about summary refs log tree commit homepage
path: root/lib/PublicInbox/WWW.pm
diff options
context:
space:
mode:
authorEric Wong <e@80x24.org>2019-06-04 08:36:18 +0000
committerEric Wong <e@80x24.org>2019-06-04 10:06:18 +0000
commitb04bdc8cd749dd3dfcc9351b2b47bfdf190b4a3a (patch)
treefa8f8fa07d4a221e38f9307758c68b5657755d1e /lib/PublicInbox/WWW.pm
parentbbfa42a9ea55b7057c7a6b632f090763c9e7c655 (diff)
downloadpublic-inbox-b04bdc8cd749dd3dfcc9351b2b47bfdf190b4a3a.tar.gz
Don't inadvertantly serve git repos containing non-ASCII
digit characters.
Diffstat (limited to 'lib/PublicInbox/WWW.pm')
-rw-r--r--lib/PublicInbox/WWW.pm5
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/PublicInbox/WWW.pm b/lib/PublicInbox/WWW.pm
index 7670224f..b0fad7fe 100644
--- a/lib/PublicInbox/WWW.pm
+++ b/lib/PublicInbox/WWW.pm
@@ -74,7 +74,8 @@ sub call {
         my $method = $env->{REQUEST_METHOD};
 
         if ($method eq 'POST') {
-                if ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?(git-upload-pack)\z!) {
+                if ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
+                                        (git-upload-pack)\z!x) {
                         my ($part, $path) = ($2, $3);
                         return invalid_inbox($ctx, $1) ||
                                 serve_git($ctx, $part, $path);
@@ -97,7 +98,7 @@ sub call {
                 invalid_inbox($ctx, $1) || get_atom($ctx);
         } elsif ($path_info =~ m!$INBOX_RE/new\.html\z!o) {
                 invalid_inbox($ctx, $1) || get_new($ctx);
-        } elsif ($path_info =~ m!$INBOX_RE/(?:(\d+)/)?
+        } elsif ($path_info =~ m!$INBOX_RE/(?:([0-9]+)/)?
                                 ($PublicInbox::GitHTTPBackend::ANY)\z!ox) {
                 my ($part, $path) = ($2, $3);
                 invalid_inbox($ctx, $1) || serve_git($ctx, $part, $path);