path: root/filters (unfollow)
Commit message (Collapse)AuthorFilesLines
48 hoursglobal: replace hard coded hash lengthChristian Hesse1-1/+1
With sha1 we had a guaranteed length of 40 hex chars. This changes now that we have to support sha256 with 64 hex chars... Support both. Signed-off-by: Christian Hesse <mail@eworm.de>
2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld5-44/+83
luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-08-28filters: generate anchor links from markdownChristian Hesse1-2/+15
This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com>
2018-08-03auth-filters: add simple file-based authentication schemeJason A. Donenfeld1-0/+352
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: use crypt() in simple-authenticationJason A. Donenfeld1-13/+6
There's no use in giving a silly example to folks who will just copy it, so instead try to do something slightly better. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-15auth-filters: generate secret securelyJason A. Donenfeld2-18/+85
This is much better than having the user generate it themselves. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not crash on nil usernameJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-07-14auth-filters: do not use HMAC-SHA1Jason A. Donenfeld2-4/+4
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our luck; SHA256 is more sensible anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2018-01-19ui-blame: Allow syntax highlightingJeff Smith1-1/+1
Place file contents into a single block so that syntax highlighting can be applied in the usual fashion. Place the alternating color bars behind the file contents. Force the default syntax highlighting background to transparent. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-15global: spelling fixesVille Skyttä1-1/+1
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
2017-01-22syntax-highlighting: replace invalid unicode with ?Jason A. Donenfeld1-2/+2
2016-06-17md2html: use utf-8 and flush output bufferJason A. Donenfeld1-6/+11
Otherwise we get the classic Python UTF-8 errors, and the text is all out of order. While we're at it, switch to python3 so we only have to support one set of oddball semantics. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: Daniel Campbell <dlcampbell@gmx.com>
2016-06-07Hosted on HTTPS nowJason A. Donenfeld1-1/+1
2016-02-23md2html: Do syntax highlighting tooJason A. Donenfeld1-1/+5
2016-01-18syntax-highlighting: always use utf-8 to avoid ascii codec issuesJason A. Donenfeld1-0/+3
2015-11-12about-formatting.sh: comment text out of dateJason A. Donenfeld1-1/+1
2015-10-12filters: port syntax-highlighting.py to python 3.xChristian Hesse1-10/+9
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-12md2html: the default of stdin works fineJason A. Donenfeld1-2/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12filters: misc cleanupsJason A. Donenfeld2-2/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12md2html: use pure pythonJason A. Donenfeld1-6/+9
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-09filters: Simplify convertersJason A. Donenfeld4-1734/+284
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-08-12filters: apply HTML escapingLazaros Koromilas1-1/+1
2015-03-13filters: Add sample gentoo scriptJason A. Donenfeld1-0/+320
2015-03-05simple-authentication.lua: tie secure cookies to field namesJason A. Donenfeld1-13/+21
2014-12-23match other common markdown file extensionsChris Burroughs1-1/+1
2014-12-23repolist: add owner-filterChris Burroughs1-0/+17
This allows custom links to be used for repository owners by configuring a filter to be applied in the "Owner" column in the repository list.
2014-12-13filter: fix libravatar email-filter https issueChristian Hesse1-1/+2
Serving cgit via https and getting avatar via http gives error messages about untrusted content. This decides whether or not to use https link by looking at the environment variable HTTPS, which is set in CGI.
2014-04-17remove trailing whitespaces from source filesChristian Hesse1-18/+18
2014-03-13filter: add libravatar email-filter lua scriptChristian Hesse1-0/+26
2014-01-23simple-authentication: styleJason A. Donenfeld1-1/+1
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld1-0/+10
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: have cgit calculate login addressJason A. Donenfeld1-6/+1
This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld1-2/+2
By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld1-79/+121
This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld1-0/+225
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-15email-gravatar: fix html syntax issuesChristian Hesse2-2/+2
an attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
2014-01-14email-gravatar: do not scale icons upJason A. Donenfeld2-2/+2
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: allow returning exit code from filterJason A. Donenfeld1-0/+1
Filters can now indicate a status back to cgit by means of the exit code for exec, or the return value from close for Lua. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14email-gravatar: fix html syntax issuesChristian Hesse2-2/+2
* make ampersand a html entity * add required alt attribute * add required img end tag
2014-01-14email-gravatar.py: fix UTF-8Christian Hesse1-0/+4
2014-01-14email-gravatar.lua: fix for lua 5.2Christian Hesse1-1/+1
2014-01-14filter: add page source to email filterJason A. Donenfeld2-1/+3
Since the email filter is called from lots of places, the script might benefit from knowing the origin. That way it can modify its contents and/or size depending. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add gravatar scriptsJason A. Donenfeld2-0/+58
The lua one is hugely faster than the python one, but both are included for comparison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-13filters: Improved syntax-highlighting.pyStefan Tatschner1-19/+33
- Switched back to python2 according to a problem in pygments with python3. With the next release of pygments this problem should be fixed. Issue see here: https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3 - Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures that even destroyed files do not cause any errors in the filter. - Improved language guessing: -> At first use guess_lexer_for_filename for a better detection of the used programming languages (even mixed cases will be detected, e.g. php + html). -> If nothing was found look if there is a shebang and use guess_lexer. -> As default/fallback choose TextLexer. Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
2014-01-08Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch1-0/+1
Previously the script tried to encode output from Pygments with the ASCII codec, which failed. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
2014-01-08Fix about-formatting.shPřemysl Janouch1-1/+1
dash failed to parse the script. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
2014-01-08filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts1-1/+63
v2: add highlight 3.13 as present on Fedora 19 Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
2013-05-28filters: toggle perl utf8 situationJason A. Donenfeld1-4/+0
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-05-27filters: import more modern scriptsJason A. Donenfeld8-0/+1813
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2012-10-27syntax-highlighting.sh: Fix command injection.Jason A. Donenfeld1-2/+2
By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting.