From b5bed19ca6613425bb72628fe1dfbc8bc7a0f4ce Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Tue, 7 Apr 2015 23:10:43 -0700
Subject: [PATCH] gitweb: only allow GET and HEAD methods

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
---
 gitweb/gitweb.perl | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 7a5b23acf2..32d1a69032 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -1235,6 +1235,18 @@ our $first_request = 1;
 sub run_request {
 	reset_timer();
 
+	# Only allow GET and HEAD methods
+	if (!$ENV{'REQUEST_METHOD'} || ($ENV{'REQUEST_METHOD'} ne 'GET' && $ENV{'REQUEST_METHOD'} ne 'HEAD')) {
+		print <<EOT;
+Status: 405 Method Not Allowed
+Content-Type: text/plain
+Allow: GET,HEAD
+
+405 Method Not Allowed
+EOT
+		return;
+	}
+
 	evaluate_uri();
 	if ($first_request) {
 		evaluate_gitweb_config();
-- 
2.11.4.GIT