# (C) 2005, Kay Sievers <kay.sievers@vrfy.org>
# (C) 2005, Christian Gierke <ch@gierke.de>
#
-# This program is licensed under the GPL v2, or a later version
+# This program is licensed under the GPLv2
use strict;
use warnings;
use CGI qw(:standard :escapeHTML -nosticky);
use CGI::Util qw(unescape);
use CGI::Carp qw(fatalsToBrowser);
+use Encode;
use Fcntl ':mode';
my $cgi = new CGI;
-my $version = "240";
+my $version = "249";
my $my_url = $cgi->url();
my $my_uri = $cgi->url(-absolute => 1);
-my $rss_link = "";
+my $rss_link = "";
# absolute fs-path which will be prepended to the project path
-my $projectroot = "/pub/scm";
-$projectroot = "/home/kay/public_html/pub/scm";
+#my $projectroot = "/pub/scm";
+my $projectroot = "/home/kay/public_html/pub/scm";
# location of the git-core binaries
my $gitbin = "/usr/bin";
my $home_text = "indextext.html";
# source of projects list
-#my $projects_list = $projectroot;
-my $projects_list = "index/index.aux";
+#my $projects_list = $projectroot;
+my $projects_list = "index/index.aux";
# input validation and dispatch
my $action = $cgi->param('a');
if (defined $action) {
- if ($action =~ m/[^0-9a-zA-Z\.\-_]+/) {
+ if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
undef $action;
die_error(undef, "Invalid action parameter.");
}
my $order = $cgi->param('o');
if (defined $order) {
- if ($order =~ m/[^a-zA-Z0-9_]/) {
+ if ($order =~ m/[^0-9a-zA-Z_]/) {
undef $order;
die_error(undef, "Invalid order parameter.");
}
my $project = $cgi->param('p');
if (defined $project) {
- if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $project;
- die_error(undef, "Non-canonical project parameter.");
- }
- if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) {
- undef $project;
- die_error(undef, "Invalid character in project parameter.");
+ $project = validate_input($project);
+ if (!defined($project)) {
+ die_error(undef, "Invalid project parameter.");
}
if (!(-d "$projectroot/$project")) {
undef $project;
undef $project;
die_error(undef, "No such project.");
}
- $rss_link = "<link rel=\"alternate\" title=\"$project log\" href=\"$my_uri?p=$project;a=rss\" type=\"application/rss+xml\"/>";
+ $rss_link = "<link rel=\"alternate\" title=\"" . esc_url($project) . " log\" href=\"" .
+ esc_url("$my_uri?p=$project;a=rss") . "\" type=\"application/rss+xml\"/>";
$ENV{'GIT_DIR'} = "$projectroot/$project";
} else {
git_project_list();
my $file_name = $cgi->param('f');
if (defined $file_name) {
- if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $file_name;
- die_error(undef, "Non-canonical file parameter.");
- }
- if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $file_name;
- die_error(undef, "Invalid character in file parameter.");
+ $file_name = validate_input($file_name);
+ if (!defined($file_name)) {
+ die_error(undef, "Invalid file parameter.");
}
}
my $hash = $cgi->param('h');
if (defined $hash) {
- if (!($hash =~ m/^[0-9a-fA-F]{40}$/)) {
- if ($hash =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $hash;
- die_error(undef, "Non-canonical hash parameter.");
- }
- if ($hash =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $hash;
- die_error(undef, "Invalid character in hash parameter.");
- }
- # replace branch-name with hash
- my $branchlist = git_read_refs("refs/heads");
- foreach my $entry (@$branchlist) {
- my %branch = %$entry;
- if ($branch{'name'} eq $hash) {
- $hash = $branch{'id'};
- last;
- }
- }
+ $hash = validate_input($hash);
+ if (!defined($hash)) {
+ die_error(undef, "Invalid hash parameter.");
}
}
my $hash_parent = $cgi->param('hp');
-if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_parent;
- die_error(undef, "Invalid hash_parent parameter.");
