|  | Commit message (Collapse) | Author | Age | 
|---|
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| | This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| | By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| | This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| | an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| | Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| | * make ampersand a html entity
* add required alt attribute
* add required img end tag | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| | Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| | The lua one is hugely faster than the python one, but both are included
for comparison.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | - Switched back to python2 according to a problem in pygments with python3.
  With the next release of pygments this problem should be fixed.
  Issue see here:
  https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
  that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
  -> At first use guess_lexer_for_filename for a better detection of the used
     programming languages (even mixed cases will be detected, e.g. php + html).
  -> If nothing was found look if there is a shebang and use guess_lexer.
  -> As default/fallback choose TextLexer.
Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org> | 
| | 
| 
| 
| 
| 
| 
| | Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> | 
| | 
| 
| 
| 
| 
| | dash failed to parse the script.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com> | 
| | 
| 
| 
| 
| 
| | v2: add highlight 3.13 as present on Fedora 19
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.
This patch adds simple argument quoting. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | There are 2 situations:
1- empty extension: assuming text is better than highlight
   producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
   the extension to the filename, which is what now happens.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166.
An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> | 
| |\ |  | 
| | | |  | 
| | | |  | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | The default length for sha1 abbreviations in git is 7.
A '#num' at the beginning of the commit message is now
recognised, a ':#num' as well, etc.: a '#num' anywhere
is now converted to a link.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com> | 
| |/  
|   
|   
|   
| | Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com> | 
| | 
| 
| 
| 
| | This allows for putting descriptions closer to their expressions.  It
should also make it clearer how to apply an expression conditionally. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | The highlight tool can be given any of the supported file extensions
as its -S parameter. This patch replaces the case-switch by extracting
the extension from the supplied file name and passing it to highlight.
However, this requires a shell supporting the ${var##pattern} syntax,
like dash or bash.
Unknown extensions cause a fall-back to plain text using the --force
switch. Error messages are redirected to /dev/null.
A special case maps Makefile and Makefile.* to the "mk" extension.
The total overhead is reduced by calling "exec highlight". No forks are
needed during script execution.
Signed-off-by: Georg Lukas <georg@op-co.de> | 
|  | Signed-off-by: Lars Hjemli <hjemli@gmail.com> |