Merge branch 'jc/repack'
[gitweb.git] / gitweb / gitweb.perl
index 1b352cbb25c525159d06a3c1c2e67f7524a02ff3..597d29f22fc931cf13574a8d2b0fde9f6b2f9908 100755 (executable)
 our $stylesheet = "++GITWEB_CSS++";
 # URI of GIT logo
 our $logo = "++GITWEB_LOGO++";
+# URI of GIT favicon, assumed to be image/png type
+our $favicon = "++GITWEB_FAVICON++";
 
 # source of projects list
 our $projects_list = "++GITWEB_LIST++";
 
+# show repository only if this file exists
+# (only effective if this variable evaluates to true)
+our $export_ok = "++GITWEB_EXPORT_OK++";
+
+# only allow viewing of repositories also shown on the overview page
+our $strict_export = "++GITWEB_STRICT_EXPORT++";
+
 # list of git base URLs used for URL to where fetch project from,
 # i.e. full URL is "$git_base_url/$project"
 our @git_base_url_list = ("++GITWEB_BASE_URL++");
                'override' => 0,
                #         => [content-encoding, suffix, program]
                'default' => ['x-gzip', 'gz', 'gzip']},
+
+       'pickaxe' => {
+               'sub' => \&feature_pickaxe,
+               'override' => 0,
+               'default' => [1]},
 );
 
 sub gitweb_check_feature {
@@ -141,6 +155,24 @@ sub feature_snapshot {
        return ($ctype, $suffix, $command);
 }
 
+# To enable system wide have in $GITWEB_CONFIG
+# $feature{'pickaxe'}{'default'} = [1];
+# To have project specific config enable override in $GITWEB_CONFIG
+# $feature{'pickaxe'}{'override'} = 1;
+# and in project config gitweb.pickaxe = 0|1;
+
+sub feature_pickaxe {
+       my ($val) = git_get_project_config('pickaxe', '--bool');
+
+       if ($val eq 'true') {
+               return (1);
+       } elsif ($val eq 'false') {
+               return (0);
+       }
+
+       return ($_[0]);
+}
+
 # rename detection options for git-diff and git-diff-tree
 # - default is '-M', with the cost proportional to
 #   (number of removed files) * (number of new files).
@@ -152,14 +184,11 @@ sub feature_snapshot {
 our @diff_opts = ('-M'); # taken from git_commit
 
 our $GITWEB_CONFIG = $ENV{'GITWEB_CONFIG'} || "++GITWEB_CONFIG++";
-require $GITWEB_CONFIG if -e $GITWEB_CONFIG;
+do $GITWEB_CONFIG if -e $GITWEB_CONFIG;
 
 # version of the core git binary
 our $git_version = qx($GIT --version) =~ m/git version (.*)$/ ? $1 : "unknown";
 
-# path to the current git repository
-our $git_dir;
-
 $projects_list ||= $projectroot;
 
 # ======================================================================
@@ -171,38 +200,21 @@ sub feature_snapshot {
        }
 }
 
-our $project = ($cgi->param('p') || $ENV{'PATH_INFO'});
-if (defined $project) {
-       $project =~ s|^/||;
-       $project =~ s|/$||;
-       $project = undef unless $project;
-}
+our $project = $cgi->param('p');
 if (defined $project) {
-       if (!validate_input($project)) {
-               die_error(undef, "Invalid project parameter");
-       }
-       if (!(-d "$projectroot/$project")) {
-               die_error(undef, "No such directory");
-       }
-       if (!(-e "$projectroot/$project/HEAD")) {
+       if (!validate_input($project) ||
+           !(-d "$projectroot/$project") ||
+           !(-e "$projectroot/$project/HEAD") ||
+           ($export_ok && !(-e "$projectroot/$project/$export_ok")) ||
+           ($strict_export && !project_in_list($project))) {
+               undef $project;
                die_error(undef, "No such project");
        }
-       $git_dir = "$projectroot/$project";
 }
 
+# We have to handle those containing any characters:
 our $file_name = $cgi->param('f');
-if (defined $file_name) {
-       if (!validate_input($file_name)) {
-               die_error(undef, "Invalid file parameter");
-       }
-}
-
 our $file_parent = $cgi->param('fp');
-if (defined $file_parent) {
-       if (!validate_input($file_parent)) {
-               die_error(undef, "Invalid file parent parameter");
-       }
-}
 
 our $hash = $cgi->param('h');
 if (defined $hash) {
@@ -234,7 +246,7 @@ sub feature_snapshot {
 
 our $page = $cgi->param('pg');
 if (defined $page) {
-       if ($page =~ m/[^0-9]$/) {
+       if ($page =~ m/[^0-9]/) {
                die_error(undef, "Invalid page parameter");
        }
 }
@@ -247,6 +259,55 @@ sub feature_snapshot {
        $searchtext = quotemeta $searchtext;
 }
 
