aboutsummaryrefslogtreecommitdiffstats
path: root/html.c
Commit message (Collapse)AuthorAgeFilesLines
* html: double escape literal + in URLsJason A. Donenfeld2023-01-111-2/+2
| | | | | | | It's unclear whether this is correct or whether my server is double decoding. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* html: fix handling of null bytePeter Prohaska2022-12-191-1/+1
| | | | | | | A return value of `len` or more means that the output was truncated. Signed-off-by: Peter Prohaska <pitrp@web.de> Signed-off-by: Christian Hesse <mail@eworm.de>
* html: html_ntxt with no ellipsisJeff Smith2017-10-031-21/+11
| | | | | | | | | For implementing a ui-blame page, there is need for a function that outputs a selection from a block of text, transformed for HTML output, but with no further modifications or additions. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* Simplify http_parse_querystring()Lukas Fleischer2016-10-011-56/+10
| | | | | | | | | | | Instead of reimplementing URL parameter parsing from scratch, use url_decode_parameter_name() and url_decode_parameter_value() which are already provided by Git. Also, change the return type of http_parse_querystring() to void since its only caller already ignores the return value. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld2016-01-141-0/+26
|
* html: remove html_status()John Keeping2015-08-141-7/+0
| | | | | | This is now unused. Signed-off-by: John Keeping <john@keeping.me.uk>
* Remove redundant includesJohn Keeping2015-08-131-6/+0
| | | | | | | These are all included in git-compat-util.h (when necessary), which we include in cgit.h. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: avoid using a plain integer as a NULL pointerJohn Keeping2015-03-091-22/+32
| | | | | | | | | Sparse complains about this table because we use the integer zero as the NULL pointer. Use this as an opportunity to reformat the table so that it always contains 8 elements per row, making it easier to see which values are being set and which are not. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: remove redundant htmlfd variableJohn Keeping2014-01-121-3/+1
| | | | | | | This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
* Update copyright informationLukas Fleischer2014-01-081-1/+1
| | | | | | | | | * Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
* html.c: die when write failsJohn Keeping2013-05-221-1/+1
| | | | | | | | If we fail to write HTML output once, there's no point carrying on so just write a failure message once and die. By using Git's die_errno function we also let the user know in what way the write failed. Signed-off-by: John Keeping <john@keeping.me.uk>
* html.c: add various strbuf and varadic helpersJohn Keeping2013-04-081-3/+50
| | | | | | | | | | This adds the fmtalloc helper, html_txtf, html_vtxtf, and html_attrf. These takes a printf style format string like htmlf but escapes the resulting string. The html_vtxtf variant takes a va_list whereas html_txtf is variadic. Signed-off-by: John Keeping <john@keeping.me.uk>
* html.c: Replace strdup() with xstrdup()Lukas Fleischer2013-04-081-5/+2
| | | | | | | Use the xstrdup() wrapper which already bails out if strdup() returns a NULL pointer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Always #include corresponding .h in .c filesJohn Keeping2013-04-081-0/+1
| | | | | | | | | | | | While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: check return value of writeJason A. Donenfeld2013-03-201-2/+3
| | | | | | | This squelches a gcc warning. It's also correct that we check to see if there are any partial or failed writes. For now, we just print a warning to stderr. In the future, perhaps it will prove wise to exit(1) on partial writes.
* Mark several functions/variables staticLukas Fleischer2013-03-041-3/+3
| | | | | | Spotted by parsing the output of `gcc -Wmissing-prototypes [...]`. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* White space around control verbs.Jason A. Donenfeld2013-03-041-7/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Fix several whitespace errorsLukas Fleischer2013-03-041-39/+39
| | | | | | | | | | * Remove whitespace at the end of lines. * Replace space indentation by tabs. * Add whitespace before/after several operators ("+", "-", "*", ...) * Add whitespace to assignments ("foo = bar;"). * Fix whitespace in parameter lists ("foobar(foo, bar, 42)"). Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Merge branch 'stable'Lars Hjemli2011-07-211-2/+2
|\
| * html.c: avoid out-of-bounds access for url_escape_tableEric Wong2011-07-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This fixes a segfault for me with with -O2 optimization on x86 with gcc (Debian 4.4.5-8) 4.4.5 I can reliably reproduce it with the following parameters when pointed to the git.git repository: PATH_INFO='/git-core.git/diff/' QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8' Signed-off-by: Eric Wong <normalperson@yhbt.net> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'stable'Lars Hjemli2011-05-301-1/+3
|\|
| * Properly escape ampersands inside HTML attributesLukas Fleischer2011-05-301-1/+3
| | | | | | | | | | | | | | | | | | Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'lh/panel'Lars Hjemli2011-05-231-0/+8
|\ \ | |/ |/|
| * html.c: add html_intoption()Lars Hjemli2011-03-061-0/+8
| | | | | | | | | | | | This is similar to html_option, but for int values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix memory leak in http_parse_querystring().Lukas Fleischer2011-05-231-2/+3
| | | | | | | | | | Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix escaping of paths with spacesJonathon Mah2011-05-231-4/+6
|/ | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Merge branch 'stable'Lars Hjemli2011-03-051-1/+1
|\
| * do not infloop on a query ending in %XY, for invalid hex X or YJim Meyering2011-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | When a query ends in say %gg, (or any invalid hex) e.g., http://git.gnome.org/browse/gdlmm/commit/?id=%gg convert_query_hexchar calls memmove(txt, txt+3, 0), and then returns txt-1, so the loop in http_parse_querystring never terminates. The solution is to make the memmove also copy the trailing NUL. * html.c (convert_query_hexchar): Fix off-by-one error. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | html.c: use '+' to escape spaces in urlsLars Hjemli2010-11-101-2/+2
| | | | | | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | prefer html_raw() to write()Mark Lodato2010-09-041-9/+9
| | | | | | | | | | | | | | To make the code more consistent, and to not rely on the implementation of html(), always use html_raw(...) instead of write(htmlfd, ...). Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | Merge branch 'stable'Lars Hjemli2010-08-291-4/+5
|\|
| * html: fix strcpy bug in convert_query_hexcharMark Lodato2010-08-291-4/+5
| | | | | | | | | | | | | | | | The source and destination strings in strcpy() may not overlap. Instead, use memmove(), which allows overlap. This fixes test t0104, where 'url=foo%2bbar/tree' was being parsed improperly. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | html: properly percent-escape URLsMark Lodato2010-02-091-4/+32
| | | | | | | | | | | | | | | | | | | | | | | | The only valid characters for a URL are unreserved characters a-zA-Z0-9_-.~ and the reserved characters !*'();:@&=+$,/?%#[] , as per RFC 3986. Everything else must be escaped. Additionally, the # and ? always have special meaning, and the &, =, and + have special meaning in a query string, so they too must be escaped. To make this easier, a table of escapes is now used so that we do not have to call fmt() for each character; if the entry is 0, no escaping is needed. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* | html: make all strings 'const char *'Mark Lodato2010-02-081-17/+17
|/ | | | | | | | None of the html_* functions modify their argument, so they can all be 'const char *' instead of a simple 'char *'. This removes the need to cast (or copy) when trying to print a const string. Signed-off-by: Mark Lodato <lodatom@gmail.com>
* html.c: use correct escaping in html attributesLars Hjemli2009-01-291-2/+4
| | | | | | | First, an apostrophe is not a quote. Second, we also need to escape quotes. And finally, quotes are encoded as '&quot;', not '&quote;'. Sighned-off-by: Lars Hjemli <hjemli@gmail.com>
* html.c: add html_url_pathLars Hjemli2008-10-051-0/+16
| | | | | | | This function can be used to generate properly escaped path-components for links. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* html.c: add html_url_argLars Hjemli2008-10-051-0/+16
| | | | | | This function can be used to properly escape querystring parameter values. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Supply status description to html_status()Lars Hjemli2008-08-061-2/+2
| | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Implement plain viewLars Hjemli2008-08-061-0/+5
| | | | | | | This implements a way to access plain blobs by path (similar to the tree view) instead of by sha1. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add support for cloning over httpLars Hjemli2008-08-061-0/+7
| | | | | | | This patch implements basic support for cloning over http, based on the work on git-http-backend by Shawn O. Pearce. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Print an error if filename is not found in html_include.Harley Laue2008-04-291-1/+5
| | | | | | | | | | Normally when html_include cannot open the file it fails silently and things can be a bit hard to figure out from just looking at apache's log. This will be beneficial for those initially setting up their server with cgit. Signed-off-by: Harley Laue <losinggeneration@aim.com> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Merge branch 'lh/cleanup'Lars Hjemli2008-04-081-19/+76
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * lh/cleanup: (21 commits) Reset ctx.repo to NULL when the config parser is finished Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring() Move function for configfile parsing into configfile.[ch] Add cache.h Remove global and obsolete cgit_cmd Makefile: copy the QUIET constructs from the Makefile in git.git Move cgit_version from shared.c to cgit.c Makefile: autobuild dependency rules Initial Makefile cleanup Move non-generic functions from shared.c to cgit.c Add ui-shared.h Add separate header-files for each page/view Refactor snapshot support Add command dispatcher Remove obsolete cacheitem parameter to ui-functions Add struct cgit_page to cgit_context Introduce html.h Improve initialization of git directory Move cgit_repo into cgit_context Add all config variables into struct cgit_context ...
| * Move cgit_parse_query() from parsing.c to html.c as http_parse_querystring()Lars Hjemli2008-04-081-0/+64
| | | | | | | | | | | | This is a generic http-function. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Introduce html.hLars Hjemli2008-03-181-19/+12
| | | | | | | | | | | | | | | | All html-functions can be quite easily separated from the rest of cgit, so lets do it; the only issue was html_filemode which uses some git-defined macros so the function is moved into ui-shared.c::cgit_print_filemode(). Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Merge branch 'stable'Lars Hjemli2008-02-231-15/+5
|\ \ | |/ |/| | | | | | | | | * stable: Fix segfault Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| * Fix segfaultHiroki Hattori2008-02-231-15/+5
| | | | | | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | Fix html error detected by test-suiteLars Hjemli2007-11-111-1/+1
|/ | | | Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Add html_option() functionLars Hjemli2007-10-281-0/+12
| | | | | | This is a generic function used to output html "option" tags. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* Rename dirlink to gitlink.Jeffrey C. Ollie2007-06-041-1/+1
| | | | | | | Git changed from dirlink to gitlink in 302b9282c9ddfcc704ca759bdc98c1d5f75eba2f. Signed-off-by: Jeffrey C. Ollie <jeff@ocjtech.us>
* Add html_include()Lars Hjemli2007-05-181-0/+14
| | | | | | | This is a function used to include external htmlfiles in cgit- generated pages. Signed-off-by: Lars Hjemli <hjemli@gmail.com>