Fix false positive warning in gitweb
Since CGI.pm 4.05 (2014-10-08), a warning is shown for every gitweb
request involving the "h" or "hb" parameters. There is no vulnerability
since "add_review_link" only takes one scalar parameter.
Force a scalar to prevent the warning in gerrit error log.
Bug: Issue 5897
Change-Id: I1b7e6b608af7700225da8625cb749fa12e971591
diff --git a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
index f3abf2d..89a1268 100644
--- a/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
+++ b/gerrit-httpd/src/main/java/com/google/gerrit/httpd/gitweb/GitwebServlet.java
@@ -300,9 +300,9 @@
p.print(" ('review',$r,'commitdiff');\n");
p.print("}\n");
p.print("if ($cgi->param('hb')) {\n");
- p.print(" add_review_link($cgi->param('hb'));\n");
+ p.print(" add_review_link(scalar $cgi->param('hb'));\n");
p.print("} elsif ($cgi->param('h')) {\n");
- p.print(" add_review_link($cgi->param('h'));\n");
+ p.print(" add_review_link(scalar $cgi->param('h'));\n");
p.print("} else {\n");
p.print(" add_review_link();\n");
p.print("}\n");
