use Fcntl ':mode';
my $cgi = new CGI;
-my $version = "240";
+my $version = "245";
my $my_url = $cgi->url();
my $my_uri = $cgi->url(-absolute => 1);
my $rss_link = "";
# input validation and dispatch
my $action = $cgi->param('a');
if (defined $action) {
- if ($action =~ m/[^0-9a-zA-Z\.\-_]+/) {
+ if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
undef $action;
die_error(undef, "Invalid action parameter.");
}
my $order = $cgi->param('o');
if (defined $order) {
- if ($order =~ m/[^a-zA-Z0-9_]/) {
+ if ($order =~ m/[^0-9a-zA-Z_]/) {
undef $order;
die_error(undef, "Invalid order parameter.");
}
my $project = $cgi->param('p');
if (defined $project) {
- if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $project;
- die_error(undef, "Non-canonical project parameter.");
- }
- if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) {
- undef $project;
- die_error(undef, "Invalid character in project parameter.");
+ $project = validate_input($project);
+ if (!defined($project)) {
+ die_error(undef, "Invalid project parameter.");
}
if (!(-d "$projectroot/$project")) {
undef $project;
my $file_name = $cgi->param('f');
if (defined $file_name) {
- if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $file_name;
- die_error(undef, "Non-canonical file parameter.");
- }
- if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $file_name;
- die_error(undef, "Invalid character in file parameter.");
+ $file_name = validate_input($file_name);
+ if (!defined($file_name)) {
+ die_error(undef, "Invalid file parameter.");
}
}
my $hash = $cgi->param('h');
if (defined $hash) {
- if (!($hash =~ m/^[0-9a-fA-F]{40}$/)) {
- if ($hash =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
- undef $hash;
- die_error(undef, "Non-canonical hash parameter.");
- }
- if ($hash =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) {
- undef $hash;
- die_error(undef, "Invalid character in hash parameter.");
- }
- # replace branch-name with hash
- my $branchlist = git_read_refs("refs/heads");
- foreach my $entry (@$branchlist) {
- my %branch = %$entry;
- if ($branch{'name'} eq $hash) {
- $hash = $branch{'id'};
- last;
- }
- }
+ $hash = validate_input($hash);
+ if (!defined($hash)) {
+ die_error(undef, "Invalid hash parameter.");
}
}
my $hash_parent = $cgi->param('hp');
-if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_parent;
- die_error(undef, "Invalid hash_parent parameter.");
+if (defined $hash_parent) {
+ $hash_parent = validate_input($hash_parent);
+ if (!defined($hash_parent)) {
+ die_error(undef, "Invalid hash parent parameter.");
+ }
}
my $hash_base = $cgi->param('hb');
-if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) {
- undef $hash_base;
- die_error(undef, "Invalid parent hash parameter.");
+if (defined $hash_base) {
+ $hash_base = validate_input($hash_base);
+ if (!defined($hash_base)) {
+ die_error(undef, "Invalid hash base parameter.");
+ }
}
my $page = $cgi->param('pg');
if (defined $page) {
- if ($page =~ m/^[^0-9]+$/) {
+ if ($page =~ m/[^0-9]$/) {
undef $page;
die_error(undef, "Invalid page parameter.");
}
$searchtext = quotemeta $searchtext;
}
+sub validate_input {
+ my $input = shift;
+
+ if ($input =~ m/^[0-9a-fA-F]{40}$/) {
+ return $input;
+ }
+ if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) {
+ return undef;
+ }
+ if ($input =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) {
+ return undef;
+ }
+ return $input;
+}
+
if (!defined $action || $action eq "summary") {
git_summary();
exit;
if (!defined $searchtext) {
$searchtext = "";
}
+ my $search_hash;
+ if (defined $hash) {
+ $search_hash = $hash;
+ } else {
+ $search_hash = "HEAD";
+ }
$cgi->param("a", "search");
+ $cgi->param("h", $search_hash);
print $cgi->startform(-method => "get", -action => "$my_uri") .
"<div class=\"search\">\n" .
$cgi->hidden(-name => "p") . "\n" .
$cgi->hidden(-name => "a") . "\n" .
+ $cgi->hidden(-name => "h") . "\n" .
$cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
"</div>" .