+if (defined $hash_parent) {
+ $hash_parent = validate_input($hash_parent);
+ if (!defined($hash_parent)) {
+ die_error(undef, "Invalid hash parent parameter.");
+ }
}
my $hash_base = $cgi->param('hb');
-if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_base;
- die_error(undef, "Invalid parent hash parameter.");
+if (defined $hash_base) {
+ $hash_base = validate_input($hash_base);
+ if (!defined($hash_base)) {
+ die_error(undef, "Invalid hash base parameter.");
+ }
}
my $page = $cgi->param('pg');
if (defined $page) {
- if ($page =~ m/^[^0-9]+$/) {
+ if ($page =~ m/[^0-9]$/) {
undef $page;
die_error(undef, "Invalid page parameter.");
}
$searchtext = quotemeta $searchtext;
}
+sub validate_input {
+ my $input = shift;
+
+ if ($input =~ m/^[0-9a-fA-F]{40}$/) {
+ return $input;
+ }
+ if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
+ return undef;
+ }
+ if ($input =~ m/[^a-zA-Z0-9_ \.\/\-\+\#\~]/) {
+ return undef;
+ }
+ return $input;
+}
+
if (!defined $action || $action eq "summary") {
git_summary();
exit;
-} elsif ($action eq "branches") {
- git_branches();
+} elsif ($action eq "heads") {
+ git_heads();
exit;
} elsif ($action eq "tags") {
git_tags();
exit;
}
+sub esc_url {
+ my $str = shift;
+ $str =~ s/\+/%2B/g;
+ $str =~ s/ /\+/g;
+ return $str;
+}
+
+sub esc_html {
+ my $str = shift;
+ $str = escapeHTML($str);
+ $str = decode("utf8", $str, Encode::FB_DEFAULT);
+ return $str;
+}
+
sub git_header_html {
my $status = shift || "200 OK";
+ my $expires = shift;
my $title = "git";
if (defined $project) {
$title .= "/$action";
}
}
- print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status);
+ print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status, -expires => $expires);
print <<EOF;
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
EOF
print "<div class=\"page_header\">\n" .
"<a href=\"http://www.kernel.org/pub/software/scm/git/docs/\" title=\"git documentation\">" .
- "<img src=\"$my_uri?a=git-logo.png\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
+ "<img src=\"" . esc_url("$my_uri?a=git-logo.png") . "\" width=\"72\" height=\"27\" alt=\"git\" style=\"float:right; border-width:0px;\"/>" .
"</a>\n";
- print $cgi->a({-href => $home_link}, "projects") . " / ";
+ print $cgi->a({-href => esc_url($home_link)}, "projects") . " / ";
if (defined $project) {
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, escapeHTML($project));
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, esc_html($project));
if (defined $action) {
print " / $action";
}
if (!defined $searchtext) {
$searchtext = "";
}
+ my $search_hash;
+ if (defined $hash) {
+ $search_hash = $hash;
+ } else {
+ $search_hash = "HEAD";
+ }
$cgi->param("a", "search");
- print $cgi->startform(-method => "get", -action => "$my_uri") .
+ $cgi->param("h", $search_hash);
+ print $cgi->startform(-method => "get", -action => $my_uri) .
"<div class=\"search\">\n" .
$cgi->hidden(-name => "p") . "\n" .
$cgi->hidden(-name => "a") . "\n" .
+ $cgi->hidden(-name => "h") . "\n" .
$cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
"</div>" .
$cgi->end_form() . "\n";
if (defined $project) {
my $descr = git_read_description($project);
if (defined $descr) {
- print "<div class=\"page_footer_text\">" . escapeHTML($descr) . "</div>\n";
+ print "<div class=\"page_footer_text\">" . esc_html($descr) . "</div>\n";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=rss", -class => "rss_logo"}, "RSS") . "\n";
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n";
} else {
- print $cgi->a({-href => "$my_uri?a=opml", -class => "rss_logo"}, "OPML") . "\n";
+ print $cgi->a({-href => esc_url("$my_uri?a=opml"), -class => "rss_logo"}, "OPML") . "\n";
}
print "</div>\n" .
