ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()
This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This commit is contained in:
parent
2a8f553163
commit
7f88d20823
65
ui-plain.c
65
ui-plain.c
@ -52,30 +52,57 @@ static void print_object(const unsigned char *sha1, const char *path)
|
|||||||
match = 1;
|
match = 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_dir(const unsigned char *sha1, const char *path,
|
static char *buildpath(const char *base, int baselen, const char *path)
|
||||||
const char *base)
|
|
||||||
{
|
{
|
||||||
char *fullpath;
|
if (path[0])
|
||||||
if (path[0] || base[0])
|
return fmt("%.*s%s/", baselen, base, path);
|
||||||
fullpath = fmt("/%s%s/", base, path);
|
|
||||||
else
|
else
|
||||||
fullpath = "/";
|
return fmt("%.*s/", baselen, base);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void print_dir(const unsigned char *sha1, const char *base,
|
||||||
|
int baselen, const char *path)
|
||||||
|
{
|
||||||
|
char *fullpath, *slash;
|
||||||
|
size_t len;
|
||||||
|
|
||||||
|
fullpath = buildpath(base, baselen, path);
|
||||||
|
slash = (fullpath[0] == '/' ? "" : "/");
|
||||||
ctx.page.etag = sha1_to_hex(sha1);
|
ctx.page.etag = sha1_to_hex(sha1);
|
||||||
cgit_print_http_headers(&ctx);
|
cgit_print_http_headers(&ctx);
|
||||||
htmlf("<html><head><title>%s</title></head>\n<body>\n"
|
htmlf("<html><head><title>%s", slash);
|
||||||
" <h2>%s</h2>\n <ul>\n", fullpath, fullpath);
|
html_txt(fullpath);
|
||||||
if (path[0] || base[0])
|
htmlf("</title></head>\n<body>\n<h2>%s", slash);
|
||||||
html(" <li><a href=\"../\">../</a></li>\n");
|
html_txt(fullpath);
|
||||||
|
html("</h2>\n<ul>\n");
|
||||||
|
len = strlen(fullpath);
|
||||||
|
if (len > 1) {
|
||||||
|
fullpath[len - 1] = 0;
|
||||||
|
slash = strrchr(fullpath, '/');
|
||||||
|
if (slash)
|
||||||
|
*(slash + 1) = 0;
|
||||||
|
else
|
||||||
|
fullpath = NULL;
|
||||||
|
html("<li>");
|
||||||
|
cgit_plain_link("../", NULL, NULL, ctx.qry.head, ctx.qry.sha1,
|
||||||
|
fullpath);
|
||||||
|
html("</li>\n");
|
||||||
|
}
|
||||||
match = 2;
|
match = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
static void print_dir_entry(const unsigned char *sha1, const char *path,
|
static void print_dir_entry(const unsigned char *sha1, const char *base,
|
||||||
unsigned mode)
|
int baselen, const char *path, unsigned mode)
|
||||||
{
|
{
|
||||||
const char *sep = "";
|
char *fullpath;
|
||||||
if (S_ISDIR(mode))
|
|
||||||
sep = "/";
|
fullpath = buildpath(base, baselen, path);
|
||||||
htmlf(" <li><a href=\"%s%s\">%s%s</a></li>\n", path, sep, path, sep);
|
if (!S_ISDIR(mode))
|
||||||
|
fullpath[strlen(fullpath) - 1] = 0;
|
||||||
|
html(" <li>");
|
||||||
|
cgit_plain_link(path, NULL, NULL, ctx.qry.head, ctx.qry.sha1,
|
||||||
|
fullpath);
|
||||||
|
html("</li>\n");
|
||||||
match = 2;
|
match = 2;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -92,12 +119,12 @@ static int walk_tree(const unsigned char *sha1, const char *base, int baselen,
|
|||||||
if (S_ISREG(mode))
|
if (S_ISREG(mode))
|
||||||
print_object(sha1, pathname);
|
print_object(sha1, pathname);
|
||||||
else if (S_ISDIR(mode)) {
|
else if (S_ISDIR(mode)) {
|
||||||
print_dir(sha1, pathname, base);
|
print_dir(sha1, base, baselen, pathname);
|
||||||
return READ_TREE_RECURSIVE;
|
return READ_TREE_RECURSIVE;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (baselen > match_baselen)
|
else if (baselen > match_baselen)
|
||||||
print_dir_entry(sha1, pathname, mode);
|
print_dir_entry(sha1, base, baselen, pathname, mode);
|
||||||
else if (S_ISDIR(mode))
|
else if (S_ISDIR(mode))
|
||||||
return READ_TREE_RECURSIVE;
|
return READ_TREE_RECURSIVE;
|
||||||
|
|
||||||
@ -134,7 +161,7 @@ void cgit_print_plain(struct cgit_context *ctx)
|
|||||||
if (!paths[0]) {
|
if (!paths[0]) {
|
||||||
paths[0] = "";
|
paths[0] = "";
|
||||||
match_baselen = -1;
|
match_baselen = -1;
|
||||||
print_dir(commit->tree->object.sha1, "", "");
|
print_dir(commit->tree->object.sha1, "", 0, "");
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
match_baselen = basedir_len(paths[0]);
|
match_baselen = basedir_len(paths[0]);
|
||||||
|
Loading…
Reference in New Issue
Block a user