my $cgi = new CGI;
-my $version = "053";
-my $projectroot = "/pub/scm";
+my $version = "056";
+my $projectroot = "/home/kay/public_html/pub/scm";
my $defaultprojects = "linux/kernel/git";
-my $gitbin = "/usr/bin";
-my $gittmp = "/tmp/gitweb";
-my $giturl = "/pub/software/scm/cogito";
+my $gitbin = "/home/kay/bin/git";
+my $gittmp = "/tmp";
my $my_url = $cgi->url();
my $my_uri = $cgi->url(-absolute => 1);
-mkdir($gittmp, 0700);
-
my $project = $cgi->param('p');
my $action = $cgi->param('a');
my $hash = $cgi->param('h');
my $hash_parent = $cgi->param('hp');
my $time_back = $cgi->param('t');
-if (!(defined($time_back))) {
- $time_back = 1;
-}
$ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/objects";
-# sanitize input
-$action =~ s/[^0-9a-zA-Z\.\-]//g;
-$hash =~ s/[^0-9a-fA-F]//g;
-$hash_parent =~ s/[^0-9a-fA-F]//g;
-$time_back =~ s/[^0-9]+//g;
+# validate input
if (defined($project) && $project =~ /(^|\/)(|\.|\.\.)($|\/)/) {
- print $cgi->header(-type=>'text/plain', -status=>'403 Permission denied');
- print "Malformed query, file missing or permission denied\n";
- exit 0;
+ die_error("", "Invalid project parameter.");
+}
+if (defined($action) && !$action =~ m/^[0-9a-zA-Z\.\-]+$/) {
+ die_error("", "Invalid action parameter.");
+}
+if (defined($hash) && !($hash =~ m/^[0-9a-fA-F]{40}$/)) {
+ die_error("", "Invalid hash parameter.");
+}
+if (defined($hash_parent) && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) {
+ die_error("", "Invalid parent hash parameter.");
+}
+if (defined($time_back) && !($time_back =~ m/^[0-9]+$/)) {
+ die_error("", "Invalid time parameter.");
+} else {
+ $time_back = 1;
}
-$project =~ s/|//g;
sub git_header_html {
- print $cgi->header(-type => 'text/html', -charset => 'utf-8');
-print <<EOF;
+ my $status = shift || "200 OK";
+
+ print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status);
+ print <<EOF;
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
<body>
EOF
print "<div class=\"page_header\">\n" .
- "<a href=\"$giturl\">" .
+ "<a href=\"http://kernel.org/pub/software/scm/git/\">" .
"<img src=\"$my_uri?a=git-logo.png\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/></a>";
if ($defaultprojects ne "") {
print $cgi->a({-href => "$my_uri"}, "projects") . " / ";
print "</body>\n</html>";
}
+sub die_error {
+ my $status = shift || "403 Forbidden";
+ my $error = shift || "Malformed query, file missing or permission denied";
+ git_header_html($status);
+ print "<div class=\"page_body\">\n" .
+ "<br/><br/>\n";
+ print "$error\n";
+ print "<br/></div>\n";
+ git_footer_html();
+ exit 0;
+}
+
sub git_head {
my $path = shift;
- open my $fd, "$projectroot/$path/HEAD";
+ open(my $fd, "$projectroot/$path/HEAD") || die_error("", "Invalid project directory.");;
my $head = <$fd>;
close $fd;
chomp $head;
$co{'committer_name'} =~ s/ <.*//;
}
}
+ if (!defined($co{'tree'})) { die_error("", "Invalid commit object."); }
$co{'parents'} = \@parents;
$co{'parent'} = $parents[0];
my (@comment) = map { chomp; $_ } <$fd>;
# create tmp from-file
if ($from ne "") {
$from_tmp = "$gittmp/gitweb_" . $$ . "_from";
- open my $fd2, "> $from_tmp";
+ open(my $fd2, "> $from_tmp");
open my $fd, "-|", "$gitbin/cat-file blob $from";
my @file = <$fd>;
print $fd2 @file;
# show list of default projects
if ($project eq "") {
- opendir(my $fd, "$projectroot/$defaultprojects");
+ opendir(my $fd, "$projectroot/$defaultprojects") || die_error("", "No projects found.");
my (@users) = sort grep(!/^\./, readdir($fd));
closedir($fd);
git_header_html();
if ($action eq "blob") {
git_header_html();
print "<div class=\"page_body\"><pre><br/><br/>\n";
- open my $fd, "-|", "$gitbin/cat-file blob $hash";
+ open(my $fd, "-|", "$gitbin/cat-file blob $hash");
my $nr;
while (my $line = <$fd>) {
$nr++;
print "</div>";
git_footer_html();
} else {
- git_header_html();
- print "<div class=\"page_body\">\n" .
- "<br/><br/>\n";
- print "unknown action\n";
- print "<br/></div>\n";
- git_footer_html();
+ die_error("", "unknown action");
}