"</body>\n" .
my @commit_lines;
my %co;
- my @parents;
if (defined $commit_text) {
@commit_lines = @$commit_text;
} else {
- open my $fd, "-|", "$gitbin/git-cat-file commit $commit_id" or return;
- @commit_lines = map { chomp; $_ } <$fd>;
+ $/ = "\0";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents --max-count=1 $commit_id" or return;
+ @commit_lines = split '\n', <$fd>;
close $fd or return;
+ $/ = "\n";
+ pop @commit_lines;
+ }
+ my $header = shift @commit_lines;
+ if (!($header =~ m/^[0-9a-fA-F]{40}/)) {
+ return;
}
+ ($co{'id'}, my @parents) = split ' ', $header;
+ $co{'parents'} = \@parents;
+ $co{'parent'} = $parents[0];
while (my $line = shift @commit_lines) {
last if $line eq "\n";
if ($line =~ m/^tree ([0-9a-fA-F]{40})$/) {
$co{'tree'} = $1;
- } elsif ($line =~ m/^parent ([0-9a-fA-F]{40})$/) {
- push @parents, $1;
} elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
$co{'author'} = $1;
$co{'author_epoch'} = $2;
}
}
if (!defined $co{'tree'}) {
- return undef
+ return;
};
- $co{'id'} = $commit_id;
- $co{'parents'} = \@parents;
- $co{'parent'} = $parents[0];
- $co{'comment'} = \@commit_lines;
+
foreach my $title (@commit_lines) {
if ($title ne "") {
- $co{'title'} = chop_str($title, 80);
+ $co{'title'} = chop_str($title, 80, 5);
# remove leading stuff of merges to make the interesting part visible
if (length($title) > 50) {
$title =~ s/^Automatic //;
$title =~ s/\/pub\/scm//;
}
}
- $co{'title_short'} = chop_str($title, 50);
+ $co{'title_short'} = chop_str($title, 50, 5);
last;
}
}
+ # remove added spaces
+ foreach my $line (@commit_lines) {
+ $line =~ s/^ //;
+ }
+ $co{'comment'} = \@commit_lines;
my $age = time - $co{'committer_epoch'};
$co{'age'} = $age;
close $fd;
}
- open my $fd, "-|", "/usr/bin/diff -u -p -L $from_name -L $to_name $from_tmp $to_tmp";
+ open my $fd, "-|", "/usr/bin/diff -u -p -L \'$from_name\' -L \'$to_name\' $from_tmp $to_tmp";
if ($format eq "plain") {
undef $/;
print <$fd>;
$line =~ s/\t/$spaces/;
}
}
- print "<div class=\"pre\"$color>" . escapeHTML($line) . "</div>\n";
+ print "<div class=\"pre\"$color>" . esc_html($line) . "</div>\n";
}
}
close $fd;
my $len = shift;
my $add_len = shift || 10;
- $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,$add_len})/;
- my $chopped = $1;
- if ($chopped ne $str) {
- $chopped .= " ...";
+ # allow only $len chars, but don't cut a word if it would fit in $add_len
+ # if it doesn't fit, cut it if it's still longer than the dots we would add
+ $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,$add_len})(.*)/;
+ my $body = $1;
+ my $tail = $2;
+ if (length($tail) > 4) {
+ $tail = " ...";
}
- return $chopped;
+ return "$body$tail";
}
sub file_type {
sub format_log_line_html {
my $line = shift;
- $line = escapeHTML($line);
+ $line = esc_html($line);
$line =~ s/ / /g;
if ($line =~ m/([0-9a-fA-F]{40})/) {
my $hash_text = $1;
if (git_get_type($hash_text) eq "commit") {
- my $link = $cgi->a({-class => "text", -href => "$my_uri?p=$project;a=commit;h=$hash_text"}, $hash_text);
+ my $link = $cgi->a({-class => "text", -href => esc_url("$my_uri?p=$project;a=commit;h=$hash_text")}, $hash_text);
$line =~ s/$hash_text/$link/;
}
}
@projects = sort {$a->{'path'} cmp $b->{'path'}} @projects;
print "<th>Project</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=project"}, "Project") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=project")}, "Project") . "</th>\n";
}
if (defined($order) && ($order eq "descr")) {
@projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects;
print "<th>Description</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=descr"}, "Description") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=descr")}, "Description") . "</th>\n";
}
if (defined($order) && ($order eq "owner")) {
@projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects;
print "<th>Owner</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=owner"}, "Owner") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=owner")}, "Owner") . "</th>\n";
}
if (defined($order) && ($order eq "age")) {
@projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects;
print "<th>Last Change</th>\n";
} else {
- print "<th>" . $cgi->a({-class => "header", -href => "$my_uri?o=age"}, "Last Change") . "</th>\n";
+ print "<th>" . $cgi->a({-class => "header", -href => esc_url("$my_uri?o=age")}, "Last Change") . "</th>\n";
}
print "<th></th>\n" .
