v267
[gitweb.git] / gitweb.cgi
index 75549a82e2fc3c5ea12fb0875af1874e7e4b297f..ea21fbe88a9455c80fd88f4f510fd928638b68e5 100755 (executable)
@@ -1,33 +1,36 @@
 #!/usr/bin/perl
 
-# gitweb.pl - simple web interface to track changes in git repositories
+# gitweb - simple web interface to track changes in git repositories
 #
-# (C) 2005, Kay Sievers <kay.sievers@vrfy.org>
-# (C) 2005, Christian Gierke <ch@gierke.de>
+# (C) 2005-2006, Kay Sievers <kay.sievers@vrfy.org>
+# (C) 2005, Christian Gierke
 #
-# This program is licensed under the GPL v2, or a later version
+# This program is licensed under the GPLv2
 
 use strict;
 use warnings;
-use CGI qw(:standard :escapeHTML);
+use CGI qw(:standard :escapeHTML -nosticky);
 use CGI::Util qw(unescape);
 use CGI::Carp qw(fatalsToBrowser);
+use Encode;
 use Fcntl ':mode';
+binmode STDOUT, ':utf8';
 
 my $cgi = new CGI;
-my $version =          "165";
+my $version =          "267";
 my $my_url =           $cgi->url();
 my $my_uri =           $cgi->url(-absolute => 1);
-my $rss_link = "";
+my $rss_link =         "";
 
 # absolute fs-path which will be prepended to the project path
-my $projectroot =      "/pub/scm";
+#my $projectroot =     "/pub/scm";
+my $projectroot =      "/home/kay/public_html/pub/scm";
 
 # location of the git-core binaries
 my $gitbin =           "/usr/bin";
 
 # location for temporary files needed for diffs
-my $gittmp =           "/tmp/gitweb";
+my $git_temp =         "/tmp/gitweb";
 
 # target of the home link on top of all pages
 my $home_link =                $my_uri;
@@ -36,33 +39,38 @@ my $home_link =             $my_uri;
 my $home_text =                "indextext.html";
 
 # source of projects list
-#my $projects_list = $projectroot;
-my $projects_list = "index/index.aux";
+#my $projects_list =   $projectroot;
+my $projects_list =    "index/index.aux";
 
 # input validation and dispatch
 my $action = $cgi->param('a');
 if (defined $action) {
-       if ($action =~ m/[^0-9a-zA-Z\.\-]+/) {
+       if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
                undef $action;
                die_error(undef, "Invalid action parameter.");
        }
        if ($action eq "git-logo.png") {
                git_logo();
                exit;
+       } elsif ($action eq "opml") {
+               git_opml();
+               exit;
+       }
+}
+
+my $order = $cgi->param('o');
+if (defined $order) {
+       if ($order =~ m/[^0-9a-zA-Z_]/) {
+               undef $order;
+               die_error(undef, "Invalid order parameter.");
        }
-} else {
-       $action = "summary";
 }
 
 my $project = $cgi->param('p');
 if (defined $project) {
-       if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
-               undef $project;
-               die_error(undef, "Non-canonical project parameter.");
-       }
-       if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) {
-               undef $project;
-               die_error(undef, "Invalid character in project parameter.");
+       $project = validate_input($project);
+       if (!defined($project)) {
+               die_error(undef, "Invalid project parameter.");
        }
        if (!(-d "$projectroot/$project")) {
                undef $project;
@@ -72,9 +80,9 @@ if (defined $project) {
                undef $project;
                die_error(undef, "No such project.");
        }
-       $rss_link = "<link rel=\"alternate\" title=\"$project log\" href=\"$my_uri?p=$project;a=rss\" type=\"application/rss+xml\"/>";
-       $ENV{'GIT_OBJECT_DIRECTORY'} = "$projectroot/$project/objects";
-       $ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/objects";
+       $rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
+                   "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
+       $ENV{'GIT_DIR'} = "$projectroot/$project";
 } else {
        git_project_list();
        exit;
@@ -82,47 +90,73 @@ if (defined $project) {
 
 my $file_name = $cgi->param('f');
 if (defined $file_name) {
-       if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
-               undef $file_name;
-               die_error(undef, "Non-canonical file parameter.");
-       }
-       if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
-               undef $file_name;
-               die_error(undef, "Invalid character in file parameter.");
+       $file_name = validate_input($file_name);
+       if (!defined($file_name)) {
+               die_error(undef, "Invalid file parameter.");
        }
 }
 
 my $hash = $cgi->param('h');
-if (defined $hash && !($hash =~ m/^[0-9a-fA-F]{40}$/)) {
-       undef $hash;
-       die_error(undef, "Invalid hash parameter.");
+if (defined $hash) {
+       $hash = validate_input($hash);
+       if (!defined($hash)) {
+               die_error(undef, "Invalid hash parameter.");
+       }
 }
 
 my $hash_parent = $cgi->param('hp');
-if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) {
-       undef $hash_parent;
-       die_error(undef, "Invalid hash_parent parameter.");
+if (defined $hash_parent) {
+       $hash_parent = validate_input($hash_parent);
+       if (!defined($hash_parent)) {
+               die_error(undef, "Invalid hash parent parameter.");
+       }
 }
 
 my $hash_base = $cgi->param('hb');
-if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) {
-       undef $hash_base;
-       die_error(undef, "Invalid parent hash parameter.");
+if (defined $hash_base) {
+       $hash_base = validate_input($hash_base);
+       if (!defined($hash_base)) {
+               die_error(undef, "Invalid hash base parameter.");
+       }
 }
 
-my $time_back = $cgi->param('t');
-if (defined $time_back) {
-       if ($time_back =~ m/^[^0-9]+$/) {
-               undef $time_back;
-               die_error(undef, "Invalid time parameter.");
+my $page = $cgi->param('pg');
+if (defined $page) {
+       if ($page =~ m/[^0-9]$/) {
+               undef $page;
+               die_error(undef, "Invalid page parameter.");
        }
 }
 
-if ($action eq "summary") {
+my $searchtext = $cgi->param('s');
+if (defined $searchtext) {
+       if ($searchtext =~ m/[^a-zA-Z0-9_\.\/\-\+\:\@ ]/) {
+               undef $searchtext;
+               die_error(undef, "Invalid search parameter.");
+       }
+       $searchtext = quotemeta $searchtext;
+}
+
+sub validate_input {
+       my $input = shift;
+
+       if ($input =~ m/^[0-9a-fA-F]{40}$/) {
+               return $input;
+       }
+       if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
+               return undef;
+       }
+       if ($input =~ m/[^a-zA-Z0-9_\x80-\xff\ \t\.\/\-\+\#\~\%]/) {
+               return undef;
+       }
+       return $input;
+}
+
+if (!defined $action || $action eq "summary") {
        git_summary();
        exit;
-} elsif ($action eq "branches") {
-       git_branches();
+} elsif ($action eq "heads") {
+       git_heads();
        exit;
 } elsif ($action eq "tags") {
        git_tags();
@@ -130,6 +164,9 @@ if ($action eq "summary") {
 } elsif ($action eq "blob") {
        git_blob();
        exit;
+} elsif ($action eq "blob_plain") {
+       git_blob_plain();
+       exit;
 } elsif ($action eq "tree") {
        git_tree();
        exit;
@@ -145,20 +182,64 @@ if ($action eq "summary") {
 } elsif ($action eq "blobdiff") {
        git_blobdiff();
        exit;
+} elsif ($action eq "blobdiff_plain") {
+       git_blobdiff_plain();
+       exit;
 } elsif ($action eq "commitdiff") {
        git_commitdiff();
        exit;
+} elsif ($action eq "commitdiff_plain") {
+       git_commitdiff_plain();
+       exit;
 } elsif ($action eq "history") {
        git_history();
        exit;
+} elsif ($action eq "search") {
+       git_search();
+       exit;
+} elsif ($action eq "shortlog") {
+       git_shortlog();
+       exit;
+} elsif ($action eq "tag") {
+       git_tag();
+       exit;
 } else {
        undef $action;
        die_error(undef, "Unknown action.");
        exit;
 }
 
+# quote unsafe chars, but keep the slash, even when it's not
+# correct, but quoted slashes look too horrible in bookmarks
+sub esc_param {
+       my $str = shift;
+       $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
+       $str =~ s/\+/%2B/g;
+       $str =~ s/ /\+/g;
+       return $str;
+}
+
+# replace invalid utf8 character with SUBSTITUTION sequence
+sub esc_html {
+       my $str = shift;
+       $str = decode("utf8", $str, Encode::FB_DEFAULT);
+       $str = escapeHTML($str);
+       return $str;
+}
+
+# git may return quoted and escaped filenames
+sub unquote {
+       my $str = shift;
+       if ($str =~ m/^"(.*)"$/) {
+               $str = $1;
+               $str =~ s/\\([0-7]{1,3})/chr(oct($1))/eg;
+       }
+       return $str;
+}
+
 sub git_header_html {
        my $status = shift || "200 OK";
+       my $expires = shift;
 
