This seems to fix it but I have no idea what it breaks. Command
injection should be stopped a few lines above that, and no other
parameter is ever quoted using quotemeta, so I'm not sure what the point
is, but I suppose it is actually necessary because the search text is
then wrapped into a regular expression or something?
--- git.orig/gitweb/gitweb.perl 2007-05-01 11:58:27.000000000 +0200
+++ git/gitweb/gitweb.perl 2007-05-01 12:11:56.000000000 +0200
@@ -368,7 +368,6 @@ if (defined $searchtext) {
if (length($searchtext) < 2) {
die_error(undef, "At least two characters are required for search parame=
ter");
}
- $searchtext =3D quotemeta $searchtext;
}
=20
our $searchtype =3D $cgi->param('st');
| Mike Travis | [RFC 00/15] x86_64: Optimize percpu accesses |
| Nick Piggin | Re: [PATCH 0 of 4] Generic AIO by scheduling stacks |
| Trent Piepho | [PATCH] [POWERPC] Improve (in|out)_beXX() asm code |
| Bart Van Assche | Integration of SCST in the mainstream Linux kernel |
git: | |
| Kevin Ballard | Re: git on MacOSX and files with decomposed utf-8 file names |
| Jon Smirl | ! [rejected] master -> master (non-fast forward) |
| Linus Torvalds | Re: kernel.org mirroring (Re: [GIT PULL] MMC update) |
| Nguyen Thai Ngoc Duy | Re: VCS comparison table |
| Leon Dippenaar | New tcp stack attack |
| Richard Stallman | Real men don't attack straw men |
| Kevin Neff | Patching a SSH 'Weakness' |
| Chris | sudo & wheel group |
| David Miller | [GIT]: Networking |
| Wang Chen | [PATCH 2/15] netdevice 82596: Convert directly reference of netdev->priv to net... |
| Valentine Barshak | [PATCH] USB: net: Fix asix read transfer buffer allocations. |
| Natalie Protasevich | [BUG] New Kernel Bugs |
