path: root/html.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2016-01-14ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld1-0/+26
2015-08-14html: remove html_status()John Keeping1-7/+0
This is now unused. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-13Remove redundant includesJohn Keeping1-6/+0
These are all included in git-compat-util.h (when necessary), which we include in cgit.h. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-03-09html: avoid using a plain integer as a NULL pointerJohn Keeping1-22/+32
Sparse complains about this table because we use the integer zero as the NULL pointer. Use this as an opportunity to reformat the table so that it always contains 8 elements per row, making it easier to see which values are being set and which are not. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12html: remove redundant htmlfd variableJohn Keeping1-3/+1
This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-08Update copyright informationLukas Fleischer1-1/+1
* Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
2013-05-22html.c: die when write failsJohn Keeping1-1/+1
If we fail to write HTML output once, there's no point carrying on so just write a failure message once and die. By using Git's die_errno function we also let the user know in what way the write failed. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08html.c: add various strbuf and varadic helpersJohn Keeping1-3/+50
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf. These takes a printf style format string like htmlf but escapes the resulting string. The html_vtxtf variant takes a va_list whereas html_txtf is variadic. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08html.c: Replace strdup() with xstrdup()Lukas Fleischer1-5/+2
Use the xstrdup() wrapper which already bails out if strdup() returns a NULL pointer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-04-08Always #include corresponding .h in .c filesJohn Keeping1-0/+1
While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-03-20html: check return value of writeJason A. Donenfeld1-2/+3
This squelches a gcc warning. It's also correct that we check to see if there are any partial or failed writes. For now, we just print a warning to stderr. In the future, perhaps it will prove wise to exit(1) on partial writes.
2013-03-04Mark several functions/variables staticLukas Fleischer1-3/+3
Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-04White space around control verbs.Jason A. Donenfeld1-7/+7
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-03-04Fix several whitespace errorsLukas Fleischer1-39/+39
* Remove whitespace at the end of lines. * Replace space indentation by tabs. * Add whitespace before/after several operators ("+", "-", "*", ...) * Add whitespace to assignments ("foo = bar;"). * Fix whitespace in parameter lists ("foobar(foo, bar, 42)"). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2011-07-21html.c: avoid out-of-bounds access for url_escape_tableEric Wong1-2/+2
This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30Properly escape ampersands inside HTML attributesLukas Fleischer1-1/+3
Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix memory leak in http_parse_querystring().Lukas Fleischer1-2/+3
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23Fix escaping of paths with spacesJonathon Mah1-4/+6
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06html.c: add html_intoption()Lars Hjemli1-0/+8
This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering1-1/+1
When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-10html.c: use '+' to escape spaces in urlsLars Hjemli1-2/+2
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-09-04prefer html_raw() to write()Mark Lodato1-9/+9
To make the code more consistent, and to not rely on the implementation of html(), always use html_raw(...) instead of write(htmlfd, ...). Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-08-29html: fix strcpy bug in convert_query_hexcharMark Lodato1-4/+5
The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-09html: properly percent-escape URLsMark Lodato1-4/+32
The only valid characters for a URL are unreserved characters a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per RFC 3986. Everything else must be escaped. Additionally, the # and ? always have special meaning, and the &, =, and + have special meaning in a query string, so they too must be escaped. To make this easier, a table of escapes is now used so that we do not have to call fmt() for each character; if the entry is 0, no escaping is needed. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-08html: make all strings 'const char *'Mark Lodato1-17/+17
None of the html_* functions modify their argument, so they can all be 'const char *' instead of a simple 'char *'. This removes the need to cast (or copy) when trying to print a const string. Signed-off-by: Mark Lodato <lodatom@gmail.com>
2009-01-29html.c: use correct escaping in html attributesLars Hjemli1-2/+4
First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '&quot;', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05html.c: add html_url_pathLars Hjemli1-0/+16
This function can be used to generate properly escaped path-components for links. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05html.c: add html_url_argLars Hjemli1-0/+16
This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Supply status description to html_status()Lars Hjemli1-2/+2
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Implement plain viewLars Hjemli1-0/+5
This implements a way to access plain blobs by path (similar to the tree view) instead of by sha1. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Add support for cloning over httpLars Hjemli1-0/+7
This patch implements basic support for cloning over http, based on the work on git-http-backend by Shawn O. Pearce. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-29Print an error if filename is not found in html_include.Harley Laue1-1/+5
Normally when html_include cannot open the file it fails silently and things can be a bit hard to figure out from just looking at apache's log. This will be beneficial for those initially setting up their server with cgit. Signed-off-by: Harley Laue <losinggeneration@aim.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-08Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()Lars Hjemli1-0/+64
This is a generic http-function. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-18Introduce html.hLars Hjemli1-19/+12
All html-functions can be quite easily separated from the rest of cgit, so lets do it; the only issue was html_filemode which uses some git-defined macros so the function is moved into ui-shared.c::cgit_print_filemode(). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23Fix segfaultHiroki Hattori1-15/+5
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-11Fix html error detected by test-suiteLars Hjemli1-1/+1
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28Add html_option() functionLars Hjemli1-0/+12
This is a generic function used to output html "option" tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-06-04Rename dirlink to gitlink.Jeffrey C. Ollie1-1/+1
Git changed from dirlink to gitlink in 302b9282c9ddfcc704ca759bdc98c1d5f75eba2f. Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
2007-05-18Add html_include()Lars Hjemli1-0/+14
This is a function used to include external htmlfiles in cgit- generated pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-11Add submodule links in tree listingLars Hjemli1-1/+2
When a submodule occurs in a tree, generate a link to show the module/commit. The link is specified as a sprintf string in /etc/cgitrc, using parameters 'module-link' and 'repo.module-link'. This should probably be extended with repo.module-link.$path. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28Add generic support for search box in page headerLars Hjemli1-0/+10
This adds the ability to show a search box in any pageheader with correct href and hidden form data, but does not enable the box on any pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-28Test for NULL-pointers in html_txt() and friendsLars Hjemli1-4/+3
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-22Only show first 80 characters of commit subject in log and summaryLars Hjemli1-0/+28
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-17Show list of modified files in ui-commit.cLars Hjemli1-0/+20
Compare current commit with 1.parent, and for each affected file display current filemode, old filemode if changed, current filename and source filename if it was a copy/rename. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-10Add license file and copyright noticesLars Hjemli1-0/+8
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2006-12-10Add caching infrastructureLars Hjemli1-2/+4
This enables internal caching of page output. Page requests are split into four groups: 1) repo listing (front page) 2) repo summary 3) repo pages w/symbolic references in query string 4) repo pages w/constant sha1's in query string Each group has a TTL specified in minutes. When a page is requested, a cached filename is stat(2)'ed and st_mtime is compared to time(2). If TTL has expired (or the file didn't exist), the cached file is regenerated. When generating a cached file, locking is used to avoid parallell processing of the request. If multiple processes tries to aquire the same lock, the ones who fail to get the lock serves the (expired) cached file. If the cached file don't exist, the process instead calls sched_yield(2) before restarting the request processing. Signed-off-by: Lars Hjemli <hjemli@gmail.com>