| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Serving cgit via https and getting avatar via http gives error messages
about untrusted content. This decides whether or not to use https link
by looking at the environment variable HTTPS, which is set in CGI.
|
| |
|
| |
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
| |
an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
| |
* make ampersand a html entity
* add required alt attribute
* add required img end tag
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
| |
The lua one is hugely faster than the python one, but both are included
for comparison.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Switched back to python2 according to a problem in pygments with python3.
With the next release of pygments this problem should be fixed.
Issue see here:
https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
-> At first use guess_lexer_for_filename for a better detection of the used
programming languages (even mixed cases will be detected, e.g. php + html).
-> If nothing was found look if there is a shebang and use guess_lexer.
-> As default/fallback choose TextLexer.
Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
|
|
|
|
|
|
|
| |
Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
|
|
|
|
|
| |
dash failed to parse the script.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
|
|
|
|
|
| |
v2: add highlight 3.13 as present on Fedora 19
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
| |
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
|
|
|
|
|
|
|
| |
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.
This patch adds simple argument quoting.
|
|
|
|
|
|
|
|
|
|
| |
There are 2 situations:
1- empty extension: assuming text is better than highlight
producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
the extension to the filename, which is what now happens.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|
|
|
|
|
|
|
|
| |
This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166.
An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The default length for sha1 abbreviations in git is 7.
A '#num' at the beginning of the commit message is now
recognised, a ':#num' as well, etc.: a '#num' anywhere
is now converted to a link.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|/
|
|
|
| |
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|
|
|
|
|
| |
This allows for putting descriptions closer to their expressions. It
should also make it clearer how to apply an expression conditionally.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The highlight tool can be given any of the supported file extensions
as its -S parameter. This patch replaces the case-switch by extracting
the extension from the supplied file name and passing it to highlight.
However, this requires a shell supporting the ${var##pattern} syntax,
like dash or bash.
Unknown extensions cause a fall-back to plain text using the --force
switch. Error messages are redirected to /dev/null.
A special case maps Makefile and Makefile.* to the "mk" extension.
The total overhead is reduced by calling "exec highlight". No forks are
needed during script execution.
Signed-off-by: Georg Lukas <georg@op-co.de>
|
|
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
|