# source of projects list
our $projects_list = "++GITWEB_LIST++";
+# show repository only if this file exists
+# (only effective if this variable evaluates to true)
+our $export_ok = "++GITWEB_EXPORT_OK++";
+
+# only allow viewing of repositories also shown on the overview page
+our $strict_export = "++GITWEB_STRICT_EXPORT++";
+
# list of git base URLs used for URL to where fetch project from,
# i.e. full URL is "$git_base_url/$project"
our @git_base_url_list = ("++GITWEB_BASE_URL++");
# version of the core git binary
our $git_version = qx($GIT --version) =~ m/git version (.*)$/ ? $1 : "unknown";
-# path to the current git repository
-our $git_dir;
-
$projects_list ||= $projectroot;
# ======================================================================
our $project = $cgi->param('p');
if (defined $project) {
- if (!validate_input($project)) {
- die_error(undef, "Invalid project parameter");
- }
- if (!(-d "$projectroot/$project")) {
- die_error(undef, "No such directory");
- }
- if (!(-e "$projectroot/$project/HEAD")) {
+ if (!validate_input($project) ||
+ !(-d "$projectroot/$project") ||
+ !(-e "$projectroot/$project/HEAD") ||
+ ($export_ok && !(-e "$projectroot/$project/$export_ok")) ||
+ ($strict_export && !project_in_list($project))) {
+ undef $project;
die_error(undef, "No such project");
}
}
+# We have to handle those containing any characters:
our $file_name = $cgi->param('f');
-if (defined $file_name) {
- if (!validate_input($file_name)) {
- die_error(undef, "Invalid file parameter");
- }
-}
-
our $file_parent = $cgi->param('fp');
-if (defined $file_parent) {
- if (!validate_input($file_parent)) {
- die_error(undef, "Invalid file parent parameter");
- }
-}
our $hash = $cgi->param('h');
if (defined $hash) {
our $page = $cgi->param('pg');
if (defined $page) {
- if ($page =~ m/[^0-9]$/) {
+ if ($page =~ m/[^0-9]/) {
die_error(undef, "Invalid page parameter");
}
}
}
# now read PATH_INFO and use it as alternative to parameters
-our $path_info = $ENV{"PATH_INFO"};
-$path_info =~ s|^/||;
-$path_info =~ s|/$||;
-if (validate_input($path_info) && !defined $project) {
+sub evaluate_path_info {
+ return if defined $project;
+ my $path_info = $ENV{"PATH_INFO"};
+ return if !$path_info;
+ $path_info =~ s,^/+,,;
+ return if !$path_info;
+ # find which part of PATH_INFO is project
$project = $path_info;
+ $project =~ s,/+$,,;
while ($project && !-e "$projectroot/$project/HEAD") {
$project =~ s,/*[^/]*$,,;
}
- if (defined $project) {
- $project = undef unless $project;
- }
- if ($path_info =~ m,^$project/([^/]+)/(.+)$,) {
- # we got "project.git/branch/filename"
- $action ||= "blob_plain";
- $hash_base ||= $1;
- $file_name ||= $2;
- } elsif ($path_info =~ m,^$project/([^/]+)$,) {
+ # validate project
+ $project = validate_input($project);
+ if (!$project ||
+ ($export_ok && !-e "$projectroot/$project/$export_ok") ||
+ ($strict_export && !project_in_list($project))) {
+ undef $project;
+ return;
+ }
+ # do not change any parameters if an action is given using the query string
+ return if $action;
+ $path_info =~ s,^$project/*,,;
+ my ($refname, $pathname) = split(/:/, $path_info, 2);
+ if (defined $pathname) {
+ # we got "project.git/branch:filename" or "project.git/branch:dir/"
+ # we could use git_get_type(branch:pathname), but it needs $git_dir
+ $pathname =~ s,^/+,,;
+ if (!$pathname || substr($pathname, -1) eq "/") {
+ $action ||= "tree";
+ $pathname =~ s,/$,,;
+ } else {
+ $action ||= "blob_plain";
+ }
+ $hash_base ||= validate_input($refname);
