Commit Graph

73 Commitit

Tekijä SHA1 Viesti Päivämäärä
Lukas Fleischer
36bdb2171f Replace most uses of strncmp() with prefixcmp()
This is a preparation for replacing all prefix checks with either
strip_prefix() or starts_with() when Git 1.8.6 is released.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-10 17:01:29 +01:00
Lukas Fleischer
f7f26f8875 Update copyright information
* Name "cgit Development Team" as copyright holder to avoid listing
  every single developer.

* Update copyright ranges.

Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
2014-01-08 15:10:49 +01:00
Jason A. Donenfeld
7fb12a8ee0 ui-summary: do not free ref
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-28 09:31:45 +02:00
Jason A. Donenfeld
dcbc0438b2 readme: use string_list instead of space deliminations
Now this is possible in cgitrc -

readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install

Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-26 16:30:03 +02:00
Jason A. Donenfeld
fe36f84d84 ui-summary: Disallow directory traversal
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:

http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd
http://data.zx2c4.com/cgit-directory-traversal.png

This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.

This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.

This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
cd4c77d989 readme: Accept multiple candidates and test them.
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
c0dfaf1c28 ui-summary: Pass filename to about-filter
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.

While we're at it, plug a memory leak.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
Jason A. Donenfeld
3cb5d86dc6 ui-summary: Use default branch for readme if : prefix
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-25 20:33:28 +02:00
John Keeping
fb3655df3b use struct strbuf instead of static buffers
Use "struct strbuf" from Git to remove the limit on file path length.

Notes on scan-tree:
This is slightly involved since I decided to pass the strbuf into
add_repo() and modify if whenever a new file name is required, which
should avoid any extra allocations within that function.  The pattern
there is to append the filename, use it and then reset the buffer to its
original length (retaining a trailing '/').

Notes on ui-snapshot:
Since write_archive modifies the argv array passed to it we
copy the argv_array values into a new array of char* and then free the
original argv_array structure and the new array without worrying about
what the values now look like.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 16:12:52 +02:00
John Keeping
8f20879431 Always #include corresponding .h in .c files
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.

Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 15:45:34 +02:00
Lukas Fleischer
977a3ad7bf ui-summary.c: Move urls variable into print_urls()
There's no need for this variable to be global. Printing the header in
print_urls() instead of print_url() allows for moving this variable into
print_urls() without having to pass any status to print_url().

Note that this only works as long as we don't call print_urls() more
than once.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-20 21:08:32 +01:00
Lukas Fleischer
ef8a97d9c6 Fix colspan values
This fixes a couple of minor oversights in previous commits and adjusts
all cells using colspan to use the correct width.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-20 21:08:32 +01:00
Tobias Bieniek
792f813d34 ui-log: Add "commit-sort" option for controlling commit ordering
This makes it possible to use strict commit date ordering or strict
topological ordering by passing the corresponding flags to "git log".

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2012-10-17 16:30:29 +02:00
Lars Hjemli
a1429dbc89 cgit.c: add 'clone-url' setting with support for macro expansion
The current 'clone-prefix' setting has some known issues:
* All repos get the same 'clone-prefix' value since the setting is not
  adopted during repo registration (in cgitrc, or during scan-path traversal),
  but only when the setting is used.
* The generated clone-urls for a repo is a combination of 'clone-prefix', a
  slash and the repo url. This doesn't work well with e.g. ssh-style urls
  like 'git@example.org:repo.git', since the inserted slash will make the
  repo relative to the filesystem root.
* If 'remove-suffix' is enabled, the generated clone-urls will not work for
  cloning (except for http-urls to cgit itself) since they miss the '.git'
  suffix.

The new 'clone-url' setting is designed to avoid the mentioned issues:
* Each repo adopts the default 'clone-url' when the repo is defined. This
  allows different groups of repos to adopt different values.
* The clone-urls for a repo is generated by expanding environment variables
  in a string template without inserting arbitrary characters, hence any
  kind of clone-url can be generated.
* Macro expansion also eases the 'remove-suffix' pain since it's now
  possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for
  a set of repos. A furter improvement would be to define e.g.
  $CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified,
  or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before
  suffix removal.

Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 23:04:30 +00:00
Lars Hjemli
3ec6b30950 cgit.c: always setup cgit repo environment variables
When cgit learned to setup environment variables for certain repo
settings before invoking a filter process, the setup occurred inside
cgit_open_filter().

This patch moves the setup out of cgit_open_filter() and into
prepare_repo_cmd() to prepare for additional uses of these variables.

Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 23:03:46 +00:00
Ferry Huberts
d87bba846d cgit_open_filter: also take the repo as a parameter
To prepare for handing repo configuration to the
filter script that is executed.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 11:03:42 +01:00
Johan Herland
ad230267f8 ui-log: Line-wrap long commit subjects when showmsg is enabled
When showmsg is disabled ui-log truncates long commit subjects. This is good.
However, the same is not desirable when showmsg is enabled, since you then
end up with a truncated commit subject followed by the rest of the commit
message below.

Instead, when showmsg is enabled (and we're using all this space to display
the entire commit message, anyway), line-wrap the commit subject instead of
truncating it.

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-16 08:18:37 +01:00
Lars Hjemli
515edb0da3 Add support for "readme" option
The value of this option is used as the default value for repo.readme.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-08-22 13:35:47 +02:00
Jason A. Donenfeld
379e80e3a8 Support refspecs in about-filter.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-08-20 18:57:30 +02:00
Lars Hjemli
537c05f138 Add 'about-filter' and 'repo.about-filter' options
These options can be used to execute a filter command on each about-page,
both top-level and for each repository (repo.about-filter can be used
to override the current about-filter).

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-08-09 13:41:54 +02:00
Lars Hjemli
e1782fff8a ui-summary: enable arbitrary paths below repo.readme
This change makes it possible to include any number of pages below
the 'about' tab for a repository. The path is assumed to be located
in the same directory as the 'repo.readme' file.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-08-09 13:41:54 +02:00
Lars Hjemli
0071aa8612 ui-summary: use html_url_path()
This makes the clone urls be properly escaped.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05 21:21:42 +02:00
Lars Hjemli
78af25ccac ui-summary: show clone urls
If either repo.clone-url or clone-prefix is specified in cgitrc, all
space-separated values in the config option is printed as a possible
clone url on the repo summary page.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-07-27 11:54:06 +02:00
Lars Hjemli
90f64ad96d Prepare for 'about repo' page
Each repo can include an external file which used to be included on the
top of the summary page, but it will now soon get a page of it own.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-28 23:06:57 +02:00
Lars Hjemli
5764fe9546 Make branches, tags and log play better together in the summary view
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-14 22:13:38 +02:00
Lars Hjemli
c5984a9896 Add separate header-files for each page/view
Yet another step towards removing cgit.h.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-24 16:38:47 +01:00
Lars Hjemli
b1f9b9c145 Introduce html.h
All html-functions can be quite easily separated from the rest of cgit, so
lets do it; the only issue was html_filemode which uses some git-defined
macros so the function is moved into ui-shared.c::cgit_print_filemode().

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-18 08:13:10 +01:00
Lars Hjemli
d1f3bbe9d2 Move cgit_repo into cgit_context
This removes the global variable which is used to keep track of the
currently selected repository, and adds a new variable in the cgit_context
structure.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-16 13:56:09 +01:00
Lars Hjemli
b228d4ff82 Add all config variables into struct cgit_context
This removes another big set of global variables, and introduces the
cgit_prepare_context() function which populates a context-variable with
compile-time default values.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-16 13:10:50 +01:00
Lars Hjemli
d14d77fe95 Introduce struct cgit_context
This struct will hold all the cgit runtime information currently found in
a multitude of global variables.

The first cleanup removes all querystring-related variables.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-16 12:07:28 +01:00
Lars Hjemli
2915483ef6 Fix html error detected by test-suite
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-11 13:04:28 +01:00
Lars Hjemli
51140311bb Add search parameters to cgit_log_link
This makes the [prev] and [next] links work correctly on search results.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-03 10:42:37 +01:00
Lars Hjemli
0c8e184e9c Change the cgit layout
This modifies and hopefully improves the layout of all cgit pages:

  * Remove the header from all pages and replace it with a sidebar;
    most pages have sufficient width but many needs more height.

  * Add a dropdown-box to switch between branches, using a one-liner
    javascript to reload the current page in context of the selected branch.

  * Include refs found below refs/archives in the sidebar, appearing as a
    set of menuitems below a 'download' heading.

  * Include the brand new cgit logo

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-30 13:38:34 +01:00
Lars Hjemli
cbcdbcf2bf Make print_branch() handle refs not pointing at commits
The master branch of stable/linux-2.6.20 currently references a tag
object, which makes print_branch() die with a segfault. This teaches
print_branch() to handle such cases more gracefully.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28 15:38:19 +01:00
Lars Hjemli
68ca032dbe Teach log search about --grep, --author and --committer
This makes the log searching more explicit, using a dropdown box to specify
the commit field to match against.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28 15:23:00 +01:00
Lars Hjemli
b4d4a25aa4 Cleanup code introduced by the filter-refs topic
The functions used to print branches and tags were only half-done and
somewhat confused. Fix it.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 13:34:17 +02:00
Lars Hjemli
ac1f493b6b Add links to the new refs page from summary page
If either branches or tags are filtered on the summary page, add a link to
refs/heads and/or refs/tags right below the last branch/tag.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:28 +02:00
Lars Hjemli
8efb05f98a Make cgit_print_branches()/cgit_print_tags() external
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:27 +02:00
Lars Hjemli
763a6a09de Add support for config param summary-branches
This parameter can be used to specify max number of branches to show
on the summary page (if not all branches will be displayed, the "most
idle" branches are the ones to be pruned). The default value for this
parameter is 0, which disables the pruning.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:27 +02:00
Lars Hjemli
f6310fec78 Move logic for age comparision from cmp_tag_age into cmp_age()
Simple refactoring to enable later filtering of branches based on age.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:27 +02:00
Lars Hjemli
fe211c7eef Add support for config param summary-tags
This parameter can be used to specify max number of tags to show on
the summary page. If not specified, all tags are printed.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:27 +02:00
Lars Hjemli
ef1cc6ef94 Sort tags by age
This adds a function to compare timestamps and then uses it as callback
for qsort() before printing out tags.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 10:53:19 +02:00
Lars Hjemli
502d71072a Use reflist to print tag info
This updates ui-summary.c to use a reflist instead of for_each_tag_ref(),
as a step towards more flexible tag handling (filtering/sorting).

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 09:34:15 +02:00
Lars Hjemli
0c1ebce204 Use reflist to print branch info
This updates ui-summary.c to use a reflist instead of for_each_branch_ref(),
as a step towards more flexible branch handling (filtering/sorting).

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-27 09:34:15 +02:00
Lars Hjemli
4e9107abfe Add ui-tag.c
This file implements the tag-command, i.e. printing of annotated tags.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-07-22 23:44:57 +02:00
Lars Hjemli
103940fe6b Add ofs argument to cgit_log_link and use it in ui-log.c
This fixes a bug in the prev/next links on the log page: when on the default
branch the links to prev/next page would contain h=(null).

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-06-29 20:31:00 +02:00
Lars Hjemli
42a7eb9c73 Add cgit_commit_link() + support for id=sha1 to commit view
This adds a function to generate links to the commit page and extends said
page to use id from querystring as primary revision specified (fallback to
h).

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-06-17 14:53:02 +02:00
Lars Hjemli
48c487d72d Add git_log_link() and fix bug in generic repolink function
The generic repolink function compared head with cgit_query_head, which
almost always would be the same pointer. The test now compares with
repo.defbranch, which is the wanted behavour.

Bug discovered while adding cgit_log_link(), so this commit also contain
that change.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-06-17 13:57:51 +02:00
Ondrej Jirman
51a960a3ca Implemented configurable HEAD shortlog on summary page.
This mirrors similiar functionality in gitweb. After clicking on
project on projectlist you will immediatelly see quick summary
of last N commits on HEAD.

[lh: changed from HEAD to cgit_query_head]

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-31 10:25:48 +02:00
Ondrej Jirman
1a63cfcc3d Use &amp; instead of & in URLs.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-31 10:18:38 +02:00