$cgi->end_form() . "\n";
my @commit_lines;
my %co;
- my @parents;
if (defined $commit_text) {
@commit_lines = @$commit_text;
} else {
- open my $fd, "-|", "$gitbin/git-cat-file commit $commit_id" or return;
- @commit_lines = map { chomp; $_ } <$fd>;
+ $/ = "\0";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents --max-count=1 $commit_id" or return;
+ @commit_lines = split '\n', <$fd>;
close $fd or return;
+ $/ = "\n";
+ pop @commit_lines;
}
+ my $header = shift @commit_lines;
+ if (!($header =~ m/^[0-9a-fA-F]{40}/)) {
+ return;
+ }
+ ($co{'id'}, my @parents) = split ' ', $header;
+ $co{'parents'} = \@parents;
+ $co{'parent'} = $parents[0];
while (my $line = shift @commit_lines) {
last if $line eq "\n";
if ($line =~ m/^tree ([0-9a-fA-F]{40})$/) {
$co{'tree'} = $1;
- } elsif ($line =~ m/^parent ([0-9a-fA-F]{40})$/) {
- push @parents, $1;
} elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
$co{'author'} = $1;
$co{'author_epoch'} = $2;
}
}
if (!defined $co{'tree'}) {
- return undef
+ return;
};
- $co{'id'} = $commit_id;
- $co{'parents'} = \@parents;
- $co{'parent'} = $parents[0];
- $co{'comment'} = \@commit_lines;
+
foreach my $title (@commit_lines) {
if ($title ne "") {
- $co{'title'} = chop_str($title, 80);
+ $co{'title'} = chop_str($title, 80, 5);
# remove leading stuff of merges to make the interesting part visible
if (length($title) > 50) {
$title =~ s/^Automatic //;
$title =~ s/\/pub\/scm//;
}
}
- $co{'title_short'} = chop_str($title, 50);
+ $co{'title_short'} = chop_str($title, 50, 5);
last;
}
}
+ # remove added spaces
+ foreach my $line (@commit_lines) {
+ $line =~ s/^ //;
+ }
+ $co{'comment'} = \@commit_lines;
my $age = time - $co{'committer_epoch'};
$co{'age'} = $age;
if ($i-- > 0) {
print "<td><i>$co{'age_string'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
- "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
- "<b>" . escapeHTML($co{'title_short'}) . "</b>") .
- "</td>\n" .
+ "<td>";
+ if (length($co{'title_short'}) < length($co{'title'})) {
+ print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
+ "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ } else {
+ print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
+ "<b>" . escapeHTML($co{'title'}) . "</b>");
+ }
+ print "</td>\n" .
"<td class=\"link\">" .
$cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
" | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .
"</tr>\n";
print "<tr><td>committer</td><td>" . escapeHTML($co{'committer'}) . "</td></tr>\n";
print "<tr><td></td><td> $cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "</td></tr>\n";
- print "<tr><td>commit</td><td style=\"font-family:monospace\">$hash</td></tr>\n";
+ print "<tr><td>commit</td><td style=\"font-family:monospace\">$co{'id'}</td></tr>\n";
print "<tr>" .
"<td>tree</td>" .
"<td style=\"font-family:monospace\">" .
$mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777);
}
print "<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hp=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
+ $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "</td>\n" .
"<td><span style=\"color: #008000;\">[new " . file_type($to_mode) . "$mode_chng]</span></td>\n" .
"<td class=\"link\">" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob") . "</td>\n";
} elsif ($status eq "D") {
my $alternate = 0;
if ($commit_search) {
$/ = "\0";
- open my $fd, "-|", "$gitbin/git-rev-list --header $hash";
+ open my $fd, "-|", "$gitbin/git-rev-list --header --parents $hash" or next;
while (my $commit_text = <$fd>) {
if (!grep m/$searchtext/i, $commit_text) {
next;
next;
}
my @commit_lines = split "\n", $commit_text;
- my $commit = shift @commit_lines;
- my %co = git_read_commit($commit, \@commit_lines);
+ my %co = git_read_commit(undef, \@commit_lines);
if (!%co) {
next;
}
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "</i></td>\n" .
"<td>" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
+ $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "<b>" . escapeHTML(chop_str($co{'title'}, 50)) . "</b><br/>");
my $comment = $co{'comment'};
foreach my $line (@$comment) {
if ($line =~ m/^(.*)($searchtext)(.*)$/i) {
}
print "</td>\n" .
"<td class=\"link\">" .
- $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
- " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$commit"}, "tree");
+ $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") .
+ " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree");
print "</td>\n" .
"</tr>\n";
}
$alternate ^= 1;
print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
"<td><i>" . escapeHTML(chop_str($co{'author_name'}, 10)) . "</i></td>\n" .
- "<td>" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "<b>" .
- escapeHTML($co{'title_short'}) . "</b>") . "</td>\n" .
+ "<td>";
+ if (length($co{'title_short'}) < length($co{'title'})) {
+ print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list", -title => "$co{'title'}"},
+ "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ } else {
+ print $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"},
+ "<b>" . escapeHTML($co{'title_short'}) . "</b>");
+ }
+ print "</td>\n" .
"<td class=\"link\">" .
$cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") .
" | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") .