Fixed url decoding in http gitolite command bypass.

Only '+' sign was unescaped in `http_simulate_ssh_connection()`.
When user translates `ssh git@host perms <repo> + <role> <user>` to
`curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens.
This commit fixes it modifying url unescaping.

committer notes: changed the regex per 'man URI::Escape'
This commit is contained in:
Konstantin Gribov 2012-06-20 16:31:30 +04:00 committed by Sitaram Chamarty
parent 621815611c
commit fb9829a698

View file

@ -212,6 +212,7 @@ sub http_simulate_ssh_connection {
my ($verb) = ( $ENV{PATH_INFO} =~ m(^/(\S+)) ); my ($verb) = ( $ENV{PATH_INFO} =~ m(^/(\S+)) );
my $args = $ENV{QUERY_STRING}; my $args = $ENV{QUERY_STRING};
$args =~ s/\+/ /g; $args =~ s/\+/ /g;
$args =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
$ENV{SSH_ORIGINAL_COMMAND} = $verb; $ENV{SSH_ORIGINAL_COMMAND} = $verb;
$ENV{SSH_ORIGINAL_COMMAND} .= " $args" if $args; $ENV{SSH_ORIGINAL_COMMAND} .= " $args" if $args;
http_print_headers(); # in preparation for the eventual output! http_print_headers(); # in preparation for the eventual output!