|
|
|
@ -43,7 +43,7 @@ my $projects_list = "index/index.aux"; |
|
|
|
# input validation and dispatch |
|
|
|
# input validation and dispatch |
|
|
|
my $action = $cgi->param('a'); |
|
|
|
my $action = $cgi->param('a'); |
|
|
|
if (defined $action) { |
|
|
|
if (defined $action) { |
|
|
|
if ($action =~ m/[^0-9a-zA-Z\.\-_]+/) { |
|
|
|
if ($action =~ m/[^0-9a-zA-Z\.\-_]/) { |
|
|
|
undef $action; |
|
|
|
undef $action; |
|
|
|
die_error(undef, "Invalid action parameter."); |
|
|
|
die_error(undef, "Invalid action parameter."); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -58,7 +58,7 @@ if (defined $action) { |
|
|
|
|
|
|
|
|
|
|
|
my $order = $cgi->param('o'); |
|
|
|
my $order = $cgi->param('o'); |
|
|
|
if (defined $order) { |
|
|
|
if (defined $order) { |
|
|
|
if ($order =~ m/[^a-zA-Z0-9_]/) { |
|
|
|
if ($order =~ m/[^0-9a-zA-Z_]/) { |
|
|
|
undef $order; |
|
|
|
undef $order; |
|
|
|
die_error(undef, "Invalid order parameter."); |
|
|
|
die_error(undef, "Invalid order parameter."); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -66,13 +66,9 @@ if (defined $order) { |
|
|
|
|
|
|
|
|
|
|
|
my $project = $cgi->param('p'); |
|
|
|
my $project = $cgi->param('p'); |
|
|
|
if (defined $project) { |
|
|
|
if (defined $project) { |
|
|
|
if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) { |
|
|
|
$project = validate_input($project); |
|
|
|
undef $project; |
|
|
|
if (!defined($project)) { |
|
|
|
die_error(undef, "Non-canonical project parameter."); |
|
|
|
die_error(undef, "Invalid project parameter."); |
|
|
|
} |
|
|
|
|
|
|
|
if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) { |
|
|
|
|
|
|
|
undef $project; |
|
|
|
|
|
|
|
die_error(undef, "Invalid character in project parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
if (!(-d "$projectroot/$project")) { |
|
|
|
if (!(-d "$projectroot/$project")) { |
|
|
|
undef $project; |
|
|
|
undef $project; |
|
|
|
@ -91,54 +87,39 @@ if (defined $project) { |
|
|
|
|
|
|
|
|
|
|
|
my $file_name = $cgi->param('f'); |
|
|
|
my $file_name = $cgi->param('f'); |
|
|
|
if (defined $file_name) { |
|
|
|
if (defined $file_name) { |
|
|
|
if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) { |
|
|
|
$file_name = validate_input($file_name); |
|
|
|
undef $file_name; |
|
|
|
if (!defined($file_name)) { |
|
|
|
die_error(undef, "Non-canonical file parameter."); |
|
|
|
die_error(undef, "Invalid file parameter."); |
|
|
|
} |
|
|
|
|
|
|
|
if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) { |
|
|
|
|
|
|
|
undef $file_name; |
|
|
|
|
|
|
|
die_error(undef, "Invalid character in file parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
my $hash = $cgi->param('h'); |
|
|
|
my $hash = $cgi->param('h'); |
|
|
|
if (defined $hash) { |
|
|
|
if (defined $hash) { |
|
|
|
if (!($hash =~ m/^[0-9a-fA-F]{40}$/)) { |
|
|
|
$hash = validate_input($hash); |
|
|
|
if ($hash =~ m/(^|\/)(|\.|\.\.)($|\/)/) { |
|
|
|
if (!defined($hash)) { |
|
|
|
undef $hash; |
|
|
|
die_error(undef, "Invalid hash parameter."); |
|
|
|
die_error(undef, "Non-canonical hash parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if ($hash =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) { |
|
|
|
|
|
|
|
undef $hash; |
|
|
|
|
|
|
|
die_error(undef, "Invalid character in hash parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
# replace branch-name with hash |
|
|
|
|
|
|
|
my $branchlist = git_read_refs("refs/heads"); |
|
|
|
|
|
|
|
foreach my $entry (@$branchlist) { |
|
|
|
|
|
|
|
my %branch = %$entry; |
|
|
|
|
|
|
|
if ($branch{'name'} eq $hash) { |
|
|
|
|
|
|
|
$hash = $branch{'id'}; |
|
|
|
|
|
|
|
last; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
my $hash_parent = $cgi->param('hp'); |
|
|
|
my $hash_parent = $cgi->param('hp'); |
|
|
|
if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) { |
|
|
|
if (defined $hash_parent) { |
|
|
|
undef $hash_parent; |
|
|
|
$hash_parent = validate_input($hash_parent); |
|
|
|
die_error(undef, "Invalid hash_parent parameter."); |
|
|
|
if (!defined($hash_parent)) { |
|
|
|
|
|
|
|
die_error(undef, "Invalid hash parent parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
my $hash_base = $cgi->param('hb'); |
|
|
|
my $hash_base = $cgi->param('hb'); |
|
|
|
if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) { |
|
|
|
if (defined $hash_base) { |
|
|
|
undef $hash_base; |
|
|
|
$hash_base = validate_input($hash_base); |
|
|
|
die_error(undef, "Invalid parent hash parameter."); |
|
|
|
if (!defined($hash_base)) { |
|
|
|
|
|
|
|
die_error(undef, "Invalid hash base parameter."); |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
my $page = $cgi->param('pg'); |
|
|
|
my $page = $cgi->param('pg'); |
|
|
|
if (defined $page) { |
|
|
|
if (defined $page) { |
|
|
|
if ($page =~ m/^[^0-9]+$/) { |
|
|
|
if ($page =~ m/[^0-9]$/) { |
|
|
|
undef $page; |
|
|
|
undef $page; |
|
|
|
die_error(undef, "Invalid page parameter."); |
|
|
|
die_error(undef, "Invalid page parameter."); |
|
|
|
} |
|
|
|
} |
|
|
|
@ -153,6 +134,21 @@ if (defined $searchtext) { |
|
|
|
$searchtext = quotemeta $searchtext; |
|
|
|
$searchtext = quotemeta $searchtext; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sub validate_input { |
|
|
|
|
|
|
|
my $input = shift; |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if ($input =~ m/^[0-9a-fA-F]{40}$/) { |
|
|
|
|
|
|
|
return $input; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) { |
|
|
|
|
|
|
|
return undef; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
if ($input =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) { |
|
|
|
|
|
|
|
return undef; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
return $input; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
if (!defined $action || $action eq "summary") { |
|
|
|
if (!defined $action || $action eq "summary") { |
|
|
|
git_summary(); |
|
|
|
git_summary(); |
|
|
|
exit; |
|
|
|
exit; |
|
|
|
|
Kay Sievers
19 years ago