With v1.5.0-rc0~169 (gitweb: Fix Atom feed <logo>: it is $logo,
not $logo_url, 2006-12-04), the logo URI to be written to Atom
feeds was corrected but the case of no logo forgotten.
Acked-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
To do that, generating "<link />"s to feeds were refactored into
print_feed_meta() subroutine, to keep nesting (indent) level in
git_header_html() low. This has also the advantage of making code
more clear.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: John 'Warthog9' Hawley <warthog9@eaglescrag.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Formalize our dependency on perl 5.8, bumped from 5.6.[12]. We already
used the three-arg form of open() which was introduced in 5.6.1, but
t/t9700/test.pl explicitly depended on 5.6.2.
However git-add--interactive.pl has been failing on the 5.6 line since
it was introduced in v1.5.0-rc0~12^2~2 back in 2006 due to this open
syntax:
sub run_cmd_pipe {
my $fh = undef;
open($fh, '-|', @_) or die;
return <$fh>;
}
Which when executed dies on "Can't use an undefined value as
filehandle reference". Several of our tests also fail on 5.6 (even
more when compiled with NO_PERL_MAKEMAKER=1):
t2016-checkout-patch.sh
t3904-stash-patch.sh
t3701-add-interactive.sh
t7105-reset-patch.sh
t7501-commit.sh
t9700-perl-git.sh
Our code is bitrotting on 5.6 with no-one interested in fixing it, and
pinning us to such an ancient release of Perl is keeping us from using
useful features introduced in the 5.8 release.
The 5.6 series is now over 10 years old, and the 5.6.2 maintenance
release almost 7. 5.8 on the other hand is more than 8 years old.
All the modern Unix-like operating systems have now upgraded to it or
a later version, and 5.8 packages are available for old IRIX, AIX
Solaris and Tru64 systems.
Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Acked-by: Tor Arntsen <tor@spacetec.no>
Acked-by: Randal L. Schwartz <merlyn@stonehenge.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This fixes an XML error when visiting a nonexistent tag
(i.e. "../gitweb.cgi?p=git.git;a=tag;h=refs/tags/BADNAME").
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* maint:
gitweb: clarify search results page when no matching commit found
Documentation: add a FILES section for show-ref
Makefile: add missing dependency on http.h
Makefile: add missing dependencies on url.h
Documentation/git-log: Clarify --full-diff
git-rebase: fix typo when parsing --force-rebase
imap-send: Fix sprintf usage
prune: allow --dry-run for -n and --verbose for -v
notes: allow --dry-run for -n and --verbose for -v
Document -B<n>[/<m>], -M<n> and -C<n> variants of -B, -M and -C
Documentation: cite git-am from git-apply
t7003: fix subdirectory-filter test
Allow "check-ref-format --branch" from subdirectory
check-ref-format: handle subcommands in separate functions
pretty-options.txt: match --format's documentation with implementation.
When searching commits for a string that never occurs, the results
page looks something like this:
projects / foo.git / search \o/
summary | ... | tree [commit] search: [ kfjdkas ] [ ]re
first ⋅ prev ⋅ next
Merge branch 'maint'
Foo: a demonstration project
Without a list of hits to compare it to, the header describing the
commit named by the hash parameter (usually HEAD) may itself look
like a hit. Add some text (“No match.”) to replace the empty
list of hits and avoid this confusion.
While at it, remove some nearby dead code, left behind from a
simplification a few years ago (v1.5.4-rc0~276^2~4, 2007-11-01).
Noticed-by: Erick Mattos <erick.mattos@gmail.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Run $post_dispatch_hook->() not $pre_dispatch_hook->() after each
request.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitolite's contrib/gitweb/gitweb.conf includes:
$ENV{GL_USER} = $cgi->remote_user || "gitweb";
which is useful for setups where a user has to be authenticated
to access certain repos. Perhaps other typical configurations
change per session in other ways, too.
v1.7.2-rc2~6 (gitweb: Move evaluate_gitweb_config out of run_request,
2010-07-05) broke such configurations for a speedup, by loading
the configuration once per FastCGI process.
