1
0
mirror of https://gitea.quitesimple.org/crtxcr/cgitsb synced 2024-12-04 10:08:15 +01:00
Commit Graph

36 Commits

Author SHA1 Message Date
Eric Wong
9cae75d040 html.c: avoid out-of-bounds access for url_escape_table
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5

I can reliably reproduce it with the following parameters
when pointed to the git.git repository:

PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-21 14:21:52 +00:00
Lukas Fleischer
69382320d9 Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&amp;". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30 23:55:19 +02:00
Lukas Fleischer
070e109c14 Fix memory leak in http_parse_querystring().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Jonathon Mah
74152744f0 Fix escaping of paths with spaces
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:06 +02:00
Lars Hjemli
1b09cbd303 Merge branch 'stable' 2011-03-05 14:01:59 +01:00
Jim Meyering
fc384b16fb do not infloop on a query ending in %XY, for invalid hex X or Y
When a query ends in say %gg, (or any invalid hex) e.g.,
http://git.gnome.org/browse/gdlmm/commit/?id=%gg
convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns
txt-1, so the loop in http_parse_querystring never terminates.  The
solution is to make the memmove also copy the trailing NUL.
* html.c (convert_query_hexchar): Fix off-by-one error.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 13:38:34 +01:00
Lars Hjemli
c2680325f6 html.c: use '+' to escape spaces in urls
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-10 00:22:41 +01:00
Mark Lodato
d187b98557 prefer html_raw() to write()
To make the code more consistent, and to not rely on the implementation
of html(), always use html_raw(...) instead of write(htmlfd, ...).

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-09-04 14:30:10 -04:00
Lars Hjemli
6940b23b9e Merge branch 'stable' 2010-08-29 17:40:51 +02:00
Mark Lodato
48434780ca html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap.  This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-08-29 17:27:40 +02:00
Mark Lodato
a2c6355f9f html: properly percent-escape URLs
The only valid characters for a URL are unreserved characters
a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per
RFC 3986.  Everything else must be escaped.  Additionally, the # and
? always have special meaning, and the &, =, and + have special meaning
in a query string, so they too must be escaped.  To make this easier,
a table of escapes is now used so that we do not have to call fmt() for
each character; if the entry is 0, no escaping is needed.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-09 10:12:43 -05:00
Mark Lodato
8aab27f24d html: make all strings 'const char *'
None of the html_* functions modify their argument, so they can all be
'const char *' instead of a simple 'char *'.  This removes the need to
cast (or copy) when trying to print a const string.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-08 23:04:41 -05:00
Lars Hjemli
7efcef00b5 html.c: use correct escaping in html attributes
First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '&quot;', not '&quote;'.

Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
2009-01-29 22:21:15 +01:00
Lars Hjemli
22a597e56d html.c: add html_url_path
This function can be used to generate properly escaped path-components
for links.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05 16:52:57 +02:00
Lars Hjemli
a36a0d9dec html.c: add html_url_arg
This function can be used to properly escape querystring parameter values.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05 12:49:46 +02:00
Lars Hjemli
885096c189 Supply status description to html_status()
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 22:57:44 +02:00
Lars Hjemli
e5da4bca54 Implement plain view
This implements a way to access plain blobs by path (similar to the
tree view) instead of by sha1.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 11:21:30 +02:00
Lars Hjemli
02a545e634 Add support for cloning over http
This patch implements basic support for cloning over http, based on the
work on git-http-backend by Shawn O. Pearce.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 11:21:09 +02:00
Harley Laue
112b208062 Print an error if filename is not found in html_include.
Normally when html_include cannot open the file it fails silently and
things can be a bit hard to figure out from just looking at apache's
log. This will be beneficial for those initially setting up their server
with cgit.

