summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAge
* ui-log.c: do not show remote heads if enable-remote-branches=0Georg Müller2012-01-03
| | | | | If remote branches are not enabled, the branches are still listed in the log view. This patch removes them if enable-remote-branches=0.
* Add sort parameter to pager of repo listTobias Grimm2012-01-03
| | | | | | When the repolist is paged, the page-links are missing the sort parameter, causing the initial page to be custom sorted, but any clicked page will then be with the default sort order again.
* ui-ssdiff: move LCS table away from the stackJamie Couture2012-01-03
| | | | | | | | | | | Printing deferred line changes for files containing long lines would cause a segfault. - limit LCS table size: 128x128. - move LCS table to global context: avoid allocating/freeing memory for every deferred line change. Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
* Fix potential XSS vulnerability in rename hintLukas Fleischer2011-07-22
| | | | | | | | | The file name displayed in the rename hint should be escaped to avoid XSS. Note that this vulnerability is only applicable when an attacker has gained push access to the repository. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Remove dead initialization in cgit_parse_commit()Lukas Fleischer2011-07-22
| | | | | | | | The value stored to "t" during its initialization gets overwritten in any case, so just leave it uninitialized. Spotted by clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* CGIT 0.9.0.2v0.9.0.2Lars Hjemli2011-07-21
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* html.c: avoid out-of-bounds access for url_escape_tableEric Wong2011-07-21
| | | | | | | | | | | | | | This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* tests: fix failures when CDPATH is setFerry Huberts2011-07-21
| | | | | | | | | | Some tests would otherwise fail because commands such as cd trash/repos/foo && git rev-list --reverse HEAD | head -1 would return 2 lines instead of 1: the 'cd' command also prints the path when CDPATH is set. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgit.c: improve error message when git repo cannot be accessedLars Hjemli2011-06-18
| | | | | | | | | | | | | The current 'Not a git repository' error message is not very helpful, since it doesn't state the cause of the problem. This patch uses errno to provide a hint of the underlying problem. It would have been even better to give the exact cause (e.g. for ENOENT it would be nice to know which file/directory is missing), but that would require reimplementing setup_git_directory_gently() which seems a bit overkill. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgitrc.5.txt: document repo.module-linkLars Hjemli2011-06-15
| | | | | | | The global module-link option can be overridden per repo, but this has never been documented. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgitrc.5.txt: describe macro expansion of cgitrc optionsLars Hjemli2011-06-13
| | | | | | This is a new feature in cgit-0.9 which was formerly undocumented. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* README: update some stale information/add some newLars Hjemli2011-06-13
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* CGIT 0.9.0.1v0.9.0.1Lars Hjemli2011-06-13
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()Lars Hjemli2011-06-12
| | | | | | | | | | | This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* scan-tree.c: avoid memory leakJamie Couture2011-06-06
| | | | | | | | No references are kept to the memory pointed to by the 'rel' variable, so it should be free()'d before returning from add_repo(). Signed-off-by: Jamie Couture <jamie.couture@gmail.com> Signed-off-by: Lars Hjemli <larsh@hjemli.net>
* ui-log.c: do not link from age columnLars Hjemli2011-06-02
| | | | | | | The link url wasn't properly escaped, and since the link was identical to the one used on the commit message it didn't serve any special purpose. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-snapshot.c: remove debug cruftLars Hjemli2011-06-02
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Properly escape ampersands inside HTML attributesLukas Fleischer2011-05-30
| | | | | | | | | Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* fix virtual-root if script-name is ""Mark Lodato2011-05-23
| | | | | | | | | | | In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set from script-name using trim_end(). However, if script-name was the empty string (""), which happens when cgit is used to serve the root path on a domain (/), trim_end() returns NULL and cgit acts like virtual-root is not available. Now, set virtual-root to "" in this case, which fixes this bug. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-repolist.c: do not return random/stale data from read_agefileLars Hjemli2011-05-23
| | | | | | | | | | | When git/date.c:parse_date() cannot parse its input it returns -1. But read_agefile() checks if the result is different from zero, essentialy returning random data from the date buffer when parsing fails. This patch fixes the issue by verifying that the result from parse_date() is positive. Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Avoid null pointer dereference in cgit_print_diff().Lukas Fleischer2011-05-23
| | | | | | | | | | When calling cgit_print_diff() with a bad new_rev and a NULL old_rev, checking for new_rev's parent commit will result in a null pointer dereference. Returning on an invalid commit before dereferencing fixes this. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Avoid null pointer dereference in reencode().Lukas Fleischer2011-05-23
| | | | | | | | Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Fix memory leak in http_parse_querystring().Lukas Fleischer2011-05-23
| | | | | Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Remove unused variable from cgit_diff_tree().Lukas Fleischer2011-05-23
| | | | | | | Seen with "-Wunused-but-set-variable". Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* shared.c: do not modify const memoryLars Hjemli2011-05-23
| | | | | Noticed-by: zhongjj <zhongjj@lemote.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* tests: add tests for links with space in path and/or argsLars Hjemli2011-05-23
| | | | | | | | | These tests tries to detect bad links in various pages. On the log page, there currently exists links which are not properly escaped due to the use of cgit_fileurl() when building the link. For now, this bug is simply tagged as such. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* tests/setup.sh: add support for known bugsLars Hjemli2011-05-23
| | | | | | | This patch makes it possible to add tests for known bugs without aborting the testrun. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Fix escaping of paths with spacesJonathon Mah2011-05-23
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add advice about scan-path in cgitrc.5.txtJulius Plenz2011-03-26
| | | | | Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* fix two encoding bugsJulius Plenz2011-03-26
| | | | | | | | | | | | | | reencode() takes three arguments in the order (txt, from, to), opposed to reencode_string, which will, like iconv, handle the arguments with from and to swapped. Fix that (this makes reencode more intuitive). If src and dst encoding are equivalent, don't do any encoding. If no special encoding parameter is found within the commit, assume UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode() mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example. Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* new_filter: correctly initialise all arguments for a new filterFerry Huberts2011-03-26
| | | | | Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* source_filter: fix a memory leakFerry Huberts2011-03-26
| | | | | Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgitrc.5: tar.xz is a supported snapshot formatLars Hjemli2011-03-26
| | | | | | | | When tar.xz support was added in 0642435fed (2009-12-08: Add .tar.xz-snapshot support), cgitrc.5 was not updated to match. This patch fixes the issue. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Fix crash when projectsfile cannot be openedStefan Gehn2011-03-26
| | | | | | This patch makes cgit properly abort in case the projectsfile cannot be opened. Without the added return cgit continues using the projects pointer which is NULL and thus causes a segfault.
