From 564ee8cc151be8e058e3d89230b08ee4acc176a0 Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Sun, 16 Feb 2014 22:01:43 -0800
Subject: [PATCH] Allow cgi access to projects with a '+' in the name

Projects with a '+' in the name have been allowed for some time.

Starting with 9aa4b64c they have even been shown correctly in the
project list.

However, all the *.cgi links that include a ?name=proj query string
have failed to URL escape the '+'.  This results in the '+' getting
processed by CGI::Util::unescape and turned into a ' '.  And since
a ' ' is not valid in a project name the cgi scripts complain and die.

It's certainly possible to manually correct the URL replacing the '+'
with a '%2B' and access the cgi scripts that way, but that's very
clumsy.

Replace any '+' characters in ?name=proj query strings with '%2B' so
that the links work properly.  CGI::Util::escape is NOT used because
that would also turn '/' into '%2F' which is unnecessary and also
ugly.

Note that it's NOT necessary to escape any '+' characters when they
appear in a path such as '/w/example+project.git' because those are
not subject to the '+' turns into ' ' problem.
---
 cgi/delproj.cgi           |  8 +++++---
 cgi/editproj.cgi          | 14 ++++++++------
 cgi/mirrorproj.cgi        |  4 +++-
 cgi/pwproj.cgi            |  4 +++-
 cgi/regproj.cgi           |  8 +++++---
 git.git                   |  2 +-
 gitweb/gitweb_config.perl |  4 ++--
 taskd/clone.sh            |  2 +-
 8 files changed, 28 insertions(+), 18 deletions(-)

diff --git a/cgi/delproj.cgi b/cgi/delproj.cgi
index 590b3e3..4ff9129 100755
--- a/cgi/delproj.cgi
+++ b/cgi/delproj.cgi
@@ -33,6 +33,8 @@ if (!Girocco::Project::does_exist($name,1)) {
 
 my $proj = Girocco::Project->load($name);
 $proj or die "not found project $name, that's really weird!";
+my $escname = $name;
+$escname =~ s/[+]/%2B/g;
 $proj->{cpwd} = $cgi->param('cpwd');
 my $isempty = !$proj->{mirror} && $proj->is_empty;
 
@@ -96,7 +98,7 @@ EOT
 		$proj->{auth} or do {
 			print <<EOT;
 <p>There currently isn't any project removal authorization code on file for
-project $name.  Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$name"
+project $name.  Please <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$escname"
 >generate one</a>.</p>
 EOT
 			exit;
@@ -105,7 +107,7 @@ EOT
 		if ($auth ne $proj->{auth}) {
 			print <<EOT;
 <p>Invalid authorization code, please re-enter or
-<a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$name"
+<a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$escname"
 >generate a new one</a>.</p>
 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi">
 <input type="hidden" name="name" value="$name" />
@@ -163,7 +165,7 @@ EOT
 if ($Girocco::Config::project_passwords) {
 	print <<EOT;
 <p>Admin password: <input type="password" name="cpwd" /> <sup><a
-href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$name">(forgot password?)</a></sup></p>
+href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname">(forgot password?)</a></sup></p>
 EOT
 }
 print <<EOT;
diff --git a/cgi/editproj.cgi b/cgi/editproj.cgi
index a8fbe12..25d72ac 100755
--- a/cgi/editproj.cgi
+++ b/cgi/editproj.cgi
@@ -50,6 +50,8 @@ if (!Girocco::Project::does_exist($name,1)) {
 
 my $proj = Girocco::Project->load($name);
 $proj or die "not found project $name, that's really weird!";
+my $escname = $name;
+$escname =~ s/[+]/%2B/g;
 
 my $y0 = $cgi->param('y0') || '';
 if (($y0 eq 'Update' || $y0 eq 'Restart Mirroring') && $cgi->request_method eq 'POST') {
@@ -58,9 +60,9 @@ if (($y0 eq 'Update' || $y0 eq 'Restart Mirroring') && $cgi->request_method eq '
 		print "<p class=\"updated\">Project successfully updated.</p>\n";
 		if ($proj->{clone_failed}) {
 			print "<p>Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}".
-				"/mirrorproj.cgi?name=$name\">pass onwards</a>.</p>\n";
+				"/mirrorproj.cgi?name=$escname\">pass onwards</a>.</p>\n";
 			print "<script language=\"javascript\">document.location=".
-				"'@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$name'</script>\n";
+				"'@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$escname'</script>\n";
 			exit;
 		}
 	}
@@ -76,18 +78,18 @@ EOT
 if ($proj->{mirror}) {
 	print <<EOT;
 Since this is a mirrored project, you may opt to remove it from the site as well.
-Just <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$h{name}">remove it</a>.</p>
+Just <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$escname">remove it</a>.</p>
 EOT
 } else {
 	if ($proj->is_empty) {
 		print <<EOT;
 Since this is an empty project, you may opt to remove it from the site as well.
-Just <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$h{name}">remove it</a>.</p>
+Just <a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$escname">remove it</a>.</p>
 EOT
 	} else {
 		print <<EOT;
 You may
-<a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$h{name}">request an authorization code</a> in order
+<a href="@{[url_path($Girocco::Config::webadmurl)]}/delproj.cgi?name=$escname">request an authorization code</a> in order
 to remove this project from the site.</p>
 EOT
 	}
@@ -111,7 +113,7 @@ if ($Girocco::Config::project_passwords) {
 	print <<EOT;
 <tr><td class="formlabel"><strong>Admin password:</strong></td><td>
 	<input type="password" name="cpwd" /> <sup><a
-	href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$name"
+	href="@{[url_path($Girocco::Config::webadmurl)]}/pwproj.cgi?name=$escname"
 	class="ctxaction">(forgot password?)</a></sup></td></tr>
 <tr><td class="formlabel">New admin password (twice):<br />
 	<em>(leave empty to keep it the same)</em></td><td>
diff --git a/cgi/mirrorproj.cgi b/cgi/mirrorproj.cgi
index e2b368d..39866e3 100755
--- a/cgi/mirrorproj.cgi
+++ b/cgi/mirrorproj.cgi
@@ -34,6 +34,8 @@ if (!Girocco::Project::does_exist($name,1)) {
 
