It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it>
Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org>
Helped-by: Jonathan Nieder <jrnieder@gmail.com>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When searching commits for a string that never occurs, the results
page looks something like this:
projects / foo.git / search \o/
summary | ... | tree [commit] search: [ kfjdkas ] [ ]re
first ⋅ prev ⋅ next
Merge branch 'maint'
Foo: a demonstration project
Without a list of hits to compare it to, the header describing the
commit named by the hash parameter (usually HEAD) may itself look
like a hit. Add some text (“No match.”) to replace the empty
list of hits and avoid this confusion.
While at it, remove some nearby dead code, left behind from a
simplification a few years ago (v1.5.4-rc0~276^2~4, 2007-11-01).
Noticed-by: Erick Mattos <erick.mattos@gmail.com>
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Earlier, 452e225 (gitweb: fix esc_param, 2009-10-13) fixed CGI escaping
rules used in esc_url. A very similar logic exists in esc_param and needs
to be fixed the same way.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Move evaluate_gitweb_config() and evaluate_git_version() out of
run_request() to run(), making them not run one for each request.
This changes how git behaves in FastCGI case.
This change makes it impossible to have config which changes with
request, but I don't think anyone relied on such (hidden action)
behavior.
While at it, reset timer and number of git commands at beginning of
run_request() in new reset_timer() subroutine. This fixes case when
gitweb was run using FastCGI interface: time is reported for request,
and not for single run of gitweb script. This changes slightly
behavior in non-FastCGI case: the number of git commands reported is
1 less (running `git --version` one per gitweb is not counted now).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* jn/gitweb-fastcgi:
gitweb: Run in FastCGI mode if gitweb script has .fcgi extension
gitweb: Add support for FastCGI, using CGI::Fast
gitweb: Put all per-connection code in run() subroutine
This typo has been in place since the rule was originally added by
0e6ce21 (Gitweb: add support for minifying gitweb.css).
Signed-off-by: Jay Soffian <jaysoffian@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* jn/gitweb-plackup:
git-instaweb: Add support for running gitweb via 'plackup'
git-instaweb: Wait for server to start before running web browser
git-instaweb: Remove pidfile after stopping web server
git-instaweb: Configure it to work with new gitweb structure
git-instaweb: Put httpd logs in a "$httpd_only" subdirectory
gitweb: Set default destination directory for installing gitweb in Makefile
gitweb: Move static files into seperate subdirectory
Check if there is a caller in top frame of gitweb, and either 'return'
if gitweb code is wrapped in subroutine, or 'exit' if it is not.
This should avoid
gitweb.cgi: Subroutine git_SOMETHING redefined at gitweb.cgi line NNN
warnings in error_log when running gitweb with mod_perl (using
ModPerl::Registry handler)
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The name of the key has to be the same in call site handle_errors_html
and in called subroutine that uses it, i.e. git_header_html.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If the name of the script ($SCRIPT_NAME or $SCRIPT_FILENAME CGI
environment variable, or __FILE__ literal) ends with '.fcgi'
extension, run gitweb in FastCGI mode, as if it was run with
'--fastcgi' / '--fcgi' option.
This is intended for easy deploying gitweb using FastCGI
interface.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Create a new subdirectory called 'static' in gitweb/, and move
all static files required by gitweb.cgi when running, which means
styles, images and Javascript code. This should make gitweb more
readable and easier to maintain.
Update t/gitweb-lib.sh to reflect this change.The install-gitweb
now also include moving of static files into 'static' subdirectory
in target directory: update Makefile, gitweb's INSTALL, README and
Makefile accordingly.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com>
Mentored-by: Christian Couder <chriscool@tuxfamily.org>
Mentored-by: Petr Baudis <pasky@ucw.cz>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
* jn/gitweb-caching-prep:
gitweb: Move generating page title to separate subroutine
gitweb: Add custom error handler using die_error
gitweb: Use nonlocal jump instead of 'exit' in die_error
gitweb: href(..., -path_info => 0|1)
Export more test-related variables when running external tests
Make git-format-patch (used by 'patch' and 'patches' views) use the
same rename detection options that git-diff and git-diff-tree (used
by 'commitdiff', 'blobdiff', etc.) use.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Former run() subroutine got renamed to run_request(). The new run()
subroutine can run multiple requests at once if run as FastCGI script.
To run gitweb as FastCGI script you must specify '--fastcgi' / '-f'
command line option to gitweb, otherwise it runs as an ordinary CGI
script.
[jn: cherry picked from 56d7d436644ab296155a697552ea1345f2701620
in http://utsl.gen.nz/gitweb/?p=gitweb which was originally based
on v264 (2326acfa95) by Kay Sievers;
updated to reflect current gitweb code]
TODO: update 'gitweb/README' and/or 'gitweb/INSTALL' files.
