From: Jakub Narebski Date: Thu, 5 Jan 2012 20:32:56 +0000 (+0100) Subject: gitweb: Harden "grep" search against filenames with ':' X-Git-Tag: v1.7.9-rc2~7^2 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/8e09fd1a1e5ea8eaec960d47be51bde85df8870e?ds=inline;hp=--cc gitweb: Harden "grep" search against filenames with ':' Run "git grep" in "grep" search with '-z' option, to be able to parse response also for files with filename containing ':' character. The ':' character is otherwise (without '-z') used to separate filename from line number and from matched line. Note that this does not protect files with filename containing embedded newline. This would be hard but doable for text files, and harder or even currently impossible with binary files: git does not quote filename in "Binary file matches" message, but new `--break` and/or `--header` options to git-grep could help here. Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano --- 8e09fd1a1e5ea8eaec960d47be51bde85df8870e diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 1d2f046736..08020b0776 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -5699,7 +5699,7 @@ sub git_search_files { my %co = @_; local $/ = "\n"; - open my $fd, "-|", git_cmd(), 'grep', '-n', + open my $fd, "-|", git_cmd(), 'grep', '-n', '-z', $search_use_regexp ? ('-E', '-i') : '-F', $searchtext, $co{'tree'} or die_error(500, "Open git-grep failed"); @@ -5721,7 +5721,8 @@ sub git_search_files { $file = $1; $binary = 1; } else { - (undef, $file, $lno, $ltext) = split(/:/, $line, 4); + ($file, $lno, $ltext) = split(/\0/, $line, 3); + $file =~ s/^$co{'tree'}://; } if ($file ne $lastfile) { $lastfile and print "\n";