aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2011-06-12Merge branch 'stable'Lars Hjemli1-19/+46
2011-06-12ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()Lars Hjemli1-19/+46
This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-06Merge branch 'stable'Lars Hjemli1-0/+2
2011-06-06scan-tree.c: avoid memory leakJamie Couture1-0/+2
No references are kept to the memory pointed to by the 'rel' variable, so it should be free()'d before returning from add_repo(). Signed-off-by: Jamie Couture <jamie.couture@gmail.com> Signed-off-by: Lars Hjemli <larsh@hjemli.net>
2011-06-02Merge branch 'stable'Lars Hjemli3-12/+1
2011-06-02ui-log.c: do not link from age columnLars Hjemli2-10/+1
The link url wasn't properly escaped, and since the link was identical to the one used on the commit message it didn't serve any special purpose. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-02ui-snapshot.c: remove debug cruftLars Hjemli1-2/+0
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-31ui-stats.c: fix invalid htmlLars Hjemli1-1/+1
Found by http://validator.w3.org. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30Merge branch 'stable'Lars Hjemli1-1/+3
2011-05-30Properly escape ampersands inside HTML attributesLukas Fleischer1-1/+3
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30ui_repolist: get modtime from packed-refs as fallbackFerry Huberts1-3/+12
When no modtime could be determined then as a final fallback try to get it from the packed-refs. This will show an idle time when a repository has been packed with all refs in the packed-refs. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Merge branch 'lh/panel'Lars Hjemli8-62/+124
2011-05-23Merge branch 'fh/filter-api'Lars Hjemli11-21/+127
Conflicts: cgit.c
2011-05-23Merge branch 'stable'Lars Hjemli9-29/+61
2011-05-23fix virtual-root if script-name is ""Mark Lodato1-1/+4
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set from script-name using trim_end(). However, if script-name was the empty string (""), which happens when cgit is used to serve the root path on a domain (/), trim_end() returns NULL and cgit acts like virtual-root is not available. Now, set virtual-root to "" in this case, which fixes this bug. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23ui-repolist.c: do not return random/stale data from read_agefileLars Hjemli1-1/+1
When git/date.c:parse_date() cannot parse its input it returns -1. But read_agefile() checks if the result is different from zero, essentialy returning random data from the date buffer when parsing fails. This patch fixes the issue by verifying that the result from parse_date() is positive. Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Avoid null pointer dereference in cgit_print_diff().Lukas Fleischer1-2/+6
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev, checking for new_rev's parent commit will result in a null pointer dereference. Returning on an invalid commit before dereferencing fixes this. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Avoid null pointer dereference in reencode().Lukas Fleischer1-1/+4
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix memory leak in http_parse_querystring().Lukas Fleischer1-2/+3
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Remove unused variable from cgit_diff_tree().Lukas Fleischer1-3/+2
Seen with "-Wunused-but-set-variable". Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23shared.c: do not modify const memoryLars Hjemli1-11/+3
Noticed-by: zhongjj <zhongjj@lemote.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23tests: add tests for links with space in path and/or argsLars Hjemli3-3/+19
These tests tries to detect bad links in various pages. On the log page, there currently exists links which are not properly escaped due to the use of cgit_fileurl() when building the link. For now, this bug is simply tagged as such. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23tests/setup.sh: add support for known bugsLars Hjemli1-1/+13
This patch makes it possible to add tests for known bugs without aborting the testrun. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix escaping of paths with spacesJonathon Mah1-4/+6
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-14Merge branch 'dm/disable-clone'Lars Hjemli5-23/+40
2011-03-26Merge branch 'stable'Lars Hjemli2-11/+18
2011-03-26Add advice about scan-path in cgitrc.5.txtJulius Plenz1-2/+3
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26fix two encoding bugsJulius Plenz1-9/+15
reencode() takes three arguments in the order (txt, from, to), opposed to reencode_string, which will, like iconv, handle the arguments with from and to swapped. Fix that (this makes reencode more intuitive). If src and dst encoding are equivalent, don't do any encoding. If no special encoding parameter is found within the commit, assume UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode() mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example. Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26make enable-log-linecount independent of -filecountJulius Plenz1-15/+14
You should be able to independently switch file and line count on and off. This patch makes the code work like the documentation suggests: no dependency for line counts to be displayed only when file counts are. Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26new_filter: correctly initialise all arguments for a new filterFerry Huberts1-2/+4
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26source_filter: fix a memory leakFerry Huberts1-0/+2
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgitrc.5: tar.xz is a supported snapshot formatLars Hjemli1-1/+2
When tar.xz support was added in 0642435fed (2009-12-08: Add .tar.xz-snapshot support), cgitrc.5 was not updated to match. This patch fixes the issue. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26Fix crash when projectsfile cannot be openedStefan Gehn1-0/+1
This patch makes cgit properly abort in case the projectsfile cannot be opened. Without the added return cgit continues using the projects pointer which is NULL and thus causes a segfault.
