| Commit message (Collapse) | Author | Lines |
|
This was introduced in the initial version of this code, way back when
in 2008.
$ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd
root:x:0:0:root:/root:/bin/sh
...
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reported-by: Jann Horn <jannh@google.com>
|
|
Update to git version v2.18.0. Required changes follow upstream commits:
* Convert find_unique_abbrev* to struct object_id
(aab9583f7b5ea5463eb3f653a0b4ecac7539dc94)
* sha1_file: convert read_sha1_file to struct object_id
(b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8)
* sha1_file: convert sha1_object_info* to object_id
(abef9020e3df87c441c9a3a95f592fce5fa49bb9)
* object-store: move packed_git and packed_git_mru to object store
(a80d72db2a73174b3f22142eb2014b33696fd795)
* treewide: rename tree to maybe_tree
(891435d55da80ca3654b19834481205be6bdfe33)
The changed data types required some of our own functions to be converted
to struct object_id:
ls_item
print_dir
print_dir_entry
print_object
single_tree_cb
walk_tree
write_tree_link
And finally we use new upstream functions that were added for
struct object_id:
hashcpy -> oidcpy
sha1_to_hex -> oid_to_hex
Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
|
|
Update to git version v2.15.1: With commit 0abe14f6 prepare_packed_git()
moved to packfile.[ch].
Signed-off-by: Christian Hesse <mail@eworm.de>
Reviewed-by: John Keeping <john@keeping.me.uk>
|
|
Numerous changes were made to git functions to use an object_id
structure rather than sending sha1 hashes as raw unsigned character
arrays. The functions that affect cgit are: parse_object,
lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect,
diff_root_tree_sha1, diff_tree_sha1, and format_display_notes.
Commit b2141fc (config: don't include config.h by default) made it
necessary to that config.h be explicitly included when needed.
Commit 07a3d41 (grep: remove regflags from the public grep_opt API)
removed one way of specifying the ignore-case grep option.
Signed-off-by: Jeff Smith <whydoubt@gmail.com>
|
|
Update to git version v2.7.0.
* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
get_object_hash.) changed API:
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
This provides a formatted error response rather than a simple HTTP
error.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Update to git version v2.5.0.
* Upstream commit 5455ee0573a22bb793a7083d593ae1ace909cd4c (Merge branch
'bc/object-id') changed API:
for_each_ref() callback functions were taught to name the objects
not with "unsigned char sha1[20]" but with "struct object_id".
* Upstream commit dcf692625ac569fefbe52269061230f4fde10e47 (path.c: make
get_pathname() call sites return const char *)
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The starts_with() check was broken in two ways: For one thing, the
parameters were passed in the wrong order, for another thing,
starts_with() returns 1 if the string starts with the prefix (not 0).
Note that this bug existed since commit 02a545e (Add support for cloning
over http, 2008-08-06) but only pops in in corner cases.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
Currently, when a user directly accesses the info command of a
repository, we exit cgit without printing anything to stdout, bringing
up error messages like "502 Bad Gateway" or "An error occurred while
reading CGI reply (no response received)". Instead of bailing out, at
least print the HTTP headers, including a reasonable error message.
Reported-by: Janus Troelsen
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
prefixcmp() and suffixcmp() have been remove, functionality is now
provided by starts_with() and ends_with(). Retrurn values have been
changed, so instead of just renaming we have to fix logic.
Everything else looks just fine.
|
|
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_print_http_headers()
* cgit_print_docstart()
* cgit_print_pageheader()
Remove context parameter from all commands
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_get_cmd()
* All cgit command functions.
* cgit_clone_info()
* cgit_clone_objects()
* cgit_clone_head()
* cgit_print_plain()
* cgit_show_stats()
In initialization routines, use the global context variable instead of
passing a pointer around locally.
Remove callback data parameter for cache slots
This is no longer needed since the context is always read from the
global context variable.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
* Name "cgit Development Team" as copyright holder to avoid listing
every single developer.
* Update copyright ranges.
Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
|
|
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.
Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Matthew McClintock reported that older unannotated tags were not
correctly being cloned and did not appear in info/refs. Further
investigation revealed some dubious prefix comparison code for
determining whether or not to write refs in info/refs. After comparing
it with git's own http-backend.c, it appears upstream does not use this
prefix logic.
OTOH, I don't know what the reasoning was when the prefix logic was
introduced. It appears to me to just be buggy, though it's possible
there are other reasons, and we'll have to revisit this commit.
But for now, Works For Me.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Matthew McClintock <msm@freescale.com>
Reported-by: Matthew McClintock <msm@freescale.com>
|
|
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
This patch implements basic support for cloning over http, based on the
work on git-http-backend by Shawn O. Pearce.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|