Fix false positive warning in gitweb

Since CGI.pm 4.05 (2014-10-08), a warning is shown for every gitweb request involving the "h" or "hb" parameters. There is no vulnerability since "add_review_link" only takes one scalar parameter. Force a scalar to prevent the warning in gerrit error log. Bug: Issue 5897 Change-Id: I1b7e6b608af7700225da8625cb749fa12e971591
2017-04-15 14:07:43 +02:00 · 2017-04-15 14:07:43 +02:00 · 2da0d11158
commit 2da0d11158
parent 44f895fbd4
1 changed files with 2 additions and 2 deletions
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
@ -300,9 +300,9 @@ class GitwebServlet extends HttpServlet {
      p.print("      ('review',$r,'commitdiff');\n");
      p.print("}\n");
      p.print("if ($cgi->param('hb')) {\n");
-      p.print("  add_review_link($cgi->param('hb'));\n");
+      p.print("  add_review_link(scalar $cgi->param('hb'));\n");
      p.print("} elsif ($cgi->param('h')) {\n");
-      p.print("  add_review_link($cgi->param('h'));\n");
+      p.print("  add_review_link(scalar $cgi->param('h'));\n");
      p.print("} else {\n");
      p.print("  add_review_link();\n");
      p.print("}\n");