Hi,
Just noticed on the git.kernel.org interface that when you do a search

for something that includes an "@" sign, then the "next page" link will

include "\@" instead and gitweb won't actually find anything on the next

page. No idea if that bug was fixed already somewhere else, but at least

it's visible on git.kernel.org.
johannes

This seems to fix it but I have no idea what it breaks. Command

injection should be stopped a few lines above that, and no other

parameter is ever quoted using quotemeta, so I'm not sure what the point

is, but I suppose it is actually necessary because the search text is

then wrapped into a regular expression or something?
--- git.orig/gitweb/gitweb.perl	2007-05-01 11:58:27.000000000 +0200

+++ git/gitweb/gitweb.perl	2007-05-01 12:11:56.000000000 +0200

@@ -368,7 +368,6 @@ if (defined $searchtext) {

 	if (length($searchtext) < 2) {

 		die_error(undef, "At least two characters are required for search parame=

ter");

 	}

-	$searchtext =3D quotemeta $searchtext;

 }

=20

 our $searchtype =3D $cgi->param('st');

Ah, I understand now. Here's a possibly complete fix.
From: Johannes Berg <johannes@sipsolutions.net>

Subject: quote $searchtext only before use
$searchtext is used in two ways

 (1) to do the search

 (2) to put it back into the output
For (1) it needs to have meta chars quoted, but for (2) not, so quote

them only when needed.
Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
--- git.orig/gitweb/gitweb.perl	2007-05-01 11:58:27.000000000 +0200

+++ git/gitweb/gitweb.perl	2007-05-01 12:20:27.000000000 +0200

@@ -368,7 +368,6 @@ if (defined $searchtext) {

 	if (length($searchtext) < 2) {

 		die_error(undef, "At least two characters are required for search parameter");

 	}

-	$searchtext = quotemeta $searchtext;

 }
 our $searchtype = $cgi->param('st');

@@ -2927,6 +2926,7 @@ sub git_heads_body {
 sub git_search_grep_body {

 	my ($commitlist, $from, $to, $extra) = @_;

+	my $_searchtext = quotemeta $searchtext;

 	$from = 0 unless defined $from;

 	$to = $#{$commitlist} if (!defined $to || $#{$commitlist} < $to);
@@ -2951,7 +2951,7 @@ sub git_search_grep_body {

 			       esc_html(chop_str($co{'title'}, 50)) . "<br/>");

 		my $comment = $co{'comment'};

 		foreach my $line (@$comment) {

-			if ($line =~ m/^(.*)($searchtext)(.*)$/i) {

+			if ($line =~ m/^(.*)($_searchtext)(.*)$/i) {

 				my $lead = esc_html($1) || "";

 				$lead = chop_str($lead, 30, 10);

 				my $match = esc_html($2) || "";

@@ -4325,7 +4325,7 @@ sub git_search {

 		} elsif ($searchtype eq 'committer') {

 			$greptype = "--committer=";

 		}

-		$greptype .= $searchtext;

+		$greptype .= quotemeta $searchtext;

 		my @commitlist = parse_commits($hash, 101, (100 * $page), $greptype);
 		my $paging_nav = '';

@@ -4374,8 +4374,9 @@ sub git_search {

 		my $alternate = 1;

 		$/ = "\n";

 		my $git_command = git_cmd_str();

+		my $_searchtext = quotemeta $searchtext;

 		open my $fd, "-|", "$git_command rev-list $hash | " .

-			"$git_command diff-tree -r --stdin -S\'$sear...
[ message continues ]