Now this is possible in cgitrc -
readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install
Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Using the url= query string, it was possible request arbitrary files
from the filesystem if the readme for a given page was set to a
filesystem file. The following request would return my /etc/passwd file:
http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwdhttp://data.zx2c4.com/cgit-directory-traversal.png
This fix uses realpath(3) to canonicalize all paths, and then compares
the base components.
This fix introduces a subtle timing attack, whereby a client can check
whether or not strstr is called using timing measurements in order
to determine if a given file exists on the filesystem.
This fix also does not account for filesystem race conditions (TOCTOU)
in resolving symlinks.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The readme variable may now contain multiple space deliminated entries,
which per usual are either a filepath or a git ref filepath. If multiple
are specified, cgit will now select the first one in the list that
exists. This is to make it easier to specify multiple default readme
types in the main cgitrc file and have them automatically get applied to
each repo based on what exists.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
This gives the about-filter API the same semantics as source-filter,
where the filter receives the filename so it can decide what to do next
with it.
While we're at it, plug a memory leak.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
If the readme value begins with ":", and has no specified branch before
it, use the repository's default branch.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Use "struct strbuf" from Git to remove the limit on file path length.
Notes on scan-tree:
This is slightly involved since I decided to pass the strbuf into
add_repo() and modify if whenever a new file name is required, which
should avoid any extra allocations within that function. The pattern
there is to append the filename, use it and then reset the buffer to its
original length (retaining a trailing '/').
Notes on ui-snapshot:
Since write_archive modifies the argv array passed to it we
copy the argv_array values into a new array of char* and then free the
original argv_array structure and the new array without worrying about
what the values now look like.
Signed-off-by: John Keeping <john@keeping.me.uk>
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.
Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.
Signed-off-by: John Keeping <john@keeping.me.uk>
There's no need for this variable to be global. Printing the header in
print_urls() instead of print_url() allows for moving this variable into
print_urls() without having to pass any status to print_url().
Note that this only works as long as we don't call print_urls() more
than once.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This fixes a couple of minor oversights in previous commits and adjusts
all cells using colspan to use the correct width.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
This makes it possible to use strict commit date ordering or strict
topological ordering by passing the corresponding flags to "git log".
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
The current 'clone-prefix' setting has some known issues:
* All repos get the same 'clone-prefix' value since the setting is not
adopted during repo registration (in cgitrc, or during scan-path traversal),
but only when the setting is used.
* The generated clone-urls for a repo is a combination of 'clone-prefix', a
slash and the repo url. This doesn't work well with e.g. ssh-style urls
like 'git@example.org:repo.git', since the inserted slash will make the
repo relative to the filesystem root.
* If 'remove-suffix' is enabled, the generated clone-urls will not work for
cloning (except for http-urls to cgit itself) since they miss the '.git'
suffix.
The new 'clone-url' setting is designed to avoid the mentioned issues:
* Each repo adopts the default 'clone-url' when the repo is defined. This
allows different groups of repos to adopt different values.
* The clone-urls for a repo is generated by expanding environment variables
in a string template without inserting arbitrary characters, hence any
kind of clone-url can be generated.
* Macro expansion also eases the 'remove-suffix' pain since it's now
possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for
a set of repos. A furter improvement would be to define e.g.
$CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified,
or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before
suffix removal.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When cgit learned to setup environment variables for certain repo
settings before invoking a filter process, the setup occurred inside
cgit_open_filter().
This patch moves the setup out of cgit_open_filter() and into
prepare_repo_cmd() to prepare for additional uses of these variables.
Reviewed-by: Ferry Huberts <mailings@hupie.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
To prepare for handing repo configuration to the
filter script that is executed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When showmsg is disabled ui-log truncates long commit subjects. This is good.
However, the same is not desirable when showmsg is enabled, since you then
end up with a truncated commit subject followed by the rest of the commit
message below.
Instead, when showmsg is enabled (and we're using all this space to display
the entire commit message, anyway), line-wrap the commit subject instead of
truncating it.
Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
These options can be used to execute a filter command on each about-page,
both top-level and for each repository (repo.about-filter can be used
to override the current about-filter).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This change makes it possible to include any number of pages below
the 'about' tab for a repository. The path is assumed to be located
in the same directory as the 'repo.readme' file.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
If either repo.clone-url or clone-prefix is specified in cgitrc, all
space-separated values in the config option is printed as a possible
clone url on the repo summary page.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Each repo can include an external file which used to be included on the
top of the summary page, but it will now soon get a page of it own.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
All html-functions can be quite easily separated from the rest of cgit, so
lets do it; the only issue was html_filemode which uses some git-defined
macros so the function is moved into ui-shared.c::cgit_print_filemode().
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This removes the global variable which is used to keep track of the
currently selected repository, and adds a new variable in the cgit_context
structure.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This removes another big set of global variables, and introduces the
cgit_prepare_context() function which populates a context-variable with
compile-time default values.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This struct will hold all the cgit runtime information currently found in
a multitude of global variables.
The first cleanup removes all querystring-related variables.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This modifies and hopefully improves the layout of all cgit pages:
* Remove the header from all pages and replace it with a sidebar;
most pages have sufficient width but many needs more height.
* Add a dropdown-box to switch between branches, using a one-liner
javascript to reload the current page in context of the selected branch.
* Include refs found below refs/archives in the sidebar, appearing as a
set of menuitems below a 'download' heading.
* Include the brand new cgit logo
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The master branch of stable/linux-2.6.20 currently references a tag
object, which makes print_branch() die with a segfault. This teaches
print_branch() to handle such cases more gracefully.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This makes the log searching more explicit, using a dropdown box to specify
the commit field to match against.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
If either branches or tags are filtered on the summary page, add a link to
refs/heads and/or refs/tags right below the last branch/tag.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This parameter can be used to specify max number of branches to show
on the summary page (if not all branches will be displayed, the "most
idle" branches are the ones to be pruned). The default value for this
parameter is 0, which disables the pruning.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This parameter can be used to specify max number of tags to show on
the summary page. If not specified, all tags are printed.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This adds a function to compare timestamps and then uses it as callback
for qsort() before printing out tags.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This updates ui-summary.c to use a reflist instead of for_each_tag_ref(),
as a step towards more flexible tag handling (filtering/sorting).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This updates ui-summary.c to use a reflist instead of for_each_branch_ref(),
as a step towards more flexible branch handling (filtering/sorting).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This file implements the tag-command, i.e. printing of annotated tags.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This fixes a bug in the prev/next links on the log page: when on the default
branch the links to prev/next page would contain h=(null).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This adds a function to generate links to the commit page and extends said
page to use id from querystring as primary revision specified (fallback to
h).
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
The generic repolink function compared head with cgit_query_head, which
almost always would be the same pointer. The test now compares with
repo.defbranch, which is the wanted behavour.
Bug discovered while adding cgit_log_link(), so this commit also contain
that change.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This mirrors similiar functionality in gitweb. After clicking on
project on projectlist you will immediatelly see quick summary
of last N commits on HEAD.
[lh: changed from HEAD to cgit_query_head]
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This parameter can be used to specify a repo-specific includefile, which will
then be printed on the summary page for the repo.
If the parametervalue is a not an absolute path, it is taken to be relative
to repo.path.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Jason A. Donenfeld
John Keeping
Lukas Fleischer
Tobias Bieniek
Lars Hjemli
Ferry Huberts
Johan Herland
Ondrej Jirman
