aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2014-01-17mailmap: source before lighttpdJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17ui-shared: do not allow negative minutesJason A. Donenfeld1-0/+2
Do to timestamp differences, sometimes cgit would should "-0 min", which doesn't make any sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld1-0/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17repolist: make owner clickable to searchJason A. Donenfeld1-0/+6
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17ui-shared: move about tab all the way to the leftJason A. Donenfeld1-4/+4
There were no objections (at the time of committing this): http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17filter: don't forget to reap the auth filterJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17cgit.c: free tmp variableJason A. Donenfeld1-0/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17Switch to exclusively using global ctxLukas Fleischer19-442/+437
Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-16auth: have cgit calculate login addressJason A. Donenfeld6-10/+16
This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld1-2/+2
By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld3-94/+131
This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld6-16/+387
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16t0111: Additions and fixesLukas Fleischer4-10/+10
* Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-16parsing.c: Remove leading space from committerLukas Fleischer1-1/+1
This did not really break anything in the past since spaces are ignored when rendering HTML. Remove the preceding space anyway to prevent from potential future problems. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15Add .mailmapLukas Fleischer1-0/+10
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15t0111: Add basic tests for Lua filtersLukas Fleischer5-36/+63
* Validate the email filter by manipulating stdin. Additional checks for all the arguments can be added in a later patch. * Add the exec prefix to all informational messages. * Rename the filter repository to filter-exec. The Git repository itself is not renamed since it can be shared amongst all filter types. * In the filter checks, check whether all arguments are passed properly instead of validating the buffer/stdin only. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15email-gravatar: fix html syntax issuesChristian Hesse2-2/+2
an attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
2014-01-14email-gravatar: do not scale icons upJason A. Donenfeld2-2/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: allow returning exit code from filterJason A. Donenfeld3-6/+12
Filters can now indicate a status back to cgit by means of the exit code for exec, or the return value from close for Lua. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14tests/: Add t0111-filter.shLukas Fleischer4-0/+57
This adds basic tests for all types of exec filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14email-gravatar: fix html syntax issuesChristian Hesse2-2/+2
* make ampersand a html entity * add required alt attribute * add required img end tag
2014-01-14email-gravatar.py: fix UTF-8Christian Hesse1-0/+4
2014-01-14email-gravatar.lua: fix for lua 5.2Christian Hesse1-1/+1
2014-01-14makefile: only display lua message onceJason A. Donenfeld1-8/+7
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14README: document lua makefile flagsJason A. Donenfeld1-0/+16
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14cgitrc.5.txt: Fix documentation of the snapshot maskLukas Fleischer1-6/+7
Mention that the snapshot setting only specifies the formats that links are generated for and not the set of formats that are accessible via HTTP. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14makefile: auto-detect presence of various Lua, bsdJason A. Donenfeld1-10/+37
We favor LuaJIT over Lua. We disable Lua if neither can be found. We error out if a particular Lua is specified via LUA_IMPLEMENTATION=JIT or LUA_IMPLEMENTATION=VANILLA, but cannot be found. We print a status message depending on what happens. Also, we do not link against libdl on the BSDs, since they include it as part of libc. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: style tweaksJason A. Donenfeld1-11/+11
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add page source to email filterJason A. Donenfeld8-15/+21
Since the email filter is called from lots of places, the script might benefit from knowing the origin. That way it can modify its contents and/or size depending. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add gravatar scriptsJason A. Donenfeld2-0/+58
The lua one is hugely faster than the python one, but both are included for comparison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add support for email filterJason A. Donenfeld9-2/+47
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: return on null filter from open and closeJason A. Donenfeld4-22/+14
So that we don't have to include the if(filter) open_filter(filter) block everywhere, we introduce the guard in the function itself. This should simplify quite a bit of code. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add lua supportJason A. Donenfeld4-3/+235
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: basic write hooking infrastructureJason A. Donenfeld4-23/+67