        my $title = "git";
        if (defined $project) {
@@ -167,25 +248,30 @@ sub git_header_html {
                        $title .= "/$action";
                }
        }
-       print $cgi->header(-type=>'text/html',  -charset => 'utf-8', -status=> $status);
+       print $cgi->header(-type=>'text/html',  -charset => 'utf-8', -status=> $status, -expires => $expires);
        print <<EOF;
 <?xml version="1.0" encoding="utf-8"?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
-<!-- git web interface v$version, (C) 2005, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke <ch\@gierke.de> -->
+<!-- git web interface v$version, (C) 2005-2006, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke -->
 <head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
+<meta name="robots" content="index, nofollow"/>
 <title>$title</title>
 $rss_link
 <style type="text/css">
-body { font-family: sans-serif; font-size: 12px; margin:0px; border:solid #d9d8d1; border-width:1px; margin:10px; }
+body {
+       font-family: sans-serif; font-size: 12px; border:solid #d9d8d1; border-width:1px;
+       margin:10px; background-color:#ffffff; color:#000000;
+}
 a { color:#0000cc; }
 a:hover, a:visited, a:active { color:#880000; }
 div.page_header { height:25px; padding:8px; font-size:18px; font-weight:bold; background-color:#d9d8d1; }
-div.page_header a:visited { color:#0000cc; }
+div.page_header a:visited, a.header { color:#0000cc; }
 div.page_header a:hover { color:#880000; }
 div.page_nav { padding:8px; }
 div.page_nav a:visited { color:#0000cc; }
-div.page_path { font-weight:bold; padding:8px; border:solid #d9d8d1; border-width:0px 0px 1px}
+div.page_path { padding:8px; border:solid #d9d8d1; border-width:0px 0px 1px}
 div.page_footer { height:17px; padding:4px 8px; background-color: #d9d8d1; }
 div.page_footer_text { float:left; color:#555555; font-style:italic; }
 div.page_body { padding:8px; }
@@ -204,34 +290,68 @@ div.log_link {
 }
 div.list_head { padding:6px 8px 4px; border:solid #d9d8d1; border-width:1px 0px 0px; font-style:italic; }
 a.list { text-decoration:none; color:#000000; }
-a.list:hover { color:#880000; }
+a.list:hover { text-decoration:underline; color:#880000; }
+a.text { text-decoration:none; color:#0000cc; }
+a.text:visited { text-decoration:none; color:#880000; }
+a.text:hover { text-decoration:underline; color:#880000; }
 table { padding:8px 4px; }
 th { padding:2px 5px; font-size:12px; text-align:left; }
-td { padding:2px 5px; font-size:12px; }
+tr.light:hover { background-color:#edece6; }
+tr.dark { background-color:#f6f6f0; }
+tr.dark:hover { background-color:#edece6; }
+td { padding:2px 5px; font-size:12px; vertical-align:top; }
 td.link { padding:2px 5px; font-family:sans-serif; font-size:10px; }
 div.pre { font-family:monospace; font-size:12px; white-space:pre; }
 div.diff_info { font-family:monospace; color:#000099; background-color:#edece6; font-style:italic; }
 div.index_include { border:solid #d9d8d1; border-width:0px 0px 1px; padding:12px 8px; }
-a.rss_logo { float:right; padding:3px 0px; width:35px; line-height:10px;
+div.search { margin:4px 8px; position:absolute; top:56px; right:12px }
+a.linenr { color:#999999; text-decoration:none }
+a.rss_logo {
+       float:right; padding:3px 0px; width:35px; line-height:10px;
        border:1px solid; border-color:#fcc7a5 #7d3302 #3e1a01 #ff954e;
        color:#ffffff; background-color:#ff6600;
        font-weight:bold; font-family:sans-serif; font-size:10px;
        text-align:center; text-decoration:none;
 }
 a.rss_logo:hover { background-color:#ee5500; }
+span.tag {
+       padding:0px 4px; font-size:10px; font-weight:normal;
+       background-color:#ffffaa; border:1px solid; border-color:#ffffcc #ffee00 #ffee00 #ffffcc;
+}
 </style>
 </head>
 <body>
 EOF
        print "<div class=\"page_header\">\n" .
-             "<a href=\"http://kernel.org/pub/software/scm/git/docs/\">" .
-             "<img src=\"$my_uri?a=git-logo.png\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/></a>";
-       print $cgi->a({-href => $home_link}, "projects") . " / ";
+             "<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" .
+             "<img src=\"$my_uri?" . esc_param("a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
+             "</a>\n";
+       print $cgi->a({-href => esc_param($home_link)}, "projects") . " / ";
        if (defined $project) {
-               print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, escapeHTML($project));
+               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, esc_html($project));
                if (defined $action) {
                        print " / $action";
                }
+               print "\n";
+               if (!defined $searchtext) {
+                       $searchtext = "";
+               }
+               my $search_hash;
+               if (defined $hash) {
+                       $search_hash = $hash;
+               } else {
+                       $search_hash  = "HEAD";
+               }
+               $cgi->param("a", "search");
+               $cgi->param("h", $search_hash);
+               print $cgi->startform(-method => "get", -action => $my_uri) .
+                     "<div class=\"search\">\n" .
+                     $cgi->hidden(-name => "p") . "\n" .
+                     $cgi->hidden(-name => "a") . "\n" .
+                     $cgi->hidden(-name => "h") . "\n" .
+                     $cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
+                     "</div>" .
+                     $cgi->end_form() . "\n";
        }
        print "</div>\n";
 }
@@ -241,9 +361,11 @@ sub git_footer_html {
        if (defined $project) {
                my $descr = git_read_description($project);
                if (defined $descr) {
-                       print "<div class=\"page_footer_text\">" . escapeHTML($descr) . "</div>\n";
+                       print "<div class=\"page_footer_text\">" . esc_html($descr) . "</div>\n";
                }
-               print $cgi->a({-href => "$my_uri?p=$project;a=rss", -class => "rss_logo"}, "RSS") . "\n";
+               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n";
+       } else {
+               print $cgi->a({-href => "$my_uri?" . esc_param("a=opml"), -class => "rss_logo"}, "OPML") . "\n";
        }
        print "</div>\n" .
              "</body>\n" .
@@ -267,17 +389,35 @@ sub die_error {
 sub git_get_type {
        my $hash = shift;
 
-       open my $fd, "-|", "$gitbin/git-cat-file -t $hash" || return;
+       open my $fd, "-|", "$gitbin/git-cat-file -t $hash" or return;
        my $type = <$fd>;
-       close $fd;
+       close $fd or return;
        chomp $type;
        return $type;
 }
 
+sub git_read_head {
+       my $project = shift;
+       my $oENV = $ENV{'GIT_DIR'};
+       my $retval = undef;
+       $ENV{'GIT_DIR'} = "$projectroot/$project";
+       if (open my $fd, "-|", "$gitbin/git-rev-parse", "--verify", "HEAD") {
+               my $head = <$fd>;
+               close $fd;
+               if (defined $head && $head =~ /^([0-9a-fA-F]{40})$/) {
+                       $retval = $1;
+               }
+       }
+       if (defined $oENV) {
+               $ENV{'GIT_DIR'} = $oENV;
+       }
+       return $retval;
+}
+
 sub git_read_hash {
        my $path = shift;
 
-       open my $fd, "$projectroot/$path" || return undef;
+       open my $fd, "$projectroot/$path" or return undef;
        my $head = <$fd>;
        close $fd;
        chomp $head;
@@ -289,7 +429,7 @@ sub git_read_hash {
 sub git_read_description {
        my $path = shift;
 
-       open my $fd, "$projectroot/$path/description" || return undef;
+       open my $fd, "$projectroot/$path/description" or return undef;
        my $descr = <$fd>;
        close $fd;
        chomp $descr;
@@ -299,8 +439,10 @@ sub git_read_description {
 sub git_read_tag {
        my $tag_id = shift;
        my %tag;
+       my @comment;
 
-       open my $fd, "-|", "$gitbin/git-cat-file tag $tag_id" || return;
+       open my $fd, "-|", "$gitbin/git-cat-file tag $tag_id" or return;
+       $tag{'id'} = $tag_id;
        while (my $line = <$fd>) {
                chomp $line;
                if ($line =~ m/^object ([0-9a-fA-F]{40})$/) {
@@ -309,28 +451,85 @@ sub git_read_tag {
                        $tag{'type'} = $1;
                } elsif ($line =~ m/^tag (.+)$/) {
                        $tag{'name'} = $1;
+               } elsif ($line =~ m/^tagger (.*) ([0-9]+) (.*)$/) {
+                       $tag{'author'} = $1;
+                       $tag{'epoch'} = $2;
+                       $tag{'tz'} = $3;
+               } elsif ($line =~ m/--BEGIN/) {
+                       push @comment, $line;
+                       last;
+               } elsif ($line eq "") {
+                       last;
                }
        }
-       close $fd || return;
+       push @comment, <$fd>;
+       $tag{'comment'} = \@comment;
+       close $fd or return;
        if (!defined $tag{'name'}) {
                return
        };
        return %tag
 }
 
+sub age_string {
+       my $age = shift;
+       my $age_str;
+
+       if ($age > 60*60*24*365*2) {
+               $age_str = (int $age/60/60/24/365);
+               $age_str .= " years ago";
+       } elsif ($age > 60*60*24*(365/12)*2) {
+               $age_str = int $age/60/60/24/(365/12);
+               $age_str .= " months ago";
+       } elsif ($age > 60*60*24*7*2) {
+               $age_str = int $age/60/60/24/7;
+               $age_str .= " weeks ago";
+       } elsif ($age > 60*60*24*2) {
+               $age_str = int $age/60/60/24;
+               $age_str .= " days ago";
+       } elsif ($age > 60*60*2) {
+               $age_str = int $age/60/60;
+               $age_str .= " hours ago";
+       } elsif ($age > 60*2) {
+               $age_str = int $age/60;
+               $age_str .= " min ago";
+       } elsif ($age > 2) {
+               $age_str = int $age;
+               $age_str .= " sec ago";
+       } else {
+               $age_str .= " right now";
+       }
+       return $age_str;
+}
+
 sub git_read_commit {
-       my $commit = shift;
+       my $commit_id = shift;
+       my $commit_text = shift;
+
+       my @commit_lines;
        my %co;
-       my @parents;
 
-       open my $fd, "-|", "$gitbin/git-cat-file commit $commit" || return;
-       while (my $line = <$fd>) {
+       if (defined $commit_text) {
+               @commit_lines = @$commit_text;
+       } else {
+               $/ = "\0";
+               open my $fd, "-|", "$gitbin/git-rev-list --header --parents --max-count=1 $commit_id" or return;
+               @commit_lines = split '\n', <$fd>;
+               close $fd or return;
+               $/ = "\n";
+               pop @commit_lines;
+       }
+       my $header = shift @commit_lines;
+       if (!($header =~ m/^[0-9a-fA-F]{40}/)) {
+               return;
+       }
+       ($co{'id'}, my @parents) = split ' ', $header;
+       $co{'parents'} = \@parents;
+       $co{'parent'} = $parents[0];
+       while (my $line = shift @commit_lines) {
                last if $line eq "\n";
-               chomp $line;
                if ($line =~ m/^tree ([0-9a-fA-F]{40})$/) {
                        $co{'tree'} = $1;
-               } elsif ($line =~ m/^parent ([0-9a-fA-F]{40})$/) {
-                       push @parents, $1;
                } elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
                        $co{'author'} = $1;
                        $co{'author_epoch'} = $2;
@@ -349,50 +548,60 @@ sub git_read_commit {
                }
        }
        if (!defined $co{'tree'}) {
-               close $fd;
-               return undef
+               return;
        };
-       $co{'parents'} = \@parents;
-       $co{'parent'} = $parents[0];
-       my (@comment) = map { chomp; $_ } <$fd>;
-       $co{'comment'} = \@comment;
-       $co{'title'} = chop_str($comment[0], 50);
-       close $fd || return;
+
+       foreach my $title (@commit_lines) {
+               $title =~ s/^    //;
+               if ($title ne "") {
+                       $co{'title'} = chop_str($title, 80, 5);
+                       # remove leading stuff of merges to make the interesting part visible
+                       if (length($title) > 50) {
+                               $title =~ s/^Automatic //;
+                               $title =~ s/^merge (of|with) /Merge ... /i;
+                               if (length($title) > 50) {
+                                       $title =~ s/(http|rsync):\/\///;
+                               }
+                               if (length($title) > 50) {
+                                       $title =~ s/(master|www|rsync)\.//;
+                               }
+                               if (length($title) > 50) {
+                                       $title =~ s/kernel.org:?//;
+                               }
+                               if (length($title) > 50) {
+                                       $title =~ s/\/pub\/scm//;
+                               }
+                       }
+                       $co{'title_short'} = chop_str($title, 50, 5);
+                       last;
+               }
+       }
+       # remove added spaces
+       foreach my $line (@commit_lines) {
+               $line =~ s/^    //;
+       }
+       $co{'comment'} = \@commit_lines;
 
        my $age = time - $co{'committer_epoch'};
        $co{'age'} = $age;
-       if ($age > 60*60*24*365*2) {
-               $co{'age_string'} = (int $age/60/60/24/365);
-               $co{'age_string'} .= " years ago";
-       } elsif ($age > 60*60*24*(365/12)*2) {
-               $co{'age_string'} = int $age/60/60/24/(365/12);
-               $co{'age_string'} .= " months ago";
-       } elsif ($age > 60*60*24*7*2) {
-               $co{'age_string'} = int $age/60/60/24/7;
-               $co{'age_string'} .= " weeks ago";
-       } elsif ($age > 60*60*24*2) {
-               $co{'age_string'} = int $age/60/60/24;
-               $co{'age_string'} .= " days ago";
-       } elsif ($age > 60*60*2) {
-               $co{'age_string'} = int $age/60/60;
-               $co{'age_string'} .= " hours ago";
-       } elsif ($age > 60*2) {
-               $co{'age_string'} = int $age/60;
-               $co{'age_string'} .= " min ago";
-       } elsif ($age > 2) {
-               $co{'age_string'} = int $age;
-               $co{'age_string'} .= " sec ago";
+       $co{'age_string'} = age_string($age);
+       my ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday) = gmtime($co{'committer_epoch'});
+       if ($age > 60*60*24*7*2) {
+               $co{'age_string_date'} = sprintf "%4i-%02u-%02i", 1900 + $year, $mon+1, $mday;
+               $co{'age_string_age'} = $co{'age_string'};
        } else {
-               $co{'age_string'} .= " right now";
+               $co{'age_string_date'} = $co{'age_string'};
+               $co{'age_string_age'} = sprintf "%4i-%02u-%02i", 1900 + $year, $mon+1, $mday;
        }
        return %co;
 }
 
