# gitweb - simple web interface to track changes in git repositories
#
-# (C) 2005, Kay Sievers <kay.sievers@vrfy.org>
-# (C) 2005, Christian Gierke <ch@gierke.de>
+# (C) 2005-2006, Kay Sievers <kay.sievers@vrfy.org>
+# (C) 2005, Christian Gierke
#
-# This program is licensed under the GPL v2, or a later version
+# This program is licensed under the GPLv2
use strict;
use warnings;
use CGI qw(:standard :escapeHTML -nosticky);
use CGI::Util qw(unescape);
use CGI::Carp qw(fatalsToBrowser);
+use Encode;
use Fcntl ':mode';
+binmode STDOUT, ':utf8';
my $cgi = new CGI;
-my $version = "241";
+my $version = "267";
my $my_url = $cgi->url();
my $my_uri = $cgi->url(-absolute => 1);
-my $rss_link = "";
+my $rss_link = "";
# absolute fs-path which will be prepended to the project path
#my $projectroot = "/pub/scm";
-my $projectroot = "/home/kay/public_html/pub/scm";
+my $projectroot = "/home/kay/public_html/pub/scm";
# location of the git-core binaries
my $gitbin = "/usr/bin";
my $home_text = "indextext.html";
# source of projects list
-#my $projects_list = $projectroot;
-my $projects_list = "index/index.aux";
+#my $projects_list = $projectroot;
+my $projects_list = "index/index.aux";
# input validation and dispatch
my $action = $cgi->param('a');
if (defined $action) {
- if ($action =~ m/[^0-9a-zA-Z\.\-_]+/) {
+ if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
undef $action;
die_error(undef, "Invalid action parameter.");
}
my $order = $cgi->param('o');
if (defined $order) {
- if ($order =~ m/[^a-zA-Z0-9_]/) {
+ if ($order =~ m/[^0-9a-zA-Z_]/) {
undef $order;
die_error(undef, "Invalid order parameter.");
}
my $project = $cgi->param('p');
if (defined $project) {
- if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $project;
- die_error(undef, "Non-canonical project parameter.");
- }
- if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) {
- undef $project;
- die_error(undef, "Invalid character in project parameter.");
+ $project = validate_input($project);
+ if (!defined($project)) {
+ die_error(undef, "Invalid project parameter.");
}
if (!(-d "$projectroot/$project")) {
undef $project;
undef $project;
die_error(undef, "No such project.");
}
- $rss_link = "<link rel=\"alternate\" title=\"$project log\" href=\"$my_uri?p=$project;a=rss\" type=\"application/rss+xml\"/>";
+ $rss_link = "<link rel=\"alternate\" title=\"" . esc_param($project) . " log\" href=\"" .
+ "$my_uri?" . esc_param("p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
$ENV{'GIT_DIR'} = "$projectroot/$project";
} else {
git_project_list();
my $file_name = $cgi->param('f');
if (defined $file_name) {
- if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $file_name;
- die_error(undef, "Non-canonical file parameter.");
- }
- if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $file_name;
- die_error(undef, "Invalid character in file parameter.");
+ $file_name = validate_input($file_name);
+ if (!defined($file_name)) {
+ die_error(undef, "Invalid file parameter.");
}
}
my $hash = $cgi->param('h');
if (defined $hash) {
- if (!($hash =~ m/^[0-9a-fA-F]{40}$/)) {
- if ($hash =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $hash;
- die_error(undef, "Non-canonical hash parameter.");
- }
- if ($hash =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $hash;
- die_error(undef, "Invalid character in hash parameter.");
- }
- # replace branch-name with hash
- my $branchlist = git_read_refs("refs/heads");
- foreach my $entry (@$branchlist) {
- my %branch = %$entry;
- if ($branch{'name'} eq $hash) {
- $hash = $branch{'id'};
- last;
- }
- }
+ $hash = validate_input($hash);
+ if (!defined($hash)) {
+ die_error(undef, "Invalid hash parameter.");
}
}
my $hash_parent = $cgi->param('hp');
-if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_parent;
- die_error(undef, "Invalid hash_parent parameter.");
+if (defined $hash_parent) {
+ $hash_parent = validate_input($hash_parent);
+ if (!defined($hash_parent)) {
+ die_error(undef, "Invalid hash parent parameter.");
+ }
}
my $hash_base = $cgi->param('hb');
-if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_base;
- die_error(undef, "Invalid parent hash parameter.");
+if (defined $hash_base) {
+ $hash_base = validate_input($hash_base);
+ if (!defined($hash_base)) {
+ die_error(undef, "Invalid hash base parameter.");
+ }
}
my $page = $cgi->param('pg');
if (defined $page) {
- if ($page =~ m/^[^0-9]+$/) {
+ if ($page =~ m/[^0-9]$/) {
undef $page;
die_error(undef, "Invalid page parameter.");
}
$searchtext = quotemeta $searchtext;