+# now read PATH_INFO and use it as alternative to parameters
+sub evaluate_path_info {
+       return if defined $project;
+       my $path_info = $ENV{"PATH_INFO"};
+       return if !$path_info;
+       $path_info =~ s,^/+,,;
+       return if !$path_info;
+       # find which part of PATH_INFO is project
+       $project = $path_info;
+       $project =~ s,/+$,,;
+       while ($project && !-e "$projectroot/$project/HEAD") {
+               $project =~ s,/*[^/]*$,,;
+       }
+       # validate project
+       $project = validate_input($project);
+       if (!$project ||
+           ($export_ok && !-e "$projectroot/$project/$export_ok") ||
+           ($strict_export && !project_in_list($project))) {
+               undef $project;
+               return;
+       }
+       # do not change any parameters if an action is given using the query string
+       return if $action;
+       $path_info =~ s,^$project/*,,;
+       my ($refname, $pathname) = split(/:/, $path_info, 2);
+       if (defined $pathname) {
+               # we got "project.git/branch:filename" or "project.git/branch:dir/"
+               # we could use git_get_type(branch:pathname), but it needs $git_dir
+               $pathname =~ s,^/+,,;
+               if (!$pathname || substr($pathname, -1) eq "/") {
+                       $action  ||= "tree";
+                       $pathname =~ s,/$,,;
+               } else {
+                       $action  ||= "blob_plain";
+               }
+               $hash_base ||= validate_input($refname);
+               $file_name ||= $pathname;
+       } elsif (defined $refname) {
+               # we got "project.git/branch"
+               $action ||= "shortlog";
+               $hash   ||= validate_input($refname);
+       }
+}
+evaluate_path_info();
+
+# path to the current git repository
+our $git_dir;
+$git_dir = "$projectroot/$project" if $project;
+
 # dispatch
 my %actions = (
        "blame" => \&git_blame2,
@@ -271,6 +332,7 @@ sub feature_snapshot {
        # those below don't need $project
        "opml" => \&git_opml,
        "project_list" => \&git_project_list,
+       "project_index" => \&git_project_index,
 );
 
 if (defined $project) {
@@ -281,6 +343,10 @@ sub feature_snapshot {
 if (!defined($actions{$action})) {
        die_error(undef, "Unknown action");
 }
+if ($action !~ m/^(opml|project_list|project_index)$/ &&
+    !$project) {
+       die_error(undef, "Project needed");
+}
 $actions{$action}->();
 exit;
 
@@ -300,11 +366,12 @@ (%)
                hash_base => "hb",
                hash_parent_base => "hpb",
                page => "pg",
+               order => "o",
                searchtext => "s",
        );
        my %mapping = @mapping;
 
-       $params{"project"} ||= $project;
+       $params{'project'} = $project unless exists $params{'project'};
 
        my @result = ();
        for (my $i = 0; $i < @mapping; $i += 2) {
@@ -339,7 +406,7 @@ sub validate_input {
 # correct, but quoted slashes look too horrible in bookmarks
 sub esc_param {
        my $str = shift;
-       $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
+       $str =~ s/([^A-Za-z0-9\-_.~()\/:@])/sprintf("%%%02X", ord($1))/eg;
        $str =~ s/\+/%2B/g;
        $str =~ s/ /\+/g;
        return $str;
@@ -378,6 +445,12 @@ sub untabify {
        return $line;
 }
 
+sub project_in_list {
+       my $project = shift;
+       my @list = git_get_projects_list();
+       return @list && scalar(grep { $_->{'path'} eq $project } @list);
+}
+
 ## ----------------------------------------------------------------------
 ## HTML aware string manipulation
 
@@ -544,7 +617,7 @@ sub format_subject_html {
 
        if (length($short) < length($long)) {
                return $cgi->a({-href => $href, -class => "list subject",
-                               -title => $long},
+                               -title => decode("utf8", $long, Encode::FB_DEFAULT)},
                       esc_html($short) . $extra);
        } else {
                return $cgi->a({-href => $href, -class => "list subject"},
@@ -635,6 +708,7 @@ sub git_get_project_config {
 sub git_get_hash_by_path {
        my $base = shift;
        my $path = shift || return undef;
+       my $type = shift;
 
        my $tree = $base;
 
@@ -645,25 +719,16 @@ sub git_get_hash_by_path {
 
        #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
        $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
+       if (defined $type && $type ne $2) {
+               # type doesn't match
+               return undef;
+       }
        return $3;
 }
 
