* filter: return on null filter from open and closeJason A. Donenfeld2014-01-141-6/+2
| | | | | | | | So that we don't have to include the if(filter) open_filter(filter) block everywhere, we introduce the guard in the function itself. This should simplify quite a bit of code. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: pass extra arguments via cgit_open_filterJohn Keeping2014-01-121-7/+6
| | | | | | | | | This avoids poking into the filter data structure at various points in the code. We rely on the fact that the number of arguments is fixed based on the filter type (set in cgit_new_filter) and that the call sites all know which filter type they're using. Signed-off-by: John Keeping <john@keeping.me.uk>
* Replace most uses of strncmp() with prefixcmp()Lukas Fleischer2014-01-101-1/+1
| | | | | | | This is a preparation for replacing all prefix checks with either strip_prefix() or starts_with() when Git 1.8.6 is released. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Update copyright informationLukas Fleischer2014-01-081-2/+1
| | | | | | | | | * Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
* ui-summary: do not free refJason A. Donenfeld2013-05-281-1/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* readme: use string_list instead of space deliminationsJason A. Donenfeld2013-05-261-55/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | Now this is possible in cgitrc - readme=:README.md readme=:readme.md readme=:README.mkd readme=:readme.mkd readme=:README.rst readme=:readme.rst readme=:README.html readme=:readme.html readme=:README.htm readme=:readme.htm readme=:README.txt readme=:readme.txt readme=:README readme=:readme readme=:INSTALL.txt readme=:install.txt readme=:INSTALL readme=:install Suggested-by: John Keeping <john@keeping.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-summary: Disallow directory traversalJason A. Donenfeld2013-05-251-0/+16
| | | | | | | | | | | | | | | | | | | | | Using the url= query string, it was possible request arbitrary files from the filesystem if the readme for a given page was set to a filesystem file. The following request would return my /etc/passwd file: http://git.zx2c4.com/?url=/somerepo/about/../../../../etc/passwd http://data.zx2c4.com/cgit-directory-traversal.png This fix uses realpath(3) to canonicalize all paths, and then compares the base components. This fix introduces a subtle timing attack, whereby a client can check whether or not strstr is called using timing measurements in order to determine if a given file exists on the filesystem. This fix also does not account for filesystem race conditions (TOCTOU) in resolving symlinks. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* readme: Accept multiple candidates and test them.Jason A. Donenfeld2013-05-251-30/+31
| | | | | | | | | | | The readme variable may now contain multiple space deliminated entries, which per usual are either a filepath or a git ref filepath. If multiple are specified, cgit will now select the first one in the list that exists. This is to make it easier to specify multiple default readme types in the main cgitrc file and have them automatically get applied to each repo based on what exists. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-summary: Pass filename to about-filterJason A. Donenfeld2013-05-251-2/+10
| | | | | | | | | | This gives the about-filter API the same semantics as source-filter, where the filter receives the filename so it can decide what to do next with it. While we're at it, plug a memory leak. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-summary: Use default branch for readme if : prefixJason A. Donenfeld2013-05-251-1/+6
| | | | | | | If the readme value begins with ":", and has no specified branch before it, use the repository's default branch. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* use struct strbuf instead of static buffersJohn Keeping2013-04-081-4/+8
| | | | | | | | | | | | | | | | | | | Use "struct strbuf" from Git to remove the limit on file path length. Notes on scan-tree: This is slightly involved since I decided to pass the strbuf into add_repo() and modify if whenever a new file name is required, which should avoid any extra allocations within that function. The pattern there is to append the filename, use it and then reset the buffer to its original length (retaining a trailing '/'). Notes on ui-snapshot: Since write_archive modifies the argv array passed to it we copy the argv_array values into a new array of char* and then free the original argv_array structure and the new array without worrying about what the values now look like. Signed-off-by: John Keeping <john@keeping.me.uk>
* Always #include corresponding .h in .c filesJohn Keeping2013-04-081-0/+1
| | | | | | | | | | | | While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-summary.c: Move urls variable into print_urls()Lukas Fleischer2013-03-201-6/+14
| | | | | | | | | | | There's no need for this variable to be global. Printing the header in print_urls() instead of print_url() allows for moving this variable into print_urls() without having to pass any status to print_url(). Note that this only works as long as we don't call print_urls() more than once. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Fix colspan valuesLukas Fleischer2013-03-201-5/+19
| | | | | | | This fixes a couple of minor oversights in previous commits and adjusts all cells using colspan to use the correct width. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* ui-log: Add "commit-sort" option for controlling commit orderingTobias Bieniek2012-10-171-1/+1
