aboutsummaryrefslogtreecommitdiffstats
path: root/cgit.c
Commit message (Collapse)AuthorAgeFilesLines
* Guess the default branch based on current namespaceRichard Maw2016-07-131-4/+10
| | | | | | | | | | | | resolve_ref_unsafe() can't be told to be namespace aware, so we need to prepend the namespace beforehand. Additionally, we need to add the RESOLVE_REF_NO_RECURSE flag, since otherwise if the commit that is pointed to exists in the root namespace, it will opt to return that rather than the value in the namespace, presumably preferring shorter ref names to longer ones. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Set GIT_NAMESPACE when repo.namespace is providedRichard Maw2016-07-131-0/+5
| | | | | | | | | | | This causes any namespace-aware code to only handle refs under that namespace. Currently this doesn't do much as the only namespace aware code is in recieve-pack and upload-pack, which are not handled by CGit. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Print out parsed namespace on requestRichard Maw2016-07-131-0/+2
| | | | | | | | | This is not strictly necessary, as we do not have any way to generate namespace entries from a scan-path, but I'd rather not leave this as a surprise to someone who comes up with a good namespace discovery mechanism. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Parse repo.namespaceRichard Maw2016-07-131-0/+2
| | | | | | | | | | | | | | This contains the unexpanded name of the namespace rather than the base ref of the namespace, since the git namespace mechanism works by setting GIT_NAMESPACE and on the first call to get_git_namespace() it gets expanded. We need to save this for a later call to prepare_repo_cmd, rather than trying to process it here, since we can only do it once, and we have other uses for the unexpanded name. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Add a wrapper for get_sha1 called cgit_get_sha1Richard Maw2016-07-131-1/+1
| | | | | | | This will later be changed to include namespace resolution, but the call sites are changed now to keep the changes small. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Fix qry.head leak on errorRichard Maw2016-07-121-4/+4
| | | | | | This is run soon before exiting so it wasn't leaked for long. Signed-off-by: Richard Maw <richard.maw@gmail.com>
* Hosted on HTTPS nowJason A. Donenfeld2016-06-071-1/+1
|
* ui-shared: add homepage to tabsJason A. Donenfeld2016-02-221-0/+4
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-plain: add enable-html-serving flagJason A. Donenfeld2016-01-141-0/+5
| | | | Unrestricts plain/ to contents likely to be executed by browser.
* ui-blob: Do not accept mimetype from userJason A. Donenfeld2016-01-141-2/+0
|
* filter: avoid integer overflow in authenticate_postJason A. Donenfeld2015-11-241-1/+1
| | | | | | | | | | | | ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgit.c: remove useless null checkJohn Keeping2015-10-091-1/+1
| | | | | | | | Everywhere else in this function we do not check whether the value is null and parse_configfile() never passes a null value to this callback. Coverity-id: 13846 Signed-off-by: John Keeping <john@keeping.me.uk>
* cmd: no need for pre function hook nowJason A. Donenfeld2015-08-141-3/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cmd: remove "want_layout" fieldJohn Keeping2015-08-141-9/+0
| | | | | | No commands use this any more. Signed-off-by: John Keeping <john@keeping.me.uk>
* cgit: use cgit_print_error_page() where appropriateJohn Keeping2015-08-141-20/+7
| | | | | | | | These are more-or-less one-to-one translations but in the final hunk we gain an HTTP error code where we used to send "200 OK", which is an improvement. Signed-off-by: John Keeping <john@keeping.me.uk>
* log: allow users to follow a fileJohn Keeping2015-08-121-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Teach the "log" UI to behave in the same way as "git log --follow", when given a suitable instruction by the user. The default behaviour remains to show the log without following renames, but the follow behaviour can be activated by following a link in the page header. Follow is not the default because outputting merges in follow mode is tricky ("git log --follow" will not show merges). We also disable the graph in follow mode because the commit graph is not simplified so we end up with frequent gaps in the graph and many lines that do not connect with any commits we're actually showing. We also teach the "diff" and "commit" UIs to respect the follow flag on URLs, causing the single-file version of these UIs to detect renames. This feature is needed only for commits that rename the path we're interested in. For commits before the file has been renamed (i.e. that appear later in the log list) we change the file path in the links from the log to point