 my $proj = Girocco::Project->load($name);
 $proj or die "not found project $name, that's really weird!";
+my $escname = $name;
+$escname =~ s/[+]/%2B/g;
 
 if (!$proj->{mirror}) {
 	print "<p>This project is not a mirror to be cloned.</p>\n";
@@ -80,7 +82,7 @@ $proj or die "not found project $name on second load, that's _REALLY_ weird!";
 if ($proj->{clone_failed}) {
 	print <<EOT;
 <p><strong>Mirroring failed!</strong> Please <a
-href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$name"
+href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname"
 >revisit the project settings</a>.</p>
 EOT
 }
diff --git a/cgi/pwproj.cgi b/cgi/pwproj.cgi
index 8c5f40e..f0a4f97 100755
--- a/cgi/pwproj.cgi
+++ b/cgi/pwproj.cgi
@@ -40,6 +40,8 @@ if (!Girocco::Project::does_exist($name,1)) {
 
 my $proj = Girocco::Project->load($name);
 $proj or die "not found project $name, that's really weird!";
+my $escname = $name;
+$escname =~ s/[+]/%2B/g;
 
 my $mail = $proj->{email};
 
@@ -64,7 +66,7 @@ you have to use the reset password now (possibly to change it back).
 
 Quick-link to the edit project page:
 
-	$Girocco::Config::webadmurl/editproj.cgi?name=$name
+	$Girocco::Config::webadmurl/editproj.cgi?name=$escname
 
 Have fun!
 EOT
diff --git a/cgi/regproj.cgi b/cgi/regproj.cgi
index 1f49c57..d191c95 100755
--- a/cgi/regproj.cgi
+++ b/cgi/regproj.cgi
@@ -22,6 +22,8 @@ if ($fork) {
 	$fork =~ s/\.git$//;
 	$name = "$fork/$name";
 }
+my $escname = $name;
+$escname =~ s/[+]/%2B/g;
 
 my $y0 = $cgi->param('y0') || '';
 if ($cgi->param('mode') && $y0 eq 'Register' && $cgi->request_method eq 'POST') {
@@ -75,8 +77,8 @@ if ($cgi->param('mode') && $y0 eq 'Register' && $cgi->request_method eq 'POST')
 			}
 			$proj->premirror;
 			$proj->clone;
-			print "<p>Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$name\">pass onwards</a>.</p>\n";
-			print "<script language=\"javascript\">document.location='@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$name'</script>\n";
+			print "<p>Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$escname\">pass onwards</a>.</p>\n";
+			print "<script language=\"javascript\">document.location='@{[url_path($Girocco::Config::webadmurl)]}/mirrorproj.cgi?name=$escname'</script>\n";
 
 		} else {
 			unless ($Girocco::Config::push) {
@@ -112,7 +114,7 @@ EOT
 				"<a href=\"@{[url_path($Girocco::Config::htmlurl)]}/httpspush.html\">(learn more)</a></sup>" .
 				"</span>" if $pushy =~ /^https:/i;
 			print <<EOT;
-<p>You can <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$name">assign users</a> now
+<p>You can <a href="@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=$escname">assign users</a> now
 - don't forget to assign yourself as a user as well if you want to push!
 $regnotice
 </p>
diff --git a/git.git b/git.git
index bf0b3c5..7aca2e0 160000
--- a/git.git
+++ b/git.git
@@ -1 +1 @@
-Subproject commit bf0b3c5c8c60bff531ab0d0e8cf5b9c32fc2e23a
+Subproject commit 7aca2e0e7df5b16e8557162223695e12652a36c3
diff --git a/gitweb/gitweb_config.perl b/gitweb/gitweb_config.perl
index a72ed7d..582326e 100644
--- a/gitweb/gitweb_config.perl
+++ b/gitweb/gitweb_config.perl
@@ -109,6 +109,6 @@ $feature{'forks'}{'default'}=[1];
 
 $feature{'actions'}{'default'}=[
 	('graphiclog', "@{[url_path($Girocco::Config::gitwebfiles)]}/git-browser/by-commit.html?r=%n", 'log'),
-	('edit', "@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=%n", 'refs'),
-	('fork', "@{[url_path($Girocco::Config::webadmurl)]}/regproj.cgi?fork=%n", 'edit')
+	('edit', "@{[url_path($Girocco::Config::webadmurl)]}/editproj.cgi?name=%e", 'refs'),
+	('fork', "@{[url_path($Girocco::Config::webadmurl)]}/regproj.cgi?fork=%e", 'edit')
 ];
diff --git a/taskd/clone.sh b/taskd/clone.sh
index ec4152a..f35fa35 100755
--- a/taskd/clone.sh
+++ b/taskd/clone.sh
@@ -186,7 +186,7 @@ Congratulations! The clone of project $proj just completed.
 
 	* Source URL: $url
 	* GitWeb interface: $cfg_gitweburl/$projdir
-	* Project settings: $cfg_webadmurl/editproj.cgi?name=$proj
+	* Project settings: $cfg_webadmurl/editproj.cgi?name=$(echo "$proj" | sed -e 's/[+]/%2B/g')
 
 Have a lot of fun.
 EOT
-- 
2.11.4.GIT