Merge branch 'jn/maint-gitweb-invalid-regexp'

* jn/maint-gitweb-invalid-regexp:
gitweb: Handle invalid regexp in regexp search

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index eaf5f942502dd6593fa44724ea18d0153e725aea..7729ed26b5f2b692abb293bc684a854cf1377921 100755 (executable)
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1081,7 +1081,16 @@ sub evaluate_and_validate_params {
                if (length($searchtext) < 2) {
                        die_error(403, "At least two characters are required for search parameter");
                }
-               $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
+               if ($search_use_regexp) {
+                       $search_regexp = $searchtext;
+                       if (!eval { qr/$search_regexp/; 1; }) {
+                               (my $error = $@) =~ s/ at \S+ line \d+.*\n?//;
+                               die_error(400, "Invalid search regexp '$search_regexp'",
+                                         esc_html($error));
+                       }
+               } else {
+                       $search_regexp = quotemeta $searchtext;
+               }
        }
 }
 

diff --git a/t/t9501-gitweb-standalone-http-status.sh b/t/t9501-gitweb-standalone-http-status.sh
index 26102ee9b0c36a87ba17a75b0ca644cc42e2c1c4..31076edc5bd45261f5874b10dad6376e49fb9002 100755 (executable)
--- a/t/t9501-gitweb-standalone-http-status.sh
+++ b/t/t9501-gitweb-standalone-http-status.sh
@@ -134,4 +134,14 @@ our $maxload = undef;
 EOF
 
 
+# ----------------------------------------------------------------------
+# invalid arguments
+
+test_expect_success 'invalid arguments: invalid regexp (in project search)' '
+       gitweb_run "a=project_list;s=*\.git;sr=1" &&
+       grep "Status: 400" gitweb.headers &&
+       grep "400 - Invalid.*regexp" gitweb.body
+'
+test_debug 'cat gitweb.headers'
+
 test_done