Signed-off-by: Sam Vilain <sam.vilain@catalyst.net.nz>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
All code that is run per-connection (as opposed to those parts of gitweb
code that can be run once) is put into appropriate subroutines:
- evaluate_uri
- evaluate_gitweb_config
- evaluate_git_version (here only because $GIT can be set in config)
- check_loadavg (as soon as possible; $git_version must be defined)
- evaluate_query_params (counterpart to evaluate_path_info)
- evaluate_and_validate_params
- evaluate_git_dir (requires $project)
- configure_gitweb_features (@snapshot_fmts, $git_avatar)
- dispatch (includes setting default $action)
The difference is best viewed with '-w', '--ignore-all-space' option,
because of reindent caused by putting code in subroutines.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This refactoring (adding guess_file_syntax and run_highlighter
subroutines) is meant to make it easier in the future to add support
for other syntax highlighing solutions, or make it smarter by not
re-running `git cat-file` second time.
Instead of looping over list of regexps (keys of %highlight_type hash),
make use of the fact that choosing syntax is based either on full
basename (%highlight_basename), or on file extension (%highlight_ext).
Add some basic test of syntax highlighting (with 'highlight' as
prerequisite) to t/t9500-gitweb-standalone-no-errors.sh test.
While at it make git_blob Perl style prettier.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
It requires the 'highlight' program to do all the heavy-lifting.
This is loosely based on Daniel Svensson's and Sham Chukoury's work in
gitweb-xmms2.git (it cannot be cherry-picked, as gitweb-xmms2 first forked
wildly, then not contributed back, and then went stale).
[jn: cherry picked from bc1ed6aafd9ee4937559535c66c8bddf1864bec6
in http://repo.or.cz/w/git/dscho.git, with a few changes]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Installing gitweb is now as easy as
# make gitwebdir=/var/www/cgi-bin gitweb-install ;# as root
The gitweb/INSTALL file was updated accordingly, to make use of this
new target.
Fix shell quoting, i.e. setting bindir_SQ etc., in gitweb/Makefile.
Those variables were not used previously.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
When $projects_list points to a directory, and git_get_projects_list
scans this directory for repositories, there can be generated the
following warnings (for persistent services like mod_perl or plackup):
Variable "$project_maxdepth" may be unavailable at gitweb.cgi line 2443.
Variable "$projectroot" may be unavailable at gitweb.cgi line 2451.
Those are false positives; silence those warnings by explicitely
declaring $project_maxdepth and $projectroot with 'our', as global
variables, in anonymous subrotine passed to File::Find::find.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
get_page_title subroutine is currently used only in git_header_html.
Nevertheless refactoring title generation allowed to reduce indent
level.
It would be used in more than one callsite in the patch adding caching
activity indicator to gitweb.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Change the default message for errors (for fatalsToBrowser) to use
die_error() subroutine. This way errors (and explicitely calling 'die
MESSAGE') would generate 'Internal Server Error' error message.
Note that call to set_message is intentionally not put in BEGIN block;
we set error handler to use die_error() only after we are sure that we
can use it, after all needed variables are set.
Due to the fact that error handler set via set_message() subroutine
from CGI::Carp (in the fatalsToBrowser case) is called after HTTP
headers were already printed (with exception of MOD_PERL), gitweb
cannot return 'Status: 500 Internal Server Error'.
Thanks to the fact that die_error() no longer uses 'exit', errors
would be logged by CGI::Carp, independent on whether default error
handler is used, or handle_errors_html which uses die_error is used.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Use 'goto DONE' in place of 'exit' to end request processing in
die_error() subroutine. While at it, do not end gitweb with 'exit'.
This would make it easier in the future to add support or improve
support for persistent environments such as FastCGI and mod_perl.
It would also make it easier to make use of die_error() as an error
handler (for fatalsToBrowser).
Perl 5 allows non-local jumps; the restriction is that you cannot jump
into a scope.
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
If named boolean option -path_info is passed to href() subroutine, it
would use its value to decide whether to generate path_info URL form.
If this option is not passed, href() queries 'pathinfo' feature to
check whether to generate path_info URL (if generating path_info link
is possible at all).
href(-replay=>1, -path_info=>0) is meant to be used to generate a key
for caching gitweb output; alternate solution would be to use freeze()
from Storable (core module) on %input_params hash (or its reference),
e.g.:
$key = freeze \%input_params;
or other serialization of %input_params.
While at it document extra options/flags to href().
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Acked-by: Petr Baudis <pasky@suse.cz>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
GITWEB_CSS and GITWEB_JS are meant to be "what URI should the installed
cgi script use to refer to the stylesheet and JavaScript", never "this
is the name of the file we are building". Don't use them to decide what
file to build minified versions in.
While we are at it, lose FILES that is used only for "clean" target in a
misguided way. "make clean" should try to remove all the potential
build artifacts regardless of a minor configuration change. Instead of
trying to remove only the build product "make clean" would have created
if it were run without "clean", explicitly list the three potential build
products for removal.
