From b04bdc8cd749dd3dfcc9351b2b47bfdf190b4a3a Mon Sep 17 00:00:00 2001
From: Eric Wong <e@80x24.org>
Date: Tue, 4 Jun 2019 08:36:18 +0000
Subject: www: require ASCII digit for git epoch

Don't inadvertantly serve git repos containing non-ASCII
digit characters.
---
 lib/PublicInbox/WWW.pm | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 7670224f..b0fad7fe 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -74,7 +74,8 @@ sub call {
 	my $method = $env->{REQUEST_METHOD};
 
 	if ($method eq 'POST') {
-		if ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?(git-upload-pack)\z!) {
+		if ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
+					(git-upload-pack)\z!x) {
 			my ($part, $path) = ($2, $3);
 			return invalid_inbox($ctx, $1) ||
 				serve_git($ctx, $part, $path);
@@ -97,7 +98,7 @@ sub call {
 		invalid_inbox($ctx, $1) || get_atom($ctx);
 	} elsif ($path_info =~ m!$INBOX_RE/new\.html\z!o) {
 		invalid_inbox($ctx, $1) || get_new($ctx);
-	} elsif ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?
+	} elsif ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
 				($PublicInbox::GitHTTPBackend::ANY)\z!ox) {
 		my ($part, $path) = ($2, $3);
 		invalid_inbox($ctx, $1) || serve_git($ctx, $part, $path);
-- 
cgit v1.2.3-24-ge0c7