gitweb: Protect escaping functions against calling on undef

This is a bit of future-proofing esc_html and friends: when called
with undefined value they would now would return undef... which would
probably mean that error would still occur, but closer to the source
of problem.

This means that we can safely use
  esc_html(shift) || "Internal Server Error"
in die_error() instead of
  esc_html(shift || "Internal Server Error")

Signed-off-by: Jakub Narebski <redacted>
Signed-off-by: Junio C Hamano <redacted>

diff --git a/gitweb.perl b/gitweb.perl
index 6804ead67be28162b41b5d8226f5cede6938e83ebbe02afdd777419118488b80..77b63fcbcb8989780cf93380f9385e1abbf28ff5055b0fb5aa290d4cadc88bde 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -1147,6 +1147,7 @@ sub validate_refname {
 # in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
 sub to_utf8 {
        my $str = shift;
 # in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
 sub to_utf8 {
        my $str = shift;

+       return undef unless defined $str;

        if (utf8::valid($str)) {
                utf8::decode($str);
                return $str;
        if (utf8::valid($str)) {
                utf8::decode($str);
                return $str;


@@ -1159,6 +1160,7 @@ sub to_utf8 {
 # correct, but quoted slashes look too horrible in bookmarks
 sub esc_param {
        my $str = shift;
 # correct, but quoted slashes look too horrible in bookmarks
 sub esc_param {
        my $str = shift;

+       return undef unless defined $str;

        $str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg;
        $str =~ s/ /\+/g;
        return $str;
        $str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg;
        $str =~ s/ /\+/g;
        return $str;


@@ -1167,6 +1169,7 @@ sub esc_param {
 # quote unsafe chars in whole URL, so some charactrs cannot be quoted
 sub esc_url {
        my $str = shift;
 # quote unsafe chars in whole URL, so some charactrs cannot be quoted
 sub esc_url {
        my $str = shift;

+       return undef unless defined $str;

        $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
        $str =~ s/\+/%2B/g;
        $str =~ s/ /\+/g;
        $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
        $str =~ s/\+/%2B/g;
        $str =~ s/ /\+/g;


@@ -1178,6 +1181,8 @@ sub esc_html {
        my $str = shift;
        my %opts = @_;
 
        my $str = shift;
        my %opts = @_;
 

+       return undef unless defined $str;
+

        $str = to_utf8($str);
        $str = $cgi->escapeHTML($str);
        if ($opts{'-nbsp'}) {
        $str = to_utf8($str);
        $str = $cgi->escapeHTML($str);
        if ($opts{'-nbsp'}) {


@@ -1192,6 +1197,8 @@ sub esc_path {
        my $str = shift;
        my %opts = @_;
 
        my $str = shift;
        my %opts = @_;
 

+       return undef unless defined $str;
+

        $str = to_utf8($str);
        $str = $cgi->escapeHTML($str);
        if ($opts{'-nbsp'}) {
        $str = to_utf8($str);
        $str = $cgi->escapeHTML($str);
        if ($opts{'-nbsp'}) {


@@ -3391,7 +3398,7 @@ sub git_footer_html {
 #      or down for maintenance).  Generally, this is a temporary state.
 sub die_error {
        my $status = shift || 500;
 #      or down for maintenance).  Generally, this is a temporary state.
 sub die_error {
        my $status = shift || 500;

-       my $error = esc_html(shift || "Internal Server Error");
+       my $error = esc_html(shift) || "Internal Server Error";

        my $extra = shift;
 
        my %http_responses = (
        my $extra = shift;
 
        my %http_responses = (