to the old name; this means that links to commits always limit by the path known to that commit. If we didn't do this we would need to walk down the log diff'ing every commit whenever we want to show a commit. The drawback is that the "Log" link in the top bar of such a page links to the log limited by the old name, so it will only show pre-rename commits. I consider this a reasonable trade-off since the "Back" button still works and the log matches the path displayed in the top bar. Since following renames requires running diff on every commit we consider, I've added a knob to the configuration file to globally enable/disable this feature. Note that we may consider a large number of commits the revision walking machinery no longer performs any path limitation so we have to examine every commit until we find a page full of commits that affect the target path or something related to it. Suggested-by: René Neumann <necoro@necoro.eu> Signed-off-by: John Keeping <john@keeping.me.uk>
* about: always ensure page has a trailing slashJason A. Donenfeld2015-08-121-0/+3
| | | | | | Otherwise we can't easily embed links to other /about/ pages. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* git: update to v2.5.0Christian Hesse2015-08-121-1/+1
| | | | | | | | | | | | | | | Update to git version v2.5.0. * Upstream commit 5455ee0573a22bb793a7083d593ae1ace909cd4c (Merge branch 'bc/object-id') changed API: for_each_ref() callback functions were taught to name the objects not with "unsigned char sha1[20]" but with "struct object_id". * Upstream commit dcf692625ac569fefbe52269061230f4fde10e47 (path.c: make get_pathname() call sites return const char *) Signed-off-by: Christian Hesse <mail@eworm.de>
* Fix processing of repo.hide and repo.ignoreDaniel Reichelt2015-08-121-4/+4
| | | | | | | | If the global option enable-filter-overrides is set to 1 the repo-specific options repo.hide and repo.ignore never got processed. Signed-off-by: Daniel Reichelt <hacking@nachtgeist.net> Reviewed-by: John Keeping <john@keeping.me.uk>
* cgit: remember to set up env vars before empty clone pathJason A. Donenfeld2015-03-091-0/+1
|
* Avoid non-ANSI function declarationsJohn Keeping2015-03-091-1/+1
| | | | | | | | Sparse says things like: warning: non-ANSI function declaration of function 'calc_ttl' Signed-off-by: John Keeping <john@keeping.me.uk>
* cgit: show clone URLs for empty repoJason A. Donenfeld2015-03-051-0/+16
|
* git: update for v2.3.0Christian Hesse2015-02-081-1/+1
| | | | | | | | | * sort_string_list(): rename to string_list_sort() (upstream commit 3383e199) * update read_tree_recursive callback to pass strbuf as base (upstream commit 6a0b0b6d) Signed-off-by: Christian Hesse <mail@eworm.de>
* Add repo.hide and repo.ignoreLukas Fleischer2015-01-291-0/+6
| | | | | | | | These options can be used to hide a repository from the index or completely ignore a repository, respectively. They are particularly useful when used in combination with scan-path. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* repolist: add owner-filterChris Burroughs2014-12-231-0/+6
| | | | | | This allows custom links to be used for repository owners by configuring a filter to be applied in the "Owner" column in the repository list.
* git: update to v2.2.1Christian Hesse2014-12-231-1/+1
| | | | | | Update to git version v2.2.1, including API changes. Signed-off-by: Christian Hesse <mail@eworm.de>
* Change "ss" diff flag to an enumJohn Keeping2014-12-131-4/+8
| | | | | | | | | | | This will allow us to introduce a new "stat only" diff mode without needing an explosion of mutually incompatible flags. The old "ss" query parameter is still accepted in order to avoid breaking saved links, but we no longer generate any URIs using it; instead the new "dt" (diff type) parameter is used. Signed-off-by: John Keeping <john@keeping.me.uk>
* Always check if README exists in choose_readme()Lukas Fleischer2014-08-071-6/+0
| | | | | | | | | | | | | Specifying a nonexistent README file via the readme option is sometimes useful, e.g. when using scan-path and setting a global default. Currently, we check whether there is only one option in the readme option and, if so, we choose that file without checking whether it exists. As a consequence, all repositories are equipped with an about link in the aforementioned scenario, even if there is no about file. Remove the early check for the number of keys and always check whether the file exists instead. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* git: update for git 2.0Christian Hesse2014-06-281-13/+13
| | | | | | | prefixcmp() and suffixcmp() have been remove, functionality is now provided by starts_with() and ends_with(). Retrurn values have been changed, so instead of just renaming we have to fix logic. Everything else looks just fine.
