Commit Graph

1460 Commits

Author SHA1 Message Date
Jason A. Donenfeld
c326f3eb02 ui-plain: add enable-html-serving flag
Unrestricts plain/ to contents likely to be executed by browser.
2016-01-14 15:42:56 +01:00
Jason A. Donenfeld
9ca2566972 ui-blob: set CSP just in case 2016-01-14 14:43:43 +01:00
Jason A. Donenfeld
92996ac2a6 ui-blob: always use generic mimetypes 2016-01-14 14:31:53 +01:00
Jason A. Donenfeld
1c581a0726 ui-blob: Do not accept mimetype from user 2016-01-14 14:31:13 +01:00
Jason A. Donenfeld
513b3863d9 ui-shared: prevent malicious filename from injecting headers 2016-01-14 14:28:37 +01:00
Jason A. Donenfeld
4291453ec3 ui-shared: Avoid new line injection into redirect header 2016-01-14 14:18:17 +01:00
Peter Colberg
4c69241b05 Fix missing prototype declarations
Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-14 14:02:29 +01:00
Peter Colberg
9abe4a26a9 ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.

Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-13 17:19:34 +01:00
Peter Colberg
a4014d0dbf ui-repolist: extract repo visibility criteria to separate function
Signed-off-by: Peter Colberg <peter@colberg.org>
2016-01-13 17:16:15 +01:00
Lukas Fleischer
da1b89710f Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.

Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
2016-01-13 17:14:01 +01:00
Christian Hesse
559ab5ecc4 git: update to v2.7.0
Update to git version v2.7.0.

* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
  get_object_hash.) changed API:

  Convert all instances of get_object_hash to use an appropriate
  reference to the hash member of the oid member of struct object.
  This provides no functional change, as it is essentially a macro
  substitution.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-01-13 17:12:17 +01:00
Christian Hesse
6edc84bc44 ui-repolist: initialize char *buf to NULL
readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.

Signed-off-by: Christian Hesse <mail@eworm.de>
2016-01-13 17:09:39 +01:00
Jason A. Donenfeld
4458abf641 filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.

Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-11-24 11:31:43 +01:00
Jason A. Donenfeld
ffe09621f2 about-formatting.sh: comment text out of date 2015-11-12 04:44:32 +01:00
Christian Hesse
143e65252c filters: port syntax-highlighting.py to python 3.x
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-12 18:36:23 +02:00
Jason A. Donenfeld
3f9e14ada1 md2html: the default of stdin works fine
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12 18:33:46 +02:00
Jason A. Donenfeld
c301899112 filters: misc cleanups
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12 16:47:47 +02:00
Jason A. Donenfeld
ccb4254104 md2html: use pure python
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-12 16:42:54 +02:00
Christian Hesse
76dc7a3371 cache: fix resource leak: close file handle before return
Coverity-id: 13910
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:41:04 +02:00
Christian Hesse
ed5dccbeaa ui-atom: fix resource leak: free allocation from cgit_pageurl
Coverity-id: 13945
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:40:26 +02:00
Christian Hesse
144e3c6085 ui-atom: fix resource leak: free before return
Coverity-id: 13946
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:40:05 +02:00
Christian Hesse
97da17b783 ui-atom: fix resource leak: free allocation from cgit_repourl
Coverity-id: 13947
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:39:53 +02:00
Christian Hesse
7320bfa893 ui-blob: fix resource leak: free before return
Coverity-id: 13944
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:39:25 +02:00
Christian Hesse
30802126d4 ui-blob: fix resource leak: free before return
Coverity-id: 13943
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-10 21:38:57 +02:00
Christian Hesse
08a2b818f2 ui-plain: fix resource leak: free before assigning NULL
Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 15:50:34 +02:00
Christian Hesse
979db79a80 ui-plain: fix resource leak: free before return
Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 15:50:09 +02:00
Christian Hesse
51338f7658 ui-repolist: fix resource leak: free allocation from cgit_currenturl
Coverity-id: 13930
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 15:49:57 +02:00
Christian Hesse
7ef1a47991 ui-repolist: fix resource leak: free before return
Coverity-id: 13931
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 15:49:39 +02:00
Jason A. Donenfeld
525c815cc4 filters: Simplify converters
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-09 15:13:35 +02:00
Christian Hesse
6edfc1672c ui-shared: fix resource leak: free allocation from cgit_hosturl
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 14:04:42 +02:00
Christian Hesse
f77e2a8cfa ui-shared: return value of cgit_hosturl is not const
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 14:04:27 +02:00
Christian Hesse
6f2e4400fa cmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 14:03:58 +02:00
Christian Hesse
3e244a0cca ui-shared: fix resource leak: free allocation from cgit_currenturl
Coverity-id: 13927
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 14:02:41 +02:00
Christian Hesse
c5c0eb873e ui-shared: return value of cgit_currenturl is not const
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 14:00:56 +02:00
Christian Hesse
37fce9916a ui-shared: fix resource leak: free allocation from cgit_fileurl
Coverity-id: 13918
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 13:59:46 +02:00
Christian Hesse
fa5810ed8e ui-ssdiff: fix resource leak: free allocation from cgit_fileurl
Coverity-id: 13929
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 13:59:24 +02:00
Christian Hesse
896cd69dde ui-tree: fix resource leak: free before return
Coverity-id: 13938
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-09 13:58:25 +02:00
Jason A. Donenfeld
ad006918a5 Avoid use of non-reentrant functions
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-10-09 11:01:04 +02:00
John Keeping
35b3c67ac2 Makefile: fix MAKEFLAGS tests with multiple flags
findstring is defined as $(findstring FIND,IN) so if multiple flags are
set these tests do the wrong thing unless $(MAKEFLAGS) is the second
argument.

Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09 10:56:06 +02:00
John Keeping
198a4404b9 ui-refs: remove useless null check
There is no way that "tag" can be null here.

Coverity-id: 13950
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09 10:54:48 +02:00
John Keeping
509488d85c ui-blob: remove useless null check
We have already called strlen() on "path" by the time we get here, so we
know it can't be null.

Coverity-id: 13954
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09 10:54:38 +02:00
John Keeping
687cdf6968 scan-tree: remove useless strdup()
parse_configfile() takes a "const char *" and doesn't hold any
references to it after it returns; there is no reason to pass it a
duplicate.

Coverity-id: 13941
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09 10:54:30 +02:00
John Keeping
94182d6031 cgit.c: remove useless null check
Everywhere else in this function we do not check whether the value is
null and parse_configfile() never passes a null value to this callback.

Coverity-id: 13846
Signed-off-by: John Keeping <john@keeping.me.uk>
2015-10-09 10:54:19 +02:00
Christian Hesse
978ce8c00c git: update to v2.6.1
Update to git version v2.6.1, no changes required.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-10-06 16:39:06 +02:00
Jason A. Donenfeld
73f199be3f mime: rewrite detection function
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-08-17 14:49:28 +02:00
Christian Hesse
790d2498cb ui-summary: send images plain for about page
The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17 14:42:58 +02:00
Christian Hesse
aa943bc9a6 refactor get_mimetype_from_file() to get_mimetype_for_filename()
* handle mimetype within a single function
* return allocated memory on success

Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17 14:25:08 +02:00
Christian Hesse
f5c83d7b5d move get_mimetype_from_file() to shared
Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-17 14:25:08 +02:00
John Keeping
73ef8567f0 cmd: fix command definition
The previous commit removed the "pre" field from "struct cgit_cmd" but
forgot to update this macro.

Signed-off-by: John Keeping <john@keeping.me.uk>
Reviewed-by: Christian Hesse <mail@eworm.de>
2015-08-14 16:41:22 +02:00
Jason A. Donenfeld
03de473354 cmd: no need for pre function hook now
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-08-14 15:54:32 +02:00