From e0ca364551fcde3b3d825f93f4a4d44d7ab9eb35 Mon Sep 17 00:00:00 2001 From: Jakub Narebski Date: Wed, 22 Jun 2011 17:28:52 +0200 Subject: [PATCH] gitweb: Check permissions first in git_search Check first if relevant features: 'search', 'pickaxe', 'grep', as appropriate, are enabled before doing anything else in git_search. This should make git_search code more clear. While at it, expand a bit error message (e.g. 'Pickaxe' -> 'Pickaxe search'). Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano --- gitweb/gitweb.perl | 34 +++++++++++++++++++++------------- 1 file changed, 21 insertions(+), 13 deletions(-) diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index 2fd438905c..cde39131fb 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -313,6 +313,10 @@ our %feature = ( # Enable text search, which will list the commits which match author, # committer or commit text to a given string. Enabled by default. # Project specific override is not supported. + # + # Note that this controls all search features, which means that if + # it is disabled, then 'grep' and 'pickaxe' search would also be + # disabled. 'search' => { 'override' => 0, 'default' => [1]}, @@ -6787,7 +6791,23 @@ sub git_history { } sub git_search { - gitweb_check_feature('search') or die_error(403, "Search is disabled"); + $searchtype ||= 'commit'; + + # check if appropriate features are enabled + gitweb_check_feature('search') + or die_error(403, "Search is disabled"); + if ($searchtype eq 'pickaxe') { + # pickaxe may take all resources of your box and run for several minutes + # with every query - so decide by yourself how public you make this feature + gitweb_check_feature('pickaxe') + or die_error(403, "Pickaxe search is disabled"); + } + if ($searchtype eq 'grep') { + # grep search might be potentially CPU-intensive, too + gitweb_check_feature('grep') + or die_error(403, "Grep search is disabled"); + } + if (!defined $searchtext) { die_error(400, "Text field is empty"); } @@ -6802,18 +6822,6 @@ sub git_search { $page = 0; } - $searchtype ||= 'commit'; - if ($searchtype eq 'pickaxe') { - # pickaxe may take all resources of your box and run for several minutes - # with every query - so decide by yourself how public you make this feature - gitweb_check_feature('pickaxe') - or die_error(403, "Pickaxe is disabled"); - } - if ($searchtype eq 'grep') { - gitweb_check_feature('grep') - or die_error(403, "Grep is disabled"); - } - git_header_html(); if ($searchtype eq 'commit' or $searchtype eq 'author' or $searchtype eq 'committer') { -- 2.11.4.GIT