2011-03-26shared.c: use execvp() to execute filter commandsLars Hjemli1-57/+11
This reintroduces the use of execvp(), since the filter commands doesn't always contain an absolute path (i.e. snapshot compression filters). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26filters: document environment variables in filter scriptsFerry Huberts3-5/+64
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgit_open_filter: hand down repo configuration to scriptFerry Huberts1-1/+77
The environment variables can be used to (for example) resolve the following situation: Suppose a server setup in which each repository has a trac instance; the commit filter needs to know with which repository it's dealing in order to be able to resolve the #123 ticket numbers in the commit messages into hyperlinks into the correct trac instance. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgit_open_filter: also take the repo as a parameterFerry Huberts7-9/+9
To prepare for handing repo configuration to the filter script that is executed. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26new_filter: determine extra_args from filter typeFerry Huberts2-7/+24
Currently the number of extra arguments is linked hard to the type of the filter. This is also logical since it would be confusing to have a different number of arguments for the same type of filter depending on the context under which the filter is run (unless ofcourse one the parameters would make the context clear, which is currently not the case). Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-07ui-stats.c: create a control panel for stat optionsLars Hjemli1-24/+27
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06ui-diff.c: create a control panel for diff optionsLars Hjemli5-38/+88
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06html.c: add html_intoption()Lars Hjemli2-0/+9
This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05CGIT 0.9v0.9Lars Hjemli1-1/+1
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Update READMELars Hjemli1-8/+1
2011-03-05ui-diff.c: avoid html injectionLukasz Janyst1-2/+5
When path-filtering was used in commit-view, the path filter was included without proper html escaping. This patch closes the hole. Signed-off-by: Lukasz Janyst <ljanyst@cern.ch> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Merge branch 'stable'Lars Hjemli4-6/+7
2011-03-05CGIT 0.8.3.5v0.8.3.5Lars Hjemli1-1/+1
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Avoid trailing slash in virtual-rootLars Hjemli1-2/+3
When setting virtual-root from cgitrc, care is taken to avoid trailing slashes. But when no virtual-root setting is specified, SCRIPT_FILE from the web server is used without similar checks. This patch fixes the inconsistency, which could lead to double-slashes in generated links. Noticed-by: Wouter Van Hemel <wouter@duodecim.org> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering1-1/+1
When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19Return 404 on command not foundDan McGee1-1/+3
We were returning 200 before. Even 404 is questionable in all cases, but 200 was totally wrong. Also match the case of all of the "Not found" status messsages. Signed-off-by: Dan McGee <dpmcgee@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19Allow disabling of HTTP clone URLsDan McGee3-0/+14
If advertising other URLs to your users, you may not want to make this available through cgit (e.g. if you have the smart HTTP transport set up elsewhere). Allow disabling the three magic commands that simulate the git server, but default it to enabled. Signed-off-by: Dan McGee <dpmcgee@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>