}
+sub validate_input {
+ my $input = shift;
+
+ if ($input =~ m/^[0-9a-fA-F]{40}$/) {
+ return $input;
+ }
+ if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
+ return undef;
+ }
+ if ($input =~ m/[^a-zA-Z0-9_\x80-\xff\ \t\.\/\-\+\#\~\%]/) {
+ return undef;
+ }
+ return $input;
+}
+
if (!defined $action || $action eq "summary") {
git_summary();
exit;
-} elsif ($action eq "branches") {
- git_branches();
+} elsif ($action eq "heads") {
+ git_heads();
exit;
} elsif ($action eq "tags") {
git_tags();
exit;
}
+# quote unsafe chars, but keep the slash, even when it's not
+# correct, but quoted slashes look too horrible in bookmarks
+sub esc_param {
+ my $str = shift;
+ $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
+ $str =~ s/\+/%2B/g;
+ $str =~ s/ /\+/g;
+ return $str;
+}
+
+# replace invalid utf8 character with SUBSTITUTION sequence
+sub esc_html {
+ my $str = shift;
+ $str = decode("utf8", $str, Encode::FB_DEFAULT);
+ $str = escapeHTML($str);
+ return $str;
+}
+
+# git may return quoted and escaped filenames
+sub unquote {
+ my $str = shift;
+ if ($str =~ m/^"(.*)"$/) {
+ $str = $1;
+ $str =~ s/\\([0-7]{1,3})/chr(oct($1))/eg;
+ }
+ return $str;
+}
+
sub git_header_html {
my $status = shift || "200 OK";
+ my $expires = shift;
my $title = "git";
if (defined $project) {
$title .= "/$action";
}
}
- print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status);
+ print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status, -expires => $expires);
print <<EOF;
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
-<!-- git web interface v$version, (C) 2005, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke <ch\@gierke.de> -->
+<!-- git web interface v$version, (C) 2005-2006, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke -->
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta name="robots" content="index, nofollow"/>
<title>$title</title>
$rss_link
<style type="text/css">
-body { font-family: sans-serif; font-size: 12px; margin:0px; border:solid #d9d8d1; border-width:1px; margin:10px; }
+body {
+ font-family: sans-serif; font-size: 12px; border:solid #d9d8d1; border-width:1px;
+ margin:10px; background-color:#ffffff; color:#000000;
+}
a { color:#0000cc; }
a:hover, a:visited, a:active { color:#880000; }
div.page_header { height:25px; padding:8px; font-size:18px; font-weight:bold; background-color:#d9d8d1; }
text-align:center; text-decoration:none;
}
a.rss_logo:hover { background-color:#ee5500; }
+span.tag {
+ padding:0px 4px; font-size:10px; font-weight:normal;
+ background-color:#ffffaa; border:1px solid; border-color:#ffffcc #ffee00 #ffee00 #ffffcc;
+}
</style>
</head>
<body>
EOF
print "<div class=\"page_header\">\n" .
"<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" .
- "<img src=\"$my_uri?a=git-logo.png\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
+ "<img src=\"$my_uri?" . esc_param("a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
"</a>\n";
- print $cgi->a({-href => $home_link}, "projects") . " / ";
+ print $cgi->a({-href => esc_param($home_link)}, "projects") . " / ";
if (defined $project) {
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, escapeHTML($project));
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, esc_html($project));
if (defined $action) {
print " / $action";
}
if (!defined $searchtext) {
$searchtext = "";
}
+ my $search_hash;
+ if (defined $hash) {
+ $search_hash = $hash;
+ } else {
+ $search_hash = "HEAD";
+ }
$cgi->param("a", "search");
- print $cgi->startform(-method => "get", -action => "$my_uri") .
+ $cgi->param("h", $search_hash);
+ print $cgi->startform(-method => "get", -action => $my_uri) .
"<div class=\"search\">\n" .
$cgi->hidden(-name => "p") . "\n" .
$cgi->hidden(-name => "a") . "\n" .
+ $cgi->hidden(-name => "h") . "\n" .
$cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
"</div>" .
$cgi->end_form() . "\n";
if (defined $project) {
my $descr = git_read_description($project);
if (defined $descr) {
- print "<div class=\"page_footer_text\">" . escapeHTML($descr) . "</div>\n";
+ print "<div class=\"page_footer_text\">" . esc_html($descr) . "</div>\n";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=rss", -class => "rss_logo"}, "RSS") . "\n";
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n";
} else {
- print $cgi->a({-href => "$my_uri?a=opml", -class => "rss_logo"}, "OPML") . "\n";
+ print $cgi->a({-href => "$my_uri?" . esc_param("a=opml"), -class => "rss_logo"}, "OPML") . "\n";
}
print "</div>\n" .