"</tr>\n";
print "<tr class=\"light\">\n";
}
$alternate ^= 1;
- print "<td>" . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary", -class => "list"}, escapeHTML($pr->{'path'})) . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=summary"), -class => "list"}, esc_html($pr->{'path'})) . "</td>\n" .
"<td>$pr->{'descr'}</td>\n" .
"<td><i>" . chop_str($pr->{'owner'}, 15) . "</i></td>\n";
my $colored_age;
}
print "<td>$colored_age</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=log"}, "log") .
+ $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$pr->{'path'};a=log")}, "log") .
"</td>\n" .
"</tr>\n";
}
git_header_html();
print "<div class=\"page_nav\">\n" .
"summary".
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div class=\"title\"> </div>\n";
print "<table cellspacing=\"0\">\n" .
- "<tr><td>description</td><td>" . escapeHTML($descr) . "</td></tr>\n" .
+ "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
"<tr><td>owner</td><td>$owner</td></tr>\n" .
"<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n" .
"</table>\n";
my (@revlist) = map { chomp; $_ } <$fd>;
close $fd;
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog", -class => "title"}, "shortlog") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog"), -class => "title"}, "shortlog") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
$alternate ^= 1;
if ($i-- > 0) {
print "<td><i>$co{'age_string'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
- "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
- "<b>" . escapeHTML($co{'title_short'}) . "</b>") .
- "</td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+ "<td>";
+ if (length($co{'title_short'}) < length($co{'title'})) {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+ "<b>" . esc_html($co{'title_short'}) . "</b>");
+ } else {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"},
+ "<b>" . esc_html($co{'title'}) . "</b>");
+ }
+ print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "...") . "</td>\n" .
"</tr>";
last;
}
my $taglist = git_read_refs("refs/tags");
if (defined @$taglist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tags", -class => "title"}, "tags") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=tags"), -class => "title"}, "tags") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=tags"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tags")}, "...") . "</td>\n" .
"</tr>";
last;
}
print "</table\n>";
}
- my $branchlist = git_read_refs("refs/heads");
- if (defined @$branchlist) {
+ my $headlist = git_read_refs("refs/heads");
+ if (defined @$headlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=branches", -class => "title"}, "branches") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=heads"), -class => "title"}, "heads") .
"</div>\n";
my $i = 16;
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
- foreach my $entry (@$branchlist) {
+ foreach my $entry (@$headlist) {
my %tag = %$entry;
if ($alternate) {
print "<tr class=\"dark\">\n";
if ($i-- > 0) {
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
} else {
- print "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=branches"}, "...") . "</td>\n" .
+ print "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=heads")}, "...") . "</td>\n" .
"</tr>";
last;
}
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my %tag = git_read_tag($hash);
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($tag{'name'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($tag{'name'})) . "\n" .
"</div>\n";
print "<div class=\"title_text\">\n" .
"<table cellspacing=\"0\">\n" .
"<tr>\n" .
"<td>object</td>\n" .
- "<td>" . $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'object'}) . "</td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'type'}) . "</td>\n" .
+ "<td>" . $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "</td>\n" .
+ "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "</td>\n" .