-sub git_diff_html {
+sub git_diff_print {
        my $from = shift;
        my $from_name = shift;
        my $to = shift;
        my $to_name = shift;
+       my $format = shift || "html";
 
        my $from_tmp = "/dev/null";
        my $to_tmp = "/dev/null";
@@ -400,7 +609,7 @@ sub git_diff_html {
 
        # create tmp from-file
        if (defined $from) {
-               $from_tmp = "$gittmp/gitweb_" . $$ . "_from";
+               $from_tmp = "$git_temp/gitweb_" . $$ . "_from";
                open my $fd2, "> $from_tmp";
                open my $fd, "-|", "$gitbin/git-cat-file blob $from";
                my @file = <$fd>;
@@ -411,7 +620,7 @@ sub git_diff_html {
 
        # create tmp to-file
        if (defined $to) {
-               $to_tmp = "$gittmp/gitweb_" . $$ . "_to";
+               $to_tmp = "$git_temp/gitweb_" . $$ . "_to";
                open my $fd2, "> $to_tmp";
                open my $fd, "-|", "$gitbin/git-cat-file blob $to";
                my @file = <$fd>;
@@ -420,22 +629,34 @@ sub git_diff_html {
                close $fd;
        }
 
-       open my $fd, "-|", "/usr/bin/diff -u -p -L $from_name -L $to_name $from_tmp $to_tmp";
-       while (my $line = <$fd>) {
-               chomp($line);
-               my $char = substr($line, 0, 1);
-               my $color = "";
-               if ($char eq '+') {
-                       $color = " style=\"color:#008800;\"";
-               } elsif ($char eq '-') {
-                       $color = " style=\"color:#cc0000;\"";
-               } elsif ($char eq '@') {
-                       $color = " style=\"color:#990099;\"";
-               } elsif ($char eq '\\') {
-                       # skip errors
-                       next;
+       open my $fd, "-|", "/usr/bin/diff -u -p -L \'$from_name\' -L \'$to_name\' $from_tmp $to_tmp";
+       if ($format eq "plain") {
+               undef $/;
+               print <$fd>;
+               $/ = "\n";
+       } else {
+               while (my $line = <$fd>) {
+                       chomp($line);
+                       my $char = substr($line, 0, 1);
+                       my $color = "";
+                       if ($char eq '+') {
+                               $color = " style=\"color:#008800;\"";
+                       } elsif ($char eq "-") {
+                               $color = " style=\"color:#cc0000;\"";
+                       } elsif ($char eq "@") {
+                               $color = " style=\"color:#990099;\"";
+                       } elsif ($char eq "\\") {
+                               # skip errors
+                               next;
+                       }
+                       while ((my $pos = index($line, "\t")) != -1) {
+                               if (my $count = (8 - (($pos-1) % 8))) {
+                                       my $spaces = ' ' x $count;
+                                       $line =~ s/\t/$spaces/;
+                               }
+                       }
+                       print "<div class=\"pre\"$color>" . esc_html($line) . "</div>\n";
                }
-               print "<div class=\"pre\"$color>" . escapeHTML($line) . "</div>\n";
        }
        close $fd;
 
@@ -469,13 +690,17 @@ sub mode_str {
 sub chop_str {
        my $str = shift;
        my $len = shift;
+       my $add_len = shift || 10;
 
-       $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,10})/;
-       my $chopped = $1;
-       if ($chopped ne $str) {
-               $chopped .= " ...";
+       # allow only $len chars, but don't cut a word if it would fit in $add_len
+       # if it doesn't fit, cut it if it's still longer than the dots we would add
+       $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,$add_len})(.*)/;
+       my $body = $1;
+       my $tail = $2;
+       if (length($tail) > 4) {
+               $tail = " ...";
        }
-       return $chopped;
+       return "$body$tail";
 }
 
 sub file_type {
@@ -492,6 +717,21 @@ sub file_type {
        }
 }
 
+sub format_log_line_html {
+       my $line = shift;
+
+       $line = esc_html($line);
+       $line =~ s/ /&nbsp;/g;
+       if ($line =~ m/([0-9a-fA-F]{40})/) {
+               my $hash_text = $1;
+               if (git_get_type($hash_text) eq "commit") {
+                       my $link = $cgi->a({-class => "text", -href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_text")}, $hash_text);
+                       $line =~ s/$hash_text/$link/;
+               }
+       }
+       return $line;
+}
+
 sub date_str {
        my $epoch = shift;
        my $tz = shift || "-0000";
@@ -519,6 +759,7 @@ sub date_str {
 
 # git-logo (cached in browser for one day)
 sub git_logo {
+       binmode STDOUT, ':raw';
        print $cgi->header(-type => 'image/png', -expires => '+1d');
        # cat git-logo.png | hexdump -e '16/1 " %02x"  "\n"' | sed 's/ /\\x/g'
        print   "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52" .
@@ -546,16 +787,16 @@ sub get_file_owner {
        }
        my $owner = $gcos;
        $owner =~ s/[,;].*$//;
-       return $owner;
+       return decode("utf8", $owner, Encode::FB_DEFAULT);
 }
 
-sub git_project_list {
+sub git_read_projects {
        my @list;
 
        if (-d $projects_list) {
                # search in directory
                my $dir = $projects_list;
-               opendir my $dh, $dir || return undef;
+               opendir my $dh, $dir or return undef;
                while (my $dir = readdir($dh)) {
                        if (-e "$projectroot/$dir/HEAD") {
                                my $pr = {
@@ -570,7 +811,7 @@ sub git_project_list {
                # 'git%2Fgit.git Linus+Torvalds'
                # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
                # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
-               open my $fd , $projects_list || return undef;
+               open my $fd , $projects_list or return undef;
                while (my $line = <$fd>) {
                        chomp $line;
                        my ($path, $owner) = split ' ', $line;
@@ -582,19 +823,43 @@ sub git_project_list {
                        if (-e "$projectroot/$path/HEAD") {
                                my $pr = {
                                        path => $path,
-                                       owner => $owner,
+                                       owner => decode("utf8", $owner, Encode::FB_DEFAULT),
                                };
                                push @list, $pr
                        }
                }
                close $fd;
        }
+       @list = sort {$a->{'path'} cmp $b->{'path'}} @list;
+       return @list;
+}
 
+sub git_project_list {
+       my @list = git_read_projects();
+       my @projects;
        if (!@list) {
                die_error(undef, "No project found.");
        }
-       @list = sort {$a->{'path'} cmp $b->{'path'}} @list;
-
+       foreach my $pr (@list) {
+               my $head = git_read_head($pr->{'path'});
+               if (!defined $head) {
+                       next;
+               }
+               $ENV{'GIT_DIR'} = "$projectroot/$pr->{'path'}";
+               my %co = git_read_commit($head);
+               if (!%co) {
+                       next;
+               }
+               $pr->{'commit'} = \%co;
+               if (!defined $pr->{'descr'}) {
+                       my $descr = git_read_description($pr->{'path'}) || "";
+                       $pr->{'descr'} = chop_str($descr, 25, 5);
+               }
+               if (!defined $pr->{'owner'}) {
+                       $pr->{'owner'} = get_file_owner("$projectroot/$pr->{'path'}") || "";
+               }
+               push @projects, $pr;
+       }
        git_header_html();
        if (-f $home_text) {
                print "<div class=\"index_include\">\n";
@@ -604,53 +869,57 @@ sub git_project_list {
                print "</div>\n";
        }
        print "<table cellspacing=\"0\">\n" .
-             "<tr>\n" .
-             "<th>Project</th>\n" .
-             "<th>Description</th>\n" .
-             "<th>Owner</th>\n" .
-             "<th>last change</th>\n" .
-             "<th></th>\n" .
+             "<tr>\n";
+       if (!defined($order) || (defined($order) && ($order eq "project"))) {
+               @projects = sort {$a->{'path'} cmp $b->{'path'}} @projects;
+               print "<th>Project</th>\n";
+       } else {
+               print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=project")}, "Project") . "</th>\n";
+       }
+       if (defined($order) && ($order eq "descr")) {
+               @projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects;
+               print "<th>Description</th>\n";
+       } else {
+               print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=descr")}, "Description") . "</th>\n";
+       }
+       if (defined($order) && ($order eq "owner")) {
+               @projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects;
+               print "<th>Owner</th>\n";
+       } else {
+               print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=owner")}, "Owner") . "</th>\n";
+       }
+       if (defined($order) && ($order eq "age")) {
+               @projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects;
+               print "<th>Last Change</th>\n";
+       } else {
+               print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=age")}, "Last Change") . "</th>\n";
+       }
+       print "<th></th>\n" .
              "</tr>\n";
        my $alternate = 0;
-       foreach my $pr (@list) {
-               my %proj = %$pr;
-               my $head = git_read_hash("$proj{'path'}/HEAD");
-               if (!defined $head) {
-                       next;
-               }
-               $ENV{'GIT_OBJECT_DIRECTORY'} = "$projectroot/$proj{'path'}/objects";
-               $ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$proj{'path'}/objects";
-               my %co = git_read_commit($head);
-               if (!%co) {
-                       next;
-               }
-               my $descr = git_read_description($proj{'path'}) || "";
-               $descr = chop_str($descr, 30);
-               # get directory owner if not already specified
-               if (!defined $proj{'owner'}) {
-                       $proj{'owner'} = get_file_owner("$projectroot/$proj{'path'}") || "";
-               }
+       foreach my $pr (@projects) {
                if ($alternate) {
-                       print "<tr style=\"background-color:#f6f5ed\">\n";
+                       print "<tr class=\"dark\">\n";
                } else {
-                       print "<tr>\n";
+                       print "<tr class=\"light\">\n";
                }
                $alternate ^= 1;
-               print "<td>" . $cgi->a({-href => "$my_uri?p=$proj{'path'};a=summary", -class => "list"}, escapeHTML($proj{'path'})) . "</td>\n" .
-                     "<td>$descr</td>\n" .
-                     "<td><i>" . chop_str($proj{'owner'}, 20) . "</i></td>\n";
+               print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary"), -class => "list"}, esc_html($pr->{'path'})) . "</td>\n" .
+                     "<td>$pr->{'descr'}</td>\n" .
+                     "<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
                my $colored_age;
-               if ($co{'age'} < 60*60*2) {
-                       $colored_age = "<span style =\"color: #009900;\"><b><i>$co{'age_string'}</i></b></span>";
-               } elsif ($co{'age'} < 60*60*24*2) {
-                       $colored_age = "<span style =\"color: #009900;\"><i>$co{'age_string'}</i></span>";
+               if ($pr->{'commit'}{'age'} < 60*60*2) {
+                       $colored_age = "<span style =\"color: #009900;\"><b><i>$pr->{'commit'}{'age_string'}</i></b></span>";
+               } elsif ($pr->{'commit'}{'age'} < 60*60*24*2) {
+                       $colored_age = "<span style =\"color: #009900;\"><i>$pr->{'commit'}{'age_string'}</i></span>";
                } else {
-                       $colored_age = "<i>$co{'age_string'}</i>";
+                       $colored_age = "<i>$pr->{'commit'}{'age_string'}</i>";
                }
                print "<td>$colored_age</td>\n" .
                      "<td class=\"link\">" .
-                     $cgi->a({-href => "$my_uri?p=$proj{'path'};a=summary"}, "summary") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$proj{'path'};a=log"}, "log") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary")}, "summary") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=shortlog")}, "shortlog") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=log")}, "log") .
                      "</td>\n" .
                      "</tr>\n";
        }
@@ -658,35 +927,81 @@ sub git_project_list {
        git_footer_html();
 }
 
