Commit Graph

844 Commits

Author SHA1 Message Date
Lukas Fleischer
bebe89d7c1 Fix potential XSS vulnerability in rename hint
The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-22 12:21:28 +00:00
Lukas Fleischer
1e25ac5b8f Remove dead initialization in cgit_parse_commit()
The value stored to "t" during its initialization gets overwritten in
any case, so just leave it uninitialized. Spotted by clang-analyzer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-22 12:21:11 +00:00
Lars Hjemli
654ebb55d4 CGIT 0.9.0.2
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-21 14:24:10 +00:00
Eric Wong
9cae75d040 html.c: avoid out-of-bounds access for url_escape_table
This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5

I can reliably reproduce it with the following parameters
when pointed to the git.git repository:

PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'

Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-21 14:21:52 +00:00
Ferry Huberts
877ff68100 tests: fix failures when CDPATH is set
Some tests would otherwise fail because commands such as
  cd trash/repos/foo && git rev-list --reverse HEAD | head -1
would return 2 lines instead of 1: the 'cd' command also
prints the path when CDPATH is set.

Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-07-21 12:48:37 +00:00
Lars Hjemli
9900ac022e cgit.c: improve error message when git repo cannot be accessed
The current 'Not a git repository' error message is not very helpful,
since it doesn't state the cause of the problem.

This patch uses errno to provide a hint of the underlying problem. It
would have been even better to give the exact cause (e.g. for ENOENT it
would be nice to know which file/directory is missing), but that would
require reimplementing setup_git_directory_gently() which seems a bit
overkill.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-18 14:59:01 +02:00
Lars Hjemli
46ca32e043 cgitrc.5.txt: document repo.module-link
The global module-link option can be overridden per repo, but this has
never been documented.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-15 10:39:43 +02:00
Lars Hjemli
ef13e5eafe cgitrc.5.txt: describe macro expansion of cgitrc options
This is a new feature in cgit-0.9 which was formerly undocumented.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 21:59:50 +00:00
Lars Hjemli
2a0c9dcbe8 README: update some stale information/add some new
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 13:27:32 +00:00
Lars Hjemli
9782752223 CGIT 0.9.0.1
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-13 12:37:04 +00:00
Lars Hjemli
7f88d20823 ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
  without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
  relative urls would be incorrect
* using unescaped paths allows XSS

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-12 21:21:30 +00:00
Jamie Couture
2a8f553163 scan-tree.c: avoid memory leak
No references are kept to the memory pointed to by the 'rel' variable, so
it should be free()'d before returning from add_repo().

Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Lars Hjemli <larsh@hjemli.net>
2011-06-06 19:10:31 +00:00
Lars Hjemli
d885158f6a ui-log.c: do not link from age column
The link url wasn't properly escaped, and since the link was identical
to the one used on the commit message it didn't serve any special purpose.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-02 10:30:26 +00:00
Lars Hjemli
2aabeaf834 ui-snapshot.c: remove debug cruft
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-06-02 10:26:41 +00:00
Lukas Fleischer
69382320d9 Properly escape ampersands inside HTML attributes
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&amp;". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-30 23:55:19 +02:00
Mark Lodato
ec79265f20 fix virtual-root if script-name is ""
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set
from script-name using trim_end().  However, if script-name was the
empty string (""), which happens when cgit is used to serve the root
path on a domain (/), trim_end() returns NULL and cgit acts like
virtual-root is not available.  Now, set virtual-root to "" in this
case, which fixes this bug.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 23:20:59 +02:00
Lars Hjemli
c8ea73caab ui-repolist.c: do not return random/stale data from read_agefile
When git/date.c:parse_date() cannot parse its input it returns -1. But
read_agefile() checks if the result is different from zero, essentialy
returning random data from the date buffer when parsing fails. This
patch fixes the issue by verifying that the result from parse_date()
is positive.

Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 23:17:10 +02:00
Lukas Fleischer
9afc883297 Avoid null pointer dereference in cgit_print_diff().
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lukas Fleischer
a0bf375a1a Avoid null pointer dereference in reencode().
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with
clang-analyzer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lukas Fleischer
070e109c14 Fix memory leak in http_parse_querystring().
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lukas Fleischer
c9059710e7 Remove unused variable from cgit_diff_tree().
Seen with "-Wunused-but-set-variable".

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lars Hjemli
dc1a8eadd4 shared.c: do not modify const memory
Noticed-by: zhongjj <zhongjj@lemote.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lars Hjemli
084ca50972 tests: add tests for links with space in path and/or args
These tests tries to detect bad links in various pages. On the log page,
there currently exists links which are not properly escaped due to the
use of cgit_fileurl() when building the link. For now, this bug is simply
tagged as such.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Lars Hjemli
afe04daa33 tests/setup.sh: add support for known bugs
This patch makes it possible to add tests for known bugs without aborting
the testrun.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:35 +02:00
Jonathon Mah
74152744f0 Fix escaping of paths with spaces
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-05-23 22:58:06 +02:00
Julius Plenz
facca560d9 Add advice about scan-path in cgitrc.5.txt
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 15:21:07 +01:00
Julius Plenz
0a799424f6 fix two encoding bugs
reencode() takes three arguments in the order (txt, from, to), opposed to
reencode_string, which will, like iconv, handle the arguments with from
and to swapped. Fix that (this makes reencode more intuitive).
If src and dst encoding are equivalent, don't do any encoding.

If no special encoding parameter is found within the commit, assume
UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode()
mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example.

Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 15:21:07 +01:00
Ferry Huberts
5db02854e6 new_filter: correctly initialise all arguments for a new filter
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 15:13:35 +01:00
Ferry Huberts
3f1ebd3565 source_filter: fix a memory leak
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 15:13:35 +01:00
Lars Hjemli
4d2a303c3e cgitrc.5: tar.xz is a supported snapshot format
When tar.xz support was added in 0642435fed (2009-12-08: Add
.tar.xz-snapshot support), cgitrc.5 was not updated to match. This
patch fixes the issue.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-26 13:40:20 +01:00
Stefan Gehn
f15c5833d2 Fix crash when projectsfile cannot be opened
This patch makes cgit properly abort in case the projectsfile cannot
be opened. Without the added return cgit continues using the projects
pointer which is NULL and thus causes a segfault.
2011-03-26 11:44:16 +01:00
Lars Hjemli
cc59ee5026 CGIT 0.9
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 14:23:12 +01:00
Lars Hjemli
b9025b5c78 Update README 2011-03-05 14:21:47 +01:00
Lukasz Janyst
7f3c6e0ce9 ui-diff.c: avoid html injection
When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.

Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 14:13:06 +01:00
Lars Hjemli
1b09cbd303 Merge branch 'stable' 2011-03-05 14:01:59 +01:00
Lars Hjemli
9e849950dc CGIT 0.8.3.5
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 13:52:39 +01:00
Lars Hjemli
d0cb8413ff Avoid trailing slash in virtual-root
When setting virtual-root from cgitrc, care is taken to avoid trailing
slashes. But when no virtual-root setting is specified, SCRIPT_FILE
from the web server is used without similar checks. This patch fixes the
inconsistency, which could lead to double-slashes in generated links.

Noticed-by: Wouter Van Hemel <wouter@duodecim.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 13:50:40 +01:00
Jim Meyering
fc384b16fb do not infloop on a query ending in %XY, for invalid hex X or Y
When a query ends in say %gg, (or any invalid hex) e.g.,
http://git.gnome.org/browse/gdlmm/commit/?id=%gg
convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns
txt-1, so the loop in http_parse_querystring never terminates.  The
solution is to make the memmove also copy the trailing NUL.
* html.c (convert_query_hexchar): Fix off-by-one error.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-03-05 13:38:34 +01:00
Lars Hjemli
979c460e7f Merge branch 'br/misc'
* br/misc:
  Use transparent background for the cgit logo
  ssdiff: anchors for ssdiff
  implement repo.logo and repo.logo-link
2011-02-19 14:51:00 +01:00
Bernhard Reutner-Fischer
0141b9f889 Use transparent background for the cgit logo
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:41:39 +01:00
Bernhard Reutner-Fischer
e52040bf90 ssdiff: anchors for ssdiff
Emit anchors to the respective revisions in side-by-side diff view

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:41:39 +01:00
Bernhard Reutner-Fischer
808c685ebb implement repo.logo and repo.logo-link
Allow for per repo logo and logo-link; Use global logo and logo-link per
default.

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:41:39 +01:00
Bernhard Reutner-Fischer
6bf2658f04 ui-shared: silence warning
warning: format ‘%ld’ expects type ‘long int’, but argument 2 has type
‘size_t’

Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop@gmail.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:37:34 +01:00
Lars Hjemli
fb9e6d1594 Merge branch 'jh/scan-path'
* jh/scan-path:
  scan_path(): Do not recurse into hidden directories by default
  scan_path(): Improve handling of inaccessible directories
2011-02-19 14:25:55 +01:00
Johan Herland
df522794c3 scan_path(): Do not recurse into hidden directories by default
Paths that start with a period ('.') are considered hidden in the Unix world.
scan_path() should arguably not recurse into these directories by default.
This patch makes it so, and introduces the "scan-hidden-path" config variable
for overriding the new default and revert to the old behaviour (scanning _all_
directories, including hidden .directories).

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
2011-02-19 14:25:14 +01:00
Lukas Fleischer
7c2dea0367 Makefile: Make make get-git work under OpenBSD.
OpenBSD tar(1) defaults to read from "/dev/rst0" when not specifying an
filename and thus fails to extract the Git sourcecode when not passing
stdin as input file descriptor explicitly.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 14:13:08 +01:00
Lars Hjemli
31e1f9af1d Merge branch 'jh/graph'
* jh/graph:
  ui-log: Move 'Age' column when commit graph is present
  ui-log: Line-wrap long commit subjects when showmsg is enabled
  ui-log: Colorize commit graph
  ui-log: Implement support for commit graphs
  ui-log: Change display of full commit messages (and notes)

Conflicts:
	cgit.css
2011-02-19 14:01:59 +01:00
Lars Hjemli
e66a16cebc Merge branch 'lh/improve-range-search'
* lh/improve-range-search:
  html.c: use '+' to escape spaces in urls
  ui-log.c: improve handling of range-search argument
  Add vector utility functions
2011-02-19 14:00:59 +01:00
Lars Hjemli
286c4c0a1d Use GIT-1.7.4
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2011-02-19 13:55:43 +01:00
Johan Herland
682adbc0ca scan_path(): Improve handling of inaccessible directories
When scanning a tree containing inaccessible directories (e.g. '.ssh'
directories in users' homedirs, or repos with explicitly restricted access),
scan_path() currently causes three lines of "Permissions denied" errors to be
printed to the CGI error log per inaccessible directory:

  Error checking path /home/foo/.ssh: Permission denied (13)
  Error checking path /home/foo/.ssh/.git: Permission denied (13)
  Error opening directory /home/foo/.ssh: Permission denied (13)

This is a side-effect of calling is_git_dir(path) and
is_git_dir(fmt("%s/.git", path) _before_ we try to opendir(path).

By placing the opendir(path) before the two is_git_dir() calls, we reduce the
noise to a single line per inaccessible directory:

  Error opening directory /home/foo/.ssh: Permission denied (13)

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
2010-11-16 09:03:43 +01:00