diff options
author | Eric Wong <e@80x24.org> | 2019-06-04 10:38:20 +0000 |
---|---|---|
committer | Eric Wong <e@80x24.org> | 2019-06-04 10:38:20 +0000 |
commit | e56b908c0e97c2f479b350dfb0868bc463413b89 (patch) | |
tree | 6b8a8fc59840ebc3e6bee1bbb2e3a5e568bce351 /lib/PublicInbox/GitHTTPBackend.pm | |
parent | d5c56e2a1adde279ff86fbd0be81a6b7e5ba0896 (diff) | |
parent | 91af69a41f2963f1f952cb0932ed23cd86cd1093 (diff) | |
download | public-inbox-e56b908c0e97c2f479b350dfb0868bc463413b89.tar.gz |
* charclass: (24 commits) www: require ASCII word characters for CSS filenames www: require ASCII range for mbox downloads githttpbackend: require ASCII in path require ASCII digits for local FS items www: require ASCII digit for git epoch solver|viewdiff: restrict digit matches to ASCII inbox: require ASCII digits for feedmax var filter/rubylang: require ASCII digit for mailcount msgtime: require ASCII digits for parsing dates searchview: do not allow non-ASCII offsets and limits githttpbackend: require Range:, Status: to be ASCII digits view: require YYYYmmDD(HHMMSS) timestamps to be ASCII newswww: only accept ASCII digits as article numbers config: do not accept non-ASCII digits in cgitrc params www: require ASCII filenames in git blob downloads www: only emit ASCII chars in attachment filenames wwwattach: only pass the charset through if ASCII wwwlisting: require ASCII digit for port number http: require SERVER_PORT to be ASCII digit feed: only accept ASCII digits for ref~$N ...
Diffstat (limited to 'lib/PublicInbox/GitHTTPBackend.pm')
-rw-r--r-- | lib/PublicInbox/GitHTTPBackend.pm | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/PublicInbox/GitHTTPBackend.pm b/lib/PublicInbox/GitHTTPBackend.pm index 09411048..a2a81f8e 100644 --- a/lib/PublicInbox/GitHTTPBackend.pm +++ b/lib/PublicInbox/GitHTTPBackend.pm @@ -51,8 +51,8 @@ sub serve { # Documentation/technical/http-protocol.txt in git.git # requires one and exactly one query parameter: - if ($env->{QUERY_STRING} =~ /\Aservice=git-\w+-pack\z/ || - $path =~ /\Agit-\w+-pack\z/) { + if ($env->{QUERY_STRING} =~ /\Aservice=git-[A-Za-z0-9_]+-pack\z/ || + $path =~ /\Agit-[A-Za-z0-9_]+-pack\z/) { my $ok = serve_smart($env, $git, $path); return $ok if $ok; } @@ -90,7 +90,7 @@ sub static_result ($$$$) { my $len = $size; my $code = 200; push @$h, 'Content-Type', $type; - if (($env->{HTTP_RANGE} || '') =~ /\bbytes=(\d*)-(\d*)\z/) { + if (($env->{HTTP_RANGE} || '') =~ /\bbytes=([0-9]*)-([0-9]*)\z/) { ($code, $len) = prepare_range($env, $in, $h, $1, $2, $size); if ($code == 416) { push @$h, 'Content-Range', "bytes */$size"; @@ -260,7 +260,7 @@ sub parse_cgi_headers { foreach my $l (split(/\r?\n/, $h)) { my ($k, $v) = split(/:\s*/, $l, 2); if ($k =~ /\AStatus\z/i) { - ($code) = ($v =~ /\b(\d+)\b/); + ($code) = ($v =~ /\b([0-9]+)\b/); } else { push @h, $k, $v; } |