+sub read_info_ref {
+       my $type = shift || "";
+       my %refs;
+       # 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f8c      refs/tags/v2.6.11
+       # c39ae07f393806ccf406ef966e9a15afc43cc36a      refs/tags/v2.6.11^{}
+       open my $fd, "$projectroot/$project/info/refs" or return;
+       while (my $line = <$fd>) {
+               chomp($line);
+               if ($line =~ m/^([0-9a-fA-F]{40})\t.*$type\/([^\^]+)/) {
+                       if (defined $refs{$1}) {
+                               $refs{$1} .= " / $2";
+                       } else {
+                               $refs{$1} = $2;
+                       }
+               }
+       }
+       close $fd or return;
+       return \%refs;
+}
+
 sub git_read_refs {
        my $ref_dir = shift;
        my @reflist;
 
+       my @refs;
        opendir my $dh, "$projectroot/$project/$ref_dir";
-       my @refs = grep !m/^\./, readdir $dh;
+       while (my $dir = readdir($dh)) {
+               if ($dir =~ m/^\./) {
+                       next;
+               }
+               if (-d "$projectroot/$project/$ref_dir/$dir") {
+                       opendir my $dh2, "$projectroot/$project/$ref_dir/$dir";
+                       my @subdirs = grep !m/^\./, readdir $dh2;
+                       closedir($dh2);
+                       foreach my $subdir (@subdirs) {
+                               push @refs, "$dir/$subdir"
+                       }
+                       next;
+               }
+               push @refs, $dir;
+       }
        closedir($dh);
        foreach my $ref_file (@refs) {
                my $ref_id = git_read_hash("$project/$ref_dir/$ref_file");
                my $type = git_get_type($ref_id) || next;
                my %ref_item;
                my %co;
+               $ref_item{'type'} = $type;
+               $ref_item{'id'} = $ref_id;
+               $ref_item{'epoch'} = 0;
+               $ref_item{'age'} = "unknown";
                if ($type eq "tag") {
                        my %tag = git_read_tag($ref_id);
+                       $ref_item{'comment'} = $tag{'comment'};
                        if ($tag{'type'} eq "commit") {
                                %co = git_read_commit($tag{'object'});
+                               $ref_item{'epoch'} = $co{'committer_epoch'};
+                               $ref_item{'age'} = $co{'age_string'};
+                       } elsif (defined($tag{'epoch'})) {
+                               my $age = time - $tag{'epoch'};
+                               $ref_item{'epoch'} = $tag{'epoch'};
+                               $ref_item{'age'} = age_string($age);
                        }
-                       $ref_item{'type'} = $tag{'type'};
+                       $ref_item{'reftype'} = $tag{'type'};
                        $ref_item{'name'} = $tag{'name'};
-                       $ref_item{'id'} = $tag{'object'};
+                       $ref_item{'refid'} = $tag{'object'};
                } elsif ($type eq "commit"){
                        %co = git_read_commit($ref_id);
-                       $ref_item{'type'} = "commit";
+                       $ref_item{'reftype'} = "commit";
                        $ref_item{'name'} = $ref_file;
                        $ref_item{'title'} = $co{'title'};
-                       $ref_item{'id'} = $ref_id;
+                       $ref_item{'refid'} = $ref_id;
+                       $ref_item{'epoch'} = $co{'committer_epoch'};
+                       $ref_item{'age'} = $co{'age_string'};
                }
-               $ref_item{'epoch'} = $co{'committer_epoch'} || 0;
-               $ref_item{'age'} = $co{'age_string'} || "unknown";
 
                push @reflist, \%ref_item;
        }
@@ -697,9 +1012,7 @@ sub git_read_refs {
 
 sub git_summary {
        my $descr = git_read_description($project) || "none";
-       my $head = git_read_hash("$project/HEAD");
-       $ENV{'GIT_OBJECT_DIRECTORY'} = "$projectroot/$project/objects";
-       $ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/objects";
+       my $head = git_read_head($project);
        my %co = git_read_commit($head);
        my %cd = date_str($co{'committer_epoch'}, $co{'committer_tz'});
 
@@ -712,7 +1025,7 @@ sub git_summary {
                        $pr = unescape($pr);
                        $ow = unescape($ow);
                        if ($pr eq $project) {
-                               $owner = $ow;
+                               $owner = decode("utf8", $ow, Encode::FB_DEFAULT);
                                last;
                        }
                }
@@ -722,47 +1035,64 @@ sub git_summary {
                $owner = get_file_owner("$projectroot/$project");
        }
 
+       my $refs = read_info_ref();
        git_header_html();
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
+             "summary".
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree")}, "tree") .
              "<br/><br/>\n" .
              "</div>\n";
-       print "<div class=\"title\">project</div>\n";
+       print "<div class=\"title\">&nbsp;</div>\n";
        print "<table cellspacing=\"0\">\n" .
-             "<tr><td>description</td><td>" . escapeHTML($descr) . "</td></tr>\n" .
+             "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
              "<tr><td>owner</td><td>$owner</td></tr>\n" .
              "<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n" .
              "</table>\n";
-       open my $fd, "-|", "$gitbin/git-rev-list --max-count=16 " . git_read_hash("$project/HEAD") || die_error(undef, "Open failed.");
+       open my $fd, "-|", "$gitbin/git-rev-list --max-count=17 " . git_read_head($project) or die_error(undef, "Open failed.");
        my (@revlist) = map { chomp; $_ } <$fd>;
        close $fd;
        print "<div>\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log", -class => "title"}, "commits") .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog"), -class => "title"}, "shortlog") .
              "</div>\n";
-       my $i = 15;
+       my $i = 16;
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        foreach my $commit (@revlist) {
                my %co = git_read_commit($commit);
                my %ad = date_str($co{'author_epoch'});
                if ($alternate) {
-                       print "<tr style=\"background-color:#f6f5ed\">\n";
+                       print "<tr class=\"dark\">\n";
                } else {
-                       print "<tr>\n";
+                       print "<tr class=\"light\">\n";
                }
                $alternate ^= 1;
-               if (--$i > 0) {
+               if ($i-- > 0) {
+                       my $ref = "";
+                       if (defined $refs->{$commit}) {
+                               $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+                       }
                        print "<td><i>$co{'age_string'}</i></td>\n" .
-                             "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
-                             "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" . escapeHTML($co{'title'}) . "</b>") . "</td>\n" .
+                             "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+                             "<td>";
+                       if (length($co{'title_short'}) < length($co{'title'})) {
+                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+                                     "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
+                       } else {
+                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"},
+                                     "<b>" . esc_html($co{'title'}) . "$ref</b>");
+                       }
+                       print "</td>\n" .
                              "<td class=\"link\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
-                             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
                              "</td>\n" .
                              "</tr>";
                } else {
-                       print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "...") . "</td>\n" .
+                       print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "...") . "</td>\n" .
                        "</tr>";
                        last;
                }
@@ -772,26 +1102,48 @@ sub git_summary {
        my $taglist = git_read_refs("refs/tags");
        if (defined @$taglist) {
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=tags", -class => "title"}, "tags") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags"), -class => "title"}, "tags") .
                      "</div>\n";
-               my $i = 15;
+               my $i = 16;
                print "<table cellspacing=\"0\">\n";
                my $alternate = 0;
                foreach my $entry (@$taglist) {
                        my %tag = %$entry;
+                       my $comment_lines = $tag{'comment'};
+                       my $comment = shift @$comment_lines;
+                       if (defined($comment)) {
+                               $comment = chop_str($comment, 30, 5);
+                       }
                        if ($alternate) {
-                               print "<tr style=\"background-color:#f6f5ed\">\n";
+                               print "<tr class=\"dark\">\n";
                        } else {
-                               print "<tr>\n";
+                               print "<tr class=\"light\">\n";
                        }
                        $alternate ^= 1;
-                       if (--$i > 0) {
+                       if ($i-- > 0) {
                                print "<td><i>$tag{'age'}</i></td>\n" .
-                                     "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'id'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") . "</td>\n" .
-                                     "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'id'}"}, $tag{'type'}) . "</td>\n" .
+                                     "<td>" .
+                                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+                                     "<b>" . esc_html($tag{'name'}) . "</b>") .
+                                     "</td>\n" .
+                                     "<td>";
+                               if (defined($comment)) {
+                                     print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment);
+                               }
+                               print "</td>\n" .
+                                     "<td class=\"link\">";
+                               if ($tag{'type'} eq "tag") {
+                                     print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
+                               }
+                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
+                               if ($tag{'reftype'} eq "commit") {
+                                     print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+                                           " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log");
+                               }
+                               print "</td>\n" .
                                      "</tr>";
                        } else {
-                               print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=tags"}, "...") . "</td>\n" .
+                               print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags")}, "...") . "</td>\n" .
                                "</tr>";
                                last;
                        }
@@ -799,29 +1151,35 @@ sub git_summary {
                print "</table\n>";
        }
 
-       my $branchlist = git_read_refs("refs/heads");
-       if (defined @$branchlist) {
+       my $headlist = git_read_refs("refs/heads");
+       if (defined @$headlist) {
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=branches", -class => "title"}, "branches") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads"), -class => "title"}, "heads") .
                      "</div>\n";
-               my $i = 15;
+               my $i = 16;
                print "<table cellspacing=\"0\">\n";
                my $alternate = 0;
-               foreach my $entry (@$branchlist) {
+               foreach my $entry (@$headlist) {
                        my %tag = %$entry;
                        if ($alternate) {
-                               print "<tr style=\"background-color:#f6f5ed\">\n";
+                               print "<tr class=\"dark\">\n";
                        } else {
-                               print "<tr>\n";
+                               print "<tr class=\"light\">\n";
                        }
                        $alternate ^= 1;
-                       if (--$i > 0) {
+                       if ($i-- > 0) {
                                print "<td><i>$tag{'age'}</i></td>\n" .
-                                     "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'id'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") . "</td>\n" .
-                                     "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'id'}"}, "log") . "</td>\n" .
+                                     "<td>" .
+                                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"},
+                                     "<b>" . esc_html($tag{'name'}) . "</b>") .
+                                     "</td>\n" .
+                                     "<td class=\"link\">" .
+                                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+                                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") .
+                                     "</td>\n" .
                                      "</tr>";
                        } else {
-                               print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=branches"}, "...") . "</td>\n" .
+                               print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads")}, "...") . "</td>\n" .
                                "</tr>";
                                last;
                        }
@@ -831,33 +1189,97 @@ sub git_summary {
        git_footer_html();
 }
 