 ## ......................................................................
 ## git utility functions, directly accessing git repository
 
-# assumes that PATH is not symref
-sub git_get_hash_by_ref {
-       my $path = shift;
-
-       open my $fd, "$projectroot/$path" or return undef;
-       my $head = <$fd>;
-       close $fd;
-       chomp $head;
-       if ($head =~ m/^[0-9a-fA-F]{40}$/) {
-               return $head;
-       }
-}
-
 sub git_get_project_description {
        my $path = shift;
 
@@ -677,7 +742,7 @@ sub git_get_project_description {
 sub git_get_project_url_list {
        my $path = shift;
 
-       open my $fd, "$projectroot/$path/cloneurl" or return undef;
+       open my $fd, "$projectroot/$path/cloneurl" or return;
        my @git_project_url_list = map { chomp; $_ } <$fd>;
        close $fd;
 
@@ -690,16 +755,27 @@ sub git_get_projects_list {
        if (-d $projects_list) {
                # search in directory
                my $dir = $projects_list;
-               opendir my ($dh), $dir or return undef;
-               while (my $dir = readdir($dh)) {
-                       if (-e "$projectroot/$dir/HEAD") {
-                               my $pr = {
-                                       path => $dir,
-                               };
-                               push @list, $pr
-                       }
-               }
-               closedir($dh);
+               my $pfxlen = length("$dir");
+
+               File::Find::find({
+                       follow_fast => 1, # follow symbolic links
+                       dangling_symlinks => 0, # ignore dangling symlinks, silently
+                       wanted => sub {
+                               # skip project-list toplevel, if we get it.
+                               return if (m!^[/.]$!);
+                               # only directories can be git repositories
+                               return unless (-d $_);
+
+                               my $subdir = substr($File::Find::name, $pfxlen + 1);
+                               # we check related file in $projectroot
+                               if (-e "$projectroot/$subdir/HEAD" && (!$export_ok ||
+                                   -e "$projectroot/$subdir/$export_ok")) {
+                                       push @list, { path => $subdir };
+                                       $File::Find::prune = 1;
+                               }
+                       },
+               }, "$dir");
+
        } elsif (-f $projects_list) {
                # read from file(url-encoded):
                # 'git%2Fgit.git Linus+Torvalds'
@@ -714,7 +790,8 @@ sub git_get_projects_list {
                        if (!defined $path) {
                                next;
                        }
-                       if (-e "$projectroot/$path/HEAD") {
+                       if (-e "$projectroot/$path/HEAD" && (!$export_ok ||
+                           -e "$projectroot/$path/$export_ok")) {
                                my $pr = {
                                        path => $path,
                                        owner => decode("utf8", $owner, Encode::FB_DEFAULT),
@@ -762,16 +839,10 @@ sub git_get_project_owner {
 sub git_get_references {
        my $type = shift || "";
        my %refs;
-       my $fd;
        # 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f8c      refs/tags/v2.6.11
        # c39ae07f393806ccf406ef966e9a15afc43cc36a      refs/tags/v2.6.11^{}
-       if (-f "$projectroot/$project/info/refs") {
-               open $fd, "$projectroot/$project/info/refs"
-                       or return;
-       } else {
-               open $fd, "-|", git_cmd(), "ls-remote", "."
-                       or return;
-       }
+       open my $fd, "-|", $GIT, "peek-remote", "$projectroot/$project/"
+               or return;
 
        while (my $line = <$fd>) {
                chomp $line;
@@ -1027,9 +1098,30 @@ sub parse_difftree_raw_line {
                }
        }
        # 'c512b523472485aef4fff9e57b229d9d243c967f'
-       #elsif ($line =~ m/^([0-9a-fA-F]{40})$/) {
-       #       $res{'commit'} = $1;
-       #}
+       elsif ($line =~ m/^([0-9a-fA-F]{40})$/) {
+               $res{'commit'} = $1;
+       }
+
+       return wantarray ? %res : \%res;
+}
+
+# parse line of git-ls-tree output
+sub parse_ls_tree_line ($;%) {
+       my $line = shift;
+       my %opts = @_;
+       my %res;
+
+       #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
+       $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
+
+       $res{'mode'} = $1;
+       $res{'type'} = $2;
+       $res{'hash'} = $3;
+       if ($opts{'-z'}) {
+               $res{'name'} = $4;
+       } else {
+               $res{'name'} = unquote($4);
+       }
 
        return wantarray ? %res : \%res;
 }
@@ -1038,28 +1130,46 @@ sub parse_difftree_raw_line {
 ## parse to array of hashes functions
 
 sub git_get_refs_list {
-       my $ref_dir = shift;
+       my $type = shift || "";
+       my %refs;
        my @reflist;
 
