aboutsummaryrefslogtreecommitdiff
path: root/html.c
Commit message (Collapse)AuthorAge
* ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld2016-01-14
|
* html: remove html_status()John Keeping2015-08-14
| | | | | | This is now unused. Signed-off-by: John Keeping <john@keeping.me.uk>
* Remove redundant includesJohn Keeping2015-08-13
| | | | | | | These are all included in git-compat-util.h (when necessary), which we include in cgit.h. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: avoid using a plain integer as a NULL pointerJohn Keeping2015-03-09
| | | | | | | | | Sparse complains about this table because we use the integer zero as the NULL pointer. Use this as an opportunity to reformat the table so that it always contains 8 elements per row, making it easier to see which values are being set and which are not. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: remove redundant htmlfd variableJohn Keeping2014-01-12
| | | | | | | This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
* Update copyright informationLukas Fleischer2014-01-08
| | | | | | | | | * Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
* html.c: die when write failsJohn Keeping2013-05-22
| | | | | | | | If we fail to write HTML output once, there's no point carrying on so just write a failure message once and die. By using Git's die_errno function we also let the user know in what way the write failed. Signed-off-by: John Keeping <john@keeping.me.uk>
* html.c: add various strbuf and varadic helpersJohn Keeping2013-04-08
| | | | | | | | | | This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf. These takes a printf style format string like htmlf but escapes the resulting string. The html_vtxtf variant takes a va_list whereas html_txtf is variadic. Signed-off-by: John Keeping <john@keeping.me.uk>
* html.c: Replace strdup() with xstrdup()Lukas Fleischer2013-04-08
| | | | | | | Use the xstrdup() wrapper which already bails out if strdup() returns a NULL pointer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Always #include corresponding .h in .c filesJohn Keeping2013-04-08
| | | | | | | | | | | | While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: check return value of writeJason A. Donenfeld2013-03-20
| | | | | | | This squelches a gcc warning. It's also correct that we check to see if there are any partial or failed writes. For now, we just print a warning to stderr. In the future, perhaps it will prove wise to exit(1) on partial writes.
* Mark several functions/variables staticLukas Fleischer2013-03-04
| | | | | | Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* White space around control verbs.Jason A. Donenfeld2013-03-04
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix several whitespace errorsLukas Fleischer2013-03-04
| | | | | | | | | | * Remove whitespace at the end of lines. * Replace space indentation by tabs. * Add whitespace before/after several operators ("+", "-", "*", ...) * Add whitespace to assignments ("foo = bar;"). * Fix whitespace in parameter lists ("foobar(foo, bar, 42)"). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Merge branch 'stable'Lars Hjemli2011-07-21
|\
| * html.c: avoid out-of-bounds access for url_escape_tableEric Wong2011-07-21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'stable'Lars Hjemli2011-05-30
|\|
| * Properly escape ampersands inside HTML attributesLukas Fleischer2011-05-30
| | | | | | | | | | | | | | | | | | Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'lh/panel'Lars Hjemli2011-05-23
|\ \ | |/ |/|
| * html.c: add html_intoption()Lars Hjemli2011-03-06
| | | | | | | | | | | | This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix memory leak in http_parse_querystring().Lukas Fleischer2011-05-23
| | | | | | | | | | Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix escaping of paths with spacesJonathon Mah2011-05-23
|/ | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Merge branch 'stable'Lars Hjemli2011-03-05
|\
| * do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering2011-03-05
| | | | | | | | | | | | | | | | | | | | | | When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | html.c: use '+' to escape spaces in urlsLars Hjemli2010-11-10
| | | | | | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | prefer html_raw() to write()Mark Lodato2010-09-04
| | | | | | | | | | | | | | To make the code more consistent, and to not rely on the implementation of html(), always use html_raw(...) instead of write(htmlfd, ...). Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | Merge branch 'stable'Lars Hjemli2010-08-29
|\|
| * html: fix strcpy bug in convert_query_hexcharMark Lodato2010-08-29
| | | | | | | | | | | | | | | | The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | html: properly percent-escape URLsMark Lodato2010-02-09
| | | | | | | | | | | | | | | | | | | | | | | | The only valid characters for a URL are unreserved characters a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per RFC 3986. Everything else must be escaped. Additionally, the # and ? always have special meaning, and the &, =, and + have special meaning in a query string, so they too must be escaped. To make this easier, a table of escapes is now used so that we do not have to call fmt() for each character; if the entry is 0, no escaping is needed. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | html: make all strings 'const char *'Mark Lodato2010-02-08