+ $file_name ||= $pathname;
+ } elsif (defined $refname) {
# we got "project.git/branch"
$action ||= "shortlog";
- $hash ||= $1;
+ $hash ||= validate_input($refname);
}
}
+evaluate_path_info();
-$git_dir = "$projectroot/$project";
+# path to the current git repository
+our $git_dir;
+$git_dir = "$projectroot/$project" if $project;
# dispatch
my %actions = (
if (!defined($actions{$action})) {
die_error(undef, "Unknown action");
}
+if ($action !~ m/^(opml|project_list|project_index)$/ &&
+ !$project) {
+ die_error(undef, "Project needed");
+}
$actions{$action}->();
exit;
# correct, but quoted slashes look too horrible in bookmarks
sub esc_param {
my $str = shift;
- $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
+ $str =~ s/([^A-Za-z0-9\-_.~()\/:@])/sprintf("%%%02X", ord($1))/eg;
$str =~ s/\+/%2B/g;
$str =~ s/ /\+/g;
return $str;
return $line;
}
+sub project_in_list {
+ my $project = shift;
+ my @list = git_get_projects_list();
+ return @list && scalar(grep { $_->{'path'} eq $project } @list);
+}
+
## ----------------------------------------------------------------------
## HTML aware string manipulation
if (length($short) < length($long)) {
return $cgi->a({-href => $href, -class => "list subject",
- -title => $long},
+ -title => decode("utf8", $long, Encode::FB_DEFAULT)},
esc_html($short) . $extra);
} else {
return $cgi->a({-href => $href, -class => "list subject"},
sub git_get_hash_by_path {
my $base = shift;
my $path = shift || return undef;
+ my $type = shift;
my $tree = $base;
#'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa panic.c'
$line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
+ if (defined $type && $type ne $2) {
+ # type doesn't match
+ return undef;
+ }
return $3;
}
sub git_get_project_url_list {
my $path = shift;
- open my $fd, "$projectroot/$path/cloneurl" or return undef;
+ open my $fd, "$projectroot/$path/cloneurl" or return;
my @git_project_url_list = map { chomp; $_ } <$fd>;
close $fd;
my $subdir = substr($File::Find::name, $pfxlen + 1);
# we check related file in $projectroot
- if (-e "$projectroot/$subdir/HEAD") {
+ if (-e "$projectroot/$subdir/HEAD" && (!$export_ok ||
+ -e "$projectroot/$subdir/$export_ok")) {
push @list, { path => $subdir };
$File::Find::prune = 1;
}
if (!defined $path) {
next;
}
- if (-e "$projectroot/$path/HEAD") {
+ if (-e "$projectroot/$path/HEAD" && (!$export_ok ||
+ -e "$projectroot/$path/$export_ok")) {
my $pr = {
path => $path,
owner => decode("utf8", $owner, Encode::FB_DEFAULT),
sub git_get_references {
my $type = shift || "";
my %refs;
- my $fd;
# 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f8c refs/tags/v2.6.11
# c39ae07f393806ccf406ef966e9a15afc43cc36a refs/tags/v2.6.11^{}
- if (-f "$projectroot/$project/info/refs") {
- open $fd, "$projectroot/$project/info/refs"
- or return;
- } else {
- open $fd, "-|", git_cmd(), "ls-remote", "."
- or return;
- }
+ open my $fd, "-|", $GIT, "peek-remote", "$projectroot/$project/"
+ or return;
while (my $line = <$fd>) {
chomp $line;
## parse to array of hashes functions
sub git_get_refs_list {
- my $ref_dir = shift;
+ my $type = shift || "";
+ my %refs;
my @reflist;
my @refs;
or return;
while (my $line = <$fd>) {
chomp $line;
- if ($line =~ m/^([0-9a-fA-F]{40})\t$ref_dir\/?([^\^]+)$/) {
- push @refs, { hash => $1, name => $2 };
- } elsif ($line =~ m/^[0-9a-fA-F]{40}\t$ref_dir\/?(.*)\^\{\}$/ &&
- $1 eq $refs[-1]{'name'}) {
- # most likely a tag is followed by its peeled
- # (deref) one, and when that happens we know the
- # previous one was of type 'tag'.