        my @refs;
-       my $pfxlen = length("$projectroot/$project/$ref_dir");
-       File::Find::find(sub {
-               return if (/^\./);
-               if (-f $_) {
-                       push @refs, substr($File::Find::name, $pfxlen + 1);
+       open my $fd, "-|", $GIT, "peek-remote", "$projectroot/$project/"
+               or return;
+       while (my $line = <$fd>) {
+               chomp $line;
+               if ($line =~ m/^([0-9a-fA-F]{40})\trefs\/($type\/?([^\^]+))(\^\{\})?$/) {
+                       if (defined $refs{$1}) {
+                               push @{$refs{$1}}, $2;
+                       } else {
+                               $refs{$1} = [ $2 ];
+                       }
+
+                       if (! $4) { # unpeeled, direct reference
+                               push @refs, { hash => $1, name => $3 }; # without type
+                       } elsif ($3 eq $refs[-1]{'name'}) {
+                               # most likely a tag is followed by its peeled
+                               # (deref) one, and when that happens we know the
+                               # previous one was of type 'tag'.
+                               $refs[-1]{'type'} = "tag";
+                       }
                }
-       }, "$projectroot/$project/$ref_dir");
+       }
+       close $fd;
 
-       foreach my $ref_file (@refs) {
-               my $ref_id = git_get_hash_by_ref("$project/$ref_dir/$ref_file");
-               my $type = git_get_type($ref_id) || next;
+       foreach my $ref (@refs) {
+               my $ref_file = $ref->{'name'};
+               my $ref_id   = $ref->{'hash'};
+
+               my $type = $ref->{'type'} || git_get_type($ref_id) || next;
                my %ref_item = parse_ref($ref_file, $ref_id, $type);
 
                push @reflist, \%ref_item;
        }
        # sort refs by age
        @reflist = sort {$b->{'epoch'} <=> $a->{'epoch'}} @reflist;
-       return \@reflist;
+       return (\@reflist, \%refs);
 }
 
 ## ----------------------------------------------------------------------
@@ -1100,7 +1210,7 @@ sub mimetype_guess_file {
        }
        close(MIME);
 
-       $filename =~ /\.(.*?)$/;
+       $filename =~ /\.([^.]*)$/;
        return $mimemap{$1};
 }
 
@@ -1162,7 +1272,7 @@ sub git_header_html {
                if (defined $action) {
                        $title .= "/$action";
                        if (defined $file_name) {
-                               $title .= " - $file_name";
+                               $title .= " - " . esc_html($file_name);
                                if ($action eq "tree" && $file_name !~ m|/$|) {
                                        $title .= "/";
                                }
@@ -1200,6 +1310,16 @@ sub git_header_html {
                printf('<link rel="alternate" title="%s log" '.
                       'href="%s" type="application/rss+xml"/>'."\n",
                       esc_param($project), href(action=>"rss"));
+       } else {
+               printf('<link rel="alternate" title="%s projects list" '.
+                      'href="%s" type="text/plain; charset=utf-8"/>'."\n",
+                      $site_name, href(project=>undef, action=>"project_index"));
+               printf('<link rel="alternate" title="%s projects logs" '.
+                      'href="%s" type="text/x-opml"/>'."\n",
+                      $site_name, href(project=>undef, action=>"opml"));
+       }
+       if (defined $favicon) {
+               print qq(<link rel="shortcut icon" href="$favicon" type="image/png"/>\n);
        }
 
        print "</head>\n" .
@@ -1247,9 +1367,13 @@ sub git_footer_html {
                if (defined $descr) {
                        print "<div class=\"page_footer_text\">" . esc_html($descr) . "</div>\n";
                }
-               print $cgi->a({-href => href(action=>"rss"), -class => "rss_logo"}, "RSS") . "\n";
+               print $cgi->a({-href => href(action=>"rss"),
+                             -class => "rss_logo"}, "RSS") . "\n";
        } else {
-               print $cgi->a({-href => href(action=>"opml"), -class => "rss_logo"}, "OPML") . "\n";
+               print $cgi->a({-href => href(project=>undef, action=>"opml"),
+                             -class => "rss_logo"}, "OPML") . " ";
+               print $cgi->a({-href => href(project=>undef, action=>"project_index"),
+                             -class => "rss_logo"}, "TXT") . "\n";
        }
        print "</div>\n" .
              "</body>\n" .
@@ -1358,10 +1482,18 @@ sub git_print_header_div {
 sub git_print_authorship {
        my $co = shift;
 
