks sensible. I wonder if a breakage like this is something we can catch in one of the t95xx series of tests, though. Jakub, Ack? > gitweb/gitweb.perl | 5 + > 1 file changed, 5 insertions(+) > > diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl > index 3d6a705388..7f8c1878d4 100755 > --- a/gitweb/gitweb.perl > +++ b/gitweb/gitweb.perl > @@ -54,6 +54,11 @@ sub evaluate_uri { > # to build the base URL ourselves: > our $path_info = decode_utf8($ENV{"PATH_INFO"}); > if ($path_info) { > + # $path_info has already been URL-decoded by the web server, but > + # $my_url and $my_uri have not. URL-decode them so we can > properly > + # strip $path_info. > + $my_url = unescape($my_url); > + $my_uri = unescape($my_uri); > if ($my_url =~ s,\Q$path_info\E$,, && > $my_uri =~ s,\Q$path_info\E$,, && > defined $ENV{'SCRIPT_NAME'}) { -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
[PATCH] gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO
When gitweb is used as a DirectoryIndex, it attempts to strip PATH_INFO on its own, as $cgi->url() fails to do so. However, it fails to account for the fact that PATH_INFO has already been URL-decoded by the web server, but the value returned by $cgi->url() has not been. This causes the stripping to fail whenever the URL contains encoded characters. To see this in action, setup gitweb as a DirectoryIndex and then use it on a repository with a directory containing a space in the name. Navigate to tree view, examine the gitweb generated html and you'll see a link such as: directory with spaces When clicked on, the browser will URL-encode this link, giving a $cgi->url() of the form: /test.git/tree/HEAD:/directory%20with%20spaces While PATH_INFO is: /test.git/tree/HEAD:/directory with spaces Fix this by calling unescape() on both $my_url and $my_uri before stripping PATH_INFO from them. Signed-off-by: Jay Soffian --- gitweb/gitweb.perl | 5 + 1 file changed, 5 insertions(+) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 3d6a705388..7f8c1878d4 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -54,6 +54,11 @@ sub evaluate_uri { # to build the base URL ourselves: our $path_info = decode_utf8($ENV{"PATH_INFO"}); if ($path_info) { + # $path_info has already been URL-decoded by the web server, but + # $my_url and $my_uri have not. URL-decode them so we can properly + # strip $path_info. + $my_url = unescape($my_url); + $my_uri = unescape($my_uri); if ($my_url =~ s,\Q$path_info\E$,, && $my_uri =~ s,\Q$path_info\E$,, && defined $ENV{'SCRIPT_NAME'}) { -- 1.7.11.3 -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html