* CGIT 0.9v0.9Lars Hjemli2011-03-05
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Update READMELars Hjemli2011-03-05
|
* ui-diff.c: avoid html injectionLukasz Janyst2011-03-05
| | | | | | | | When path-filtering was used in commit-view, the path filter was included without proper html escaping. This patch closes the hole. Signed-off-by: Lukasz Janyst <ljanyst@cern.ch> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Merge branch 'stable'Lars Hjemli2011-03-05
|\
| * CGIT 0.8.3.5v0.8.3.5Lars Hjemli2011-03-05
| | | | | | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Avoid trailing slash in virtual-rootLars Hjemli2011-03-05
| | | | | | | | | | | | | | | | | | | | When setting virtual-root from cgitrc, care is taken to avoid trailing slashes. But when no virtual-root setting is specified, SCRIPT_FILE from the web server is used without similar checks. This patch fixes the inconsistency, which could lead to double-slashes in generated links. Noticed-by: Wouter Van Hemel <wouter@duodecim.org> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering2011-03-05
| | | | | | | | | | | | | | | | | | | | | | When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * ui-shared: silence warningBernhard Reutner-Fischer2011-02-19
| | | | | | | | | | | | | | | | warning: format ‘%ld’ expects type ‘long int’, but argument 2 has type ‘size_t’ Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Makefile: Make `make get-git` work under OpenBSD.Lukas Fleischer2011-02-19
| | | | | | | | | | | | | | | | OpenBSD tar(1) defaults to read from "/dev/rst0" when not specifying an filename and thus fails to extract the Git sourcecode when not passing stdin as input file descriptor explicitly. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'br/misc'Lars Hjemli2011-02-19
|\ \ | | | | | | | | | | | | | | | | | | * br/misc: Use transparent background for the cgit logo ssdiff: anchors for ssdiff implement repo.logo and repo.logo-link
| * | Use transparent background for the cgit logoBernhard Reutner-Fischer2011-02-19
| | | | | | | | | | | | | | | Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * | ssdiff: anchors for ssdiffBernhard Reutner-Fischer2011-02-19
| | | | | | | | | | | | | | | | | | | | | Emit anchors to the respective revisions in side-by-side diff view Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * | implement repo.logo and repo.logo-linkBernhard Reutner-Fischer2011-02-19
| | | | | | | | | | | | | | | | | | | | | | | | Allow for per repo logo and logo-link; Use global logo and logo-link per default. Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | | Merge branch 'jh/scan-path'Lars Hjemli2011-02-19
|\ \ \ | | | | | | | | | | | | | | | | | | | | * jh/scan-path: scan_path(): Do not recurse into hidden directories by default scan_path(): Improve handling of inaccessible directories
| * | | scan_path(): Do not recurse into hidden directories by defaultJohan Herland2011-02-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Paths that start with a period ('.') are considered hidden in the Unix world. scan_path() should arguably not recurse into these directories by default. This patch makes it so, and introduces the "scan-hidden-path" config variable for overriding the new default and revert to the old behaviour (scanning _all_ directories, including hidden .directories). Signed-off-by: Johan Herland <johan@herland.net> Signed-off-by: Lars Hjemli <larsh@prediktor.no>
| * | | scan_path(): Improve handling of inaccessible directoriesJohan Herland2010-11-16
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When scanning a tree containing inaccessible directories (e.g. '.ssh' directories in users' homedirs, or repos with explicitly restricted access), scan_path() currently causes three lines of "Permissions denied" errors to be printed to the CGI error log per inaccessible directory: Error checking path /home/foo/.ssh: Permission denied (13) Error checking path /home/foo/.ssh/.git: Permission denied (13) Error opening directory /home/foo/.ssh: Permission denied (13) This is a side-effect of calling is_git_dir(path) and is_git_dir(fmt("%s/.git", path) _before_ we try to opendir(path). By placing the opendir(path) before the two is_git_dir() calls, we reduce the noise to a single line per inaccessible directory: Error opening directory /home/foo/.ssh: Permission denied (13) Signed-off-by: Johan Herland <johan@herland.net> Signed-off-by: Lars Hjemli <larsh@prediktor.no>