+sub git_tag {
+       my $head = git_read_head($project);
+       git_header_html();
+       print "<div class=\"page_nav\">\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
+             "<br/>\n" .
+             "</div>\n";
+       my %tag = git_read_tag($hash);
+       print "<div>\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($tag{'name'})) . "\n" .
+             "</div>\n";
+       print "<div class=\"title_text\">\n" .
+             "<table cellspacing=\"0\">\n" .
+             "<tr>\n" .
+             "<td>object</td>\n" .
+             "<td>" . $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" .
+             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" .
+             "</tr>\n";
+       if (defined($tag{'author'})) {
+               my %ad = date_str($tag{'epoch'}, $tag{'tz'});
+               print "<tr><td>author</td><td>" . esc_html($tag{'author'}) . "</td></tr>\n";
+               print "<tr><td></td><td>" . $ad{'rfc2822'} . sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) . "</td></tr>\n";
+       }
+       print "</table>\n\n" .
+             "</div>\n";
+       print "<div class=\"page_body\">";
+       my $comment = $tag{'comment'};
+       foreach my $line (@$comment) {
+               print esc_html($line) . "<br/>\n";
+       }
+       print "</div>\n";
+       git_footer_html();
+}
+
 sub git_tags {
-       my $head = git_read_hash("$project/HEAD");
+       my $head = git_read_head($project);
        git_header_html();
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
-             "<br/><br/>\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
+             "<br/>\n" .
              "</div>\n";
        my $taglist = git_read_refs("refs/tags");
        print "<div>\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, "tags") .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, "&nbsp;") .
              "</div>\n";
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        if (defined @$taglist) {
                foreach my $entry (@$taglist) {
                        my %tag = %$entry;
+                       my $comment_lines = $tag{'comment'};
+                       my $comment = shift @$comment_lines;
+                       if (defined($comment)) {
+                               $comment = chop_str($comment, 30, 5);
+                       }
                        if ($alternate) {
-                               print "<tr style=\"background-color:#f6f5ed\">\n";
+                               print "<tr class=\"dark\">\n";
                        } else {
-                               print "<tr>\n";
+                               print "<tr class=\"light\">\n";
                        }
                        $alternate ^= 1;
                        print "<td><i>$tag{'age'}</i></td>\n" .
-                             "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'id'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") . "</td>\n" .
-                             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'id'}"}, $tag{'type'}) . "</td>\n" .
+                             "<td>" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+                             "<b>" . esc_html($tag{'name'}) . "</b>") .
+                             "</td>\n" .
+                             "<td>";
+                       if (defined($comment)) {
+                             print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment);
+                       }
+                       print "</td>\n" .
+                             "<td class=\"link\">";
+                       if ($tag{'type'} eq "tag") {
+                             print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
+                       }
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
+                       if ($tag{'reftype'} eq "commit") {
+                             print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+                                   " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log");
+                       }
+                       print "</td>\n" .
                              "</tr>";
                }
        }
@@ -865,18 +1287,21 @@ sub git_tags {
        git_footer_html();
 }
 
-sub git_branches {
-       my $head = git_read_hash("$project/HEAD");
+sub git_heads {
+       my $head = git_read_head($project);
        git_header_html();
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
-             "<br/><br/>\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
+             "<br/>\n" .
              "</div>\n";
        my $taglist = git_read_refs("refs/heads");
        print "<div>\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, "branches") .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, "&nbsp;") .
              "</div>\n";
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
@@ -884,14 +1309,19 @@ sub git_branches {
                foreach my $entry (@$taglist) {
                        my %tag = %$entry;
                        if ($alternate) {
-                               print "<tr style=\"background-color:#f6f5ed\">\n";
+                               print "<tr class=\"dark\">\n";
                        } else {
-                               print "<tr>\n";
+                               print "<tr class=\"light\">\n";
                        }
                        $alternate ^= 1;
                        print "<td><i>$tag{'age'}</i></td>\n" .
-                             "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'id'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") . "</td>\n" .
-                             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'id'}"}, "log") . "</td>\n" .
+                             "<td>" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . esc_html($tag{'name'}) . "</b>") .
+                             "</td>\n" .
+                             "<td class=\"link\">" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") .
+                             "</td>\n" .
                              "</tr>";
                }
        }
@@ -901,21 +1331,21 @@ sub git_branches {
 
 sub git_get_hash_by_path {
        my $base = shift;
-       my $path = shift;
+       my $path = shift || return undef;
 
        my $tree = $base;
        my @parts = split '/', $path;
        while (my $part = shift @parts) {
-               open my $fd, "-|", "$gitbin/git-ls-tree $tree" || die_error(undef, "Open git-ls-tree failed.");
+               open my $fd, "-|", "$gitbin/git-ls-tree $tree" or die_error(undef, "Open git-ls-tree failed.");
                my (@entries) = map { chomp; $_ } <$fd>;
-               close $fd || return undef;
+               close $fd or return undef;
                foreach my $line (@entries) {
                        #'100644        blob    0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa        panic.c'
-                       $line =~ m/^([0-9]+)\t(.+)\t([0-9a-fA-F]{40})\t(.+)$/;
+                       $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
                        my $t_mode = $1;
                        my $t_type = $2;
                        my $t_hash = $3;
-                       my $t_name = $4;
+                       my $t_name = validate_input(unquote($4));
                        if ($t_name eq $part) {
                                if (!(@parts)) {
                                        return $t_hash;
@@ -931,24 +1361,28 @@ sub git_get_hash_by_path {
 
 sub git_blob {
        if (!defined $hash && defined $file_name) {
-               my $base = $hash_base || git_read_hash("$project/HEAD");
-               $hash = git_get_hash_by_path($base, $file_name, "blob");
+               my $base = $hash_base || git_read_head($project);
+               $hash = git_get_hash_by_path($base, $file_name, "blob") || die_error(undef, "Error lookup file.");
        }
-       open my $fd, "-|", "$gitbin/git-cat-file blob $hash" || die_error(undef, "Open failed.");
-       my $base = $file_name || "";
+       open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or die_error(undef, "Open failed.");
        git_header_html();
        if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
                print "<div class=\"page_nav\">\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree");
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n";
                if (defined $file_name) {
-                       print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base;f=$file_name"}, "history");
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") .
+                       " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=HEAD;f=$file_name")}, "head") . "<br/>\n";
+               } else {
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n";
                }
-               print "<br/><br/>\n" .
-                     "</div>\n";
-               print "<div>" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) .
+               print "</div>\n".
+                      "<div>" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) .
                      "</div>\n";
        } else {
                print "<div class=\"page_nav\">\n" .
@@ -956,52 +1390,77 @@ sub git_blob {
                      "<div class=\"title\">$hash</div>\n";
        }
        if (defined $file_name) {
-               print "<div class=\"page_path\">/$file_name</div>\n";
+               print "<div class=\"page_path\"><b>" . esc_html($file_name) . "</b></div>\n";
        }
        print "<div class=\"page_body\">\n";
        my $nr;
        while (my $line = <$fd>) {
                chomp $line;
                $nr++;
-               print "<div class=\"pre\">";
-               printf "<span style=\"color:#999999;\">%4i</span>", $nr;
-               print " " .escapeHTML($line) . "</div>\n";
+               while ((my $pos = index($line, "\t")) != -1) {
+                       if (my $count = (8 - ($pos % 8))) {
+                               my $spaces = ' ' x $count;
+                               $line =~ s/\t/$spaces/;
+                       }
+               }
+               printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, esc_html($line);
        }
-       close $fd || print "Reading blob failed.\n";
+       close $fd or print "Reading blob failed.\n";
        print "</div>";
        git_footer_html();
 }
 
+sub git_blob_plain {
+       my $save_as = "$hash.txt";
+       if (defined $file_name) {
+               $save_as = $file_name;
+       }
+       print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"$save_as\"");
+       open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return;
+       undef $/;
+       print <$fd>;
+       $/ = "\n";
+       close $fd;
+}
+
 sub git_tree {
        if (!defined $hash) {
-               $hash = git_read_hash("$project/HEAD");
+               $hash = git_read_head($project);
                if (defined $file_name) {
-                       my $base = $hash_base || git_read_hash("$project/HEAD");
+                       my $base = $hash_base || $hash;
                        $hash = git_get_hash_by_path($base, $file_name, "tree");
                }
                if (!defined $hash_base) {
-                       $hash_base = git_read_hash("$project/HEAD");
+                       $hash_base = $hash;
                }
        }
-       open my $fd, "-|", "$gitbin/git-ls-tree $hash" || die_error(undef, "Open git-ls-tree failed.");
-       my (@entries) = map { chomp; $_ } <$fd>;
-       close $fd || die_error(undef, "Reading tree failed.");
+       $/ = "\0";
+       open my $fd, "-|", "$gitbin/git-ls-tree -z $hash" or die_error(undef, "Open git-ls-tree failed.");
+       chomp (my (@entries) = <$fd>);
+       close $fd or die_error(undef, "Reading tree failed.");
+       $/ = "\n";
 
+       my $refs = read_info_ref();
+       my $ref = "";
+       if (defined $refs->{$hash_base}) {
+               $ref = " <span class=\"tag\">" . esc_html($refs->{$hash_base}) . "</span>";
+       }
        git_header_html();
        my $base_key = "";
-       my $file_key = "";
        my $base = "";
        if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
                $base_key = ";hb=$hash_base";
                print "<div class=\"page_nav\">\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash_base")}, "shortlog") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash_base")}, "log") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+                     " | tree" .
                      "<br/><br/>\n" .
                      "</div>\n";
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
                      "</div>\n";
        } else {
                print "<div class=\"page_nav\">\n";
@@ -1009,43 +1468,42 @@ sub git_tree {
                print "<div class=\"title\">$hash</div>\n";
        }
        if (defined $file_name) {
-               $base = "$file_name/";
-               print "<div class=\"page_path\">/$file_name</div>\n";
+               $base = esc_html("$file_name/");
+               print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b></div>\n";
        } else {
-               print "<div class=\"page_path\">/</div>\n";
+               print "<div class=\"page_path\"><b>/</b></div>\n";
        }
        print "<div class=\"page_body\">\n";
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        foreach my $line (@entries) {
                #'100644        blob    0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa        panic.c'
-               $line =~ m/^([0-9]+)\t(.+)\t([0-9a-fA-F]{40})\t(.+)$/;
+               $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
                my $t_mode = $1;
                my $t_type = $2;
                my $t_hash = $3;
-               my $t_name = $4;
-               $file_key = ";f=$base$t_name";
+               my $t_name = validate_input($4);
                if ($alternate) {
-                       print "<tr style=\"background-color:#f6f5ed\">\n";
+                       print "<tr class=\"dark\">\n";
                } else {
-                       print "<tr>\n";
+                       print "<tr class=\"light\">\n";
                }
                $alternate ^= 1;
                print "<td style=\"font-family:monospace\">" . mode_str($t_mode) . "</td>\n";
                if ($t_type eq "blob") {
                        print "<td class=\"list\">" .
-                       $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key, -class => "list"}, $t_name) .
-                       "</td>\n";
-                       print "<td class=\"link\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key}, "blob") .
-                             " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name"), -class => "list"}, esc_html($t_name)) .
+                             "</td>\n" .
+                             "<td class=\"link\">" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name")}, "blob") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash_base;f=$base$t_name")}, "history") .
                              "</td>\n";
                } elsif ($t_type eq "tree") {
                        print "<td class=\"list\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, $t_name) .
-                             "</td>\n";
-                       print "<td class=\"link\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, esc_html($t_name)) .
+                             "</td>\n" .
+                             "<td class=\"link\">" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, "tree") .
                              "</td>\n";
                }
                print "</tr>\n";
@@ -1056,83 +1514,165 @@ sub git_tree {
 }
 
 sub git_rss {
-       open my $fd, "-|", "$gitbin/git-rev-list --max-count=20 " . git_read_hash("$project/HEAD") || die_error(undef, "Open failed.");
+       # http://www.notestips.com/80256B3A007F2692/1/NAMO5P9UPQ
+       open my $fd, "-|", "$gitbin/git-rev-list --max-count=150 " . git_read_head($project) or die_error(undef, "Open failed.");
        my (@revlist) = map { chomp; $_ } <$fd>;
-       close $fd || die_error(undef, "Reading rev-list failed.");
-
+       close $fd or die_error(undef, "Reading rev-list failed.");
        print $cgi->header(-type => 'text/xml', -charset => 'utf-8');
        print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n".
-             "<rss version=\"0.91\">\n";
+             "<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">\n";
        print "<channel>\n";
        print "<title>$project</title>\n".
-             "<link> $my_url/$project/log</link>\n".
+             "<link>" . esc_html("$my_url?p=$project;a=summary") . "</link>\n".
              "<description>$project log</description>\n".
              "<language>en</language>\n";
 