- $refs[-1]{'type'} = "tag";
+ if ($line =~ m/^([0-9a-fA-F]{40})\trefs\/($type\/?([^\^]+))(\^\{\})?$/) {
+ if (defined $refs{$1}) {
+ push @{$refs{$1}}, $2;
+ } else {
+ $refs{$1} = [ $2 ];
+ }
+
+ if (! $4) { # unpeeled, direct reference
+ push @refs, { hash => $1, name => $3 }; # without type
+ } elsif ($3 eq $refs[-1]{'name'}) {
+ # most likely a tag is followed by its peeled
+ # (deref) one, and when that happens we know the
+ # previous one was of type 'tag'.
+ $refs[-1]{'type'} = "tag";
+ }
}
}
close $fd;
}
# sort refs by age
@reflist = sort {$b->{'epoch'} <=> $a->{'epoch'}} @reflist;
- return \@reflist;
+ return (\@reflist, \%refs);
}
## ----------------------------------------------------------------------
}
close(MIME);
- $filename =~ /\.(.*?)$/;
+ $filename =~ /\.([^.]*)$/;
return $mimemap{$1};
}
if (defined $action) {
$title .= "/$action";
if (defined $file_name) {
- $title .= " - $file_name";
+ $title .= " - " . esc_html($file_name);
if ($action eq "tree" && $file_name !~ m|/$|) {
$title .= "/";
}
my $fullname = '';
print "<div class=\"page_path\">";
+ print $cgi->a({-href => href(action=>"tree", hash_base=>$hb),
+ -title => 'tree root'}, "[$project]");
+ print " / ";
foreach my $dir (@dirname) {
- $fullname .= $dir . '/';
+ $fullname .= ($fullname ? '/' : '') . $dir;
print $cgi->a({-href => href(action=>"tree", file_name=>$fullname,
hash_base=>$hb),
-title => $fullname}, esc_html($dir));
- print "/";
+ print " / ";
}
if (defined $type && $type eq 'blob') {
print $cgi->a({-href => href(action=>"blob_plain", file_name=>$file_name,
print $cgi->a({-href => href(action=>"tree", file_name=>$file_name,
hash_base=>$hb),
-title => $name}, esc_html($basename));
- print "/";
} else {
print esc_html($basename);
}
# uses global variable $project
my ($revlist, $from, $to, $refs, $extra) = @_;
- my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
- my $have_snapshot = (defined $ctype && defined $suffix);
-
$from = 0 unless defined $from;
$to = $#{$revlist} if (!defined $to || $#{$revlist} < $to);
print "</td>\n" .
"<td class=\"link\">" .
$cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") . " | " .
- $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff");
- if ($have_snapshot) {
- print " | " . $cgi->a({-href => href(action=>"snapshot", hash=>$commit)}, "snapshot");
- }
+ $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") . " | " .
+ $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree");
print "</td>\n" .
"</tr>\n";
}
sub git_heads_body {
# uses global variable $project
- my ($taglist, $head, $from, $to, $extra) = @_;
+ my ($headlist, $head, $from, $to, $extra) = @_;
$from = 0 unless defined $from;
- $to = $#{$taglist} if (!defined $to || $#{$taglist} < $to);
+ $to = $#{$headlist} if (!defined $to || $#{$headlist} < $to);
print "<table class=\"heads\" cellspacing=\"0\">\n";
my $alternate = 0;
for (my $i = $from; $i <= $to; $i++) {
- my $entry = $taglist->[$i];
+ my $entry = $headlist->[$i];
my %tag = %$entry;
my $curr = $tag{'id'} eq $head;
if ($alternate) {
"</td>\n" .
"<td class=\"link\">" .
$cgi->a({-href => href(action=>"shortlog", hash=>$tag{'name'})}, "shortlog") . " | " .
- $cgi->a({-href => href(action=>"log", hash=>$tag{'name'})}, "log") .
+ $cgi->a({-href => href(action=>"log", hash=>$tag{'name'})}, "log") . " | " .