Filters can now call hook_write and unhook_write if they want to redirect writing to stdout to a different function. This saves us from potential file descriptor pipes and other less efficient mechanisms. We do this instead of replacing the call in html_raw because some places stdlib's printf functions are used (ui-patch or within git itself), which has its own internal buffering, which makes it difficult to interlace our function calls. So, we dlsym libc's write and then override it in the link stage. While we're at it, we move considerations of argument count into the generic new filter handler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: allow for cleanup hook for filter typesJason A. Donenfeld3-27/+66
At some point, we're going to want to do lazy deallocation of filters. For example, if we implement lua, we'll want to load the lua runtime once for each filter, even if that filter is called many times. Similarly, for persistent exec filters, we'll want to load it once, despite many open_filter and close_filter calls, and only reap the child process at the end of the cgit process. For this reason, we add here a cleanup function that is called at the end of cgit's main(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: introduce "filter type" prefixJohn Keeping2-2/+40
This allows different filter implementations to be specified in the configuration file. Currently only "exec" is supported, but it may now be specified either with or without the "exec:" prefix. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14filter: add interface layerJohn Keeping3-22/+63
Change the existing cgit_{open,close,fprintf}_filter functions to delegate to filter-specific implementations accessed via function pointers on the cgit_filter object. We treat the "exec" filter type slightly specially here by putting its structure definition in the header file and providing an "init" function to set up the function pointers. This is required so that the ui-snapshot.c code that applies a compression filter can continue to use the filter interface to do so. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14filter: add fprintf_filter functionJohn Keeping3-3/+9
This stops the code in cgit.c::print_repo needing to inspect the cgit_filter structure, meaning that we can abstract out different filter types that will have different fields that need to be printed. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14authors: specify maintainersJason A. Donenfeld1-6/+13
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-13filters: Improved syntax-highlighting.pyStefan Tatschner1-19/+33
- Switched back to python2 according to a problem in pygments with python3. With the next release of pygments this problem should be fixed. Issue see here: https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3 - Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures that even destroyed files do not cause any errors in the filter. - Improved language guessing: -> At first use guess_lexer_for_filename for a better detection of the used programming languages (even mixed cases will be detected, e.g. php + html). -> If nothing was found look if there is a shebang and use guess_lexer. -> As default/fallback choose TextLexer. Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
2014-01-12tests: add CGIT_TEST_OPTS variable to MakefileJohn Keeping1-1/+1
This allows running the entire test suite with a set of command-line options. For example: make test CGIT_TEST_OPTS=--valgrind Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-repolist: HTML-escape cgit_rooturl() responseJohn Keeping1-1/+3
This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-shared: URL-escape script_nameJohn Keeping1-2/+2
As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping1-2/+2
Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping5-30/+38
This avoids poking into the filter data structure at various points in the code. We rely on the fact that the number of arguments is fixed based on the filter type (set in cgit_new_filter) and that the call sites all know which filter type they're using. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping1-4/+4
By switching the assignment of fields in the cgit_filter structure to use designated initializers, the compiler will initialize all other fields to their default value. This will be needed when we add the extra_args field in the next patch. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12html: remove redundant htmlfd variableJohn Keeping1-3/+1
This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12tests: add Valgrind supportJohn Keeping2-1/+48
Now running tests with the "--valgrind" option will run cgit under Valgrind instead of all Git commands. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping1-1/+1
Valgrind says: ==18344== Conditional jump or move depends on uninitialised value(s) ==18344== at 0x406C83: open_slot (cache.c:63) ==18344== by 0x407478: cache_ls (cache.c:403) ==18344== by 0x404C9A: process_request (cgit.c:639) ==18344== by 0x406BD2: fill_slot (cache.c:190) ==18344== by 0x4071A0: cache_process (cache.c:284) ==18344== by 0x404461: main (cgit.c:952) ==18344== Uninitialised value was created by a stack allocation ==18344== at 0x40738B: cache_ls (cache.c:375) This is caused by the keylen field being used to calculate whether or not a slot is matched. We never then check the value of this and the length of data read depends on the key length read from the file so this isn't dangerous, but it's nice to avoid branching based on uninitialized data. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-10filter: split filter functions into their own fileJason A. Donenfeld5-71/+90
A first step for more interesting things. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>