"</tr>\n";
if (defined($tag{'author'})) {
my %ad = date_str($tag{'epoch'}, $tag{'tz'});
- print "<tr><td>author</td><td>" . escapeHTML($tag{'author'}) . "</td></tr>\n";
+ print "<tr><td>author</td><td>" . esc_html($tag{'author'}) . "</td></tr>\n";
print "<tr><td></td><td>" . $ad{'rfc2822'} . sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) . "</td></tr>\n";
}
print "</table>\n\n" .
print "<div class=\"page_body\">";
my $comment = $tag{'comment'};
foreach my $line (@$comment) {
- print escapeHTML($line) . "<br/>\n";
+ print esc_html($line) . "<br/>\n";
}
print "</div>\n";
git_footer_html();
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/tags");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"},
- "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"},
+ "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td>";
if (defined($comment)) {
- print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment);
+ print $cgi->a({-class => "list", -href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, $comment);
}
print "</td>\n" .
"<td class=\"link\">";
if ($tag{'type'} eq "tag") {
- print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | ";
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | ";
}
- print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'});
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'});
if ($tag{'reftype'} eq "commit") {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log");
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'refid'}")}, "log");
}
print "</td>\n" .
"</tr>";
git_footer_html();
}
-sub git_branches {
+sub git_heads {
my $head = git_read_hash("$project/HEAD");
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "<br/>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$head")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$head")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;hb=$head")}, "tree") . "<br/>\n" .
"<br/>\n" .
"</div>\n";
my $taglist = git_read_refs("refs/heads");
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
$alternate ^= 1;
print "<td><i>$tag{'age'}</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"}, "<b>" . escapeHTML($tag{'name'}) . "</b>") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "<b>" . esc_html($tag{'name'}) . "</b>") .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$tag{'name'}")}, "log") .
"</td>\n" .
"</tr>";
}
$hash = git_get_hash_by_path($base, $file_name, "blob");
}
open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or die_error(undef, "Open failed.");
- my $base = $file_name || "";
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") . "<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=blob_plain;h=$hash"}, "plain") . "<br/>\n" .
- "</div>\n";
- print "<div>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "<br/>\n";
+ if (defined $file_name) {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") . "<br/>\n";
+ } else {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob_plain;h=$hash")}, "plain") . "<br/>\n";
+ }
+ print "</div>\n".
+ "<div>" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
$line =~ s/\t/$spaces/;
}
}
- printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, escapeHTML($line);
+ printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n", $nr, $nr, $nr, esc_html($line);
}
close $fd or print "Reading blob failed.\n";
print "</div>";
}
sub git_blob_plain {
- print $cgi->header(-type => "text/plain", -charset => 'utf-8');
+ my $save_as = "$hash.txt";
+ if (defined $file_name) {
+ $save_as = $file_name;
+ }
+ print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"$save_as\"");
open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return;
undef $/;
print <$fd>;
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
$base_key = ";hb=$hash_base";
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash_base"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash_base"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash_base")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash_base")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
" | tree" .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n";
print "<td style=\"font-family:monospace\">" . mode_str($t_mode) . "</td>\n";
if ($t_type eq "blob") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key, -class => "list"}, $t_name) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key), -class => "list"}, $t_name) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key)}, "blob") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash_base" . $file_key)}, "history") .
"</td>\n";
} elsif ($t_type eq "tree") {
print "<td class=\"list\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, $t_name) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, $t_name) .
"</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, "tree") .
+ $cgi->a({-href => esc("$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key)}, "tree") .
"</td>\n";
}
print "</tr>\n";
"<rss version=\"2.0\" xmlns:content=\"http://purl.org/rss/1.0/modules/content/\">\n";
print "<channel>\n";
print "<title>$project</title>\n".
- "<link>" . escapeHTML("$my_url?p=$project;a=summary") . "</link>\n".
+ "<link>" . esc_html("$my_url?p=$project;a=summary") . "</link>\n".
"<description>$project log</description>\n".
"<language>en</language>\n";
close $fd or next;
print "<item>\n" .
"<title>" .
- sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . escapeHTML($co{'title'}) .
+ sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . esc_html($co{'title'}) .
"</title>\n" .
+ "<author>" . esc_html($co{'author'}) . "</author>\n" .