+ $cgi->a({-href => href(action=>"tree", hash=>$tag{'name'}, hash_base=>$tag{'name'})}, "tree") .
"</td>\n" .
"</tr>";
}
"<td class=\"link\">" .
$cgi->a({-href => href(project=>$pr->{'path'}, action=>"summary")}, "summary") . " | " .
$cgi->a({-href => href(project=>$pr->{'path'}, action=>"shortlog")}, "shortlog") . " | " .
- $cgi->a({-href => href(project=>$pr->{'path'}, action=>"log")}, "log") .
+ $cgi->a({-href => href(project=>$pr->{'path'}, action=>"log")}, "log") . " | " .
+ $cgi->a({-href => href(project=>$pr->{'path'}, action=>"tree")}, "tree") .
"</td>\n" .
"</tr>\n";
}
my $owner = git_get_project_owner($project);
- my $refs = git_get_references();
+ my ($reflist, $refs) = git_get_refs_list();
+
+ my @taglist;
+ my @headlist;
+ foreach my $ref (@$reflist) {
+ if ($ref->{'name'} =~ s!^heads/!!) {
+ push @headlist, $ref;
+ } else {
+ $ref->{'name'} =~ s!^tags/!!;
+ push @taglist, $ref;
+ }
+ }
+
git_header_html();
git_print_page_nav('summary','', $head);
git_shortlog_body(\@revlist, 0, 15, $refs,
$cgi->a({-href => href(action=>"shortlog")}, "..."));
- my $taglist = git_get_refs_list("refs/tags");
- if (defined @$taglist) {
+ if (@taglist) {
git_print_header_div('tags');
- git_tags_body($taglist, 0, 15,
+ git_tags_body(\@taglist, 0, 15,
$cgi->a({-href => href(action=>"tags")}, "..."));
}
- my $headlist = git_get_refs_list("refs/heads");
- if (defined @$headlist) {
+ if (@headlist) {
git_print_header_div('heads');
- git_heads_body($headlist, $head, 0, 15,
+ git_heads_body(\@headlist, $head, 0, 15,
$cgi->a({-href => href(action=>"heads")}, "..."));
}
if ($ftype !~ "blob") {
die_error("400 Bad Request", "Object is not a blob");
}
- open ($fd, "-|", git_cmd(), "blame", '-l', $file_name, $hash_base)
+ open ($fd, "-|", git_cmd(), "blame", '-l', '--', $file_name, $hash_base)
or die_error(undef, "Open git-blame failed");
git_header_html();
my $formats_nav =
$cgi->a({-href => href(action=>"blob", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
"blob") .
" | " .
+ $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
+ "history") .
+ " | " .
$cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
- "head");
+ "HEAD");
git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
git_print_page_path($file_name, $ftype, $hash_base);
$cgi->a({-href => href(action=>"blob", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
"blob") .
" | " .
+ $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
+ "history") .
+ " | " .
$cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
- "head");
+ "HEAD");
git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
git_print_page_path($file_name, 'blob', $hash_base);
git_print_page_nav('','', $head,undef,$head);
git_print_header_div('summary', $project);
- my $taglist = git_get_refs_list("refs/tags");
- if (defined @$taglist) {
+ my ($taglist) = git_get_refs_list("tags");
+ if (@$taglist) {
git_tags_body($taglist);
}
git_footer_html();
git_print_page_nav('','', $head,undef,$head);
git_print_header_div('summary', $project);
- my $taglist = git_get_refs_list("refs/heads");
- if (defined @$taglist) {
- git_heads_body($taglist, $head);
+ my ($headlist) = git_get_refs_list("heads");
+ if (@$headlist) {
+ git_heads_body($headlist, $head);
}
git_footer_html();
}
" | ";
}
$formats_nav .=
+ $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+ hash=>$hash, file_name=>$file_name)},
+ "history") .
+ " | " .
$cgi->a({-href => href(action=>"blob_plain",
hash=>$hash, file_name=>$file_name)},
- "plain") .
+ "raw") .
" | " .
