about summary refs log tree commit homepage
path: root/lib/PublicInbox/GitHTTPBackend.pm
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2019-06-04 10:38:20 +0000
committerEric Wong <e@80x24.org>2019-06-04 10:38:20 +0000
commite56b908c0e97c2f479b350dfb0868bc463413b89 (patch)
tree6b8a8fc59840ebc3e6bee1bbb2e3a5e568bce351 /lib/PublicInbox/GitHTTPBackend.pm
parentd5c56e2a1adde279ff86fbd0be81a6b7e5ba0896 (diff)
parent91af69a41f2963f1f952cb0932ed23cd86cd1093 (diff)
downloadpublic-inbox-e56b908c0e97c2f479b350dfb0868bc463413b89.tar.gz
Merge branch 'charclass'
* charclass: (24 commits)
  www: require ASCII word characters for CSS filenames
  www: require ASCII range for mbox downloads
  githttpbackend: require ASCII in path
  require ASCII digits for local FS items
  www: require ASCII digit for git epoch
  solver|viewdiff: restrict digit matches to ASCII
  inbox: require ASCII digits for feedmax var
  filter/rubylang: require ASCII digit for mailcount
  msgtime: require ASCII digits for parsing dates
  searchview: do not allow non-ASCII offsets and limits
  githttpbackend: require Range:, Status: to be ASCII digits
  view: require YYYYmmDD(HHMMSS) timestamps to be ASCII
  newswww: only accept ASCII digits as article numbers
  config: do not accept non-ASCII digits in cgitrc params
  www: require ASCII filenames in git blob downloads
  www: only emit ASCII chars in attachment filenames
  wwwattach: only pass the charset through if ASCII
  wwwlisting: require ASCII digit for port number
  http: require SERVER_PORT to be ASCII digit
  feed: only accept ASCII digits for ref~$N
  ...
Diffstat (limited to 'lib/PublicInbox/GitHTTPBackend.pm')
-rw-r--r--lib/PublicInbox/GitHTTPBackend.pm8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm
index 09411048..a2a81f8e 100644
--- a/lib/PublicInbox/GitHTTPBackend.pm
+++ b/lib/PublicInbox/GitHTTPBackend.pm
@@ -51,8 +51,8 @@ sub serve {
 
         # Documentation/technical/http-protocol.txt in git.git
         # requires one and exactly one query parameter:
-        if ($env->{QUERY_STRING} =~ /\Aservice=git-\w+-pack\z/ ||
-                                $path =~ /\Agit-\w+-pack\z/) {
+        if ($env->{QUERY_STRING} =~ /\Aservice=git-[A-Za-z0-9_]+-pack\z/ ||
+                                $path =~ /\Agit-[A-Za-z0-9_]+-pack\z/) {
                 my $ok = serve_smart($env, $git, $path);
                 return $ok if $ok;
         }
@@ -90,7 +90,7 @@ sub static_result ($$$$) {
         my $len = $size;
         my $code = 200;
         push @$h, 'Content-Type', $type;
-        if (($env->{HTTP_RANGE} || '') =~ /\bbytes=(\d*)-(\d*)\z/) {
+        if (($env->{HTTP_RANGE} || '') =~ /\bbytes=([0-9]*)-([0-9]*)\z/) {
                 ($code, $len) = prepare_range($env, $in, $h, $1, $2, $size);
                 if ($code == 416) {
                         push @$h, 'Content-Range', "bytes */$size";
@@ -260,7 +260,7 @@ sub parse_cgi_headers {
         foreach my $l (split(/\r?\n/, $h)) {
                 my ($k, $v) = split(/:\s*/, $l, 2);
                 if ($k =~ /\AStatus\z/i) {
-                        ($code) = ($v =~ /\b(\d+)\b/);
+                        ($code) = ($v =~ /\b([0-9]+)\b/);
                 } else {
                         push @h, $k, $v;
                 }