57 Commits

Author SHA1 Message Date
Peter Prohaska
ce2062d9e2 html: fix handling of null byte
A return value of `len` or more means that the output was truncated.

Signed-off-by: Peter Prohaska <pitrp@web.de>
Signed-off-by: Christian Hesse <mail@eworm.de>
2022-12-19 16:13:58 +01:00
Jeff Smith
70787254b2 html: html_ntxt with no ellipsis
For implementing a ui-blame page, there is need for a function that
outputs a selection from a block of text, transformed for HTML output,
but with no further modifications or additions.

Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
2017-10-03 19:19:34 +01:00
Lukas Fleischer
927b0ae30c Simplify http_parse_querystring()
Instead of reimplementing URL parameter parsing from scratch, use
url_decode_parameter_name() and url_decode_parameter_value() which are
already provided by Git.

Also, change the return type of http_parse_querystring() to void since
its only caller already ignores the return value.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2016-10-01 21:19:38 +02:00
Jason A. Donenfeld
513b3863d9 ui-shared: prevent malicious filename from injecting headers 2016-01-14 14:28:37 +01:00
John Keeping
fb2c71fad2 html: remove html_status()
This is now unused.

Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-14 15:46:51 +02:00
John Keeping
157f544ac2 Remove redundant includes
These are all included in git-compat-util.h (when necessary), which we
include in cgit.h.

Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-13 15:36:53 +02:00
John Keeping
438bac6f57 html: avoid using a plain integer as a NULL pointer
Sparse complains about this table because we use the integer zero as the
NULL pointer.  Use this as an opportunity to reformat the table so that
it always contains 8 elements per row, making it easier to see which
values are being set and which are not.

Signed-off-by: John Keeping <john@keeping.me.uk>
2015-03-09 17:41:14 +01:00
John Keeping
fd31aa6930 html: remove redundant htmlfd variable
This is never changed from STDOUT_FILENO, so just use that value
directly.

Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12 20:15:55 +01:00
Lukas Fleischer
f7f26f8875 Update copyright information
* Name "cgit Development Team" as copyright holder to avoid listing
  every single developer.

* Update copyright ranges.

Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
2014-01-08 15:10:49 +01:00
John Keeping
1fec7cd6f8 html.c: die when write fails
If we fail to write HTML output once, there's no point carrying on so
just write a failure message once and die.  By using Git's die_errno
function we also let the user know in what way the write failed.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-05-22 12:53:06 +02:00
John Keeping
fd00d2f9d6 html.c: add various strbuf and varadic helpers
This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf.

These takes a printf style format string like htmlf but escapes the
resulting string.  The html_vtxtf variant takes a va_list whereas
html_txtf is variadic.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 16:10:11 +02:00
Lukas Fleischer
3edfd83db6 html.c: Replace strdup() with xstrdup()
Use the xstrdup() wrapper which already bails out if strdup() returns a
NULL pointer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-04-08 15:45:34 +02:00
John Keeping
8f20879431 Always #include corresponding .h in .c files
While doing this, remove declarations from header files where the
corresponding definition is declared "static" in order to avoid build
errors.

Also re-order existing headers in ui-*.c so that the file-specific
header always comes immediately after "cgit.h", helping with future
consistency.

Signed-off-by: John Keeping <john@keeping.me.uk>
2013-04-08 15:45:34 +02:00
Jason A. Donenfeld
6d7e3596eb html: check return value of write
This squelches a gcc warning. It's also correct that we check to see if
there are any partial or failed writes. For now, we just print a warning
to stderr. In the future, perhaps it will prove wise to exit(1) on
partial writes.
2013-03-20 21:08:32 +01:00
Lukas Fleischer
bafab423f2 Mark several functions/variables static
Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-04 19:50:39 -05:00
Jason A. Donenfeld
bdae1d8a8d White space around control verbs.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2013-03-04 09:12:54 -05:00
Lukas Fleischer
53bc747d31 Fix several whitespace errors
* Remove whitespace at the end of lines.
* Replace space indentation by tabs.
* Add whitespace before/after several operators ("+", "-", "*", ...)
* Add whitespace to assignments ("foo = bar;").
* Fix whitespace in parameter lists ("foobar(foo, bar, 42)").

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2013-03-04 01:12:48 +01:00
Lars Hjemli
bf8c7a4c93 Merge branch 'stable' 2011-07-21 14:27:03 +00:00
Eric Wong
9cae75d040 html.c: avoid out-of-bounds access for url_escape_table
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5

I can reliably reproduce it with the following parameters
when pointed to the git.git repository:

PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-21 14:21:52 +00:00
Lars Hjemli
52fbcf2ffa Merge branch 'stable' 2011-05-30 23:57:25 +02:00
Lukas Fleischer
69382320d9 Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&amp;". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30 23:55:19 +02:00
Lars Hjemli
2ffeecb7a6 Merge branch 'lh/panel' 2011-05-23 23:29:24 +02:00
Lukas Fleischer
070e109c14 Fix memory leak in http_parse_querystring().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Jonathon Mah
74152744f0 Fix escaping of paths with spaces
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:06 +02:00
Lars Hjemli
1a64fd2f83 html.c: add html_intoption()
This is similar to html_option, but for int values.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-06 23:57:26 +01:00
Lars Hjemli
1b09cbd303 Merge branch 'stable' 2011-03-05 14:01:59 +01:00
Jim Meyering
fc384b16fb do not infloop on a query ending in %XY, for invalid hex X or Y
When a query ends in say %gg, (or any invalid hex) e.g.,
http://git.gnome.org/browse/gdlmm/commit/?id=%gg
convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns
txt-1, so the loop in http_parse_querystring never terminates.  The
solution is to make the memmove also copy the trailing NUL.
* html.c (convert_query_hexchar): Fix off-by-one error.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 13:38:34 +01:00
Lars Hjemli
c2680325f6 html.c: use '+' to escape spaces in urls
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2010-11-10 00:22:41 +01:00
Mark Lodato
d187b98557 prefer html_raw() to write()
To make the code more consistent, and to not rely on the implementation
of html(), always use html_raw(...) instead of write(htmlfd, ...).