$cgi->a({-href => href(action=>"blob",
hash_base=>"HEAD", file_name=>$file_name)},
- "head");
+ "HEAD");
} else {
$formats_nav .=
- $cgi->a({-href => href(action=>"blob_plain", hash=>$hash)}, "plain");
+ $cgi->a({-href => href(action=>"blob_plain", hash=>$hash)}, "raw");
}
git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
}
sub git_tree {
+ my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
+ my $have_snapshot = (defined $ctype && defined $suffix);
+
if (!defined $hash) {
$hash = git_get_head_hash($project);
if (defined $file_name) {
my $base = "";
my ($have_blame) = gitweb_check_feature('blame');
if (defined $hash_base && (my %co = parse_commit($hash_base))) {
- git_print_page_nav('tree','', $hash_base);
+ my @views_nav = ();
+ if (defined $file_name) {
+ push @views_nav,
+ $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+ hash=>$hash, file_name=>$file_name)},
+ "history"),
+ $cgi->a({-href => href(action=>"tree",
+ hash_base=>"HEAD", file_name=>$file_name)},
+ "HEAD"),
+ }
+ if ($have_snapshot) {
+ # FIXME: Should be available when we have no hash base as well.
+ push @views_nav,
+ $cgi->a({-href => href(action=>"snapshot", hash=>$hash)},
+ "snapshot");
+ }
+ git_print_page_nav('tree','', $hash_base, undef, undef, join(' | ', @views_nav));
git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash_base);
} else {
undef $hash_base;
$cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") .
" | " .
$cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") .
+ " | " .
+ $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree") .
"<br/>\n" .
"</div>\n" .
"<i>" . esc_html($co{'author_name'}) . " [$ad{'rfc2822'}]</i><br/>\n" .
my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
my $have_snapshot = (defined $ctype && defined $suffix);
- my $formats_nav = '';
+ my @views_nav = ();
if (defined $file_name && defined $co{'parent'}) {
my $parent = $co{'parent'};
- $formats_nav .=
+ push @views_nav,
$cgi->a({-href => href(action=>"blame", hash_parent=>$parent, file_name=>$file_name)},
"blame");
}
+ if (defined $co{'parent'}) {
+ push @views_nav,
+ $cgi->a({-href => href(action=>"shortlog", hash=>$hash)}, "shortlog"),
+ $cgi->a({-href => href(action=>"log", hash=>$hash)}, "log");
+ }
git_header_html(undef, $expires);
git_print_page_nav('commit', defined $co{'parent'} ? '' : 'commitdiff',
$hash, $co{'tree'}, $hash,
- $formats_nav);
+ join (' | ', @views_nav));
if (defined $co{'parent'}) {
git_print_header_div('commitdiff', esc_html($co{'title'}) . $ref, $hash);
hash=>$hash, hash_parent=>$hash_parent,
hash_base=>$hash_base, hash_parent_base=>$hash_parent_base,
file_name=>$file_name, file_parent=>$file_parent)},
- "plain");
+ "raw");
git_header_html(undef, $expires);
if (defined $hash_base && (my %co = parse_commit($hash_base))) {
git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
-type => 'text/plain',
-charset => 'utf-8',
-expires => $expires,
- -content_disposition => qq(inline; filename="${file_name}.patch"));
+ -content_disposition => qq(inline; filename=") . quotemeta($file_name) . qq(.patch"));
print "X-Git-Url: " . $cgi->self_url() . "\n\n";
} else {
while (my $line = <$fd>) {
- $line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g;
- $line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g;
+ $line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg;
+ $line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg;
print $line;
my $formats_nav =
$cgi->a({-href => href(action=>"commitdiff_plain",
hash=>$hash, hash_parent=>$hash_parent)},
- "plain");
+ "raw");
git_header_html(undef, $expires);
git_print_page_nav('commitdiff','', $hash,$co{'tree'},$hash, $formats_nav);
if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) {
next;
}
- my $file = validate_input(unquote($7));
+ my $file = esc_html(unquote($7));
$file = decode("utf8", $file, Encode::FB_DEFAULT);
print "$file<br/>\n";
}