Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When a query ends in say %gg, (or any invalid hex) e.g.,
http://git.gnome.org/browse/gdlmm/commit/?id=%gg
convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns
txt-1, so the loop in http_parse_querystring never terminates. The
solution is to make the memmove also copy the trailing NUL.
* html.c (convert_query_hexchar): Fix off-by-one error.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
To make the code more consistent, and to not rely on the implementation
of html(), always use html_raw(...) instead of write(htmlfd, ...).
Signed-off-by: Mark Lodato <lodatom@gmail.com>
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap. This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
The only valid characters for a URL are unreserved characters
a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per
RFC 3986. Everything else must be escaped. Additionally, the # and
? always have special meaning, and the &, =, and + have special meaning
in a query string, so they too must be escaped. To make this easier,
a table of escapes is now used so that we do not have to call fmt() for
each character; if the entry is 0, no escaping is needed.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
None of the html_* functions modify their argument, so they can all be
'const char *' instead of a simple 'char *'. This removes the need to
cast (or copy) when trying to print a const string.
Signed-off-by: Mark Lodato <lodatom@gmail.com>
First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '"', not '"e;'.
Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
This patch implements basic support for cloning over http, based on the
work on git-http-backend by Shawn O. Pearce.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Normally when html_include cannot open the file it fails silently and
things can be a bit hard to figure out from just looking at apache's
log. This will be beneficial for those initially setting up their server
with cgit.
Signed-off-by: Harley Laue <losinggeneration@aim.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* lh/cleanup: (21 commits)
Reset ctx.repo to NULL when the config parser is finished
Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()
Move function for configfile parsing into configfile.[ch]
Add cache.h
Remove global and obsolete cgit_cmd
Makefile: copy the QUIET constructs from the Makefile in git.git
Move cgit_version from shared.c to cgit.c
Makefile: autobuild dependency rules
Initial Makefile cleanup
Move non-generic functions from shared.c to cgit.c
Add ui-shared.h
Add separate header-files for each page/view
Refactor snapshot support
Add command dispatcher
Remove obsolete cacheitem parameter to ui-functions
Add struct cgit_page to cgit_context
Introduce html.h
Improve initialization of git directory
Move cgit_repo into cgit_context
Add all config variables into struct cgit_context
...
All html-functions can be quite easily separated from the rest of cgit, so
lets do it; the only issue was html_filemode which uses some git-defined
macros so the function is moved into ui-shared.c::cgit_print_filemode().
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
When a submodule occurs in a tree, generate a link to show the
module/commit. The link is specified as a sprintf string in /etc/cgitrc,
using parameters 'module-link' and 'repo.module-link'. This should probably
be extended with repo.module-link.$path.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This adds the ability to show a search box in any pageheader with correct href and
hidden form data, but does not enable the box on any pages.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Compare current commit with 1.parent, and for each affected file display
current filemode, old filemode if changed, current filename and source
filename if it was a copy/rename.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This enables internal caching of page output.
Page requests are split into four groups:
1) repo listing (front page)
2) repo summary
3) repo pages w/symbolic references in query string
4) repo pages w/constant sha1's in query string
Each group has a TTL specified in minutes. When a page is requested, a cached
filename is stat(2)'ed and st_mtime is compared to time(2). If TTL has expired
(or the file didn't exist), the cached file is regenerated.
When generating a cached file, locking is used to avoid parallell processing
of the request. If multiple processes tries to aquire the same lock, the ones
who fail to get the lock serves the (expired) cached file. If the cached file
don't exist, the process instead calls sched_yield(2) before restarting the
request processing.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
This enables basic cgit functionality, using libgit.a and xdiff/lib.a from
git + a custom "git.h" + openssl for sha1 routines.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>