"<pubDate>$cd{'rfc2822'}</pubDate>\n" .
- "<link>" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" .
- "<description>" . escapeHTML($co{'title'}) . "</description>\n" .
+ "<guid isPermaLink=\"true\">" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</guid>\n" .
+ "<link>" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "</link>\n" .
+ "<description>" . esc_html($co{'title'}) . "</description>\n" .
"<content:encoded>" .
"<![CDATA[\n";
my $comment = $co{'comment'};
foreach my $line (@$comment) {
+ $line = decode("utf8", $line, Encode::FB_DEFAULT);
print "$line<br/>\n";
}
print "<br/>\n";
next;
}
- my $path = escapeHTML(chop_str($proj{'path'}, 25, 5));
+ my $path = esc_html(chop_str($proj{'path'}, 25, 5));
my $rss = "$my_url?p=$proj{'path'};a=rss";
my $html = "$my_url?p=$proj{'path'};a=summary";
print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n";
}
git_header_html();
print "<div class=\"page_nav\">\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
" | log" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=log"}, "HEAD");
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
"</div>\n";
if (!@revlist) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
my %co = git_read_commit($hash);
print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n";
next if !%co;
my %ad = date_str($co{'author_epoch'});
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "title"},
- "<span class=\"age\">$co{'age_string'}</span>" . escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "title"},
+ "<span class=\"age\">$co{'age_string'}</span>" . esc_html($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"title_text\">\n" .
"<div class=\"log_link\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"<br/>\n" .
"</div>\n" .
- "<i>" . escapeHTML($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
+ "<i>" . esc_html($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
"</div>\n" .
"<div class=\"log_body\">\n";
my $comment = $co{'comment'};
open my $fd, "-|", "$gitbin/git-diff-tree -r -M $root $parent $hash" or die_error(undef, "Open failed.");
@difftree = map { chomp; $_ } <$fd>;
close $fd or die_error(undef, "Reading diff-tree failed.");
- git_header_html();
+
+ # non-textual hash id's can be cached
+ my $expires;
+ if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+ $expires = "+1d";
+ }
+ git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") .
" | commit";
if (defined $co{'parent'}) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff");
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "\n" .
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" .
"<br/><br/></div>\n";
if (defined $co{'parent'}) {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
}
print "<div class=\"title_text\">\n" .
"<table cellspacing=\"0\">\n";
- print "<tr><td>author</td><td>" . escapeHTML($co{'author'}) . "</td></tr>\n".
+ print "<tr><td>author</td><td>" . esc_html($co{'author'}) . "</td></tr>\n".
"<tr>" .
"<td></td><td> $ad{'rfc2822'}";
if ($ad{'hour_local'} < 6) {
}
print "</td>" .
"</tr>\n";
- print "<tr><td>committer</td><td>" . escapeHTML($co{'committer'}) . "</td></tr>\n";
+ print "<tr><td>committer</td><td>" . esc_html($co{'committer'}) . "</td></tr>\n";
print "<tr><td></td><td> $cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "</td></tr>\n";
- print "<tr><td>commit</td><td style=\"font-family:monospace\">$hash</td></tr>\n";
+ print "<tr><td>commit</td><td style=\"font-family:monospace\">$co{'id'}</td></tr>\n";
print "<tr>" .
"<td>tree</td>" .
"<td style=\"font-family:monospace\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", class => "list"}, $co{'tree'}) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) .
"</td>" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"</td>" .
"</tr>\n";
my $parents = $co{'parents'};
foreach my $par (@$parents) {
print "<tr>" .
"<td>parent</td>" .
- "<td style=\"font-family:monospace\">" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par", class => "list"}, $par) . "</td>" .
+ "<td style=\"font-family:monospace\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$par"), class => "list"}, $par) . "</td>" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par"}, "commitdiff") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$par")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") .
"</td>" .
"</tr>\n";
}
}
if ($line =~ m/^ *(signed[ \-]off[ \-]by[ :]|acked[ \-]by[ :]|cc[ :])/i) {
$signed = 1;
- print "<span style=\"color: #888888\">" . escapeHTML($line) . "</span><br/>\n";
+ print "<span style=\"color: #888888\">" . esc_html($line) . "</span><br/>\n";
} else {
$signed = 0;
print format_log_line_html($line) . "<br/>\n";
$mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hp=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
"<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" .