-       foreach my $commit (@revlist) {
+       for (my $i = 0; $i <= $#revlist; $i++) {
+               my $commit = $revlist[$i];
                my %co = git_read_commit($commit);
-               my %ad = date_str($co{'author_epoch'});
+               # we read 150, we always show 30 and the ones more recent than 48 hours
+               if (($i >= 20) && ((time - $co{'committer_epoch'}) > 48*60*60)) {
+                       last;
+               }
+               my %cd = date_str($co{'committer_epoch'});
+               open $fd, "-|", "$gitbin/git-diff-tree -r $co{'parent'} $co{'id'}" or next;
+               my @difftree = map { chomp; $_ } <$fd>;
+               close $fd or next;
                print "<item>\n" .
-                     "\t<title>" . sprintf("%d %s %02d:%02d", $ad{'mday'}, $ad{'month'}, $ad{'hour'}, $ad{'minute'}) . " - " . escapeHTML($co{'title'}) . "</title>\n" .
-                     "\t<link> $my_url?p=$project;a=commit;h=$commit</link>\n" .
-                     "\t<description>";
+                     "<title>" .
+                     sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . esc_html($co{'title'}) .
+                     "</title>\n" .
+                     "<author>" . esc_html($co{'author'}) . "</author>\n" .
+                     "<pubDate>$cd{'rfc2822'}</pubDate>\n" .
+                     "<guid isPermaLink=\"true\">" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" .
+                     "<link>" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" .
+                     "<description>" . esc_html($co{'title'}) . "</description>\n" .
+                     "<content:encoded>" .
+                     "<![CDATA[\n";
                my $comment = $co{'comment'};
                foreach my $line (@$comment) {
-                       print escapeHTML($line) . "<br/>\n";
+                       $line = decode("utf8", $line, Encode::FB_DEFAULT);
+                       print "$line<br/>\n";
                }
-               print "\t</description>\n" .
+               print "<br/>\n";
+               foreach my $line (@difftree) {
+                       if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) {
+                               next;
+                       }
+                       my $file = validate_input(unquote($7));
+                       $file = decode("utf8", $file, Encode::FB_DEFAULT);
+                       print "$file<br/>\n";
+               }
+               print "]]>\n" .
+                     "</content:encoded>\n" .
                      "</item>\n";
        }
        print "</channel></rss>";
 }
 
+sub git_opml {
+       my @list = git_read_projects();
+
+       print $cgi->header(-type => 'text/xml', -charset => 'utf-8');
+       print "<?xml version=\"1.0\" encoding=\"utf-8\"?>\n".
+             "<opml version=\"1.0\">\n".
+             "<head>".
+             "  <title>Git OPML Export</title>\n".
+             "</head>\n".
+             "<body>\n".
+             "<outline text=\"git RSS feeds\">\n";
+
+       foreach my $pr (@list) {
+               my %proj = %$pr;
+               my $head = git_read_head($proj{'path'});
+               if (!defined $head) {
+                       next;
+               }
+               $ENV{'GIT_DIR'} = "$projectroot/$proj{'path'}";
+               my %co = git_read_commit($head);
+               if (!%co) {
+                       next;
+               }
+
+               my $path = esc_html(chop_str($proj{'path'}, 25, 5));
+               my $rss =  "$my_url?p=$proj{'path'};a=rss";
+               my $html =  "$my_url?p=$proj{'path'};a=summary";
+               print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n";
+       }
+       print "</outline>\n".
+             "</body>\n".
+             "</opml>\n";
+}
+
 sub git_log {
+       my $head = git_read_head($project);
        if (!defined $hash) {
-               $hash = git_read_hash("$project/HEAD");
+               $hash = $head;
        }
-       my $limit_option = "";
-       if (!defined $time_back) {
-               $limit_option = "--max-count=10";
-       } elsif ($time_back > 0) {
-               my $date = time - $time_back*24*60*60;
-               $limit_option = "--max-age=$date";
+       if (!defined $page) {
+               $page = 0;
        }
-       open my $fd, "-|", "$gitbin/git-rev-list $limit_option $hash" || die_error(undef, "Open failed.");
-       my (@revlist) = map { chomp; $_ } <$fd>;
-       close $fd || die_error(undef, "Reading rev-list failed.");
-
+       my $refs = read_info_ref();
        git_header_html();
        print "<div class=\"page_nav\">\n";
-       print $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "last 10") .
-             " &sdot; " . $cgi->a({-href => "$my_uri?p=$project;a=log;t=1;h=$hash"}, "day") .
-             " &sdot; " .$cgi->a({-href => "$my_uri?p=$project;a=log;t=7;h=$hash"}, "week") .
-             " &sdot; " . $cgi->a({-href => "$my_uri?p=$project;a=log;t=31;h=$hash"}, "month") .
-             " &sdot; " . $cgi->a({-href => "$my_uri?p=$project;a=log;t=365;h=$hash"}, "year") .
-             " &sdot; " . $cgi->a({-href => "$my_uri?p=$project;a=log;t=0;h=$hash"}, "all") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$hash"}, "tree") . "<br/>\n";
+       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
+             " | log" .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
+
+       my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
+       open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
+       my (@revlist) = map { chomp; $_ } <$fd>;
+       close $fd;
+
+       if ($hash ne $head || $page) {
+               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "HEAD");
+       } else {
+               print "HEAD";
+       }
+       if ($page > 0) {
+               print " &sdot; " .
+               $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
+       } else {
+               print " &sdot; prev";
+       }
+       if ($#revlist >= (100 * ($page+1)-1)) {
+               print " &sdot; " .
+               $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
+       } else {
+               print " &sdot; next";
+       }
        print "<br/>\n" .
              "</div>\n";
-
        if (!@revlist) {
+               print "<div>\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, "&nbsp;") .
+                     "</div>\n";
                my %co = git_read_commit($hash);
                print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n";
        }
-
-       foreach my $commit (@revlist) {
+       for (my $i = ($page * 100); $i <= $#revlist; $i++) {
+               my $commit = $revlist[$i];
+               my $ref = "";
+               if (defined $refs->{$commit}) {
+                       $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+               }
                my %co = git_read_commit($commit);
                next if !%co;
                my %ad = date_str($co{'author_epoch'});
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "title"},
-                     "<span class=\"age\">$co{'age_string'}</span>" . escapeHTML($co{'title'})) . "\n" .
-                     "</div>\n";
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "title"},
+                     "<span class=\"age\">$co{'age_string'}</span>" . esc_html($co{'title'}) . $ref) . "\n";
+               print "</div>\n";
                print "<div class=\"title_text\">\n" .
                      "<div class=\"log_link\">\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
                      "<br/>\n" .
                      "</div>\n" .
-                     "<i>" . escapeHTML($co{'author_name'}) .  " [$ad{'rfc2822'}]</i><br/>\n" .
+                     "<i>" . esc_html($co{'author_name'}) .  " [$ad{'rfc2822'}]</i><br/>\n" .
                      "</div>\n" .
                      "<div class=\"log_body\">\n";
                my $comment = $co{'comment'};
@@ -1149,7 +1689,7 @@ sub git_log {
                        } else {
                                $empty = 0;
                        }
-                       print escapeHTML($line) . "<br/>\n";
+                       print format_log_line_html($line) . "<br/>\n";
                }
                if (!$empty) {
                        print "<br/>\n";
@@ -1168,37 +1708,49 @@ sub git_commit {
        my %cd = date_str($co{'committer_epoch'}, $co{'committer_tz'});
 
