summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2011-06-13CGIT 0.9.0.1Lars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-12Merge branch 'stable'Lars Hjemli
2011-06-12ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()Lars Hjemli
This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-06Merge branch 'stable'Lars Hjemli
2011-06-06scan-tree.c: avoid memory leakJamie Couture
No references are kept to the memory pointed to by the 'rel' variable, so it should be free()'d before returning from add_repo(). Signed-off-by: Jamie Couture <jamie.couture@gmail.com> Signed-off-by: Lars Hjemli <larsh@hjemli.net>
2011-06-02Merge branch 'stable'Lars Hjemli
2011-06-02ui-log.c: do not link from age columnLars Hjemli
The link url wasn't properly escaped, and since the link was identical to the one used on the commit message it didn't serve any special purpose. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-02ui-snapshot.c: remove debug cruftLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30ui-stats.c: fix invalid htmlLars Hjemli
Found by http://validator.w3.org. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30Merge branch 'stable'Lars Hjemli
2011-05-30Properly escape ampersands inside HTML attributesLukas Fleischer
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30ui_repolist: get modtime from packed-refs as fallbackFerry Huberts
When no modtime could be determined then as a final fallback try to get it from the packed-refs. This will show an idle time when a repository has been packed with all refs in the packed-refs. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Merge branch 'lh/panel'Lars Hjemli
2011-05-23Merge branch 'fh/filter-api'Lars Hjemli
Conflicts: cgit.c
2011-05-23Merge branch 'stable'Lars Hjemli
2011-05-23fix virtual-root if script-name is ""Mark Lodato
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set from script-name using trim_end(). However, if script-name was the empty string (""), which happens when cgit is used to serve the root path on a domain (/), trim_end() returns NULL and cgit acts like virtual-root is not available. Now, set virtual-root to "" in this case, which fixes this bug. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23ui-repolist.c: do not return random/stale data from read_agefileLars Hjemli
When git/date.c:parse_date() cannot parse its input it returns -1. But read_agefile() checks if the result is different from zero, essentialy returning random data from the date buffer when parsing fails. This patch fixes the issue by verifying that the result from parse_date() is positive. Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Avoid null pointer dereference in cgit_print_diff().Lukas Fleischer
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev, checking for new_rev's parent commit will result in a null pointer dereference. Returning on an invalid commit before dereferencing fixes this. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Avoid null pointer dereference in reencode().Lukas Fleischer
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix memory leak in http_parse_querystring().Lukas Fleischer
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Remove unused variable from cgit_diff_tree().Lukas Fleischer
Seen with "-Wunused-but-set-variable". Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23shared.c: do not modify const memoryLars Hjemli
Noticed-by: zhongjj <zhongjj@lemote.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23tests: add tests for links with space in path and/or argsLars Hjemli
These tests tries to detect bad links in various pages. On the log page, there currently exists links which are not properly escaped due to the use of cgit_fileurl() when building the link. For now, this bug is simply tagged as such. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23tests/setup.sh: add support for known bugsLars Hjemli
This patch makes it possible to add tests for known bugs without aborting the testrun. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix escaping of paths with spacesJonathon Mah
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-14Merge branch 'dm/disable-clone'Lars Hjemli
2011-03-26Merge branch 'stable'Lars Hjemli
2011-03-26Add advice about scan-path in cgitrc.5.txtJulius Plenz
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26fix two encoding bugsJulius Plenz
reencode() takes three arguments in the order (txt, from, to), opposed to reencode_string, which will, like iconv, handle the arguments with from and to swapped. Fix that (this makes reencode more intuitive). If src and dst encoding are equivalent, don't do any encoding. If no special encoding parameter is found within the commit, assume UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode() mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example. Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26make enable-log-linecount independent of -filecountJulius Plenz
You should be able to independently switch file and line count on and off. This patch makes the code work like the documentation suggests: no dependency for line counts to be displayed only when file counts are. Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26new_filter: correctly initialise all arguments for a new filterFerry Huberts
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26source_filter: fix a memory leakFerry Huberts
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgitrc.5: tar.xz is a supported snapshot formatLars Hjemli
When tar.xz support was added in 0642435fed (2009-12-08: Add .tar.xz-snapshot support), cgitrc.5 was not updated to match. This patch fixes the issue. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26Fix crash when projectsfile cannot be openedStefan Gehn
This patch makes cgit properly abort in case the projectsfile cannot be opened. Without the added return cgit continues using the projects pointer which is NULL and thus causes a segfault.
2011-03-26shared.c: use execvp() to execute filter commandsLars Hjemli
This reintroduces the use of execvp(), since the filter commands doesn't always contain an absolute path (i.e. snapshot compression filters). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26filters: document environment variables in filter scriptsFerry Huberts
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgit_open_filter: hand down repo configuration to scriptFerry Huberts
The environment variables can be used to (for example) resolve the following situation: Suppose a server setup in which each repository has a trac instance; the commit filter needs to know with which repository it's dealing in order to be able to resolve the #123 ticket numbers in the commit messages into hyperlinks into the correct trac instance. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26cgit_open_filter: also take the repo as a parameterFerry Huberts
To prepare for handing repo configuration to the filter script that is executed. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26new_filter: determine extra_args from filter typeFerry Huberts
Currently the number of extra arguments is linked hard to the type of the filter. This is also logical since it would be confusing to have a different number of arguments for the same type of filter depending on the context under which the filter is run (unless ofcourse one the parameters would make the context clear, which is currently not the case). Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-07ui-stats.c: create a control panel for stat optionsLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06ui-diff.c: create a control panel for diff optionsLars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06html.c: add html_intoption()Lars Hjemli
This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05CGIT 0.9Lars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Update READMELars Hjemli
2011-03-05ui-diff.c: avoid html injectionLukasz Janyst
When path-filtering was used in commit-view, the path filter was included without proper html escaping. This patch closes the hole. Signed-off-by: Lukasz Janyst <ljanyst@cern.ch> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Merge branch 'stable'Lars Hjemli
2011-03-05CGIT 0.8.3.5Lars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05Avoid trailing slash in virtual-rootLars Hjemli
When setting virtual-root from cgitrc, care is taken to avoid trailing slashes. But when no virtual-root setting is specified, SCRIPT_FILE from the web server is used without similar checks. This patch fixes the inconsistency, which could lead to double-slashes in generated links. Noticed-by: Wouter Van Hemel <wouter@duodecim.org> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering
When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19Return 404 on command not foundDan McGee
We were returning 200 before. Even 404 is questionable in all cases, but 200 was totally wrong. Also match the case of all of the "Not found" status messsages. Signed-off-by: Dan McGee <dpmcgee@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>