Permalink
Browse files

Fixed url decoding in http gitolite command bypass.

Only '+' sign was unescaped in `http_simulate_ssh_connection()`.
When user translates `ssh git@host perms <repo> + <role> <user>` to
`curl https://host/git/perms?<repo>+%2b+<role>+<user>` nothing happens.
This commit fixes it modifying url unescaping.

committer notes: changed the regex per 'man URI::Escape'
  • Loading branch information...
1 parent 6218156 commit fb9829a698647bb31098701a925aded18b87acae @grossws grossws committed with Jun 20, 2012
Showing with 1 addition and 0 deletions.
  1. +1 −0 src/gitolite-shell
View
@@ -212,6 +212,7 @@ sub http_simulate_ssh_connection {
my ($verb) = ( $ENV{PATH_INFO} =~ m(^/(\S+)) );
my $args = $ENV{QUERY_STRING};
$args =~ s/\+/ /g;
+ $args =~ s/%([0-9A-Fa-f]{2})/chr(hex($1))/eg;
$ENV{SSH_ORIGINAL_COMMAND} = $verb;
$ENV{SSH_ORIGINAL_COMMAND} .= " $args" if $args;
http_print_headers(); # in preparation for the eventual output!

0 comments on commit fb9829a

Please sign in to comment.