"</body>\n" .
return $type;
}
+sub git_read_head {
+ my $project = shift;
+ my $oENV = $ENV{'GIT_DIR'};
+ my $retval = undef;
+ $ENV{'GIT_DIR'} = "$projectroot/$project";
+ if (open my $fd, "-|", "$gitbin/git-rev-parse", "--verify", "HEAD") {
+ my $head = <$fd>;
+ close $fd;
+ if (defined $head && $head =~ /^([0-9a-fA-F]{40})$/) {
+ $retval = $1;
+ }
+ }
+ if (defined $oENV) {
+ $ENV{'GIT_DIR'} = $oENV;
+ }
+ return $retval;
+}
+
sub git_read_hash {
my $path = shift;
my @commit_lines;
my %co;
- my @parents;
if (defined $commit_text) {
@commit_lines = @$commit_text;
} else {
- open my $fd, "-|", "$gitbin/git-cat-file commit $commit_id" or return;
- @commit_lines = map { chomp; $_ } <$fd>;
+ $/ = "\0";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents --max-count=1 $commit_id" or return;
+ @commit_lines = split '\n', <$fd>;
close $fd or return;
+ $/ = "\n";
+ pop @commit_lines;
}
+ my $header = shift @commit_lines;
+ if (!($header =~ m/^[0-9a-fA-F]{40}/)) {
+ return;
+ }
+ ($co{'id'}, my @parents) = split ' ', $header;
+ $co{'parents'} = \@parents;
+ $co{'parent'} = $parents[0];
while (my $line = shift @commit_lines) {
last if $line eq "\n";
if ($line =~ m/^tree ([0-9a-fA-F]{40})$/) {
$co{'tree'} = $1;
- } elsif ($line =~ m/^parent ([0-9a-fA-F]{40})$/) {
- push @parents, $1;
} elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
$co{'author'} = $1;
$co{'author_epoch'} = $2;
}
}
if (!defined $co{'tree'}) {
- return undef
+ return;
};
- $co{'id'} = $commit_id;
- $co{'parents'} = \@parents;
- $co{'parent'} = $parents[0];
- $co{'comment'} = \@commit_lines;
+
foreach my $title (@commit_lines) {
+ $title =~ s/^ //;
if ($title ne "") {
$co{'title'} = chop_str($title, 80, 5);
# remove leading stuff of merges to make the interesting part visible
last;
}
}
+ # remove added spaces
+ foreach my $line (@commit_lines) {
+ $line =~ s/^ //;
+ }
+ $co{'comment'} = \@commit_lines;
my $age = time - $co{'committer_epoch'};
$co{'age'} = $age;
close $fd;
}
- open my $fd, "-|", "/usr/bin/diff -u -p -L $from_name -L $to_name $from_tmp $to_tmp";
+ open my $fd, "-|", "/usr/bin/diff -u -p -L \'$from_name\' -L \'$to_name\' $from_tmp $to_tmp";
if ($format eq "plain") {
undef $/;
print <$fd>;
$line =~ s/\t/$spaces/;
}
}
- print "<div class=\"pre\"$color>" . escapeHTML($line) . "</div>\n";
+ print "<div class=\"pre\"$color>" . esc_html($line) . "</div>\n";
}
}
close $fd;
sub format_log_line_html {
my $line = shift;
- $line = escapeHTML($line);
+ $line = esc_html($line);
$line =~ s/ / /g;
if ($line =~ m/([0-9a-fA-F]{40})/) {
my $hash_text = $1;
if (git_get_type($hash_text) eq "commit") {
- my $link = $cgi->a({-class => "text", -href => "$my_uri?p=$project;a=commit;h=$hash_text"}, $hash_text);
+ my $link = $cgi->a({-class => "text", -href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_text")}, $hash_text);
$line =~ s/$hash_text/$link/;
}
}
# git-logo (cached in browser for one day)
sub git_logo {
+ binmode STDOUT, ':raw';
print $cgi->header(-type => 'image/png', -expires => '+1d');
# cat git-logo.png | hexdump -e '16/1 " %02x" "\n"' | sed 's/ /\\x/g'
print "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52" .
}
my $owner = $gcos;
$owner =~ s/[,;].*$//;
- return $owner;
+ return decode("utf8", $owner, Encode::FB_DEFAULT);
}
sub git_read_projects {
if (-e "$projectroot/$path/HEAD") {
my $pr = {
path => $path,
- owner => $owner,
+ owner => decode("utf8", $owner, Encode::FB_DEFAULT),
};
push @list, $pr
}
die_error(undef, "No project found.");
}
foreach my $pr (@list) {
- my $head = git_read_hash("$pr->{'path'}/HEAD");
+ my $head = git_read_head($pr->{'path'});
if (!defined $head) {
next;
}
@projects = sort {$a->{'path'} cmp $b->{'path'}} @projects;
print "<th>Project</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=project"}, "Project") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=project")}, "Project") . "</th>\n";
}
if (defined($order) && ($order eq "descr")) {
@projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects;
print "<th>Description</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=descr"}, "Description") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=descr")}, "Description") . "</th>\n";
}
if (defined($order) && ($order eq "owner")) {
@projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects;
print "<th>Owner</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=owner"}, "Owner") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=owner")}, "Owner") . "</th>\n";
}
if (defined($order) && ($order eq "age")) {
@projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects;
print "<th>Last Change</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=age"}, "Last Change") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=age")}, "Last Change") . "</th>\n";
}
print "<th></th>\n" .
"</tr>\n";
print "<tr class=\"light\">\n";
}
$alternate ^= 1;
- print "<td>" . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary", -class => "list"}, escapeHTML($pr->{'path'})) . "</td>\n" .
