From 3f9410e7a2663dc3f341f82687bef3e9dbea336a Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Tue, 15 Apr 2014 07:10:17 +0000 Subject: Revert "cgi: relax path restriction for top-level" CGI mounts should probably handle this internally. We're reverting this since it adds too much potential for abuse with fake/extra prefixes in the URL. We also need to reorder our redirect handling as a result. This reverts commit c394de9f2c91c2c5ed1f7832a5a7cc0206120b7f. --- public-inbox.cgi | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'public-inbox.cgi') diff --git a/public-inbox.cgi b/public-inbox.cgi index 1fb96e75..9d60d1fc 100755 --- a/public-inbox.cgi +++ b/public-inbox.cgi @@ -17,7 +17,7 @@ use Encode qw(decode_utf8); use PublicInbox::Config; use URI::Escape qw(uri_escape uri_unescape); use Digest::SHA qw(sha1_hex); -our $LISTNAME_RE = qr!\A(?:/.*?)?/([\w\.\-]+)!; +our $LISTNAME_RE = qr!\A/([\w\.\-]+)!; our $pi_config; BEGIN { $pi_config = PublicInbox::Config->new; @@ -62,7 +62,9 @@ sub main { # top-level indices and feeds if ($path_info eq "/") { r404(); - } elsif ($path_info =~ m!$LISTNAME_RE/(?:index\.html)?\z!o) { + } elsif ($path_info =~ m!$LISTNAME_RE\z!o) { + invalid_list(\%ctx, $1) || redirect_list_index(\%ctx, $cgi); + } elsif ($path_info =~ m!$LISTNAME_RE(?:/|/index\.html)?\z!o) { invalid_list(\%ctx, $1) || get_index(\%ctx, $cgi, 1); } elsif ($path_info =~ m!$LISTNAME_RE/(?:all\.html)?\z!o) { invalid_list(\%ctx, $1) || get_index(\%ctx, $cgi, 0); @@ -85,8 +87,6 @@ sub main { } elsif ($path_info =~ m!$LISTNAME_RE/f/(\S+)\z!o) { redirect_mid_html($cgi, $1, $2); - } elsif ($path_info =~ m!$LISTNAME_RE\z!o) { - invalid_list(\%ctx, $1) || redirect_list_index(\%ctx, $cgi); } else { r404(); } -- cgit v1.2.3-24-ge0c7