From: Jay Soffian Date: Thu, 9 Aug 2012 02:29:26 +0000 (-0400) Subject: gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO X-Git-Tag: v1.7.11.6~23^2 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=cacfc09ba82bfc6b0e1c047247785d56a6054b2f;p=git.git gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO When gitweb is used as a DirectoryIndex, it attempts to strip PATH_INFO on its own, as $cgi->url() fails to do so. However, it fails to account for the fact that PATH_INFO has already been URL-decoded by the web server, but the value returned by $cgi->url() has not been. This causes the stripping to fail whenever the URL contains encoded characters. To see this in action, setup gitweb as a DirectoryIndex and then use it on a repository with a directory containing a space in the name. Navigate to tree view, examine the gitweb generated html and you'll see a link such as: directory with spaces When clicked on, the browser will URL-encode this link, giving a $cgi->url() of the form: /test.git/tree/HEAD:/directory%20with%20spaces While PATH_INFO is: /test.git/tree/HEAD:/directory with spaces Fix this by calling unescape() on both $my_url and $my_uri before stripping PATH_INFO from them. Signed-off-by: Jay Soffian Acked-by: Jakub Narebski Signed-off-by: Junio C Hamano --- diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index a8b5fad26..126d3ef4b 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -54,6 +54,11 @@ sub evaluate_uri { # to build the base URL ourselves: our $path_info = decode_utf8($ENV{"PATH_INFO"}); if ($path_info) { + # $path_info has already been URL-decoded by the web server, but + # $my_url and $my_uri have not. URL-decode them so we can properly + # strip $path_info. + $my_url = unescape($my_url); + $my_uri = unescape($my_uri); if ($my_url =~ s,\Q$path_info\E$,, && $my_uri =~ s,\Q$path_info\E$,, && defined $ENV{'SCRIPT_NAME'}) {