        my @difftree;
-       if (defined $co{'parent'}) {
-               open my $fd, "-|", "$gitbin/git-diff-tree -r $co{'parent'} $hash" || die_error(undef, "Open failed.");
-               @difftree = map { chomp; $_ } <$fd>;
-               close $fd || die_error(undef, "Reading diff-tree failed.");
-       } else {
-               # fake git-diff-tree output for initial revision
-               open my $fd, "-|", "$gitbin/git-ls-tree -r $hash" || die_error(undef, "Open failed.");
-               @difftree = map { chomp;  "+" . $_ } <$fd>;
-               close $fd || die_error(undef, "Reading ls-tree failed.");
-       }
-       git_header_html();
+       my $root = "";
+       my $parent = $co{'parent'};
+       if (!defined $parent) {
+               $root = " --root";
+               $parent = "";
+       }
+       open my $fd, "-|", "$gitbin/git-diff-tree -r -M $root $parent $hash" or die_error(undef, "Open failed.");
+       @difftree = map { chomp; $_ } <$fd>;
+       close $fd or die_error(undef, "Reading diff-tree failed.");
+
+       # non-textual hash id's can be cached
+       my $expires;
+       if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+               $expires = "+1d";
+       }
+       my $refs = read_info_ref();
+       my $ref = "";
+       if (defined $refs->{$co{'id'}}) {
+               $ref = " <span class=\"tag\">" . esc_html($refs->{$co{'id'}}) . "</span>";
+       }
+       git_header_html(undef, $expires);
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit");
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+             " | commit";
        if (defined $co{'parent'}) {
-               print " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff");
+               print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff");
        }
-       print " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "\n" .
+       print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" .
              "<br/><br/></div>\n";
        if (defined $co{'parent'}) {
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
                      "</div>\n";
        } else {
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
                      "</div>\n";
        }
        print "<div class=\"title_text\">\n" .
              "<table cellspacing=\"0\">\n";
-       print "<tr><td>author</td><td>" . escapeHTML($co{'author'}) . "</td></tr>\n".
+       print "<tr><td>author</td><td>" . esc_html($co{'author'}) . "</td></tr>\n".
              "<tr>" .
              "<td></td><td> $ad{'rfc2822'}";
        if ($ad{'hour_local'} < 6) {
@@ -1208,23 +1760,25 @@ sub git_commit {
        }
        print "</td>" .
              "</tr>\n";
-       print "<tr><td>committer</td><td>" . escapeHTML($co{'committer'}) . "</td></tr>\n";
+       print "<tr><td>committer</td><td>" . esc_html($co{'committer'}) . "</td></tr>\n";
        print "<tr><td></td><td> $cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "</td></tr>\n";
-       print "<tr><td>commit</td><td style=\"font-family:monospace\">$hash</td></tr>\n";
+       print "<tr><td>commit</td><td style=\"font-family:monospace\">$co{'id'}</td></tr>\n";
        print "<tr>" .
              "<td>tree</td>" .
-             "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", class => "list"}, $co{'tree'}) . "</td>" .
-             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+             "<td style=\"font-family:monospace\">" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) .
+             "</td>" .
+             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
              "</td>" .
              "</tr>\n";
        my $parents  = $co{'parents'};
        foreach my $par (@$parents) {
                print "<tr>" .
                      "<td>parent</td>" .
-                     "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par", class => "list"}, $par) . "</td>" .
+                     "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" .
                      "<td class=\"link\">" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par"}, "commit") .
-                     " |" . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par"}, "commitdiff") .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") .
                      "</td>" .
                      "</tr>\n";
        }
@@ -1246,10 +1800,10 @@ sub git_commit {
                }
                if ($line =~ m/^ *(signed[ \-]off[ \-]by[ :]|acked[ \-]by[ :]|cc[ :])/i) {
                        $signed = 1;
-                       print "<span style=\"color: #888888\">" . escapeHTML($line) . "</span><br/>\n";
+                       print "<span style=\"color: #888888\">" . esc_html($line) . "</span><br/>\n";
                } else {
                        $signed = 0;
-                       print escapeHTML($line) . "<br/>\n";
+                       print format_log_line_html($line) . "<br/>\n";
                }
        }
        print "</div>\n";
@@ -1261,49 +1815,42 @@ sub git_commit {
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        foreach my $line (@difftree) {
-               # '*100644->100644      blob    9f91a116d91926df3ba936a80f020a6ab1084d2b->bb90a0c3a91eb52020d0db0e8b4f94d30e02d596      net/ipv4/route.c'
-               # '+100644      blob    4a83ab6cd565d21ab0385bac6643826b83c2fcd4        arch/arm/lib/bitops.h'
-               # '*100664->100644      blob    b1a8e3dd5556b61dd771d32307c6ee5d7150fa43->b1a8e3dd5556b61dd771d32307c6ee5d7150fa43      show-files.c'
-               # '*100664->100644      blob    d08e895238bac36d8220586fdc28c27e1a7a76d3->d08e895238bac36d8220586fdc28c27e1a7a76d3      update-cache.c'
-               $line =~ m/^(.)(.+)\t(.+)\t([0-9a-fA-F]{40}|[0-9a-fA-F]{40}->[0-9a-fA-F]{40})\t(.+)$/;
-               my $op = $1;
-               my $mode = $2;
-               my $type = $3;
-               my $id = $4;
-               my $file = $5;
-               if ($type ne "blob") {
+               # ':100644 100644 03b218260e99b78c6df0ed378e59ed9205ccc96d 3b93d5e7cc7f7dd4ebed13a5cc1a4ad976fc94d8 M      ls-files.c'
+               # ':100644 100644 7f9281985086971d3877aca27704f2aaf9c448ce bc190ebc71bbd923f2b728e505408f5e54bd073a M      rev-tree.c'
+               if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) {
                        next;
                }
+               my $from_mode = $1;
+               my $to_mode = $2;
+               my $from_id = $3;
+               my $to_id = $4;
+               my $status = $5;
+               my $similarity = $6;
+               my $file = validate_input(unquote($7));
                if ($alternate) {
-                       print "<tr style=\"background-color:#f6f5ed\">\n";
+                       print "<tr class=\"dark\">\n";
                } else {
-                       print "<tr>\n";
+                       print "<tr class=\"light\">\n";
                }
                $alternate ^= 1;
-               if ($op eq "+") {
+               if ($status eq "A") {
                        my $mode_chng = "";
-                       if (S_ISREG(oct $mode)) {
-                               $mode_chng = sprintf(" with mode: %04o", (oct $mode) & 0777);
+                       if (S_ISREG(oct $to_mode)) {
+                               $mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777);
                        }
                        print "<td>" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hp=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
-                             "<td><span style=\"color: #008000;\">[new " . file_type($mode) . "$mode_chng]</span></td>\n" .
-                             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hb=$hash;f=$file"}, "blob") . "</td>\n";
-               } elsif ($op eq "-") {
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
+                             "<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" .
+                             "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n";
+               } elsif ($status eq "D") {
                        print "<td>" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
-                             "<td><span style=\"color: #c00000;\">[deleted " . file_type($mode). "]</span></td>\n" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
+                             "<td><span style=\"color: #c00000;\">[deleted " . file_type($from_mode). "]</span></td>\n" .
                              "<td class=\"link\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hb=$hash;f=$file"}, "blob") .
-                             " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") .
                              "</td>\n"
-               } elsif ($op eq "*") {
-                       $id =~ m/([0-9a-fA-F]+)->([0-9a-fA-F]+)/;
-                       my $from_id = $1;
-                       my $to_id = $2;
-                       $mode =~ m/^([0-7]{6})->([0-7]{6})$/;
-                       my $from_mode = $1;
-                       my $to_mode = $2;
+               } elsif ($status eq "M" || $status eq "T") {
                        my $mode_chnge = "";
                        if ($from_mode != $to_mode) {
                                $mode_chnge = " <span style=\"color: #777777;\">[changed";
@@ -1321,18 +1868,35 @@ sub git_commit {
                        }
                        print "<td>";
                        if ($to_id ne $from_id) {
-                               print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
                        } else {
-                               print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
                        }
                        print "</td>\n" .
                              "<td>$mode_chnge</td>\n" .
                              "<td class=\"link\">";
-                       print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob");
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob");
                        if ($to_id ne $from_id) {
-                               print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"}, "diff");
+                               print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff");
+                       }
+                       print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") . "\n";
+                       print "</td>\n";
+               } elsif ($status eq "R") {
+                       my ($from_file, $to_file) = split "\t", $file;
+                       my $mode_chng = "";
+                       if ($from_mode != $to_mode) {
+                               $mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777);
+                       }
+                       print "<td>" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, esc_html($to_file)) . "</td>\n" .
+                             "<td><span style=\"color: #777777;\">[moved from " .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, esc_html($from_file)) .
+                             " with " . (int $similarity) . "% similarity$mode_chng]</span></td>\n" .
+                             "<td class=\"link\">" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob");
+                       if ($to_id ne $from_id) {
+                               print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff");
                        }
-                       print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . "\n";
                        print "</td>\n";
                }
                print "</tr>\n";
@@ -1342,21 +1906,21 @@ sub git_commit {
 }
 
 sub git_blobdiff {
-       mkdir($gittmp, 0700);
+       mkdir($git_temp, 0700);
        git_header_html();
        if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
                print "<div class=\"page_nav\">\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
-                     " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree");
-                       if (defined $file_name) {
-                               print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base;f=$file_name"}, "history");
-                       }
-               print "<br/><br/>\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") .
+                     "<br/>\n";
+               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") .
                      "</div>\n";
                print "<div>\n" .
-                     $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" .
                      "</div>\n";
        } else {
                print "<div class=\"page_nav\">\n" .
@@ -1364,23 +1928,27 @@ sub git_blobdiff {
                      "<div class=\"title\">$hash vs $hash_parent</div>\n";
        }
        if (defined $file_name) {
-               print "<div class=\"page_path\">\n" .
-                     "/$file_name\n" .
-                     "</div>\n";
+               print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b></div>\n";
        }
        print "<div class=\"page_body\">\n" .
              "<div class=\"diff_info\">blob:" .
-             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name"}, $hash_parent) .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) .
              " -> blob:" .
-             $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name"}, $hash) .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) .
              "</div>\n";
-       git_diff_html($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash);
+       git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash);
        print "</div>";
        git_footer_html();
 }
 
+sub git_blobdiff_plain {
+       mkdir($git_temp, 0700);
+       print $cgi->header(-type => "text/plain", -charset => 'utf-8');
+       git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash, "plain");
+}
+
 sub git_commitdiff {
-       mkdir($gittmp, 0700);
+       mkdir($git_temp, 0700);
        my %co = git_read_commit($hash);
        if (!%co) {
                die_error(undef, "Unknown commit object.");
@@ -1388,19 +1956,32 @@ sub git_commitdiff {
        if (!defined $hash_parent) {
                $hash_parent = $co{'parent'};
        }
-       open my $fd, "-|", "$gitbin/git-diff-tree -r $hash_parent $hash" || die_error(undef, "Open failed.");
+       open my $fd, "-|", "$gitbin/git-diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed.");
        my (@difftree) = map { chomp; $_ } <$fd>;
-       close $fd || die_error(undef, "Reading diff-tree failed.");
+       close $fd or die_error(undef, "Reading diff-tree failed.");
 
-       git_header_html();
+       # non-textual hash id's can be cached
+       my $expires;
+       if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+               $expires = "+1d";
+       }
+       my $refs = read_info_ref();
+       my $ref = "";
+       if (defined $refs->{$co{'id'}}) {
+               $ref = " <span class=\"tag\">" . esc_html($refs->{$co{'id'}}) . "</span>";
+       }
+       git_header_html(undef, $expires);
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
-             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=" .  $co{'tree'} . ";hb=$hash"}, "tree") .
-             "<br/><br/></div>\n";
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+             " | commitdiff" .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n";
+       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" .
+             "</div>\n";
        print "<div>\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
              "</div>\n";
        print "<div class=\"page_body\">\n";
        my $comment = $co{'comment'};
@@ -1424,43 +2005,37 @@ sub git_commitdiff {
                } else {
                        $empty = 0;
                }
-               print escapeHTML($line) . "<br/>\n";
+               print format_log_line_html($line) . "<br/>\n";
        }
        print "<br/>\n";
        foreach my $line (@difftree) {
-               # '*100644->100644      blob    8e5f9bbdf4de94a1bc4b4da8cb06677ce0a57716->8da3a306d0c0c070d87048d14a033df02f40a154      Makefile'
-               $line =~ m/^(.)(.+)\t(.+)\t([0-9a-fA-F]{40}|[0-9a-fA-F]{40}->[0-9a-fA-F]{40})\t(.+)$/;
-               my $op = $1;
-               my $mode = $2;
-               my $type = $3;
-               my $id = $4;
-               my $file = $5;
-               if ($type eq "blob") {
-                       if ($op eq "+") {
-                               print "<div class=\"diff_info\">" .  file_type($mode) . ":" .
-                                     $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hb=$hash;f=$file"}, $id) . "(new)" .
-                                     "</div>\n";
-                               git_diff_html(undef, "/dev/null", $id, "b/$file");
-                       } elsif ($op eq "-") {
-                               print "<div class=\"diff_info\">" . file_type($mode) . ":" .
-                                     $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$id;hb=$hash;f=$file"}, $id) . "(deleted)" .
-                                     "</div>\n";
-                               git_diff_html($id, "a/$file", undef, "/dev/null");
-                       } elsif ($op eq "*") {
-                               $id =~ m/([0-9a-fA-F]+)->([0-9a-fA-F]+)/;
-                               my $from_id = $1;
-                               my $to_id = $2;
-                               $mode =~ m/([0-7]+)->([0-7]+)/;
-                               my $from_mode = $1;
-                               my $to_mode = $2;
-                               if ($from_id ne $to_id) {
-                                       print "<div class=\"diff_info\">" .
-                                             file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) .
-                                             " -> " .
-                                             file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id);
-                                       print "</div>\n";
-                                       git_diff_html($from_id, "a/$file",  $to_id, "b/$file");
-                               }
+               # ':100644 100644 03b218260e99b78c6df0ed378e59ed9205ccc96d 3b93d5e7cc7f7dd4ebed13a5cc1a4ad976fc94d8 M      ls-files.c'
+               # ':100644 100644 7f9281985086971d3877aca27704f2aaf9c448ce bc190ebc71bbd923f2b728e505408f5e54bd073a M      rev-tree.c'
+               $line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/;
+               my $from_mode = $1;
+               my $to_mode = $2;
+               my $from_id = $3;
+               my $to_id = $4;
+               my $status = $5;
+               my $file = validate_input(unquote($6));
+               if ($status eq "A") {
+                       print "<div class=\"diff_info\">" .  file_type($to_mode) . ":" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" .
+                             "</div>\n";
+                       git_diff_print(undef, "/dev/null", $to_id, "b/$file");
+               } elsif ($status eq "D") {
+                       print "<div class=\"diff_info\">" . file_type($from_mode) . ":" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" .
+                             "</div>\n";
+                       git_diff_print($from_id, "a/$file", undef, "/dev/null");
+               } elsif ($status eq "M") {
+                       if ($from_id ne $to_id) {
+                               print "<div class=\"diff_info\">" .
+                                     file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) .
+                                     " -> " .
+                                     file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id);
+                               print "</div>\n";
+                               git_diff_print($from_id, "a/$file",  $to_id, "b/$file");
                        }
                }
        }
@@ -1469,59 +2044,123 @@ sub git_commitdiff {
        git_footer_html();
 }
 