Probably in the end there should be a way to specify in the
configuration whether a particular installation wants the speedup or
the flexibility. But for now it is easier to just undo the relevant
change.
This partially reverts commit 869d58813b.
Reported-by: Julio Lajara <julio.lajara@alum.rpi.edu>
Analysis-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Move highlight config out of guess_file_syntax() so that it can be
extended/overridden by system/user configuration.
Signed-off-by: Alejandro R. Sedeño <asedeno@mit.edu>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Earlier, 452e225 (gitweb: fix esc_param, 2009-10-13) fixed CGI escaping
rules used in esc_url. A very similar logic exists in esc_param and needs
to be fixed the same way.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Move evaluate_gitweb_config() and evaluate_git_version() out of
run_request() to run(), making them not run one for each request.
This changes how git behaves in FastCGI case.
This change makes it impossible to have config which changes with
request, but I don't think anyone relied on such (hidden action)
behavior.
While at it, reset timer and number of git commands at beginning of
run_request() in new reset_timer() subroutine. This fixes case when
gitweb was run using FastCGI interface: time is reported for request,
and not for single run of gitweb script. This changes slightly
behavior in non-FastCGI case: the number of git commands reported is
1 less (running `git --version` one per gitweb is not counted now).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* jn/gitweb-fastcgi:
gitweb: Run in FastCGI mode if gitweb script has .fcgi extension
gitweb: Add support for FastCGI, using CGI::Fast
gitweb: Put all per-connection code in run() subroutine
Check if there is a caller in top frame of gitweb, and either 'return'
if gitweb code is wrapped in subroutine, or 'exit' if it is not.
This should avoid
gitweb.cgi: Subroutine git_SOMETHING redefined at gitweb.cgi line NNN
warnings in error_log when running gitweb with mod_perl (using
ModPerl::Registry handler)
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The name of the key has to be the same in call site handle_errors_html
and in called subroutine that uses it, i.e. git_header_html.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If the name of the script ($SCRIPT_NAME or $SCRIPT_FILENAME CGI
environment variable, or __FILE__ literal) ends with '.fcgi'
extension, run gitweb in FastCGI mode, as if it was run with
'--fastcgi' / '--fcgi' option.
This is intended for easy deploying gitweb using FastCGI
interface.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* jn/gitweb-caching-prep:
gitweb: Move generating page title to separate subroutine
gitweb: Add custom error handler using die_error
gitweb: Use nonlocal jump instead of 'exit' in die_error
gitweb: href(..., -path_info => 0|1)
Export more test-related variables when running external tests
Make git-format-patch (used by 'patch' and 'patches' views) use the
same rename detection options that git-diff and git-diff-tree (used
by 'commitdiff', 'blobdiff', etc.) use.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Former run() subroutine got renamed to run_request(). The new run()
subroutine can run multiple requests at once if run as FastCGI script.
To run gitweb as FastCGI script you must specify '--fastcgi' / '-f'
command line option to gitweb, otherwise it runs as an ordinary CGI
script.
[jn: cherry picked from 56d7d436644ab296155a697552ea1345f2701620
in http://utsl.gen.nz/gitweb/?p=gitweb which was originally based
on v264 (2326acfa95) by Kay Sievers;
updated to reflect current gitweb code]
TODO: update 'gitweb/README' and/or 'gitweb/INSTALL' files.
Signed-off-by: Sam Vilain <sam.vilain@catalyst.net.nz>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
All code that is run per-connection (as opposed to those parts of gitweb
code that can be run once) is put into appropriate subroutines:
- evaluate_uri
- evaluate_gitweb_config
- evaluate_git_version (here only because $GIT can be set in config)
- check_loadavg (as soon as possible; $git_version must be defined)
- evaluate_query_params (counterpart to evaluate_path_info)
- evaluate_and_validate_params
- evaluate_git_dir (requires $project)
- configure_gitweb_features (@snapshot_fmts, $git_avatar)
- dispatch (includes setting default $action)
The difference is best viewed with '-w', '--ignore-all-space' option,
because of reindent caused by putting code in subroutines.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This refactoring (adding guess_file_syntax and run_highlighter
subroutines) is meant to make it easier in the future to add support
for other syntax highlighing solutions, or make it smarter by not
re-running `git cat-file` second time.