Signed-off-by: Harley Laue <losinggeneration@aim.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-29 17:59:53 +02:00
Lars Hjemli
23296ad648 Merge branch 'lh/cleanup'
* lh/cleanup: (21 commits)
  Reset ctx.repo to NULL when the config parser is finished
  Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()
  Move function for configfile parsing into configfile.[ch]
  Add cache.h
  Remove global and obsolete cgit_cmd
  Makefile: copy the QUIET constructs from the Makefile in git.git
  Move cgit_version from shared.c to cgit.c
  Makefile: autobuild dependency rules
  Initial Makefile cleanup
  Move non-generic functions from shared.c to cgit.c
  Add ui-shared.h
  Add separate header-files for each page/view
  Refactor snapshot support
  Add command dispatcher
  Remove obsolete cacheitem parameter to ui-functions
  Add struct cgit_page to cgit_context
  Introduce html.h
  Improve initialization of git directory
  Move cgit_repo into cgit_context
  Add all config variables into struct cgit_context
  ...
2008-04-08 21:29:21 +02:00
Lars Hjemli
e87e896333 Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()
This is a generic http-function.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-08 21:11:36 +02:00
Lars Hjemli
b1f9b9c145 Introduce html.h
All html-functions can be quite easily separated from the rest of cgit, so
lets do it; the only issue was html_filemode which uses some git-defined
macros so the function is moved into ui-shared.c::cgit_print_filemode().

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-18 08:13:10 +01:00
Lars Hjemli
e0572c39f7 Merge branch 'stable'
* stable:
  Fix segfault

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23 20:14:01 +01:00
Hiroki Hattori
eacde43d71 Fix segfault
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23 20:11:59 +01:00
Lars Hjemli
2915483ef6 Fix html error detected by test-suite
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-11 13:04:28 +01:00
Lars Hjemli
6ec5f36f27 Add html_option() function
This is a generic function used to output html "option" tags.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28 12:08:45 +01:00
Jeffrey C. Ollie
e651cb0d2d Rename dirlink to gitlink.
Git changed from dirlink to gitlink in
302b9282c9ddfcc704ca759bdc98c1d5f75eba2f.

Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
2007-06-04 19:58:32 +02:00
Lars Hjemli
5e75128a8b Add html_include()
This is a function used to include external htmlfiles in cgit-
generated pages.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-18 23:56:10 +02:00
Lars Hjemli
ded9393b17 Add submodule links in tree listing
When a submodule occurs in a tree, generate a link to show the
module/commit. The link is specified as a sprintf string in /etc/cgitrc,
using parameters 'module-link' and 'repo.module-link'. This should probably
be extended with repo.module-link.$path.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-11 12:12:48 +02:00
Lars Hjemli
e39d738c39 Add generic support for search box in page header
This adds the ability to show a search box in any pageheader with correct href and
hidden form data, but does not enable the box on any pages.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28 02:01:49 +01:00
Lars Hjemli
27cd3b2a70 Test for NULL-pointers in html_txt() and friends
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28 01:54:43 +01:00
Lars Hjemli
9d8d9b6123 Only show first 80 characters of commit subject in log and summary
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-22 00:58:18 +01:00
Lars Hjemli
6cb326c83b Show list of modified files in ui-commit.c
Compare current commit with 1.parent, and for each affected file display
current filemode, old filemode if changed, current filename and source
filename if it was a copy/rename.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-17 23:07:28 +01:00
Lars Hjemli
7640d90b73 Add license file and copyright notices
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-10 22:41:14 +01:00
Lars Hjemli
25105d7eca Add caching infrastructure
This enables internal caching of page output.

Page requests are split into four groups:
  1) repo listing (front page)
  2) repo summary
  3) repo pages w/symbolic references in query string
  4) repo pages w/constant sha1's in query string

Each group has a TTL specified in minutes. When a page is requested, a cached
filename is stat(2)'ed and st_mtime is compared to time(2). If TTL has expired
(or the file didn't exist), the cached file is regenerated.

When generating a cached file, locking is used to avoid parallell processing
of the request. If multiple processes tries to aquire the same lock, the ones
who fail to get the lock serves the (expired) cached file. If the cached file
don't exist, the process instead calls sched_yield(2) before restarting the
request processing.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-10 22:31:36 +01:00
Lars Hjemli
0d169ada2b Import cgit prototype from git tree
This enables basic cgit functionality, using libgit.a and xdiff/lib.a from
git + a custom "git.h" + openssl for sha1 routines.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-09 15:18:17 +01:00