+ print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary"), -class => "list"}, esc_html($pr->{'path'})) . "</td>\n" .
"<td>$pr->{'descr'}</td>\n" .
"<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
my $colored_age;
}
print "<td>$colored_age</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=log"}, "log") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=log")}, "log") .
"</td>\n" .
"</tr>\n";
}
git_footer_html();
}
+sub read_info_ref {
+ my $type = shift || "";
+ my %refs;
+ # 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f8c refs/tags/v2.6.11
+ # c39ae07f393806ccf406ef966e9a15afc43cc36a refs/tags/v2.6.11^{}
+ open my $fd, "$projectroot/$project/info/refs" or return;
+ while (my $line = <$fd>) {
+ chomp($line);
+ if ($line =~ m/^([0-9a-fA-F]{40})\t.*$type\/([^\^]+)/) {
+ if (defined $refs{$1}) {
+ $refs{$1} .= " / $2";
+ } else {
+ $refs{$1} = $2;
+ }
+ }
+ }
+ close $fd or return;
+ return \%refs;
+}
+
sub git_read_refs {
my $ref_dir = shift;
my @reflist;
sub git_summary {
my $descr = git_read_description($project) || "none";
- my $head = git_read_hash("$project/HEAD");
+ my $head = git_read_head($project);
my %co = git_read_commit($head);
my %cd = date_str($co{'committer_epoch'}, $co{'committer_tz'});
$pr = unescape($pr);
$ow = unescape($ow);
if ($pr eq $project) {
- $owner = $ow;
+ $owner = decode("utf8", $ow, Encode::FB_DEFAULT);
last;
}
}
$owner = get_file_owner("$projectroot/$project");
}
+ my $refs = read_info_ref();
git_header_html();
print "<div class=\"page_nav\">\n" .
"summary".
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div class=\"title\"> </div>\n";
print "<table cellspacing=\"0\">\n" .
- "<tr><td>description</td><td>" . escapeHTML($descr) . "</td></tr>\n" .
+ "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
"<tr><td>owner</td><td>$owner</td></tr>\n" .
"<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n" .
"</table>\n";
- open my $fd, "-|", "$gitbin/git-rev-list --max-count=17 " . git_read_hash("$project/HEAD") or die_error(undef, "Open failed.");
+ open my $fd, "-|", "$gitbin/git-rev-list --max-count=17 " . git_read_head($project) or die_error(undef, "Open failed.");
my (@revlist) = map { chomp; $_ } <$fd>;
close $fd;
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog", -class => "title"}, "shortlog") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog"), -class => "title"}, "shortlog") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
}
$alternate ^= 1;
if ($i-- > 0) {
+ my $ref = "";
+ if (defined $refs->{$commit}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+ }
print "<td><i>$co{'age_string'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
"<td>";
if (length($co{'title_short'}) < length($co{'title'})) {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
- "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+ "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
- "<b>" . escapeHTML($co{'title'}) . "</b>");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"},
+ "<b>" . esc_html($co{'title'}) . "$ref</b>");
}
- "</td>\n" .
+ print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "...") . "</td>\n" .
"</tr>";
last;
}
my $taglist = git_read_refs("refs/tags");
if (defined @$taglist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tags", -class => "title"}, "tags") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags"), -class => "title"}, "tags") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=tags"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags")}, "...") . "</td>\n" .
"</tr>";
last;
}
print "</table\n>";
}
- my $branchlist = git_read_refs("refs/heads");
- if (defined @$branchlist) {
+ my $headlist = git_read_refs("refs/heads");
+ if (defined @$headlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=branches", -class => "title"}, "branches") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads"), -class => "title"}, "heads") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
- foreach my $entry (@$branchlist) {
+ foreach my $entry (@$headlist) {
my %tag = %$entry;
if ($alternate) {
print "<tr class=\"dark\">\n";
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=branches"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads")}, "...") . "</td>\n" .
"</tr>";
last;
}
}
sub git_tag {
- my $head = git_read_hash("$project/HEAD");
+ my $head = git_read_head($project);
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my %tag = git_read_tag($hash);
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($tag{'name'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($tag{'name'})) . "\n" .
"</div>\n";
print "<div class=\"title_text\">\n" .
"<table cellspacing=\"0\">\n" .
"<tr>\n" .
"<td>object</td>\n" .
- "<td>" . $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'object'}) . "</td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'type'}) . "</td>\n" .
+ "<td>" . $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" .
+ "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" .
