summaryrefslogtreecommitdiffabout
Side-by-side diff
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--cache.c16
-rw-r--r--cgit.c2
-rw-r--r--cgit.h1
3 files changed, 18 insertions, 1 deletions
diff --git a/cache.c b/cache.c
index 1ff1251..8df7c26 100644
--- a/cache.c
+++ b/cache.c
@@ -5,16 +5,32 @@
* Licensed under GNU General Public License v2
* (see COPYING for full license text)
*/
#include "cgit.h"
const int NOLOCK = -1;
+char *cache_safe_filename(const char *unsafe)
+{
+ static char buf[PATH_MAX];
+ char *s = buf;
+ char c;
+
+ while(unsafe && (c = *unsafe++) != 0) {
+ if (c == '/' || c == ' ' || c == '&' || c == '|' ||
+ c == '>' || c == '<' || c == '.')
+ c = '_';
+ *s++ = c;
+ }
+ *s = '\0';
+ return buf;
+}
+
int cache_exist(struct cacheitem *item)
{
if (stat(item->name, &item->st)) {
item->st.st_mtime = 0;
return 0;
}
return 1;
}
diff --git a/cgit.c b/cgit.c
index d975570..a3a04d9 100644
--- a/cgit.c
+++ b/cgit.c
@@ -17,17 +17,17 @@ static void cgit_prepare_cache(struct cacheitem *item)
item->ttl = cgit_cache_root_ttl;
} else if (!cgit_query_page) {
item->name = xstrdup(fmt("%s/%s/index.html", cgit_cache_root,
cgit_query_repo));
item->ttl = cgit_cache_repo_ttl;
} else {
item->name = xstrdup(fmt("%s/%s/%s/%s.html", cgit_cache_root,
cgit_query_repo, cgit_query_page,
- cgit_querystring));
+ cache_safe_filename(cgit_querystring)));
if (cgit_query_has_symref)
item->ttl = cgit_cache_dynamic_ttl;
else if (cgit_query_has_sha1)
item->ttl = cgit_cache_static_ttl;
else
item->ttl = cgit_cache_repo_ttl;
}
}
diff --git a/cgit.h b/cgit.h
index f915c86..3601e49 100644
--- a/cgit.h
+++ b/cgit.h
@@ -82,16 +82,17 @@ extern void html_hidden(char *name, char *value);
extern void html_link_open(char *url, char *title, char *class);
extern void html_link_close(void);
extern void html_filemode(unsigned short mode);
extern int cgit_read_config(const char *filename, configfn fn);
extern int cgit_parse_query(char *txt, configfn fn);
extern struct commitinfo *cgit_parse_commit(struct commit *commit);
+extern char *cache_safe_filename(const char *unsafe);
extern int cache_lock(struct cacheitem *item);
extern int cache_unlock(struct cacheitem *item);
extern int cache_cancel_lock(struct cacheitem *item);
extern int cache_exist(struct cacheitem *item);
extern int cache_expired(struct cacheitem *item);
extern char *cgit_repourl(const char *reponame);
extern char *cgit_pageurl(const char *reponame, const char *pagename,