Commit Graph

23 Commits

Author SHA1 Message Date
Junio C Hamano
df487baa30 Merge branch 'maint'
* maint:
  gitweb: add $prevent_xss option to prevent XSS by repository content
  rev-list: fix showing distance when using --bisect-all
2009-02-08 22:07:53 -08:00
Matt McCutchen
7e1100e9e9 gitweb: add $prevent_xss option to prevent XSS by repository content
Add a gitweb configuration variable $prevent_xss that disables features
to prevent content in repositories from launching cross-site scripting
(XSS) attacks in the gitweb domain.  Currently, this option makes gitweb
ignore README.html (a better solution may be worked out in the future)
and serve a blob_plain file of an untrusted type with
"Content-Disposition: attachment", which tells the browser not to show
the file at its original URL.

The XSS prevention is currently off by default.

Signed-off-by: Matt McCutchen <matt@mattmccutchen.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-02-08 21:51:25 -08:00
Jakub Narebski
e80f97e20c gitweb: Update README that gitweb works better with PATH_INFO
One had to configure gitweb for it to find static files (stylesheets,
images) when using path_info URLs.  Now that it is not necessary
thanks to adding BASE element to HTML head if needed, update README to
reflect this fact.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-02-01 18:33:51 -08:00
Giuseppe Bilotta
0dbf027ad2 gitweb: webserver config for PATH_INFO
Document some possible Apache configurations when the path_info feature
is enabled in gitweb.

Signed-off-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-01-30 21:08:30 -08:00
Jakub Narebski
ef115e26f7 gitweb: More about how gitweb gets 'owner' of repository
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-07-27 14:14:01 -07:00
Jakub Narebski
e67c9e3952 gitweb: Describe projects_index format in more detail
Update and extend information about $projects_list file format in
gitweb/README and in gitweb/INSTALL.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-07-07 16:35:00 -07:00
Ask Bjørn Hansen
55f409a826 gitweb setup instruction: rewrite HEAD and root as well
Also add a few more hints for how to setup and configure gitweb as described

[jc: with a fix from Mike Hommey]

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-06-08 13:46:37 -07:00
Rafael Garcia-Suarez
eae7a75904 Spelling fixes in the gitweb documentation
Mostly spelling and grammar nits.

Signed-off-by: Rafael Garcia-Suarez <rgarciasuarez@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-04-21 23:18:06 -07:00
Gerrit Pape
17a8b25005 gitweb: fallback to system-wide config file if default config does not exist
From a distribution point of view, configuration files for applications
should reside in /etc/.  On the other hand it's convenient for multiple
instances of gitweb (e.g. virtual web servers on a single machine) to have
a per-instance configuration file, just as gitweb currently supports
through the file gitweb_config.perl next to the cgi.

To support both at runtime, this commit introduces GITWEB_CONFIG_SYSTEM as
a system-wide configuration file which will be used as a fallback if the
config file sprecified throug GITWEB_CONFIG does not exist.

See also
 http://bugs.debian.org/450592

Signed-off-by: Gerrit Pape <pape@smarden.org>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-03-27 13:55:10 -07:00
Bruno Ribas
b59012ef4e gitweb: Use the config file to set repository owner's name.
Now gitweb checks if gitweb.owner exists before trying to get filesystem's
owner.

Allow to use configuration variable gitweb.owner set the repository owner,
it checks the gitweb.owner, if not set it uses filesystem directory's owner.

Useful when we don't want to maintain project list file, and all
repository directories have to have the same owner (for example when the
same SSH account is shared for all projects, using ssh_acl to control
access instead).

Signed-off-by: Bruno Ribas <ribas@c3sl.ufpr.br>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-02-09 23:37:03 -08:00
Jakub Narebski
d661146ac2 gitweb: Add info about $projectroot and $projects_list to gitweb/README
Those two configuration variables are important enough that it is
worth to explicitely write about them in the "Gitweb config file
variables" section even if they are usually set during build by
GITWEB_PROJECTROOT and GITWEB_LIST build (Makefile) configuration
variables.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-01-29 22:01:20 -08:00
Jakub Narebski
61fd2552d8 gitweb: Update and improve gitweb/README file
Update list of build configuration variables, add references
to gitweb/INSTALL, add description of runtime and per-repository
runtime configuration.

Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2007-12-02 19:07:17 -08:00
Junio C Hamano
a6080a0a44 War on whitespace
This uses "git-apply --whitespace=strip" to fix whitespace errors that have
crept in to our source files over time.  There are a few files that need
to have trailing whitespaces (most notably, test vectors).  The results
still passes the test, and build result in Documentation/ area is unchanged.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2007-06-07 00:04:01 -07:00
Junio C Hamano
72bbc38b0a Merge branch 'mw/pathinfo'
* mw/pathinfo:
  gitweb: Fix search form when PATH_INFO is enabled
  gitweb: Document features better
  gitweb: warn if feature cannot be overridden.
  gitweb: start to generate PATH_INFO URLs.

Conflicts:

	gitweb/README
2006-10-18 22:09:11 -07:00
Petr Baudis
45a3b12cfd gitweb: Document features better
This expands gitweb/README to talk some more about GITWEB_CONFIG, moves
feature-specific documentation in gitweb.cgi to the inside of the %features
array, and adds some short description of all the features.

Signed-off-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-10-07 23:12:12 -07:00
Alan Chandler
604cb211a9 Update the gitweb/README file to include setting the GITWEB_CONFIG environment
Signed-off-by: Alan Chandler <alan@chandlerfamily.org.uk>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-10-03 23:58:38 -07:00
Martin Waitz
128eead198 gitweb: document webserver configuration for common gitweb/repo URLs.
Add a small apache configuration which shows how to use apache
to put gitweb and GIT repositories at the same URL.

Signed-off-by: Martin Waitz <tali@admingilde.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-10-03 01:09:56 -07:00
Matthias Lederhofer
bb55f77fcd gitweb: require $ENV{'GITWEB_CONFIG'}
With this patch it is possible to use gitweb.perl for developing by
loading the configuration from $GITWEB_CONFIG.  This might also be
useful for normal usage of gitweb.

Example:

    % cat cfg
    $GIT = '/usr/bin/git';
    $projectroot = '/home/matled/src/git';
    $projects_list = '/home/matled/src/git/git/gitweb/list';
    % cat run
    #!/bin/sh
    export GATEWAY_INTERFACE="CGI/1.1"
    export HTTP_ACCEPT="*/*"
    export REQUEST_METHOD="GET"
    export GITWEB_CONFIG='./cfg'
    export QUERY_STRING=""$1""
    exec ./gitweb.perl
    % time ./run p=git/.git > /dev/null

This makes it easy to check for warnings and do performance tests
after changes, you can also pipe this to lynx -dump -force-html
/dev/stdin to get more than just html.

This also documents the original patch adding require $GITWEB_CONFIG.

Signed-off-by: Matthias Lederhofer <matled@gmx.net>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-08-02 13:56:34 -07:00
Junio C Hamano
ee0d3234b1 gitweb/README: do not bug Kay with gitweb questions anymore
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-08-01 15:56:28 -07:00
Martin Waitz
281f2f6b45 gitweb: use out-of-line GIT logo.
Use the normal web server instead of the CGI to provide the git logo,
just like the gitweb.css.

Signed-off-by: Martin Waitz <tali@admingilde.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-08-01 15:55:19 -07:00
Martin Waitz
5d043a3d85 gitweb: fill in gitweb configuration by Makefile
Generate gitweb/gitweb.cgi to reduce the need to patch gitweb.cgi
by the end user.  The GIT installation directory is already known
by the Makefile, and can be inserted directly into gitweb.
All other gitweb configuration parameters can now be specified by
providing GITWEB_* variables while building GIT.  These are described
in gitweb/README.

Signed-off-by: Martin Waitz <tali@admingilde.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-08-01 15:44:47 -07:00
Jakub Narebski
175fb6c040 Update gitweb README: gitweb is now included with git
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-06-17 16:06:20 -07:00
Junio C Hamano
0a8f4f0020 Merge git://git.kernel.org/pub/scm/git/gitweb 2006-06-10 11:20:59 -07:00