"</tr>\n";
if (defined($tag{'author'})) {
my %ad = date_str($tag{'epoch'}, $tag{'tz'});
- print "<tr><td>author</td><td>" . escapeHTML($tag{'author'}) . "</td></tr>\n";
+ print "<tr><td>author</td><td>" . esc_html($tag{'author'}) . "</td></tr>\n";
print "<tr><td></td><td>" . $ad{'rfc2822'} . sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) . "</td></tr>\n";
}
print "</table>\n\n" .
print "<div class=\"page_body\">";
my $comment = $tag{'comment'};
foreach my $line (@$comment) {
- print escapeHTML($line) . "<br/>\n";
+ print esc_html($line) . "<br/>\n";
}
print "</div>\n";
git_footer_html();
}
sub git_tags {
- my $head = git_read_hash("$project/HEAD");
+ my $head = git_read_head($project);
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/tags");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
git_footer_html();
}
-sub git_branches {
- my $head = git_read_hash("$project/HEAD");
+sub git_heads {
+ my $head = git_read_head($project);
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/heads");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
}
my $t_mode = $1;
my $t_type = $2;
my $t_hash = $3;
- my $t_name = $4;
+ my $t_name = validate_input(unquote($4));
if ($t_name eq $part) {
if (!(@parts)) {
return $t_hash;
sub git_blob {
if (!defined $hash && defined $file_name) {
- my $base = $hash_base || git_read_hash("$project/HEAD");
- $hash = git_get_hash_by_path($base, $file_name, "blob");
+ my $base = $hash_base || git_read_head($project);
+ $hash = git_get_hash_by_path($base, $file_name, "blob") || die_error(undef, "Error lookup file.");
}
open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or die_error(undef, "Open failed.");
- my $base = $file_name || "";
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") . "<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=blob_plain;h=$hash"}, "plain") . "<br/>\n" .
- "</div>\n";
- print "<div>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n";
+ if (defined $file_name) {
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=HEAD;f=$file_name")}, "head") . "<br/>\n";
+ } else {
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n";
+ }
+ print "</div>\n".
+ "<div>" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
"<div class=\"title\">$hash</div>\n";
}
if (defined $file_name) {
- print "<div class=\"page_path\"><b>$file_name</b></div>\n";
+ print "<div class=\"page_path\"><b>" . esc_html($file_name) . "</b></div>\n";
}
print "<div class=\"page_body\">\n";
my $nr;
$line =~ s/\t/$spaces/;
}
}
- printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, escapeHTML($line);
+ printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, esc_html($line);
}
close $fd or print "Reading blob failed.\n";
print "</div>";
}
sub git_blob_plain {
- print $cgi->header(-type => "text/plain", -charset => 'utf-8');
+ my $save_as = "$hash.txt";
+ if (defined $file_name) {
+ $save_as = $file_name;
+ }
+ print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"$save_as\"");
open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return;
undef $/;
print <$fd>;
sub git_tree {
if (!defined $hash) {
- $hash = git_read_hash("$project/HEAD");
+ $hash = git_read_head($project);
if (defined $file_name) {
- my $base = $hash_base || git_read_hash("$project/HEAD");
+ my $base = $hash_base || $hash;
$hash = git_get_hash_by_path($base, $file_name, "tree");
}
if (!defined $hash_base) {
- $hash_base = git_read_hash("$project/HEAD");
+ $hash_base = $hash;
}
}
- open my $fd, "-|", "$gitbin/git-ls-tree $hash" or die_error(undef, "Open git-ls-tree failed.");
- my (@entries) = map { chomp; $_ } <$fd>;
+ $/ = "\0";
+ open my $fd, "-|", "$gitbin/git-ls-tree -z $hash" or die_error(undef, "Open git-ls-tree failed.");
+ chomp (my (@entries) = <$fd>);
close $fd or die_error(undef, "Reading tree failed.");
+ $/ = "\n";
+ my $refs = read_info_ref();
+ my $ref = "";
+ if (defined $refs->{$hash_base}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$hash_base}) . "</span>";
+ }
git_header_html();
my $base_key = "";
- my $file_key = "";
my $base = "";
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
$base_key = ";hb=$hash_base";
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash_base"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash_base"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash_base")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash_base")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
" | tree" .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n";
print "<div class=\"title\">$hash</div>\n";
}
if (defined $file_name) {
- $base = "$file_name/";
- print "<div class=\"page_path\"><b>/$file_name</b></div>\n";
+ $base = esc_html("$file_name/");
+ print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b></div>\n";
} else {
print "<div class=\"page_path\"><b>/</b></div>\n";
}
my $t_mode = $1;
my $t_type = $2;
my $t_hash = $3;
- my $t_name = $4;
- $file_key = ";f=$base$t_name";
+ my $t_name = validate_input($4);
if ($alternate) {
print "<tr class=\"dark\">\n";
} else {
print "<td style=\"font-family:monospace\">" . mode_str($t_mode) . "</td>\n";
if ($t_type eq "blob") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key, -class => "list"}, $t_name) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name"), -class => "list"}, esc_html($t_name)) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name")}, "blob") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash_base;f=$base$t_name")}, "history") .
"</td>\n";
} elsif ($t_type eq "tree") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, $t_name) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, esc_html($t_name)) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, "tree") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, "tree") .
