]> Lady’s Gitweb - Gitweb/commitdiff
Lady’s Gitweb / Gitweb / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: e3df14c)
Escape project names before creating pathinfo URLs
authormartin f. krafft <redacted>
Sun, 20 Apr 2008 21:23:38 +0000 (23:23 +0200)
committerLady <redacted>
Mon, 6 Apr 2026 04:07:12 +0000 (00:07 -0400)
If a project name contains special URL characters like +, gitweb's links
break in subtle ways. The solution is to pass the project name through
esc_url() and using the return value.

Signed-off-by: martin f. krafft <redacted>
Signed-off-by: Junio C Hamano <redacted>
gitweb.perl patch | blob | history

diff --git a/gitweb.perl b/gitweb.perl
index 2cb6bc5a16dbd39cd2d02c8575f9841986bc18ec12e60ea51a2eeae500386517..fea92daf6420dd92849b0f11c566210b912259800e885a465209c1dc2cc0fa53 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -634,7 +634,7 @@ sub href(%) {
        my ($use_pathinfo) = gitweb_check_feature('pathinfo');
        if ($use_pathinfo) {
                # use PATH_INFO for project name
-               $href .= "/$params{'project'}" if defined $params{'project'};
+               $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
                delete $params{'project'};
 
                # Summary just uses the project path URL
@@ -2576,7 +2576,7 @@ EOF
                my $action = $my_uri;
                my ($use_pathinfo) = gitweb_check_feature('pathinfo');
                if ($use_pathinfo) {
-                       $action .= "/$project";
+                       $action .= "/".esc_url($project);
                } else {
                        $cgi->param("p", $project);
                }
🐙🌐 Git·web: A C·G·I script for rendering Git repositories
This page took 0.300096 seconds and 4 git commands to generate.