-       my %ad = parse_date($co->{'author_epoch'});
+       my %ad = parse_date($co->{'author_epoch'}, $co->{'author_tz'});
        print "<div class=\"author_date\">" .
              esc_html($co->{'author_name'}) .
-             " [$ad{'rfc2822'}]</div>\n";
+             " [$ad{'rfc2822'}";
+       if ($ad{'hour_local'} < 6) {
+               printf(" (<span class=\"atnight\">%02d:%02d</span> %s)",
+                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
+       } else {
+               printf(" (%02d:%02d %s)",
+                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
+       }
+       print "]</div>\n";
 }
 
 sub git_print_page_path {
@@ -1371,19 +1503,34 @@ sub git_print_page_path {
 
        if (!defined $name) {
                print "<div class=\"page_path\">/</div>\n";
-       } elsif (defined $type && $type eq 'blob') {
+       } else {
+               my @dirname = split '/', $name;
+               my $basename = pop @dirname;
+               my $fullname = '';
+
                print "<div class=\"page_path\">";
-               if (defined $hb) {
+               print $cgi->a({-href => href(action=>"tree", hash_base=>$hb),
+                             -title => 'tree root'}, "[$project]");
+               print " / ";
+               foreach my $dir (@dirname) {
+                       $fullname .= ($fullname ? '/' : '') . $dir;
+                       print $cgi->a({-href => href(action=>"tree", file_name=>$fullname,
+                                                    hash_base=>$hb),
+                                     -title => $fullname}, esc_html($dir));
+                       print " / ";
+               }
+               if (defined $type && $type eq 'blob') {
                        print $cgi->a({-href => href(action=>"blob_plain", file_name=>$file_name,
-                                                    hash_base=>$hb)},
-                                     esc_html($name));
+                                                    hash_base=>$hb),
+                                     -title => $name}, esc_html($basename));
+               } elsif (defined $type && $type eq 'tree') {
+                       print $cgi->a({-href => href(action=>"tree", file_name=>$file_name,
+                                                    hash_base=>$hb),
+                                     -title => $name}, esc_html($basename));
                } else {
-                       print $cgi->a({-href => href(action=>"blob_plain", file_name=>$file_name)},
-                                     esc_html($name));
+                       print esc_html($basename);
                }
                print "<br/></div>\n";
-       } else {
-               print "<div class=\"page_path\">" . esc_html($name) . "<br/></div>\n";
        }
 }
 
@@ -1446,6 +1593,62 @@ sub git_print_simplified_log {
                -remove_title => $remove_title);
 }
 
+# print tree entry (row of git_tree), but without encompassing <tr> element
+sub git_print_tree_entry {
+       my ($t, $basedir, $hash_base, $have_blame) = @_;
+
+       my %base_key = ();
+       $base_key{hash_base} = $hash_base if defined $hash_base;
+
+       print "<td class=\"mode\">" . mode_str($t->{'mode'}) . "</td>\n";
+       if ($t->{'type'} eq "blob") {
+               print "<td class=\"list\">" .
+                     $cgi->a({-href => href(action=>"blob", hash=>$t->{'hash'},
+                                            file_name=>"$basedir$t->{'name'}", %base_key),
+                             -class => "list"}, esc_html($t->{'name'})) .
+                     "</td>\n" .
+                     "<td class=\"link\">" .
+                     $cgi->a({-href => href(action=>"blob", hash=>$t->{'hash'},
+                                            file_name=>"$basedir$t->{'name'}", %base_key)},
+                             "blob");
+               if ($have_blame) {
+                       print " | " .
+                               $cgi->a({-href => href(action=>"blame", hash=>$t->{'hash'},
+                                                      file_name=>"$basedir$t->{'name'}", %base_key)},
+                                       "blame");
+               }
+               if (defined $hash_base) {
+                       print " | " .
+                             $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+                                                    hash=>$t->{'hash'}, file_name=>"$basedir$t->{'name'}")},
+                                     "history");
+               }
+               print " | " .
+                     $cgi->a({-href => href(action=>"blob_plain",
+                                            hash=>$t->{'hash'}, file_name=>"$basedir$t->{'name'}")},
+                             "raw") .
+                     "</td>\n";
+
+       } elsif ($t->{'type'} eq "tree") {
+               print "<td class=\"list\">" .
+                     $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
+                                            file_name=>"$basedir$t->{'name'}", %base_key)},
+                             esc_html($t->{'name'})) .
+                     "</td>\n" .
+                     "<td class=\"link\">" .
+                     $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
+                                            file_name=>"$basedir$t->{'name'}", %base_key)},
+                             "tree");
+               if (defined $hash_base) {
+                       print " | " .
+                             $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+                                                    file_name=>"$basedir$t->{'name'}")},
+                                     "history");
+               }
+               print "</td>\n";
+       }
+}
+
 ## ......................................................................
 ## functions printing large fragments of HTML
 
