binmode STDOUT, ':utf8';
my $cgi = new CGI;
-my $version = "254";
+my $version = "257";
my $my_url = $cgi->url();
my $my_uri = $cgi->url(-absolute => 1);
my $rss_link = "";
if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
return undef;
}
- if ($input =~ m/[^a-zA-Z0-9_\x80-\xff\ \.\/\-\+\#\~\%]/) {
+ if ($input =~ m/[^a-zA-Z0-9_\x80-\xff\ \t\.\/\-\+\#\~\%]/) {
return undef;
}
return $input;
my $t_mode = $1;
my $t_type = $2;
my $t_hash = $3;
- my $t_name = $4;
+ my $t_name = validate_input(unquote($4));
if ($t_name eq $part) {
if (!(@parts)) {
return $t_hash;
sub git_blob {
if (!defined $hash && defined $file_name) {
my $base = $hash_base || git_read_hash("$project/HEAD");
- $hash = git_get_hash_by_path($base, $file_name, "blob");
+ $hash = git_get_hash_by_path($base, $file_name, "blob") || die_error(undef, "Error lookup file.");
}
open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or die_error(undef, "Open failed.");
git_header_html();
my $t_mode = $1;
my $t_type = $2;
my $t_hash = $3;
- my $t_name = $4;
my $t_name = validate_input($4);
if ($alternate) {
print "<tr class=\"dark\">\n";