| | | | | | | This makes it possible to use strict commit date ordering or strict topological ordering by passing the corresponding flags to "git log". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgit.c: add 'clone-url' setting with support for macro expansionLars Hjemli2011-06-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current 'clone-prefix' setting has some known issues: * All repos get the same 'clone-prefix' value since the setting is not adopted during repo registration (in cgitrc, or during scan-path traversal), but only when the setting is used. * The generated clone-urls for a repo is a combination of 'clone-prefix', a slash and the repo url. This doesn't work well with e.g. ssh-style urls like 'git@example.org:repo.git', since the inserted slash will make the repo relative to the filesystem root. * If 'remove-suffix' is enabled, the generated clone-urls will not work for cloning (except for http-urls to cgit itself) since they miss the '.git' suffix. The new 'clone-url' setting is designed to avoid the mentioned issues: * Each repo adopts the default 'clone-url' when the repo is defined. This allows different groups of repos to adopt different values. * The clone-urls for a repo is generated by expanding environment variables in a string template without inserting arbitrary characters, hence any kind of clone-url can be generated. * Macro expansion also eases the 'remove-suffix' pain since it's now possible to define e.g. 'clone-url=git://foo.org/$CGIT_REPO_URL.git' for a set of repos. A furter improvement would be to define e.g. $CGIT_REPO_SUFFIX to '.git' for all repos which had their url prettified, or to store the original $CGIT_REPO_URL in e.g. $CGIT_REPO_REAL_URL before suffix removal. Reviewed-by: Ferry Huberts <mailings@hupie.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgit.c: always setup cgit repo environment variablesLars Hjemli2011-06-131-1/+1
| | | | | | | | | | | | When cgit learned to setup environment variables for certain repo settings before invoking a filter process, the setup occurred inside cgit_open_filter(). This patch moves the setup out of cgit_open_filter() and into prepare_repo_cmd() to prepare for additional uses of these variables. Reviewed-by: Ferry Huberts <mailings@hupie.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* cgit_open_filter: also take the repo as a parameterFerry Huberts2011-03-261-1/+1
| | | | | | | | To prepare for handing repo configuration to the filter script that is executed. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-log: Line-wrap long commit subjects when showmsg is enabledJohan Herland2010-11-161-1/+1
| | | | | | | | | | | | | | When showmsg is disabled ui-log truncates long commit subjects. This is good. However, the same is not desirable when showmsg is enabled, since you then end up with a truncated commit subject followed by the rest of the commit message below. Instead, when showmsg is enabled (and we're using all this space to display the entire commit message, anyway), line-wrap the commit subject instead of truncating it. Signed-off-by: Johan Herland <johan@herland.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add support for "readme" optionLars Hjemli2010-08-221-14/+28
| | | | | | The value of this option is used as the default value for repo.readme. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Support refspecs in about-filter.Jason A. Donenfeld2010-08-201-4/+22
| | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add 'about-filter' and 'repo.about-filter' optionsLars Hjemli2009-08-091-0/+4
| | | | | | | | These options can be used to execute a filter command on each about-page, both top-level and for each repository (repo.about-filter can be used to override the current about-filter). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-summary: enable arbitrary paths below repo.readmeLars Hjemli2009-08-091-6/+18
| | | | | | | | This change makes it possible to include any number of pages below the 'about' tab for a repository. The path is assumed to be located in the same directory as the 'repo.readme' file. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-summary: use html_url_path()Lars Hjemli2008-10-051-1/+1
| | | | | | This makes the clone urls be properly escaped. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* ui-summary: show clone urlsLars Hjemli2008-07-271-0/+41
| | | | | | | | If either repo.clone-url or clone-prefix is specified in cgitrc, all space-separated values in the config option is printed as a possible clone url on the repo summary page. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Prepare for 'about repo' pageLars Hjemli2008-04-281-5/+9
| | | | | | | Each repo can include an external file which used to be included on the top of the summary page, but it will now soon get a page of it own. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Make branches, tags and log play better together in the summary viewLars Hjemli2008-04-141-5/+5
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add separate header-files for each page/viewLars Hjemli2008-03-241-172/+2
| | | | | | Yet another step towards removing cgit.h. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Introduce html.hLars Hjemli2008-03-181-0/+1
| | | | | | | | All html-functions can be quite easily separated from the rest of cgit, so lets do it; the only issue was html_filemode which uses some git-defined macros so the function is moved into ui-shared.c::cgit_print_filemode(). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Move cgit_repo into cgit_contextLars Hjemli2008-02-161-2/+2
| | | | | | | | This removes the global variable which is used to keep track of the currently selected repository, and adds a new variable in the cgit_context structure. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add all config variables into struct cgit_contextLars Hjemli2008-02-161-5/+5
