From: martin f. krafft <redacted>
Date: Sun, 20 Apr 2008 21:23:38 +0000 (+0200)
Subject: Escape project names before creating pathinfo URLs
X-Git-Url: https://git.ladys.computer/Gitweb/commitdiff_plain/0a86370ce28b9c0f243062fc152b41c0f89c7c382bb6ca312cf1bde5679175bc

Escape project names before creating pathinfo URLs

If a project name contains special URL characters like +, gitweb's links
break in subtle ways. The solution is to pass the project name through
esc_url() and using the return value.

Signed-off-by: martin f. krafft <redacted>
Signed-off-by: Junio C Hamano <redacted>
---

diff --git a/gitweb.perl b/gitweb.perl
index 2cb6bc5..fea92da 100755
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -634,7 +634,7 @@ sub href(%) {
 	my ($use_pathinfo) = gitweb_check_feature('pathinfo');
 	if ($use_pathinfo) {
 		# use PATH_INFO for project name
-		$href .= "/$params{'project'}" if defined $params{'project'};
+		$href .= "/".esc_url($params{'project'}) if defined $params{'project'};
 		delete $params{'project'};
 
 		# Summary just uses the project path URL
@@ -2576,7 +2576,7 @@ EOF
 		my $action = $my_uri;
 		my ($use_pathinfo) = gitweb_check_feature('pathinfo');
 		if ($use_pathinfo) {
-			$action .= "/$project";
+			$action .= "/".esc_url($project);
 		} else {
 			$cgi->param("p", $project);
 		}