Commit Graph

31 Commits

Author SHA1 Message Date
Jason A. Donenfeld
aa6d5b105d simple-authentication: style
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-23 00:58:07 +01:00
Jason A. Donenfeld
9dde6d38e9 auth: document tweakables in lua script
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17 15:34:44 +01:00
Jason A. Donenfeld
a431326e8f auth: have cgit calculate login address
This way we're sure to use virtual root, or any other strangeness
encountered.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 23:21:54 +01:00
Jason A. Donenfeld
df00ab1096 auth: lua string comparisons are time invariant
By default, strings are compared by hash, so we can remove this comment.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 19:47:35 +01:00
Jason A. Donenfeld
b826537cb4 authentication: use hidden form instead of referer
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 12:13:39 +01:00
Jason A. Donenfeld
d6e9200cc3 auth: add basic authentication filter framework
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.

Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.

Very plugable and extendable depending on user needs.

The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16 02:28:12 +01:00
Christian Hesse
8ae1d8b8fd email-gravatar: fix html syntax issues
an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified
2014-01-15 14:43:02 +01:00
Jason A. Donenfeld
5bda21faf4 email-gravatar: do not scale icons up
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 18:57:51 +01:00
Jason A. Donenfeld
6ca734da8f filter: allow returning exit code from filter
Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 18:09:52 +01:00
Christian Hesse
1167dbb95b email-gravatar: fix html syntax issues
* make ampersand a html entity
* add required alt attribute
* add required img end tag
2014-01-14 13:55:44 +01:00
Christian Hesse
46176eca7f email-gravatar.py: fix UTF-8 2014-01-14 13:55:35 +01:00
Christian Hesse
50287e7912 email-gravatar.lua: fix for lua 5.2 2014-01-14 13:55:25 +01:00
Jason A. Donenfeld
786609bd36 filter: add page source to email filter
Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Jason A. Donenfeld
e942a1622b filter: add gravatar scripts
The lua one is hugely faster than the python one, but both are included
for comparison.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14 02:00:07 +01:00
Stefan Tatschner
ceffeb5d52 filters: Improved syntax-highlighting.py
- Switched back to python2 according to a problem in pygments with python3.
  With the next release of pygments this problem should be fixed.
  Issue see here:
  https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
  that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
  -> At first use guess_lexer_for_filename for a better detection of the used
     programming languages (even mixed cases will be detected, e.g. php + html).
  -> If nothing was found look if there is a shebang and use guess_lexer.
  -> As default/fallback choose TextLexer.

Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
2014-01-13 22:48:51 +01:00
Přemysl Janouch
b6da53dd75 Fix UTF-8 with syntax-highlighting.py
Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
2014-01-08 16:49:42 +01:00
Přemysl Janouch
f1fb521a05 Fix about-formatting.sh
dash failed to parse the script.

Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
2014-01-08 16:46:51 +01:00
Ferry Huberts
09a28d761e filters: highlight.sh: add css comments for highlight 2.6 and 3.8
v2: add highlight 3.13 as present on Fedora 19

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2014-01-08 16:41:26 +01:00
Jason A. Donenfeld
6d6f8bdeed filters: toggle perl utf8 situation
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-28 07:55:40 +02:00
Jason A. Donenfeld
8149be213f filters: import more modern scripts
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27 21:54:16 +02:00
Jason A. Donenfeld
7ea35f9f8e syntax-highlighting.sh: Fix command injection.
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.

This patch adds simple argument quoting.
2012-10-27 20:05:50 -06:00
Ferry Huberts
d14faf4424 syntax-highlight: when the file has no extension, assume text
There are 2 situations:
1- empty extension: assuming text is better than highlight
   producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
   the extension to the filename, which is what now happens.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2012-10-09 13:19:12 +02:00
Ferry Huberts
2ad9063cb5 Revert "filters/syntax-highlighting.sh: work around highlight --force bug"
This reverts commit f50be7fda0.

An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2012-10-09 13:12:09 +02:00
Lars Hjemli
08352c7a02 Merge branch 'stable' 2012-03-18 20:23:30 +00:00
Ferry Huberts
f50be7fda0 filters/syntax-highlighting.sh: work around highlight --force bug 2012-03-18 20:12:36 +00:00
Ferry Huberts
375353caff filters/highlight.sh: manually support highlight version 2 and 3 2012-03-18 20:12:35 +00:00
Ferry Huberts
afdff8dc13 commit-links.sh: improve regular expressions
The default length for sha1 abbreviations in git is 7.

A '#num' at the beginning of the commit message is now
recognised, a ':#num' as well, etc.: a '#num' anywhere
is now converted to a link.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-19 07:12:02 +00:00
Ferry Huberts
b2cf630a4b filters: document environment variables in filter scripts
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 11:03:42 +01:00
Jeff Smith
f914317126 commit-links.sh: Seperate the expressions for filtering commit messages.
This allows for putting descriptions closer to their expressions.  It
should also make it clearer how to apply an expression conditionally.
2010-07-22 23:49:23 +02:00
Georg Lukas
56522ebe13 syntax highlighting for all formats supported by "highlight"
The highlight tool can be given any of the supported file extensions
as its -S parameter. This patch replaces the case-switch by extracting
the extension from the supplied file name and passing it to highlight.
However, this requires a shell supporting the ${var##pattern} syntax,
like dash or bash.

Unknown extensions cause a fall-back to plain text using the --force
switch. Error messages are redirected to /dev/null.

A special case maps Makefile and Makefile.* to the "mk" extension.

The total overhead is reduced by calling "exec highlight". No forks are
needed during script execution.

Signed-off-by: Georg Lukas <georg@op-co.de>
2009-11-19 12:14:45 +01:00
Lars Hjemli
e6cd7121ed Add some example filter scripts
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2009-08-09 14:56:23 +02:00