aboutsummaryrefslogtreecommitdiffstats
path: root/html.c
AgeCommit message (Collapse)AuthorFilesLines
2016-01-14ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld1-0/+26
2015-08-14html: remove html_status()John Keeping1-7/+0
This is now unused. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-13Remove redundant includesJohn Keeping1-6/+0
These are all included in git-compat-util.h (when necessary), which we include in cgit.h. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-03-09html: avoid using a plain integer as a NULL pointerJohn Keeping1-22/+32
Sparse complains about this table because we use the integer zero as the NULL pointer. Use this as an opportunity to reformat the table so that it always contains 8 elements per row, making it easier to see which values are being set and which are not. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12html: remove redundant htmlfd variableJohn Keeping1-3/+1
This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-08Update copyright informationLukas Fleischer1-1/+1
* Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
2013-05-22html.c: die when write failsJohn Keeping1-1/+1
If we fail to write HTML output once, there's no point carrying on so just write a failure message once and die. By using Git's die_errno function we also let the user know in what way the write failed. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08html.c: add various strbuf and varadic helpersJohn Keeping1-3/+50
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf. These takes a printf style format string like htmlf but escapes the resulting string. The html_vtxtf variant takes a va_list whereas html_txtf is variadic. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08html.c: Replace strdup() with xstrdup()Lukas Fleischer1-5/+2
Use the xstrdup() wrapper which already bails out if strdup() returns a NULL pointer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-04-08Always #include corresponding .h in .c filesJohn Keeping1-0/+1
While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-03-20html: check return value of writeJason A. Donenfeld1-2/+3
This squelches a gcc warning. It's also correct that we check to see if there are any partial or failed writes. For now, we just print a warning to stderr. In the future, perhaps it will prove wise to exit(1) on partial writes.
2013-03-05Mark several functions/variables staticLukas Fleischer1-3/+3
Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-04White space around control verbs.Jason A. Donenfeld1-7/+7
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-03-04Fix several whitespace errorsLukas Fleischer1-39/+39
* Remove whitespace at the end of lines. * Replace space indentation by tabs. * Add whitespace before/after several operators ("+", "-", "*", ...) * Add whitespace to assignments ("foo = bar;"). * Fix whitespace in parameter lists ("foobar(foo, bar, 42)"). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2011-07-21Merge branch 'stable'Lars Hjemli1-2/+2
2011-07-21html.c: avoid out-of-bounds access for url_escape_tableEric Wong1-2/+2
This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30Merge branch 'stable'Lars Hjemli1-1/+3
2011-05-30Properly escape ampersands inside HTML attributesLukas Fleischer1-1/+3
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Merge branch 'lh/panel'Lars Hjemli1-0/+8
2011-05-23Fix memory leak in http_parse_querystring().Lukas Fleischer1-2/+3
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix escaping of paths with spacesJonathon Mah1-4/+6
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06html.c: add html_intoption()Lars Hjemli1-0/+8
This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Merge branch 'stable'Lars Hjemli1-1/+1
2011-03-05do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering1-1/+1
When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-10html.c: use '+' to escape spaces in urlsLars Hjemli1-2/+2
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-09-04prefer html_raw() to write()Mark Lodato1-9/+9
To make the code more consistent, and to not rely on the implementation of html(), always use html_raw(...) instead of write(htmlfd, ...). Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-08-29Merge branch 'stable'Lars Hjemli1-4/+5
2010-08-29html: fix strcpy bug in convert_query_hexcharMark Lodato1-4/+5
The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-09html: properly percent-escape URLsMark Lodato1-4/+32
The only valid characters for a URL are unreserved characters a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per RFC 3986. Everything else must be escaped. Additionally, the # and ? always have special meaning, and the &, =, and + have special meaning in a query string, so they too must be escaped. To make this easier, a table of escapes is now used so that we do not have to call fmt() for each character; if the entry is 0, no escaping is needed. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-09html: make all strings 'const char *'Mark Lodato1-17/+17
None of the html_* functions modify their argument, so they can all be 'const char *' instead of a simple 'char *'. This removes the need to cast (or copy) when trying to print a const string. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2009-01-29html.c: use correct escaping in html attributesLars Hjemli1-2/+4
First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '&quot;', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05html.c: add html_url_pathLars Hjemli1-0/+16
This function can be used to generate properly escaped path-components for links. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05html.c: add html_url_argLars Hjemli1-0/+16
This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Supply status description to html_status()Lars Hjemli1-2/+2
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Implement plain viewLars Hjemli1-0/+5
This implements a way to access plain blobs by path (similar to the tree view) instead of by sha1. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Add support for cloning over httpLars Hjemli1-0/+7
This patch implements basic support for cloning over http, based on the work on git-http-backend by Shawn O. Pearce. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-29Print an error if filename is not found in html_include.Harley Laue1-1/+5
Normally when html_include cannot open the file it fails silently and things can be a bit hard to figure out from just looking at apache's log. This will be beneficial for those initially setting up their server with cgit. Signed-off-by: Harley Laue <losinggeneration@aim.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-08Merge branch 'lh/cleanup'Lars Hjemli1-19/+76
* lh/cleanup: (21 commits) Reset ctx.repo to NULL when the config parser is finished Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring() Move function for configfile parsing into configfile.[ch] Add cache.h Remove global and obsolete cgit_cmd Makefile: copy the QUIET constructs from the Makefile in git.git Move cgit_version from shared.c to cgit.c Makefile: autobuild dependency rules Initial Makefile cleanup Move non-generic functions from shared.c to cgit.c Add ui-shared.h Add separate header-files for each page/view Refactor snapshot support Add command dispatcher Remove obsolete cacheitem parameter to ui-functions Add struct cgit_page to cgit_context Introduce html.h Improve initialization of git directory Move cgit_repo into cgit_context Add all config variables into struct cgit_context ...
2008-04-08Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()Lars Hjemli1-0/+64
This is a generic http-function. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-18Introduce html.hLars Hjemli1-19/+12
All html-functions can be quite easily separated from the rest of cgit, so lets do it; the only issue was html_filemode which uses some git-defined macros so the function is moved into ui-shared.c::cgit_print_filemode(). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23Merge branch 'stable'Lars Hjemli1-15/+5
* stable: Fix segfault Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23Fix segfaultHiroki Hattori1-15/+5
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-11Fix html error detected by test-suiteLars Hjemli1-1/+1
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28Add html_option() functionLars Hjemli1-0/+12
This is a generic function used to output html "option" tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-06-04Rename dirlink to gitlink.Jeffrey C. Ollie1-1/+1
Git changed from dirlink to gitlink in 302b9282c9ddfcc704ca759bdc98c1d5f75eba2f. Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
2007-05-18Add html_include()Lars Hjemli1-0/+14
This is a function used to include external htmlfiles in cgit- generated pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-11Add submodule links in tree listingLars Hjemli1-1/+2
When a submodule occurs in a tree, generate a link to show the module/commit. The link is specified as a sprintf string in /etc/cgitrc, using parameters 'module-link' and 'repo.module-link'. This should probably be extended with repo.module-link.$path. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28Add generic support for search box in page headerLars Hjemli1-0/+10
This adds the ability to show a search box in any pageheader with correct href and hidden form data, but does not enable the box on any pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28Test for NULL-pointers in html_txt() and friendsLars Hjemli1-4/+3
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-22Only show first 80 characters of commit subject in log and summaryLars Hjemli1-0/+28
Signed-off-by: Lars Hjemli <hjemli@gmail.com>