Instead of looping over list of regexps (keys of %highlight_type hash),
make use of the fact that choosing syntax is based either on full
basename (%highlight_basename), or on file extension (%highlight_ext).
Add some basic test of syntax highlighting (with 'highlight' as
prerequisite) to t/t9500-gitweb-standalone-no-errors.sh test.
While at it make git_blob Perl style prettier.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
It requires the 'highlight' program to do all the heavy-lifting.
This is loosely based on Daniel Svensson's and Sham Chukoury's work in
gitweb-xmms2.git (it cannot be cherry-picked, as gitweb-xmms2 first forked
wildly, then not contributed back, and then went stale).
[jn: cherry picked from bc1ed6aafd9ee4937559535c66c8bddf1864bec6
in http://repo.or.cz/w/git/dscho.git, with a few changes]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When $projects_list points to a directory, and git_get_projects_list
scans this directory for repositories, there can be generated the
following warnings (for persistent services like mod_perl or plackup):
Variable "$project_maxdepth" may be unavailable at gitweb.cgi line 2443.
Variable "$projectroot" may be unavailable at gitweb.cgi line 2451.
Those are false positives; silence those warnings by explicitely
declaring $project_maxdepth and $projectroot with 'our', as global
variables, in anonymous subrotine passed to File::Find::find.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
get_page_title subroutine is currently used only in git_header_html.
Nevertheless refactoring title generation allowed to reduce indent
level.
It would be used in more than one callsite in the patch adding caching
activity indicator to gitweb.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Change the default message for errors (for fatalsToBrowser) to use
die_error() subroutine. This way errors (and explicitely calling 'die
MESSAGE') would generate 'Internal Server Error' error message.
Note that call to set_message is intentionally not put in BEGIN block;
we set error handler to use die_error() only after we are sure that we
can use it, after all needed variables are set.
Due to the fact that error handler set via set_message() subroutine
from CGI::Carp (in the fatalsToBrowser case) is called after HTTP
headers were already printed (with exception of MOD_PERL), gitweb
cannot return 'Status: 500 Internal Server Error'.
Thanks to the fact that die_error() no longer uses 'exit', errors
would be logged by CGI::Carp, independent on whether default error
handler is used, or handle_errors_html which uses die_error is used.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Use 'goto DONE' in place of 'exit' to end request processing in
die_error() subroutine. While at it, do not end gitweb with 'exit'.
This would make it easier in the future to add support or improve
support for persistent environments such as FastCGI and mod_perl.
It would also make it easier to make use of die_error() as an error
handler (for fatalsToBrowser).
Perl 5 allows non-local jumps; the restriction is that you cannot jump
into a scope.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If named boolean option -path_info is passed to href() subroutine, it
would use its value to decide whether to generate path_info URL form.
If this option is not passed, href() queries 'pathinfo' feature to
check whether to generate path_info URL (if generating path_info link
is possible at all).
href(-replay=>1, -path_info=>0) is meant to be used to generate a key
for caching gitweb output; alternate solution would be to use freeze()
from Storable (core module) on %input_params hash (or its reference),
e.g.:
$key = freeze \%input_params;
or other serialization of %input_params.
While at it document extra options/flags to href().
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Fix overeager early return in git_get_project_config, introduced in 9be3614
(gitweb: Fix project-specific feature override behavior, 2010-03-01). When
git_get_project_config is called from projects list page via
git_get_project_owner($path) etc., it is called with $git_dir defined (in
git_get_project_owner($path) etc.), but $project variable is not defined.
git_get_project_config doesn't use $project variable anyway.