"</td>\n";
}
print "</tr>\n";
sub git_rss {
# http://www.notestips.com/80256B3A007F2692/1/NAMO5P9UPQ
- open my $fd, "-|", "$gitbin/git-rev-list --max-count=150 " . git_read_hash("$project/HEAD") or die_error(undef, "Open failed.");
+ open my $fd, "-|", "$gitbin/git-rev-list --max-count=150 " . git_read_head($project) or die_error(undef, "Open failed.");
my (@revlist) = map { chomp; $_ } <$fd>;
close $fd or die_error(undef, "Reading rev-list failed.");
print $cgi->header(-type => 'text/xml', -charset => 'utf-8');
"<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">\n";
print "<channel>\n";
print "<title>$project</title>\n".
- "<link>" . escapeHTML("$my_url?p=$project;a=summary") . "</link>\n".
+ "<link>" . esc_html("$my_url?p=$project;a=summary") . "</link>\n".
"<description>$project log</description>\n".
"<language>en</language>\n";
close $fd or next;
print "<item>\n" .
"<title>" .
- sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . escapeHTML($co{'title'}) .
+ sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . esc_html($co{'title'}) .
"</title>\n" .
- "<author>" . escapeHTML($co{'author'}) . "</author>\n" .
+ "<author>" . esc_html($co{'author'}) . "</author>\n" .
"<pubDate>$cd{'rfc2822'}</pubDate>\n" .
- "<guid isPermaLink=\"true\">" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" .
- "<link>" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" .
- "<description>" . escapeHTML($co{'title'}) . "</description>\n" .
+ "<guid isPermaLink=\"true\">" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" .
+ "<link>" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" .
+ "<description>" . esc_html($co{'title'}) . "</description>\n" .
"<content:encoded>" .
"<![CDATA[\n";
my $comment = $co{'comment'};
foreach my $line (@$comment) {
+ $line = decode("utf8", $line, Encode::FB_DEFAULT);
print "$line<br/>\n";
}
print "<br/>\n";
if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) {
next;
}
- my $file = $7;
+ my $file = validate_input(unquote($7));
+ $file = decode("utf8", $file, Encode::FB_DEFAULT);
print "$file<br/>\n";
}
print "]]>\n" .
foreach my $pr (@list) {
my %proj = %$pr;
- my $head = git_read_hash("$proj{'path'}/HEAD");
+ my $head = git_read_head($proj{'path'});
if (!defined $head) {
next;
}
next;
}
- my $path = escapeHTML(chop_str($proj{'path'}, 25, 5));
+ my $path = esc_html(chop_str($proj{'path'}, 25, 5));
my $rss = "$my_url?p=$proj{'path'};a=rss";
my $html = "$my_url?p=$proj{'path'};a=summary";
print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n";
}
sub git_log {
- my $head = git_read_hash("$project/HEAD");
+ my $head = git_read_head($project);
if (!defined $hash) {
$hash = $head;
}
if (!defined $page) {
$page = 0;
}
+ my $refs = read_info_ref();
git_header_html();
print "<div class=\"page_nav\">\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
" | log" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=log"}, "HEAD");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
"</div>\n";
if (!@revlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
my %co = git_read_commit($hash);
print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n";
}
for (my $i = ($page * 100); $i <= $#revlist; $i++) {
my $commit = $revlist[$i];
+ my $ref = "";
+ if (defined $refs->{$commit}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+ }
my %co = git_read_commit($commit);
next if !%co;
my %ad = date_str($co{'author_epoch'});
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "title"},
- "<span class=\"age\">$co{'age_string'}</span>" . escapeHTML($co{'title'})) . "\n" .
- "</div>\n";
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "title"},
+ "<span class=\"age\">$co{'age_string'}</span>" . esc_html($co{'title'}) . $ref) . "\n";
+ print "</div>\n";
print "<div class=\"title_text\">\n" .
"<div class=\"log_link\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"<br/>\n" .
"</div>\n" .
- "<i>" . escapeHTML($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
+ "<i>" . esc_html($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
"</div>\n" .
"<div class=\"log_body\">\n";
my $comment = $co{'comment'};
open my $fd, "-|", "$gitbin/git-diff-tree -r -M $root $parent $hash" or die_error(undef, "Open failed.");
@difftree = map { chomp; $_ } <$fd>;
close $fd or die_error(undef, "Reading diff-tree failed.");
- git_header_html();
+
+ # non-textual hash id's can be cached
+ my $expires;
+ if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+ $expires = "+1d";
+ }
+ my $refs = read_info_ref();
+ my $ref = "";
+ if (defined $refs->{$co{'id'}}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$co{'id'}}) . "</span>";
+ }
+ git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
" | commit";
if (defined $co{'parent'}) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff");
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "\n" .
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" .
"<br/><br/></div>\n";
if (defined $co{'parent'}) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
"</div>\n";
} else {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
}
print "<div class=\"title_text\">\n" .
"<table cellspacing=\"0\">\n";
- print "<tr><td>author</td><td>" . escapeHTML($co{'author'}) . "</td></tr>\n".
+ print "<tr><td>author</td><td>" . esc_html($co{'author'}) . "</td></tr>\n".
"<tr>" .
"<td></td><td> $ad{'rfc2822'}";
if ($ad{'hour_local'} < 6) {
}
print "</td>" .