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-09-04 14:30:10 -04:00
Lars Hjemli
6940b23b9e Merge branch 'stable' 2010-08-29 17:40:51 +02:00
Mark Lodato
48434780ca html: fix strcpy bug in convert_query_hexchar
The source and destination strings in strcpy() may not overlap.
Instead, use memmove(), which allows overlap.  This fixes test t0104,
where 'url=foo%2bbar/tree' was being parsed improperly.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-08-29 17:27:40 +02:00
Mark Lodato
a2c6355f9f html: properly percent-escape URLs
The only valid characters for a URL are unreserved characters
a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per
RFC 3986.  Everything else must be escaped.  Additionally, the # and
? always have special meaning, and the &, =, and + have special meaning
in a query string, so they too must be escaped.  To make this easier,
a table of escapes is now used so that we do not have to call fmt() for
each character; if the entry is 0, no escaping is needed.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-09 10:12:43 -05:00
Mark Lodato
8aab27f24d html: make all strings 'const char *'
None of the html_* functions modify their argument, so they can all be
'const char *' instead of a simple 'char *'.  This removes the need to
cast (or copy) when trying to print a const string.

Signed-off-by: Mark Lodato <lodatom@gmail.com>
2010-02-08 23:04:41 -05:00
Lars Hjemli
7efcef00b5 html.c: use correct escaping in html attributes
First, an apostrophe is not a quote. Second, we also need to escape
quotes. And finally, quotes are encoded as '&quot;', not '&quote;'.

Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
2009-01-29 22:21:15 +01:00
Lars Hjemli
22a597e56d html.c: add html_url_path
This function can be used to generate properly escaped path-components
for links.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05 16:52:57 +02:00
Lars Hjemli
a36a0d9dec html.c: add html_url_arg
This function can be used to properly escape querystring parameter values.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-10-05 12:49:46 +02:00
Lars Hjemli
885096c189 Supply status description to html_status()
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 22:57:44 +02:00
Lars Hjemli
e5da4bca54 Implement plain view
This implements a way to access plain blobs by path (similar to the
tree view) instead of by sha1.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 11:21:30 +02:00
Lars Hjemli
02a545e634 Add support for cloning over http
This patch implements basic support for cloning over http, based on the
work on git-http-backend by Shawn O. Pearce.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06 11:21:09 +02:00
Harley Laue
112b208062 Print an error if filename is not found in html_include.
Normally when html_include cannot open the file it fails silently and
things can be a bit hard to figure out from just looking at apache's
log. This will be beneficial for those initially setting up their server
with cgit.

Signed-off-by: Harley Laue <losinggeneration@aim.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-29 17:59:53 +02:00
Lars Hjemli
23296ad648 Merge branch 'lh/cleanup'
* lh/cleanup: (21 commits)
  Reset ctx.repo to NULL when the config parser is finished
  Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()
  Move function for configfile parsing into configfile.[ch]
  Add cache.h
  Remove global and obsolete cgit_cmd
  Makefile: copy the QUIET constructs from the Makefile in git.git
  Move cgit_version from shared.c to cgit.c
  Makefile: autobuild dependency rules
  Initial Makefile cleanup
  Move non-generic functions from shared.c to cgit.c
  Add ui-shared.h
  Add separate header-files for each page/view
  Refactor snapshot support
  Add command dispatcher
  Remove obsolete cacheitem parameter to ui-functions
  Add struct cgit_page to cgit_context
  Introduce html.h
  Improve initialization of git directory
  Move cgit_repo into cgit_context
  Add all config variables into struct cgit_context
  ...
2008-04-08 21:29:21 +02:00
Lars Hjemli
e87e896333 Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()
This is a generic http-function.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-04-08 21:11:36 +02:00
Lars Hjemli
b1f9b9c145 Introduce html.h
All html-functions can be quite easily separated from the rest of cgit, so
lets do it; the only issue was html_filemode which uses some git-defined
macros so the function is moved into ui-shared.c::cgit_print_filemode().

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-03-18 08:13:10 +01:00
Lars Hjemli
e0572c39f7 Merge branch 'stable'
* stable:
  Fix segfault

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23 20:14:01 +01:00
Hiroki Hattori
eacde43d71 Fix segfault
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-02-23 20:11:59 +01:00
Lars Hjemli
2915483ef6 Fix html error detected by test-suite
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-11-11 13:04:28 +01:00
Lars Hjemli
6ec5f36f27 Add html_option() function
This is a generic function used to output html "option" tags.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-10-28 12:08:45 +01:00
Jeffrey C. Ollie
e651cb0d2d Rename dirlink to gitlink.
Git changed from dirlink to gitlink in
302b9282c9ddfcc704ca759bdc98c1d5f75eba2f.

Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
2007-06-04 19:58:32 +02:00
Lars Hjemli
5e75128a8b Add html_include()
This is a function used to include external htmlfiles in cgit-
generated pages.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-18 23:56:10 +02:00
Lars Hjemli
ded9393b17 Add submodule links in tree listing
When a submodule occurs in a tree, generate a link to show the
module/commit. The link is specified as a sprintf string in /etc/cgitrc,
using parameters 'module-link' and 'repo.module-link'. This should probably
be extended with repo.module-link.$path.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2007-05-11 12:12:48 +02:00