@@ -1502,7 +1705,7 @@ sub git_difftree_body {
                              $cgi->a({-href => href(action=>"blob", hash=>$diff{'to_id'},
                                                     hash_base=>$hash, file_name=>$diff{'file'})},
                                      "blob");
-                       if ($action == "commitdiff") {
+                       if ($action eq 'commitdiff') {
                                # link to patch
                                $patchno++;
                                print " | " .
@@ -1523,7 +1726,7 @@ sub git_difftree_body {
                                                     hash_base=>$parent, file_name=>$diff{'file'})},
                                      "blob") .
                              " | ";
-                       if ($action == "commitdiff") {
+                       if ($action eq 'commitdiff') {
                                # link to patch
                                $patchno++;
                                print " | " .
@@ -1569,7 +1772,7 @@ sub git_difftree_body {
                                                     hash_base=>$hash, file_name=>$diff{'file'})},
                                      "blob");
                        if ($diff{'to_id'} ne $diff{'from_id'}) { # modified
-                               if ($action == "commitdiff") {
+                               if ($action eq 'commitdiff') {
                                        # link to patch
                                        $patchno++;
                                        print " | " .
@@ -1611,7 +1814,7 @@ sub git_difftree_body {
                                                     hash=>$diff{'to_id'}, file_name=>$diff{'to_file'})},
                                      "blob");
                        if ($diff{'to_id'} ne $diff{'from_id'}) {
-                               if ($action == "commitdiff") {
+                               if ($action eq 'commitdiff') {
                                        # link to patch
                                        $patchno++;
                                        print " | " .
@@ -1762,9 +1965,6 @@ sub git_shortlog_body {
        # uses global variable $project
        my ($revlist, $from, $to, $refs, $extra) = @_;
 
-       my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
-       my $have_snapshot = (defined $ctype && defined $suffix);
-
        $from = 0 unless defined $from;
        $to = $#{$revlist} if (!defined $to || $#{$revlist} < $to);
 
@@ -1790,10 +1990,8 @@ sub git_shortlog_body {
                print "</td>\n" .
                      "<td class=\"link\">" .
                      $cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") . " | " .
-                     $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff");
-               if ($have_snapshot) {
-                       print " | " .  $cgi->a({-href => href(action=>"snapshot", hash=>$commit)}, "snapshot");
-               }
+                     $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") . " | " .
+                     $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree");
                print "</td>\n" .
                      "</tr>\n";
        }
@@ -1807,12 +2005,15 @@ sub git_shortlog_body {
 
 sub git_history_body {
        # Warning: assumes constant type (blob or tree) during history
-       my ($fd, $refs, $hash_base, $ftype, $extra) = @_;
+       my ($revlist, $from, $to, $refs, $hash_base, $ftype, $extra) = @_;
+
+       $from = 0 unless defined $from;
+       $to = $#{$revlist} unless (defined $to && $to <= $#{$revlist});
 
        print "<table class=\"history\" cellspacing=\"0\">\n";
        my $alternate = 0;
-       while (my $line = <$fd>) {
-               if ($line !~ m/^([0-9a-fA-F]{40})/) {
+       for (my $i = $from; $i <= $to; $i++) {
+               if ($revlist->[$i] !~ m/^([0-9a-fA-F]{40})/) {
                        next;
                }
 
@@ -1929,14 +2130,14 @@ sub git_tags_body {
 
 sub git_heads_body {
        # uses global variable $project
-       my ($taglist, $head, $from, $to, $extra) = @_;
+       my ($headlist, $head, $from, $to, $extra) = @_;
        $from = 0 unless defined $from;
-       $to = $#{$taglist} if (!defined $to || $#{$taglist} < $to);
+       $to = $#{$headlist} if (!defined $to || $#{$headlist} < $to);
 