"</tr>\n";
- print "<tr><td>committer</td><td>" . escapeHTML($co{'committer'}) . "</td></tr>\n";
+ print "<tr><td>committer</td><td>" . esc_html($co{'committer'}) . "</td></tr>\n";
print "<tr><td></td><td> $cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "</td></tr>\n";
- print "<tr><td>commit</td><td style=\"font-family:monospace\">$hash</td></tr>\n";
+ print "<tr><td>commit</td><td style=\"font-family:monospace\">$co{'id'}</td></tr>\n";
print "<tr>" .
"<td>tree</td>" .
"<td style=\"font-family:monospace\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", class => "list"}, $co{'tree'}) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) .
"</td>" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"</td>" .
"</tr>\n";
my $parents = $co{'parents'};
foreach my $par (@$parents) {
print "<tr>" .
"<td>parent</td>" .
- "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par", class => "list"}, $par) . "</td>" .
+ "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par"}, "commitdiff") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") .
"</td>" .
"</tr>\n";
}
}
if ($line =~ m/^ *(signed[ \-]off[ \-]by[ :]|acked[ \-]by[ :]|cc[ :])/i) {
$signed = 1;
- print "<span style=\"color: #888888\">" . escapeHTML($line) . "</span><br/>\n";
+ print "<span style=\"color: #888888\">" . esc_html($line) . "</span><br/>\n";
} else {
$signed = 0;
print format_log_line_html($line) . "<br/>\n";
my $to_id = $4;
my $status = $5;
my $similarity = $6;
- my $file = $7;
+ my $file = validate_input(unquote($7));
if ($alternate) {
print "<tr class=\"dark\">\n";
} else {
$mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hp=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
"<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob") . "</td>\n";
+ "<td class=\"link\">" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n";
} elsif ($status eq "D") {
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
"<td><span style=\"color: #c00000;\">[deleted " . file_type($from_mode). "]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") .
"</td>\n"
} elsif ($status eq "M" || $status eq "T") {
my $mode_chnge = "";
}
print "<td>";
if ($to_id ne $from_id) {
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
}
print "</td>\n" .
"<td>$mode_chnge</td>\n" .
"<td class=\"link\">";
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"}, "diff");
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . "\n";
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") . "\n";
print "</td>\n";
} elsif ($status eq "R") {
my ($from_file, $to_file) = split "\t", $file;
$mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file", -class => "list"}, escapeHTML($to_file)) . "</td>\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, esc_html($to_file)) . "</td>\n" .
"<td><span style=\"color: #777777;\">[moved from " .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file", -class => "list"}, escapeHTML($from_file)) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, esc_html($from_file)) .
" with " . (int $similarity) . "% similarity$mode_chng]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"}, "blob");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file"}, "diff");
+ print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff");
}
print "</td>\n";
}
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") .
"<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent"}, "plain") .
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
"<div class=\"title\">$hash vs $hash_parent</div>\n";
}
if (defined $file_name) {
- print "<div class=\"page_path\"><b>/$file_name</b></div>\n";
+ print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b></div>\n";
}
print "<div class=\"page_body\">\n" .
"<div class=\"diff_info\">blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name"}, $hash_parent) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) .
" -> blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name"}, $hash) .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) .
"</div>\n";
git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash);
print "</div>";
my (@difftree) = map { chomp; $_ } <$fd>;
close $fd or die_error(undef, "Reading diff-tree failed.");
- git_header_html();
+ # non-textual hash id's can be cached
+ my $expires;
+ if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+ $expires = "+1d";
+ }
+ my $refs = read_info_ref();
+ my $ref = "";
+ if (defined $refs->{$co{'id'}}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$co{'id'}}) . "</span>";
+ }
+ git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
" | commitdiff" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent"}, "plain") . "\n" .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n";
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" .
"</div>\n";
print "<div class=\"page_body\">\n";
my $comment = $co{'comment'};
my $from_id = $3;
my $to_id = $4;
my $status = $5;
- my $file = $6;
+ my $file = validate_input(unquote($6));
if ($status eq "A") {
print "<div class=\"diff_info\">" . file_type($to_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id) . "(new)" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" .
"</div>\n";
git_diff_print(undef, "/dev/null", $to_id, "b/$file");
} elsif ($status eq "D") {
print "<div class=\"diff_info\">" . file_type($from_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) . "(deleted)" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" .
"</div>\n";
git_diff_print($from_id, "a/$file", undef, "/dev/null");
} elsif ($status eq "M") {
if ($from_id ne $to_id) {
print "<div class=\"diff_info\">" .
- file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) .
+ file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) .
" -> " .