- "<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob") . "</td>\n";
+ "<td class=\"link\">" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "</td>\n";
} elsif ($status eq "D") {
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "</td>\n" .
"<td><span style=\"color: #c00000;\">[deleted " . file_type($from_mode). "]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, "blob") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") .
"</td>\n"
} elsif ($status eq "M" || $status eq "T") {
my $mode_chnge = "";
}
print "<td>";
if ($to_id ne $from_id) {
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
} else {
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file));
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file));
}
print "</td>\n" .
"<td>$mode_chnge</td>\n" .
"<td class=\"link\">";
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob");
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"}, "diff");
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff");
}
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . "\n";
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=history;h=$hash;f=$file")}, "history") . "\n";
print "</td>\n";
} elsif ($status eq "R") {
my ($from_file, $to_file) = split "\t", $file;
$mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file", -class => "list"}, escapeHTML($to_file)) . "</td>\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, esc_html($to_file)) . "</td>\n" .
"<td><span style=\"color: #777777;\">[moved from " .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file", -class => "list"}, escapeHTML($from_file)) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, esc_html($from_file)) .
" with " . (int $similarity) . "% similarity$mode_chng]</span></td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"}, "blob");
+ $cgi->a({-href => esc_uresc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob");
if ($to_id ne $from_id) {
- print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file"}, "diff");
+ print " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff");
}
print "</td>\n";
}
git_header_html();
if (defined $hash_base && (my %co = git_read_commit($hash_base))) {
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") .
"<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent"}, "plain") .
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
} else {
print "<div class=\"page_nav\">\n" .
}
print "<div class=\"page_body\">\n" .
"<div class=\"diff_info\">blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name"}, $hash_parent) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) .
" -> blob:" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name"}, $hash) .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) .
"</div>\n";
git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash);
print "</div>";
my (@difftree) = map { chomp; $_ } <$fd>;
close $fd or die_error(undef, "Reading diff-tree failed.");
- git_header_html();
+ # non-textual hash id's can be cached
+ my $expires;
+ if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+ $expires = "+1d";
+ }
+ git_header_html(undef, $expires);
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
" | commitdiff" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "<br/>\n";
- print $cgi->a({-href => "$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent"}, "plain") . "\n" .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "<br/>\n";
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"page_body\">\n";
my $comment = $co{'comment'};
my $file = $6;
if ($status eq "A") {
print "<div class=\"diff_info\">" . file_type($to_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id) . "(new)" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" .
"</div>\n";
git_diff_print(undef, "/dev/null", $to_id, "b/$file");
} elsif ($status eq "D") {
print "<div class=\"diff_info\">" . file_type($from_mode) . ":" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) . "(deleted)" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" .
"</div>\n";
git_diff_print($from_id, "a/$file", undef, "/dev/null");
} elsif ($status eq "M") {
if ($from_id ne $to_id) {
print "<div class=\"diff_info\">" .
- file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) .
+ file_type($from_mode) . ":" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) .
" -> " .
- file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id);
+ file_type($to_mode) . ":" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id);
print "</div>\n";
git_diff_print($from_id, "a/$file", $to_id, "b/$file");
}
}
close $fd;
- print $cgi->header(-type => "text/plain", -charset => 'utf-8');
+ print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"git-$hash.patch\"");
my %co = git_read_commit($hash);
my %ad = date_str($co{'author_epoch'}, $co{'author_tz'});
my $comment = $co{'comment'};
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
print "<div class=\"page_path\"><b>/$file_name</b><br/></div>\n";
- open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin $file_name";
+ open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin \'$file_name\'";
my $commit;
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
- "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" .
- escapeHTML(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 3)) . "</i></td>\n" .
+ "<td>" . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"}, "<b>" .