Reported-by: Tobias Heinlein <keytoaster@gentoo.org>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit fixes a bug in processing project-specific override in
a situation when there is no project, e.g. for the projects list page.
When 'snapshot' feature had project specific config override enabled
by putting
$feature{'snapshot'}{'override'} = 1;
(or equivalent) in $GITWEB_CONFIG, and when viewing toplevel gitweb
page, which means the projects list page (to be more exact this
happens for any project-less action), gitweb would put the following
Perl warnings in error log:
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2065.
fatal: error processing config file(s)
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2221.
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2218.
The problem is in the following fragment of code:
# path to the current git repository
our $git_dir;
$git_dir = "$projectroot/$project" if $project;
# list of supported snapshot formats
our @snapshot_fmts = gitweb_get_feature('snapshot');
@snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
For the toplevel gitweb page, which is the list of projects, $project is not
defined, therefore neither is $git_dir. gitweb_get_feature() subroutine
calls git_get_project_config() if project specific override is turned
on... but we don't have project here.
Those errors mentioned above occur in the following fragment of code in
git_get_project_config():
# get config
if (!defined $config_file ||
$config_file ne "$git_dir/config") {
%config = git_parse_project_config('gitweb');
$config_file = "$git_dir/config";
}
git_parse_project_config() calls git_cmd() which has '--git-dir='.$git_dir
There are (at least) three possible solutions:
1. Harden gitweb_get_feature() so that it doesn't call
git_get_project_config() if $project (and therefore $git_dir) is not
defined; there is no project for project specific config.
2. Harden git_get_project_config() like you did in your fix, returning early
if $git_dir is not defined.
3. Harden git_cmd() so that it doesn't add "--git-dir=$git_dir" if $git_dir
is not defined, and change git_get_project_config() so that it doesn't
even try to access $git_dir if it is not defined.
This commit implements both 1.) and 2.), i.e. gitweb_get_feature() doesn't
call project-specific override if $git_dir is not defined (if there is no
project), and git_get_project_config() returns early if $git_dir is not
defined.
Add a test for this bug to t/t9500-gitweb-standalone-no-errors.sh test.
Reported-by: Eli Barzilay <eli@barzilay.org>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This is a bit of future-proofing esc_html and friends: when called
with undefined value they would now would return undef... which would
probably mean that error would still occur, but closer to the source
of problem.
This means that we can safely use
esc_html(shift) || "Internal Server Error"
in die_error() instead of
esc_html(shift || "Internal Server Error")
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The error message (second argument to die_error) is meant to be short,
one-line text description of given error. A few callers call
die_error with error message containing unescaped user supplied data
($hash, $file_name). Instead of forcing callers to escape data,
simply call esc_html on the parameter.
Note that optional third parameter, which contains detailed error
description, is meant to be HTML formatted, and therefore should be
not escaped.
While at it update esc_html synopsis/usage, and bring default error
description to read 'Internal Server Error' (titlecased).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Otherwise the errors can propagate, and show in damnest places, and
you would spend your time chasing ghosts instead of debugging real
problem (yes, it is from personal experience).
This follows (parts of) advice in `perldoc -f do` documentation.
This required restructoring code a bit, so we die only if we are reading
(executing) config file. As a side effect $GITWEB_CONFIG_SYSTEM is always
available, even when we use $GITWEB_CONFIG.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The chop_str subroutine is meant to be used on strings (such as commit
description / title) *before* HTML escaping, which means before
applying esc_html or equivalent.
Therefore get rid of the failed attempt to always remove full HTML
entities (like e.g. & or ). It is not necessary (HTML
entities gets added later), and it can cause chop_str to chop a string
incorrectly.
Specifically:
API & protocol: support option to force written data immediately to disk
from http://git.kernel.org/?p=daemon/distsrv/chunkd.git;a=commit;h=3b02f749df2cb1288f345a689d85e7061f507e54
The short version of the title gets chopped to
API ...
where it should be
API & protocol: support option to force written data...
Noticed-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Signed-off-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>