- file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id);
+ file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id);
print "</div>\n";
git_diff_print($from_id, "a/$file", $to_id, "b/$file");
}
# try to figure out the next tag after this commit
my $tagname;
- my %taghash;
- my $tags = git_read_refs("refs/tags");
- foreach my $entry (@$tags) {
- my %tag = %$entry;
- $taghash{$tag{'refid'}} = $tag{'name'};
- }
+ my $refs = read_info_ref("tags");
open $fd, "-|", "$gitbin/git-rev-list HEAD";
- while (my $commit = <$fd>) {
- chomp $commit;
- if ($taghash{$commit}) {
- $tagname = $taghash{$commit};
+ chomp (my (@commits) = <$fd>);
+ close $fd;
+ foreach my $commit (@commits) {
+ if (defined $refs->{$commit}) {
+ $tagname = $refs->{$commit}
}
if ($commit eq $hash) {
last;
}
}
- close $fd;
- print $cgi->header(-type => "text/plain", -charset => 'utf-8');
+ print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"git-$hash.patch\"");
my %co = git_read_commit($hash);
my %ad = date_str($co{'author_epoch'}, $co{'author_tz'});
my $comment = $co{'comment'};
"\n";
foreach my $line (@$comment) {;
- print " $line\n";
+ print "$line\n";
}
print "---\n\n";
sub git_history {
if (!defined $hash) {
- $hash = git_read_hash("$project/HEAD");
+ $hash = git_read_head($project);
}
my %co = git_read_commit($hash);
if (!%co) {
die_error(undef, "Unknown commit object.");
}
+ my $refs = read_info_ref();
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
- print "<div class=\"page_path\"><b>/$file_name</b><br/></div>\n";
+ print "<div class=\"page_path\"><b>/" . esc_html($file_name) . "</b><br/></div>\n";
- open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin $file_name";
+ open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -- \'$file_name\'";
my $commit;
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
if (!%co) {
next;
}
+ my $ref = "";
+ if (defined $refs->{$commit}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+ }
if ($alternate) {
print "<tr class=\"dark\">\n";
} else {
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
- "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" .
- escapeHTML(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
+ "<td>" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" .
+ esc_html(chop_str($co{'title'}, 50)) . "$ref</b>") . "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=blob;hb=$commit;f=$file_name"}, "blob");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=$commit;f=$file_name")}, "blob");
my $blob = git_get_hash_by_path($hash, $file_name);
my $blob_parent = git_get_hash_by_path($commit, $file_name);
if (defined $blob && defined $blob_parent && $blob ne $blob_parent) {
print " | " .
- $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name"},
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")},
"diff to current");
}
print "</td>\n" .
die_error("", "Text field empty.");
}
if (!defined $hash) {
- $hash = git_read_hash("$project/HEAD");
+ $hash = git_read_head($project);
}
my %co = git_read_commit($hash);
if (!%co) {
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary;h=$hash"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary;h=$hash")}, "summary") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
if ($commit_search) {
$/ = "\0";
- open my $fd, "-|", "$gitbin/git-rev-list --header $hash";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents $hash" or next;
while (my $commit_text = <$fd>) {
if (!grep m/$searchtext/i, $commit_text) {
next;
next;
}
my @commit_lines = split "\n", $commit_text;
- my $commit = shift @commit_lines;
- my %co = git_read_commit($commit, \@commit_lines);
+ my %co = git_read_commit(undef, \@commit_lines);
if (!%co) {
next;
}
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
my $comment = $co{'comment'};
foreach my $line (@$comment) {
if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
- my $lead = escapeHTML($1) || "";
+ my $lead = esc_html($1) || "";
$lead = chop_str($lead, 30, 10);
- my $match = escapeHTML($2) || "";
- my $trail = escapeHTML($3) || "";
+ my $match = esc_html($2) || "";
+ my $trail = esc_html($3) || "";
$trail = chop_str($trail, 30, 10);
my $text = "$lead<span style=\"color:#e00000\">$match</span>$trail";
print chop_str($text, 80, 5) . "<br/>\n";
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$commit"}, "tree");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
if ($pickaxe_search) {
$/ = "\n";
- open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S$searchtext";
+ open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S\'$searchtext\'";
undef %co;
my @files;
while (my $line = <$fd>) {
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "<b>" .
- escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" .
+ esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
while (my $setref = shift @files) {
my %set = %$setref;
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}", class => "list"},
- "<span style=\"color:#e00000\">" . escapeHTML($set{'file'}) . "</span>") .
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"},
+ "<span style=\"color:#e00000\">" . esc_html($set{'file'}) . "</span>") .
"<br/>\n";
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
}
sub git_shortlog {
- my $head = git_read_hash("$project/HEAD");
+ my $head = git_read_head($project);
if (!defined $hash) {
$hash = $head;
}
if (!defined $page) {
$page = 0;
}
+ my $refs = read_info_ref();
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") .
" | shortlog" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "HEAD");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
print "<br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
for (my $i = ($page * 100); $i <= $#revlist; $i++) {
my $commit = $revlist[$i];
+ my $ref = "";
+ if (defined $refs->{$commit}) {
+ $ref = " <span class=\"tag\">" . esc_html($refs->{$commit}) . "</span>";
+ }
my %co = git_read_commit($commit);
my %ad = date_str($co{'author_epoch'});
if ($alternate) {
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
"<td>";
if (length($co{'title_short'}) < length($co{'title'})) {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
- "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+ "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
- "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"},
+ "<b>" . esc_html($co{'title_short'}) . "$ref</b>");
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print "<tr>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -title => "Alt-n"}, "next") .
+ $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") .
"</td>\n" .
"</tr>\n";
}