git-commit-vandalism/gitweb
Jeff King 0f0ecf68b3 gitweb: escape html in rss title
The title of an RSS feed is generated from many components,
including the filename provided as a query parameter, but we
failed to quote it.  Besides showing the wrong output, this
is a vector for XSS attacks.

Signed-off-by: Jeff King <peff@peff.net>
2012-11-12 16:34:53 -05:00
..
static gitweb: Highlight interesting parts of diff 2012-04-11 14:26:02 -07:00
gitweb.perl gitweb: escape html in rss title 2012-11-12 16:34:53 -05:00
INSTALL gitweb: provide a way to customize html headers 2011-10-21 10:18:37 -07:00
Makefile Merge branch 'rj/gitweb-clean-js' 2011-10-27 12:04:21 -07:00
README gitweb: Add gitweb(1) manpage for gitweb itself 2011-10-16 11:09:34 -07:00

GIT web Interface
=================

The one working on:
  http://git.kernel.org/

From the git version 1.4.0 gitweb is bundled with git.


Build time gitweb configuration
-------------------------------
There are many configuration variables which affect building gitweb (among
others creating gitweb.cgi out of gitweb.perl by replacing placeholders such
as `++GIT_BINDIR++` by their build-time values).

Building and installing gitweb is described in gitweb's INSTALL file
(in 'gitweb/INSTALL').


Runtime gitweb configuration
----------------------------
Gitweb obtains configuration data from the following sources in the
following order:

1. built-in values (some set during build stage),
2. common system-wide configuration file (`GITWEB_CONFIG_COMMON`,
   defaults to '/etc/gitweb-common.conf'),
3. either per-instance configuration file (`GITWEB_CONFIG`, defaults to
   'gitweb_config.perl' in the same directory as the installed gitweb),
   or if it does not exists then system-wide configuration file
   (`GITWEB_CONFIG_SYSTEM`, defaults to '/etc/gitweb.conf').

Values obtained in later configuration files override values obtained earlier
in above sequence.

You can read defaults in system-wide GITWEB_CONFIG_SYSTEM from GITWEB_CONFIG
by adding

  read_config_file($GITWEB_CONFIG_SYSTEM);

at very beginning of per-instance GITWEB_CONFIG file.  In this case
settings in said per-instance file will override settings from
system-wide configuration file.  Note that read_config_file checks
itself that the $GITWEB_CONFIG_SYSTEM file exists.

The most notable thing that is not configurable at compile time are the
optional features, stored in the '%features' variable.

Ultimate description on how to reconfigure the default features setting
in your `GITWEB_CONFIG` or per-project in `project.git/config` can be found
as comments inside 'gitweb.cgi'.

See also gitweb.conf(5) manpage.


Web server configuration
------------------------
Gitweb can be run as CGI script, as legacy mod_perl application (using
ModPerl::Registry), and as FastCGI script.  You can find some simple examples
in "Example web server configuration" section in INSTALL file for gitweb (in
gitweb/INSTALL).

See "Webserver configuration" and "Advanced web server setup" sections in
gitweb(1) manpage.


AUTHORS
-------
Originally written by:
  Kay Sievers <kay.sievers@vrfy.org>

Any comment/question/concern to:
  Git mailing list <git@vger.kernel.org>