1397 Tiomáintí

Údar SHA1 Teachtaireacht Dáta
Jason A. Donenfeld
c34e28835b forms: action should not be empty
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-05-12 21:29:49 +02:00
Juuso Lapinlampi
9afda36ed7 ui-shared: Remove a name attribute with an empty value
The name attribute is optional in an input element, but it must not be
an empty value.

See: https://html.spec.whatwg.org/#attr-fe-name
See: https://html.spec.whatwg.org/#the-input-element
2016-05-12 17:43:36 +02:00
Juuso Lapinlampi
8d05b398bb ui-shared: HTML-ize DOCTYPE and <html>
Get rid of the XHTML headers, bringing cgit slowly to the modern age of
HTML.
2016-05-12 17:38:01 +02:00
Juuso Lapinlampi
80f12b3e7e ui-shared: Simplify cgit_print_error_page() logic 2016-05-12 17:38:00 +02:00
Christian Hesse
86bf5b4791 git: update to v2.8.2
Update to git version v2.8.2.

* Upstream commit 1a0c8dfd89475d6bb09ddee8c019cf0ae5b3bdc2 (strbuf: give
  strbuf_getline() to the "most text friendly" variant) changed API.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-05-12 17:23:29 +02:00
Tim Nordell
59d8fa1a62 ui-log: Simplify decoration code
The decoration code inside of git returns the decoration type, so
utilize this to create the decoration spans.  Additionally, use
prettify_refname(...) to get the shorter name for the ref.

Signed-off-by: Tim Nordell <tim.nordell@logicpd.com>
2016-05-12 17:19:20 +02:00
Tim Nordell
499b23979c ui-log: Do not always emit decoration span
The decoration span does not need to be emited if there aren't
any decorations to show.  This modification saves slightly
on bandwidth.

Signed-off-by: Tim Nordell <tim.nordell@logicpd.com>
2016-05-12 17:17:02 +02:00
Matt Comben
39735d95ca Renamed repo-specific configuration for enable-html-serving in cgitrc.5.txt 2016-03-08 14:42:26 +01:00
Jason A. Donenfeld
e9cbdf6463 ui-shared: redirect should not exit early for cache
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-02-26 13:24:35 +01:00
Jason A. Donenfeld
09a3aa5ae7 about: path_info might not be valid 2016-02-26 13:14:52 +01:00
Jason A. Donenfeld
c424b5cb02 tabs: do not use target=_blank 2016-02-23 15:35:32 +01:00
Jason A. Donenfeld
46ff6e1993 css: fix indentation 2016-02-23 15:15:57 +01:00
Christian Hesse
a0d22c391e css: use less blurry icon for external link
Your mileage may vary, but for me the old icon looks blurry. The new
one is character 0xf08e from OTF font awsome in size 10.
The icon color is black, gray level is adjusted via opacity.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-02-23 15:15:57 +01:00
Jason A. Donenfeld
1892cd9a60 md2html: Do syntax highlighting too 2016-02-23 15:00:05 +01:00
Christian Hesse
a9e9dfc55f git: update to v2.7.2
Update to git version v2.7.2, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-02-23 03:16:26 +01:00
Joe Anakata
de6098be6a ui-plain: fix to show a repo's root directory listing in plain view
This is to fix the case of accessing http://host.com/cgit.cgi/repo.git/plain/

There is code here to make this case work (match_baselen is set to -1
for top-of-the-tree views) but the unsigned to signed comparison was
always false in this case, causing an empty directory listing without
this fix.

Signed-off-by: Joe Anakata <jea-signup-github@anakata.org>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-02-22 18:46:33 +01:00
Jason A. Donenfeld
94c02bbf73 cmd: redirect empty about/ to homepage or summary
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-02-22 18:40:15 +01:00
Jason A. Donenfeld
5f2664f13c ui-shared: add homepage to tabs
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2016-02-22 18:40:13 +01:00
John Keeping
75298209bf ui-atom: avoid DATE_STRFTIME
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.

Since Atom accepts ISO8601 dates [1], we can use Git's
DATE_ISO8601_STRICT instead, which does get this right.  Additionally,
we never use the local timezone here so we can use the
date_mode_from_type() wrapper to simplify the code a bit.

[1] https://tools.ietf.org/html/rfc4287#section-3.3

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 18:29:11 +01:00
John Keeping
9c15f3c695 Avoid DATE_STRFTIME for long/short dates
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.

Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much
perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a
date_mode_type directly in cgit_date_mode().

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 18:28:18 +01:00
John Keeping
bdcbe0922d ui-stats: cast pointer before checking for zero
We abuse the "void *util" field as a counter and recently started to
cast it to a uintptr_t to avoid risking nasal demons by performing
arithmetic on a void pointer.