|/ | | | | | | | None of the html_* functions modify their argument, so they can all be 'const char *' instead of a simple 'char *'. This removes the need to cast (or copy) when trying to print a const string. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* html.c: use correct escaping in html attributesLars Hjemli2009-01-29
| | | | | | | First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '&quot;', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
* html.c: add html_url_pathLars Hjemli2008-10-05
| | | | | | | This function can be used to generate properly escaped path-components for links. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* html.c: add html_url_argLars Hjemli2008-10-05
| | | | | | This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Supply status description to html_status()Lars Hjemli2008-08-06
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Implement plain viewLars Hjemli2008-08-06
| | | | | | | This implements a way to access plain blobs by path (similar to the tree view) instead of by sha1. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add support for cloning over httpLars Hjemli2008-08-06
| | | | | | | This patch implements basic support for cloning over http, based on the work on git-http-backend by Shawn O. Pearce. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Print an error if filename is not found in html_include.Harley Laue2008-04-29
| | | | | | | | | | Normally when html_include cannot open the file it fails silently and things can be a bit hard to figure out from just looking at apache's log. This will be beneficial for those initially setting up their server with cgit. Signed-off-by: Harley Laue <losinggeneration@aim.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Merge branch 'lh/cleanup'Lars Hjemli2008-04-08
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * lh/cleanup: (21 commits) Reset ctx.repo to NULL when the config parser is finished Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring() Move function for configfile parsing into configfile.[ch] Add cache.h Remove global and obsolete cgit_cmd Makefile: copy the QUIET constructs from the Makefile in git.git Move cgit_version from shared.c to cgit.c Makefile: autobuild dependency rules Initial Makefile cleanup Move non-generic functions from shared.c to cgit.c Add ui-shared.h Add separate header-files for each page/view Refactor snapshot support Add command dispatcher Remove obsolete cacheitem parameter to ui-functions Add struct cgit_page to cgit_context Introduce html.h Improve initialization of git directory Move cgit_repo into cgit_context Add all config variables into struct cgit_context ...
| * Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()Lars Hjemli2008-04-08
| | | | | | | | | | | | This is a generic http-function. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Introduce html.hLars Hjemli2008-03-18
| | | | | | | | | | | | | | | | All html-functions can be quite easily separated from the rest of cgit, so lets do it; the only issue was html_filemode which uses some git-defined macros so the function is moved into ui-shared.c::cgit_print_filemode(). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'stable'Lars Hjemli2008-02-23
|\ \ | |/ |/| | | | | | | | | * stable: Fix segfault Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Fix segfaultHiroki Hattori2008-02-23
| | | | | | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix html error detected by test-suiteLars Hjemli2007-11-11
|/ | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add html_option() functionLars Hjemli2007-10-28
| | | | | | This is a generic function used to output html "option" tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Rename dirlink to gitlink.Jeffrey C. Ollie2007-06-04
| | | | | | | Git changed from dirlink to gitlink in 302b9282c9ddfcc704ca759bdc98c1d5f75eba2f. Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
* Add html_include()Lars Hjemli2007-05-18
| | | | | | | This is a function used to include external htmlfiles in cgit- generated pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add submodule links in tree listingLars Hjemli2007-05-11
| | | | | | | | | When a submodule occurs in a tree, generate a link to show the module/commit. The link is specified as a sprintf string in /etc/cgitrc, using parameters 'module-link' and 'repo.module-link'. This should probably be extended with repo.module-link.$path. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add generic support for search box in page headerLars Hjemli2006-12-28
| | | | | | | This adds the ability to show a search box in any pageheader with correct href and hidden form data, but does not enable the box on any pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Test for NULL-pointers in html_txt() and friendsLars Hjemli2006-12-28
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Only show first 80 characters of commit subject in log and summaryLars Hjemli2006-12-22
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>