| | | | | | | | This removes another big set of global variables, and introduces the cgit_prepare_context() function which populates a context-variable with compile-time default values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Introduce struct cgit_contextLars Hjemli2008-02-161-3/+3
| | | | | | | | | This struct will hold all the cgit runtime information currently found in a multitude of global variables. The first cleanup removes all querystring-related variables. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Fix html error detected by test-suiteLars Hjemli2007-11-111-1/+1
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add search parameters to cgit_log_linkLars Hjemli2007-11-031-1/+1
| | | | | | This makes the [prev] and [next] links work correctly on search results. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Change the cgit layoutLars Hjemli2007-10-301-59/+6
| | | | | | | | | | | | | | | | | This modifies and hopefully improves the layout of all cgit pages: * Remove the header from all pages and replace it with a sidebar; most pages have sufficient width but many needs more height. * Add a dropdown-box to switch between branches, using a one-liner javascript to reload the current page in context of the selected branch. * Include refs found below refs/archives in the sidebar, appearing as a set of menuitems below a 'download' heading. * Include the brand new cgit logo Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Make print_branch() handle refs not pointing at commitsLars Hjemli2007-10-281-5/+11
| | | | | | | | The master branch of stable/linux-2.6.20 currently references a tag object, which makes print_branch() die with a segfault. This teaches print_branch() to handle such cases more gracefully. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Teach log search about --grep, --author and --committerLars Hjemli2007-10-281-1/+1
| | | | | | | This makes the log searching more explicit, using a dropdown box to specify the commit field to match against. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Cleanup code introduced by the filter-refs topicLars Hjemli2007-10-271-30/+19
| | | | | | | The functions used to print branches and tags were only half-done and somewhat confused. Fix it. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add links to the new refs page from summary pageLars Hjemli2007-10-271-0/+13
| | | | | | | If either branches or tags are filtered on the summary page, add a link to refs/heads and/or refs/tags right below the last branch/tag. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Make cgit_print_branches()/cgit_print_tags() externalLars Hjemli2007-10-271-2/+2
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add support for config param summary-branchesLars Hjemli2007-10-271-3/+28
| | | | | | | | | This parameter can be used to specify max number of branches to show on the summary page (if not all branches will be displayed, the "most idle" branches are the ones to be pruned). The default value for this parameter is 0, which disables the pruning. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Move logic for age comparision from cmp_tag_age into cmp_age()Lars Hjemli2007-10-271-8/+13
| | | | | | Simple refactoring to enable later filtering of branches based on age. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add support for config param summary-tagsLars Hjemli2007-10-271-3/+7
| | | | | | | This parameter can be used to specify max number of tags to show on the summary page. If not specified, all tags are printed. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Sort tags by ageLars Hjemli2007-10-271-0/+18
| | | | | | | This adds a function to compare timestamps and then uses it as callback for qsort() before printing out tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Use reflist to print tag infoLars Hjemli2007-10-271-17/+19
| | | | | | | This updates ui-summary.c to use a reflist instead of for_each_tag_ref(), as a step towards more flexible tag handling (filtering/sorting). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Use reflist to print branch infoLars Hjemli2007-10-271-14/+16
| | | | | | | This updates ui-summary.c to use a reflist instead of for_each_branch_ref(), as a step towards more flexible branch handling (filtering/sorting). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add ui-tag.cLars Hjemli2007-07-221-29/+4
| | | | | | | This file implements the tag-command, i.e. printing of annotated tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add ofs argument to cgit_log_link and use it in ui-log.cLars Hjemli2007-06-291-1/+1
| | | | | | | This fixes a bug in the prev/next links on the log page: when on the default branch the links to prev/next page would contain h=(null). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add cgit_commit_link() + support for id=sha1 to commit viewLars Hjemli2007-06-171-9/+9
| | | | | | | | This adds a function to generate links to the commit page and extends said page to use id from querystring as primary revision specified (fallback to h). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add git_log_link() and fix bug in generic repolink functionLars Hjemli2007-06-171-5/+1
| | | | | | | | | | | The generic repolink function compared head with cgit_query_head, which almost always would be the same pointer. The test now compares with repo.defbranch, which is the wanted behavour. Bug discovered while adding cgit_log_link(), so this commit also contain that change. Signed-off-by: Lars Hjemli <hjemli@gmail.com>