However, compilers are also known to do "interesting" things if they
know that a pointer is or isn't NULL.  Make this safer by checking if
the counter (after casting) is non-zero rather than checking if the
pointer is non-null.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 18:27:38 +01:00
Jason A. Donenfeld
a8b9ef8c1c ui-stats: if we're going to abuse void*, do it safely 2016-02-08 14:35:47 +01:00
Christian Hesse
85ec9f0211 git: update to v2.7.1
Update to git version v2.7.1, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-02-08 14:24:52 +01:00
John Keeping
17c74eefa4 ui-shared: remove cgit_print_date()
There are no longer any users of this function.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:23:16 +01:00
John Keeping
eb80b4edad ui-atom: use show_date directly for atom dates
This will allow us to remove cgit_print_date and use Git's show_date
consistently.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:23:02 +01:00
John Keeping
e68c86e8c5 ui-shared: use show_date for footer timestamp
Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:22:42 +01:00
John Keeping
f2a901d2e1 ui: show ages in the originator's timezone
This affects the tooltip showing the full time and the case when a date
is sufficiently old to be shown in full rather than as an offset.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:22:21 +01:00
John Keeping
21dcf10386 ui-{commit,tag}: show dates in originator's timezone
This is done by switching to Git's show_date() function and the mode
given by cgit_date_mode().

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:21:56 +01:00
John Keeping
360af46fac ui-shared: add cgit_date_mode()
This returns the correct mode value for use with Git's show_date() based
on the current CGit configuration and will be used in the following
patches.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:21:34 +01:00
John Keeping
45c87ca1c3 parsing: add timezone to ident structures
This will allow us to mimic Git's behaviour of showing times in the
originator's timezone when displaying commits and tags.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:20:08 +01:00
John Keeping
57ea1aa2a5 ui-shared: remove "format" from cgit_print_age()
We never use any format other than FMT_SHORTDATE, so move that into the
function.

Signed-off-by: John Keeping <john@keeping.me.uk>
2016-02-08 14:19:33 +01:00
Jason A. Donenfeld
23f7dadaab ui-tree: put reverse path in title 2016-01-18 16:13:29 +01:00
Jason A. Donenfeld
d3756bd7b0 syntax-highlighting: always use utf-8 to avoid ascii codec issues 2016-01-18 11:14:06 +01:00
John Keeping
33bc949a1e cache: don't check for match with no key
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header.  Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length.  Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.

Coverity-id: 13807
Signed-off-by: John Keeping <john@keeping.me.uk>
2016-01-17 17:05:39 +01:00
John Keeping
3fbfced740 cache: use size_t for string lengths
Avoid integer truncation on 64-bit systems.

Coverity-id: 13864
Signed-off-by: John Keeping <john@keeping.me.uk>
2016-01-17 17:05:19 +01:00
John Keeping
baa5ad1f80 ui-log: handle parse_commit() errors
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.

There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.

Coverity-id: 13801
Signed-off-by: John Keeping <john@keeping.me.uk>
2016-01-17 17:05:00 +01:00
Jason A. Donenfeld
e64d5e04c3 Bump version 2016-01-14 15:43:54 +01:00
Jason A. Donenfeld
c326f3eb02 ui-plain: add enable-html-serving flag
Unrestricts plain/ to contents likely to be executed by browser.
2016-01-14 15:42:56 +01:00
Jason A. Donenfeld
9ca2566972 ui-blob: set CSP just in case 2016-01-14 14:43:43 +01:00
Jason A. Donenfeld
92996ac2a6 ui-blob: always use generic mimetypes 2016-01-14 14:31:53 +01:00
Jason A. Donenfeld
1c581a0726 ui-blob: Do not accept mimetype from user 2016-01-14 14:31:13 +01:00
Jason A. Donenfeld
513b3863d9 ui-shared: prevent malicious filename from injecting headers 2016-01-14 14:28:37 +01:00
Jason A. Donenfeld
4291453ec3 ui-shared: Avoid new line injection into redirect header 2016-01-14 14:18:17 +01:00
Peter Colberg
4c69241b05 Fix missing prototype declarations
Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-14 14:02:29 +01:00
Peter Colberg
9abe4a26a9 ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.

Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-13 17:19:34 +01:00
Peter Colberg
a4014d0dbf ui-repolist: extract repo visibility criteria to separate function
Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-13 17:16:15 +01:00
Lukas Fleischer
da1b89710f Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2016-01-13 17:14:01 +01:00
Christian Hesse
559ab5ecc4 git: update to v2.7.0
Update to git version v2.7.0.

* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
  get_object_hash.) changed API:

  Convert all instances of get_object_hash to use an appropriate
  reference to the hash member of the oid member of struct object.
  This provides no functional change, as it is essentially a macro
  substitution.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-01-13 17:12:17 +01:00
Christian Hesse
6edc84bc44 ui-repolist: initialize char *buf to NULL
readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-01-13 17:09:39 +01:00
Jason A. Donenfeld
4458abf641 filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.

Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-11-24 11:31:43 +01:00