* Add a cache-snapshot-ttl configuration variableLukas Fleischer2014-02-201-0/+6
| | | | | | | | | | | | | This can be used to specify the TTL for snapshots. Snapshots are usually static and do not ever change. On the other hand, tarball generation is CPU intensive. One use case of this setting (apart from increasing the lifetime of snapshot cache slots) is caching of snapshots while disabling the cache for static/dynamic HTML pages (by setting TTL to zero for everything except for snapshot requests). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* cgit: add --version argument for printing infoJason A. Donenfeld2014-01-201-0/+17
| | | | | | We need this to do runtime tests for make test. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgit.c: free tmp variableJason A. Donenfeld2014-01-171-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Switch to exclusively using global ctxLukas Fleischer2014-01-171-161/+161
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* auth: have cgit calculate login addressJason A. Donenfeld2014-01-161-1/+2
| | | | | | | This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* authentication: use hidden form instead of refererJason A. Donenfeld2014-01-161-14/+8
| | | | | | | This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: add basic authentication filter frameworkJason A. Donenfeld2014-01-161-2/+94
| | | | | | | | | | | | | | | | This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add support for email filterJason A. Donenfeld2014-01-141-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: basic write hooking infrastructureJason A. Donenfeld2014-01-141-0/+2
| | | | | | | | | | | | | | | | | Filters can now call hook_write and unhook_write if they want to redirect writing to stdout to a different function. This saves us from potential file descriptor pipes and other less efficient mechanisms. We do this instead of replacing the call in html_raw because some places stdlib's printf functions are used (ui-patch or within git itself), which has its own internal buffering, which makes it difficult to interlace our function calls. So, we dlsym libc's write and then override it in the link stage. While we're at it, we move considerations of argument count into the generic new filter handler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: allow for cleanup hook for filter typesJason A. Donenfeld2014-01-141-0/+1
| | | | | | | | | | | | At some point, we're going to want to do lazy deallocation of filters. For example, if we implement lua, we'll want to load the lua runtime once for each filter, even if that filter is called many times. Similarly, for persistent exec filters, we'll want to load it once, despite many open_filter and close_filter calls, and only reap the child process at the end of the cgit process. For this reason, we add here a cleanup function that is called at the end of cgit's main(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add fprintf_filter functionJohn Keeping2014-01-141-3/+3
| | | | | | | | This stops the code in cgit.c::print_repo needing to inspect the cgit_filter structure, meaning that we can abstract out different filter types that will have different fields that need to be printed. Signed-off-by: John Keeping <john@keeping.me.uk>
* filter: split filter functions into their own fileJason A. Donenfeld2014-01-101-36/+6
| | | | | | A first step for more interesting things. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgit.c: Fix comment on bit mask hackLukas Fleischer2014-01-101-8/+10
| | | | | | | | | * Formatting and spelling fixes. * A bit mask with the size of one byte only allows for storing 8 (not 255!) different flags. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* cgit.c: Use "else" for mutually exclusive branchesLukas Fleischer2014-01-101-19/+10
| | | | | | | | When parsing command line arguments, no pair of command line options can ever match simultaneously. Use "else if" blocks to reflect this. This change improves both readability and speed. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Replace most uses of strncmp() with prefixcmp()Lukas Fleischer2014-01-101-9/+9
| | | | | | | This is a preparation for replacing all prefix checks with either strip_prefix() or starts_with() when Git 1.8.6 is released. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Update copyright informationLukas Fleischer2014-01-081-2/+1
| | | | | | | | | * Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
* cache: id means static, even if head is specified tooJason A. Donenfeld2013-08-121-3/+3
| | | | | | | | Pages like /commit?h=wip&id=8a335ce618ba77fbf05148d6f8be17bd48ba4340 were being marked as dynamic, because of h=wip, when it should be static, because of id=. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cache: document negative ttls and add about ttlJason A. Donenfeld2013-08-121-3/+12
| | | | | | | | | | | | | | We've long supported negative ttls, for infinite cache, except the documentation incorrectly showed one of our defaults as being 5 and not -1. As well, with a negative ttl, we were actually making the HTTP expired header go backwards. This changes it to go ahead ten years instead. Further, we add an cache-about-ttl option to set a different ttl for about pages, which are now increasingly being filtered through markdown or just sent statically anyway. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* use favicon by defaultChristian Hesse2013-08-121-0/+1
|
* readme: use string_list instead of space deliminationsJason A. Donenfeld2013-05-261-23/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | Now this is possible in cgitrc - readme=:README.md readme=:readme.md readme=:README.mkd readme=:readme.mkd readme=:README.rst readme=:readme.rst readme=:README.html readme=:readme.html readme=:README.htm readme=:readme.htm readme=:README.txt readme=:readme.txt readme=:README readme=:readme readme=:INSTALL.txt readme=:install.txt readme=:INSTALL readme=:install Suggested-by: John Keeping <john@keeping.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* readme: Accept multiple candidates and test them.Jason A. Donenfeld2013-05-251-0/+35
| | | | | | | | | | | The readme variable may now contain multiple space deliminated entries, which per usual are either a filepath or a git ref filepath. If multiple are specified, cgit will now select the first one in the list that exists. This is to make it easier to specify multiple default readme types in the main cgitrc file and have them automatically get applied to each repo based on what exists. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>