| Commit message (Collapse) | Author | Lines |
|
Unrestricts plain/ to contents likely to be executed by browser.
|
|
Update to git version v2.7.0.
* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
get_object_hash.) changed API:
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
* handle mimetype within a single function
* return allocated memory on success
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
This provides a formatted error response rather than a simple HTTP
error.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
These are all included in git-compat-util.h (when necessary), which we
include in cgit.h.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
* sort_string_list(): rename to string_list_sort() (upstream commit
3383e199)
* update read_tree_recursive callback to pass strbuf as base (upstream
commit 6a0b0b6d)
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_print_http_headers()
* cgit_print_docstart()
* cgit_print_pageheader()
Remove context parameter from all commands
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_get_cmd()
* All cgit command functions.
* cgit_clone_info()
* cgit_clone_objects()
* cgit_clone_head()
* cgit_print_plain()
* cgit_show_stats()
In initialization routines, use the global context variable instead of
passing a pointer around locally.
Remove callback data parameter for cache slots
This is no longer needed since the context is always read from the
global context variable.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
* Name "cgit Development Team" as copyright holder to avoid listing
every single developer.
* Update copyright ranges.
Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
|
|
When outputting the Content-Type HTTP header we print the MIME type and
then append "; charset=<charset>" if the charset variable is non-null.
We don't want a charset when we have selected "application/octet-stream"
or when the user has specified a custom MIME type, since they may have
specified their own charset. To avoid this, make sure we set the page's
charset to NULL in ui-plain before we generate the HTTP headers.
Signed-off-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
Use "struct strbuf" from Git to remove the limit on file path length.
Notes on scan-tree:
This is slightly involved since I decided to pass the strbuf into
add_repo() and modify if whenever a new file name is required, which
should avoid any extra allocations within that function. The pattern
there is to append the filename, use it and then reset the buffer to its
original length (retaining a trailing '/').
Notes on ui-snapshot:
Since write_archive modifies the argv array passed to it we
copy the argv_array values into a new array of char* and then free the
original argv_array structure and the new array without worrying about
what the values now look like.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
After this change there is one remaining call 'fmt("%s", delim)' in
ui-shared.c but is needed as delim is stack allocated and so cannot be
returned from the function.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.
Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
Do not misuse global variables to save the context. Instead, use the
context pointer which was designed to share information between a
read_tree_fn and the caller.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
Move all code setting the match variable to walk_tree().
This allows for easily moving this variable into a context structure
without having to pass the context to print_*().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
|
|
struct pathspec is now used in more places.
Signed-off-by: John Keeping <john@keeping.me.uk>
|
|
For sites that do not want to configure mime types by hand but
still want the correct mime type for 'plain' blobs, configuring
a mime type file is made possible. This is handy since such a
file is normally already provided (at least on Linux systems).
Also, this reflects the gitweb option '$mimetypes_file'
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
In ui-plain.c, the links generated for submodule entry ignored the fact
that the entry was in fact a submodule. This patch adds proper submodule
links to the plain directory listings.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
relative urls would be incorrect
* using unescaped paths allows XSS
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
This fixes http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2542.
Noticed-by: Silvio Cesare <silvio.cesare@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
When a user requests a plain view of a tree (as opposed to a blob),
print out a directory listing rather than giving a 404 Not Found.
Also, fix a segfault when ctx->qry.path is NULL - i.e, when /plain is
requested without a path.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
|
|
Git's read_tree_recursive() already filters out the objects by pathname,
so we only have to compare baselen to the expected. That is, no string
matching is required.
Additionally, if the requested path is a directory, the old code would
walk through all of its immediate children. This is not necessary, this
so we no longer do that.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
|
|
Signed-off-by: Mark Lodato <lodatom@gmail.com>
|
|
|
|
When a path to a directory was specified for the 'plain'
view, each blob in the directory used to be returned to
the client. This patch fixes the issue by matching the
path of each blob against the requested path.
Noticed-by: Lars Stoltenow <penma@penma.de>
Signed-off-by: Lars Hjemli <larsh@slackbox.hjemli.net>
|
|
This patch makes it possible to register mappings from filename
extension to mime type in cgitrc and use this mapping when returning
blob content in `plain` view.
The reason for adding this mapping to cgitrc (as opposed to parsing
something like /etc/mime.types) is to allow quick lookup of a limited
number of filename extensions (/etc/mime-types on my machine currently
contains over 700 entries).
NB: A nice addition to this patch would be to parse /etc/mime.types
when `plain` view is requested for a file with an extension for which
there is no mapping registered in cgitrc.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
Signed-off-by: Remko Tronçon <git@el-tramo.be>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
When downloading a blob identified by its path, the client might want
to know if the blob has been modified since a previous download of the
same path. To this end, an ETag containing the blob SHA1 seems to be
ideal.
Todo: add support for HEAD requests...
Suggested-by: Owen Taylor <otaylor@redhat.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
The type used to declare the st_size field of a 'struct stat' can
be a 32- or 64-bit sized type, which can vary from one platform to
another, or even from one compilation to another. In particular,
on linux, if you include the following define:
#define _FILE_OFFSET_BITS 64
prior to including certain system header files, then the type used
for the st_size field will be __off64_t, otherwise it will be an
__off_t. Note that the above define is included at the top of
git-compat-util.h.
In cache.c, the "%zd" format specifier expects a "signed size_t",
another type which can vary, when an __off64_t or a __off_t is
provided. To supress the warning, use the PRIuMAX format specifier
and cast the st_size field to uintmax_t. This should work an any
platform for which git currently compiles.
In ui-plain.c, the size parameter of sha1_object_info() and
read_sha1_file() is defined to be "unsigned long *" not "size_t *".
So, to supress the warning, simply declare size with the correct type.
Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
The callback from read_tree_recursive just needs to check the type of
each tree entry; if it's a dir we want to continue scanning, if it's a
regular file we'll assume it's the one we requested.
And while at it, remove some stray fprintfs.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
This implements a way to access plain blobs by path (similar to the
tree view) instead of by sha1.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|