        print "<table class=\"heads\" cellspacing=\"0\">\n";
        my $alternate = 0;
        for (my $i = $from; $i <= $to; $i++) {
-               my $entry = $taglist->[$i];
+               my $entry = $headlist->[$i];
                my %tag = %$entry;
                my $curr = $tag{'id'} eq $head;
                if ($alternate) {
@@ -1952,7 +2153,8 @@ sub git_heads_body {
                      "</td>\n" .
                      "<td class=\"link\">" .
                      $cgi->a({-href => href(action=>"shortlog", hash=>$tag{'name'})}, "shortlog") . " | " .
-                     $cgi->a({-href => href(action=>"log", hash=>$tag{'name'})}, "log") .
+                     $cgi->a({-href => href(action=>"log", hash=>$tag{'name'})}, "log") . " | " .
+                     $cgi->a({-href => href(action=>"tree", hash=>$tag{'name'}, hash_base=>$tag{'name'})}, "tree") .
                      "</td>\n" .
                      "</tr>";
        }
@@ -2016,7 +2218,7 @@ sub git_project_list {
                print "<th>Project</th>\n";
        } else {
                print "<th>" .
-                     $cgi->a({-href => "$my_uri?" . esc_param("o=project"),
+                     $cgi->a({-href => href(project=>undef, order=>'project'),
                               -class => "header"}, "Project") .
                      "</th>\n";
        }
@@ -2025,7 +2227,7 @@ sub git_project_list {
                print "<th>Description</th>\n";
        } else {
                print "<th>" .
-                     $cgi->a({-href => "$my_uri?" . esc_param("o=descr"),
+                     $cgi->a({-href => href(project=>undef, order=>'descr'),
                               -class => "header"}, "Description") .
                      "</th>\n";
        }
@@ -2034,7 +2236,7 @@ sub git_project_list {
                print "<th>Owner</th>\n";
        } else {
                print "<th>" .
-                     $cgi->a({-href => "$my_uri?" . esc_param("o=owner"),
+                     $cgi->a({-href => href(project=>undef, order=>'owner'),
                               -class => "header"}, "Owner") .
                      "</th>\n";
        }
@@ -2043,7 +2245,7 @@ sub git_project_list {
                print "<th>Last Change</th>\n";
        } else {
                print "<th>" .
-                     $cgi->a({-href => "$my_uri?" . esc_param("o=age"),
+                     $cgi->a({-href => href(project=>undef, order=>'age'),
                               -class => "header"}, "Last Change") .
                      "</th>\n";
        }
@@ -2066,7 +2268,8 @@ sub git_project_list {
                      "<td class=\"link\">" .
                      $cgi->a({-href => href(project=>$pr->{'path'}, action=>"summary")}, "summary")   . " | " .
                      $cgi->a({-href => href(project=>$pr->{'path'}, action=>"shortlog")}, "shortlog") . " | " .
-                     $cgi->a({-href => href(project=>$pr->{'path'}, action=>"log")}, "log") .
+                     $cgi->a({-href => href(project=>$pr->{'path'}, action=>"log")}, "log") . " | " .
+                     $cgi->a({-href => href(project=>$pr->{'path'}, action=>"tree")}, "tree") .
                      "</td>\n" .
                      "</tr>\n";
        }
@@ -2074,6 +2277,30 @@ sub git_project_list {
        git_footer_html();
 }
 
+sub git_project_index {
+       my @projects = git_get_projects_list();
+
+       print $cgi->header(
+               -type => 'text/plain',
+               -charset => 'utf-8',
+               -content_disposition => qq(inline; filename="index.aux"));
+
+       foreach my $pr (@projects) {
+               if (!exists $pr->{'owner'}) {
+                       $pr->{'owner'} = get_file_owner("$projectroot/$project");
+               }
+
+               my ($path, $owner) = ($pr->{'path'}, $pr->{'owner'});
+               # quote as in CGI::Util::encode, but keep the slash, and use '+' for ' '
+               $path  =~ s/([^a-zA-Z0-9_.\-\/ ])/sprintf("%%%02X", ord($1))/eg;
+               $owner =~ s/([^a-zA-Z0-9_.\-\/ ])/sprintf("%%%02X", ord($1))/eg;
+               $path  =~ s/ /\+/g;
+               $owner =~ s/ /\+/g;
+
+               print "$path $owner\n";
+       }
+}
+
 sub git_summary {
        my $descr = git_get_project_description($project) || "none";
        my $head = git_get_head_hash($project);
@@ -2082,7 +2309,19 @@ sub git_summary {
 
        my $owner = git_get_project_owner($project);
 
-       my $refs = git_get_references();
+       my ($reflist, $refs) = git_get_refs_list();
+
+       my @taglist;
+       my @headlist;
+       foreach my $ref (@$reflist) {
+               if ($ref->{'name'} =~ s!^heads/!!) {
+                       push @headlist, $ref;
+               } else {
+                       $ref->{'name'} =~ s!^tags/!!;
+                       push @taglist, $ref;
+               }
+       }
+
        git_header_html();
        git_print_page_nav('summary','', $head);
 
@@ -2112,17 +2351,15 @@ sub git_summary {
        git_shortlog_body(\@revlist, 0, 15, $refs,
                          $cgi->a({-href => href(action=>"shortlog")}, "..."));
 