Tested-by: Mark Rada <marada@uwaterloo.co>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Gitweb can be generated by the gitweb/gitweb.cgi target or the gitweb
target. Since the gitweb target is shorter, I think it would be better
to have new users be instructed to use it.
Signed-off-by: Mark Rada <marada@uwaterloo.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This patch updates gitweb/INSTALL to mention gitweb.js, including
JavaScript minification support.
Signed-off-by: Mark Rada <marada@uwaterloo.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This will allow users to set a JavaScript/CSS minifier when/if they run
the autoconfigure script while building git.
Signed-off-by: Mark Rada <marada@uwaterloo.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The build system added support minifying gitweb.js through a
JavaScript minifier, but most minifiers come with support for
minifying CSS files as well, so we should use it if we can.
This patch will add the same facilities to gitweb.css that
gitweb.js has for minification. That does not mean that they
will use the same minifier though, as it is not safe to assume
that all JavaScript minifiers will also minify CSS files.
This patch also adds the GITWEB_PROGRAMS variable to the Makefile
to keep a list of potential gitweb dependencies separate from
OTHER_PROGRAMS when we need to know just the gitweb dependencies.
Though the bandwidth savings will not be as dramatic as with
the JavaScript minifier, every byte saved is important.
Signed-off-by: Mark Rada <marada@uwaterloo.ca>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
Fix overeager early return in git_get_project_config, introduced in 9be3614
(gitweb: Fix project-specific feature override behavior, 2010-03-01). When
git_get_project_config is called from projects list page via
git_get_project_owner($path) etc., it is called with $git_dir defined (in
git_get_project_owner($path) etc.), but $project variable is not defined.
git_get_project_config doesn't use $project variable anyway.
Reported-by: Tobias Heinlein <keytoaster@gentoo.org>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit fixes a bug in processing project-specific override in
a situation when there is no project, e.g. for the projects list page.
When 'snapshot' feature had project specific config override enabled
by putting
$feature{'snapshot'}{'override'} = 1;
(or equivalent) in $GITWEB_CONFIG, and when viewing toplevel gitweb
page, which means the projects list page (to be more exact this
happens for any project-less action), gitweb would put the following
Perl warnings in error log:
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2065.
fatal: error processing config file(s)
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2221.
gitweb.cgi: Use of uninitialized value $git_dir in concatenation (.) or string at gitweb.cgi line 2218.
The problem is in the following fragment of code:
# path to the current git repository
our $git_dir;
$git_dir = "$projectroot/$project" if $project;
# list of supported snapshot formats
our @snapshot_fmts = gitweb_get_feature('snapshot');
@snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
For the toplevel gitweb page, which is the list of projects, $project is not
defined, therefore neither is $git_dir. gitweb_get_feature() subroutine
calls git_get_project_config() if project specific override is turned
on... but we don't have project here.
Those errors mentioned above occur in the following fragment of code in
git_get_project_config():
# get config
if (!defined $config_file ||
$config_file ne "$git_dir/config") {
%config = git_parse_project_config('gitweb');
$config_file = "$git_dir/config";
}
git_parse_project_config() calls git_cmd() which has '--git-dir='.$git_dir
There are (at least) three possible solutions:
1. Harden gitweb_get_feature() so that it doesn't call
git_get_project_config() if $project (and therefore $git_dir) is not
defined; there is no project for project specific config.
2. Harden git_get_project_config() like you did in your fix, returning early
if $git_dir is not defined.
3. Harden git_cmd() so that it doesn't add "--git-dir=$git_dir" if $git_dir
is not defined, and change git_get_project_config() so that it doesn't
even try to access $git_dir if it is not defined.
This commit implements both 1.) and 2.), i.e. gitweb_get_feature() doesn't
call project-specific override if $git_dir is not defined (if there is no
project), and git_get_project_config() returns early if $git_dir is not
defined.
Add a test for this bug to t/t9500-gitweb-standalone-no-errors.sh test.
Reported-by: Eli Barzilay <eli@barzilay.org>
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit adds in the gitweb/README file a description of how to use gitweb
with several project roots using apache virtualhost rewrite rules.
Signed-off-by: Sylvain Rabot <sylvain@abstraction.fr>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This is a bit of future-proofing esc_html and friends: when called
with undefined value they would now would return undef... which would
probably mean that error would still occur, but closer to the source
of problem.
This means that we can safely use
esc_html(shift) || "Internal Server Error"
in die_error() instead of
esc_html(shift || "Internal Server Error")
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
The error message (second argument to die_error) is meant to be short,
one-line text description of given error. A few callers call
die_error with error message containing unescaped user supplied data
($hash, $file_name). Instead of forcing callers to escape data,
simply call esc_html on the parameter.
Note that optional third parameter, which contains detailed error
description, is meant to be HTML formatted, and therefore should be
not escaped.
While at it update esc_html synopsis/usage, and bring default error
description to read 'Internal Server Error' (titlecased).
Signed-off-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>