+ esc_html(chop_str($co{'title'}, 50)) . "</b>") . "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=blob;hb=$commit;f=$file_name"}, "blob");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;hb=$commit;f=$file_name")}, "blob");
my $blob = git_get_hash_by_path($hash, $file_name);
my $blob_parent = git_get_hash_by_path($commit, $file_name);
if (defined $blob && defined $blob_parent && $blob ne $blob_parent) {
print " | " .
- $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name"},
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")},
"diff to current");
}
print "</td>\n" .
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary;h=$hash"}, "summary") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary;h=$hash")}, "summary") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "shortlog") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") .
"<br/><br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
if ($commit_search) {
$/ = "\0";
- open my $fd, "-|", "$gitbin/git-rev-list --header $hash";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents $hash" or next;
while (my $commit_text = <$fd>) {
if (!grep m/$searchtext/i, $commit_text) {
next;
next;
}
my @commit_lines = split "\n", $commit_text;
- my $commit = shift @commit_lines;
- my %co = git_read_commit($commit, \@commit_lines);
+ my %co = git_read_commit(undef, \@commit_lines);
if (!%co) {
next;
}
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" . esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
my $comment = $co{'comment'};
foreach my $line (@$comment) {
if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
- my $lead = escapeHTML($1) || "";
+ my $lead = esc_html($1) || "";
$lead = chop_str($lead, 30, 10);
- my $match = escapeHTML($2) || "";
- my $trail = escapeHTML($3) || "";
+ my $match = esc_html($2) || "";
+ my $trail = esc_html($3) || "";
$trail = chop_str($trail, 30, 10);
my $text = "$lead<span style=\"color:#e00000\">$match</span>$trail";
print chop_str($text, 80, 5) . "<br/>\n";
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$commit"}, "tree");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
if ($pickaxe_search) {
$/ = "\n";
- open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S$searchtext";
+ open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S\'$searchtext\'";
undef %co;
my @files;
while (my $line = <$fd>) {
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "<b>" .
- escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "<b>" .
+ esc_html(chop_str($co{'title'}, 50)) . "</b><br/>");
while (my $setref = shift @files) {
my %set = %$setref;
- print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}", class => "list"},
- "<span style=\"color:#e00000\">" . escapeHTML($set{'file'}) . "</span>") .
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"},
+ "<span style=\"color:#e00000\">" . esc_html($set{'file'}) . "</span>") .
"<br/>\n";
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$co{'id'}")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree");
print "</td>\n" .
"</tr>\n";
}
}
git_header_html();
print "<div class=\"page_nav\">\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary")}, "summary") .
" | shortlog" .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "<br/>\n";
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=log;h=$hash")}, "log") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$hash")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$hash")}, "commitdiff") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "<br/>\n";
my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed.");
close $fd;
if ($hash ne $head || $page) {
- print $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "HEAD");
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog")}, "HEAD");
} else {
print "HEAD";
}
if ($page > 0) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev");
} else {
print " ⋅ prev";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print " ⋅ " .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next");
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next");
} else {
print " ⋅ next";
}
print "<br/>\n" .
"</div>\n";
print "<div>\n" .
- $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=summary"), -class => "title"}, " ") .
"</div>\n";
print "<table cellspacing=\"0\">\n";
my $alternate = 0;
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
- "<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
- "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" .
- escapeHTML($co{'title_short'}) . "</b>") . "</td>\n" .
+ "<td><i>" . esc_html(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
+ "<td>";
+ if (length($co{'title_short'}) < length($co{'title'})) {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"},
+ "<b>" . esc_html($co{'title_short'}) . "</b>");
+ } else {
+ print $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit"), -class => "list"},
+ "<b>" . esc_html($co{'title_short'}) . "</b>");
+ }
+ print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=commit;h=$commit")}, "commit") .
+ " | " . $cgi->a({-href => esc_url("$my_uri?p=$project;a=commitdiff;h=$commit")}, "commitdiff") .
"</td>\n" .
"</tr>";
}
if ($#revlist >= (100 * ($page+1)-1)) {
print "<tr>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -title => "Alt-n"}, "next") .
+ $cgi->a({-href => esc_url("$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") .
"</td>\n" .
"</tr>\n";
}