+sub git_commitdiff_plain {
+       mkdir($git_temp, 0700);
+       open my $fd, "-|", "$gitbin/git-diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed.");
+       my (@difftree) = map { chomp; $_ } <$fd>;
+       close $fd or die_error(undef, "Reading diff-tree failed.");
+
+       # try to figure out the next tag after this commit
+       my $tagname;
+       my $refs = read_info_ref("tags");
+       open $fd, "-|", "$gitbin/git-rev-list HEAD";
+       chomp (my (@commits) = <$fd>);
+       close $fd;
+       foreach my $commit (@commits) {
+               if (defined $refs->{$commit}) {
+                       $tagname = $refs->{$commit}
+               }
+               if ($commit eq $hash) {
+                       last;
+               }
+       }
+
+       print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"git-$hash.patch\"");
+       my %co = git_read_commit($hash);
+       my %ad = date_str($co{'author_epoch'}, $co{'author_tz'});
+       my $comment = $co{'comment'};
+       print "From: $co{'author'}\n" .
+             "Date: $ad{'rfc2822'} ($ad{'tz_local'})\n".
+             "Subject: $co{'title'}\n";
+       if (defined $tagname) {
+             print "X-Git-Tag: $tagname\n";
+       }
+       print "X-Git-Url: $my_url?p=$project;a=commitdiff;h=$hash\n" .
+             "\n";
+
+       foreach my $line (@$comment) {;
+               print "$line\n";
+       }
+       print "---\n\n";
+
+       foreach my $line (@difftree) {
+               $line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/;
+               my $from_id = $3;
+               my $to_id = $4;
+               my $status = $5;
+               my $file = $6;
+               if ($status eq "A") {
+                       git_diff_print(undef, "/dev/null", $to_id, "b/$file", "plain");
+               } elsif ($status eq "D") {
+                       git_diff_print($from_id, "a/$file", undef, "/dev/null", "plain");
+               } elsif ($status eq "M") {
+                       git_diff_print($from_id, "a/$file",  $to_id, "b/$file", "plain");
+               }
+       }
+}
+
 sub git_history {
        if (!defined $hash) {
-               $hash = git_read_hash("$project/HEAD");
+               $hash = git_read_head($project);
        }
        my %co = git_read_commit($hash);
        if (!%co) {
                die_error(undef, "Unknown commit object.");
        }
+       my $refs = read_info_ref();
        git_header_html();
        print "<div class=\"page_nav\">\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . " | " .
-             $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") . " | " .
-             $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
              "<br/><br/>\n" .
              "</div>\n";
        print "<div>\n" .
-             $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
              "</div>\n";
-       print "<div class=\"page_path\">\n" .
-             "/$file_name<br/>\n";
-       print "</div>\n";
+       print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b><br/></div>\n";
 
-       open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin $file_name";
+       open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -- \'$file_name\'";
        my $commit;
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        while (my $line = <$fd>) {
-               if ($line =~ m/^([0-9a-fA-F]{40}) /){
+               if ($line =~ m/^([0-9a-fA-F]{40})/){
                        $commit = $1;
                        next;
                }
-               if ($line =~ m/^(.)(.+)\t(.+)\t([0-9a-fA-F]{40}->[0-9a-fA-F]{40})\t(.+)$/ && (defined $commit)) {
+               if ($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/ && (defined $commit)) {
                        my %co = git_read_commit($commit);
                        if (!%co) {
                                next;
                        }
+                       my $ref = "";
+                       if (defined $refs->{$commit}) {
+                               $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+                       }
                        if ($alternate) {
-                               print "<tr style=\"background-color:#f6f5ed\">\n";
+                               print "<tr class=\"dark\">\n";
                        } else {
-                               print "<tr>\n";
+                               print "<tr class=\"light\">\n";
                        }
                        $alternate ^= 1;
-                       print "<td><i>$co{'age_string'}</i></td>\n" .
-                             "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
-                             "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" . escapeHTML($co{'title'}) . "</b>") . "</td>\n" .
+                       print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
+                             "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
+                             "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" .
+                             esc_html(chop_str($co{'title'}, 50)) . "$ref</b>") . "</td>\n" .
                              "<td class=\"link\">" .
-                             $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
-                             " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=" .  $co{'tree'} . ";hb=$commit"}, "tree") .
-                             " | " . $cgi->a({-href => "$my_uri?p=$project;a=blob;hb=$commit;f=$file_name"}, "blob");
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=$commit;f=$file_name")}, "blob");
                        my $blob = git_get_hash_by_path($hash, $file_name);
                        my $blob_parent = git_get_hash_by_path($commit, $file_name);
                        if (defined $blob && defined $blob_parent && $blob ne $blob_parent) {
-                               print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name"}, "diff");
+                               print " | " .
+                               $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")},
+                               "diff to current");
                        }
                        print "</td>\n" .
                              "</tr>\n";
@@ -1532,3 +2171,237 @@ sub git_history {
        close $fd;
        git_footer_html();
 }
+
+sub git_search {
+       if (!defined $searchtext) {
+               die_error("", "Text field empty.");
+       }
+       if (!defined $hash) {
+               $hash = git_read_head($project);
+       }
+       my %co = git_read_commit($hash);
+       if (!%co) {
+               die_error(undef, "Unknown commit object.");
+       }
+       # pickaxe may take all resources of your box and run for several minutes
+       # with every query - so decide by yourself how public you make this feature :)
+       my $commit_search = 1;
+       my $author_search = 0;
+       my $committer_search = 0;
+       my $pickaxe_search = 0;
+       if ($searchtext =~ s/^author\\://i) {
+               $author_search = 1;
+       } elsif ($searchtext =~ s/^committer\\://i) {
+               $committer_search = 1;
+       } elsif ($searchtext =~ s/^pickaxe\\://i) {
+               $commit_search = 0;
+               $pickaxe_search = 1;
+       }
+       git_header_html();
+       print "<div class=\"page_nav\">\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary;h=$hash")}, "summary") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
+             "<br/><br/>\n" .
+             "</div>\n";
+
+       print "<div>\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
+             "</div>\n";
+       print "<table cellspacing=\"0\">\n";
+       my $alternate = 0;
+       if ($commit_search) {
+               $/ = "\0";
+               open my $fd, "-|", "$gitbin/git-rev-list --header --parents $hash" or next;
+               while (my $commit_text = <$fd>) {
+                       if (!grep m/$searchtext/i, $commit_text) {
+                               next;
+                       }
+                       if ($author_search && !grep m/\nauthor .*$searchtext/i, $commit_text) {
+                               next;
+                       }
+                       if ($committer_search && !grep m/\ncommitter .*$searchtext/i, $commit_text) {
+                               next;
+                       }
+                       my @commit_lines = split "\n", $commit_text;
+                       my %co = git_read_commit(undef, \@commit_lines);
+                       if (!%co) {
+                               next;
+                       }
+                       if ($alternate) {
+                               print "<tr class=\"dark\">\n";
+                       } else {
+                               print "<tr class=\"light\">\n";
+                       }
+                       $alternate ^= 1;
+                       print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
+                             "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+                             "<td>" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
+                       my $comment = $co{'comment'};
+                       foreach my $line (@$comment) {
+                               if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
+                                       my $lead = esc_html($1) || "";
+                                       $lead = chop_str($lead, 30, 10);
+                                       my $match = esc_html($2) || "";
+                                       my $trail = esc_html($3) || "";
+                                       $trail = chop_str($trail, 30, 10);
+                                       my $text = "$lead<span style=\"color:#e00000\">$match</span>$trail";
+                                       print chop_str($text, 80, 5) . "<br/>\n";
+                               }
+                       }
+                       print "</td>\n" .
+                             "<td class=\"link\">" .
+                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") .
+                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
+                       print "</td>\n" .
+                             "</tr>\n";
+               }
+               close $fd;
+       }
+
+       if ($pickaxe_search) {
+               $/ = "\n";
+               open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S\'$searchtext\'";
+               undef %co;
+               my @files;
+               while (my $line = <$fd>) {
+                       if (%co && $line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/) {
+                               my %set;
+                               $set{'file'} = $6;
+                               $set{'from_id'} = $3;
+                               $set{'to_id'} = $4;
+                               $set{'id'} = $set{'to_id'};
+                               if ($set{'id'} =~ m/0{40}/) {
+                                       $set{'id'} = $set{'from_id'};
+                               }
+                               if ($set{'id'} =~ m/0{40}/) {
+                                       next;
+                               }
+                               push @files, \%set;
+                       } elsif ($line =~ m/^([0-9a-fA-F]{40})$/){
+                               if (%co) {
+                                       if ($alternate) {
+                                               print "<tr class=\"dark\">\n";
+                                       } else {
+                                               print "<tr class=\"light\">\n";
+                                       }
+                                       $alternate ^= 1;
+                                       print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
+                                             "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+                                             "<td>" .
+                                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" .
+                                             esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
+                                       while (my $setref = shift @files) {
+                                               my %set = %$setref;
+                                               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"},
+                                                     "<span style=\"color:#e00000\">" . esc_html($set{'file'}) . "</span>") .
+                                                     "<br/>\n";
+                                       }
+                                       print "</td>\n" .
+                                             "<td class=\"link\">" .
+                                             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") .
+                                             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
+                                       print "</td>\n" .
+                                             "</tr>\n";
+                               }
+                               %co = git_read_commit($1);
+                       }
+               }
+               close $fd;
+       }
+       print "</table>\n";
+       git_footer_html();
+}
+
+sub git_shortlog {
+       my $head = git_read_head($project);
+       if (!defined $hash) {
+               $hash = $head;
+       }
+       if (!defined $page) {
+               $page = 0;
+       }
+       my $refs = read_info_ref();
+       git_header_html();
+       print "<div class=\"page_nav\">\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+             " | shortlog" .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+             " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
+
+       my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
+       open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
+       my (@revlist) = map { chomp; $_ } <$fd>;
+       close $fd;
+
+       if ($hash ne $head || $page) {
+               print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "HEAD");
+       } else {
+               print "HEAD";
+       }
+       if ($page > 0) {
+               print " &sdot; " .
+               $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
+       } else {
+               print " &sdot; prev";
+       }
+       if ($#revlist >= (100 * ($page+1)-1)) {
+               print " &sdot; " .
+               $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
+       } else {
+               print " &sdot; next";
+       }
+       print "<br/>\n" .
+             "</div>\n";
+       print "<div>\n" .
+             $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, "&nbsp;") .
+             "</div>\n";
+       print "<table cellspacing=\"0\">\n";
+       my $alternate = 0;
+       for (my $i = ($page * 100); $i <= $#revlist; $i++) {
+               my $commit = $revlist[$i];
+               my $ref = "";
+               if (defined $refs->{$commit}) {
+                       $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+               }
+               my %co = git_read_commit($commit);
+               my %ad = date_str($co{'author_epoch'});
+               if ($alternate) {
+                       print "<tr class=\"dark\">\n";
+               } else {
+                       print "<tr class=\"light\">\n";
+               }
+               $alternate ^= 1;
+               print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
+                     "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+                     "<td>";
+               if (length($co{'title_short'}) < length($co{'title'})) {
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+                             "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
+               } else {
+                       print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"},
+                             "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
+               }
+               print "</td>\n" .
+                     "<td class=\"link\">" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+                     " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
+                     "</td>\n" .
+                     "</tr>";
+       }
+       if ($#revlist >= (100 * ($page+1)-1)) {
+               print "<tr>\n" .
+                     "<td>" .
+                     $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") .
+                     "</td>\n" .
+                     "</tr>\n";
+       }
+       print "</table\n>";
+       git_footer_html();
+}