]> Lady’s Gitweb - Gitweb/blobdiff - gitweb.perl
Lady’s Gitweb / Gitweb / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
gitweb: do not misparse nonnumeric content tag files that contain a digit
[Gitweb] / gitweb.perl
diff --git a/gitweb.perl b/gitweb.perl
index 5e69a1635bbd6f0c884561f7e68db0072a79214dbe4fbd2fb91b6e3972be1f4b..60004e41465197ac74b1c0019009c26c5a802df238a17500efaa658fc4e37e9e 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -2645,7 +2645,7 @@ sub git_get_project_ctags {
                        close $ct;
 
                        (my $ctag = $tagfile) =~ s#.*/##;
-                       if ($val =~ /\d+/) {
+                       if ($val =~ /^\d+$/) {
                                $ctags->{$ctag} = $val;
                        } else {
                                $ctags->{$ctag} = 1;
@@ -6128,7 +6128,7 @@ sub git_blob_plain {
        # want to be sure not to break that by serving the image as an
        # attachment (though Firefox 3 doesn't seem to care).
        my $sandbox = $prevent_xss &&
-               $type !~ m!^(?:text/plain|image/(?:gif|png|jpeg))$!;
+               $type !~ m!^(?:text/plain|image/(?:gif|png|jpeg))(?:[ ;]|$)!;
 
        print $cgi->header(
                -type => $type,
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.224541 seconds and 4 git commands to generate.