-       my $taglist = git_get_refs_list("refs/tags");
-       if (defined @$taglist) {
+       if (@taglist) {
                git_print_header_div('tags');
-               git_tags_body($taglist, 0, 15,
+               git_tags_body(\@taglist, 0, 15,
                              $cgi->a({-href => href(action=>"tags")}, "..."));
        }
 
-       my $headlist = git_get_refs_list("refs/heads");
-       if (defined @$headlist) {
+       if (@headlist) {
                git_print_header_div('heads');
-               git_heads_body($headlist, $head, 0, 15,
+               git_heads_body(\@headlist, $head, 0, 15,
                               $cgi->a({-href => href(action=>"heads")}, "..."));
        }
 
@@ -2166,7 +2403,8 @@ sub git_blame2 {
        my $fd;
        my $ftype;
 
-       if (!gitweb_check_feature('blame')) {
+       my ($have_blame) = gitweb_check_feature('blame');
+       if (!$have_blame) {
                die_error('403 Permission denied', "Permission denied");
        }
        die_error('404 Not Found', "File name not defined") if (!$file_name);
@@ -2182,15 +2420,18 @@ sub git_blame2 {
        if ($ftype !~ "blob") {
                die_error("400 Bad Request", "Object is not a blob");
        }
-       open ($fd, "-|", git_cmd(), "blame", '-l', $file_name, $hash_base)
+       open ($fd, "-|", git_cmd(), "blame", '-l', '--', $file_name, $hash_base)
                or die_error(undef, "Open git-blame failed");
        git_header_html();
        my $formats_nav =
                $cgi->a({-href => href(action=>"blob", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
                        "blob") .
                " | " .
+               $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
+                       "history") .
+               " | " .
                $cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
-                       "head");
+                       "HEAD");
        git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
        git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
        git_print_page_path($file_name, $ftype, $hash_base);
@@ -2235,7 +2476,8 @@ sub git_blame2 {
 sub git_blame {
        my $fd;
 
-       if (!gitweb_check_feature('blame')) {
+       my ($have_blame) = gitweb_check_feature('blame');
+       if (!$have_blame) {
                die_error('403 Permission denied', "Permission denied");
        }
        die_error('404 Not Found', "File name not defined") if (!$file_name);
@@ -2254,8 +2496,11 @@ sub git_blame {
                $cgi->a({-href => href(action=>"blob", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
                        "blob") .
                " | " .
+               $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
+                       "history") .
+               " | " .
                $cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
-                       "head");
+                       "HEAD");
        git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
        git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
        git_print_page_path($file_name, 'blob', $hash_base);
@@ -2331,8 +2576,8 @@ sub git_tags {
        git_print_page_nav('','', $head,undef,$head);
        git_print_header_div('summary', $project);
 
-       my $taglist = git_get_refs_list("refs/tags");
-       if (defined @$taglist) {
+       my ($taglist) = git_get_refs_list("tags");
+       if (@$taglist) {
                git_tags_body($taglist);
        }
        git_footer_html();
@@ -2344,19 +2589,15 @@ sub git_heads {
        git_print_page_nav('','', $head,undef,$head);
        git_print_header_div('summary', $project);
 
-       my $taglist = git_get_refs_list("refs/heads");
-       if (defined @$taglist) {
-               git_heads_body($taglist, $head);
+       my ($headlist) = git_get_refs_list("heads");
+       if (@$headlist) {
+               git_heads_body($headlist, $head);
        }
        git_footer_html();
 }
 
 sub git_blob_plain {
-       # blobs defined by non-textual hash id's can be cached
        my $expires;
-       if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
-               $expires = "+1d";
-       }
 
        if (!defined $hash) {
                if (defined $file_name) {
@@ -2366,7 +2607,11 @@ sub git_blob_plain {
                } else {
                        die_error(undef, "No file name defined");
                }
+       } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+               # blobs defined by non-textual hash id's can be cached
+               $expires = "+1d";
        }
+
        my $type = shift;
        open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
                or die_error(undef, "Couldn't cat $file_name, $hash");
@@ -2394,11 +2639,7 @@ sub git_blob_plain {
 }
 
 sub git_blob {
-       # blobs defined by non-textual hash id's can be cached
        my $expires;
-       if ($hash =~ m/^[0-9a-fA-F]{40}$/) {
-               $expires = "+1d";
-       }
 
        if (!defined $hash) {
                if (defined $file_name) {
@@ -2408,8 +2649,12 @@ sub git_blob {
                } else {
                        die_error(undef, "No file name defined");
                }
+       } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
+               # blobs defined by non-textual hash id's can be cached
+               $expires = "+1d";
        }
-       my $have_blame = gitweb_check_feature('blame');
+
+       my ($have_blame) = gitweb_check_feature('blame');
        open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
                or die_error(undef, "Couldn't cat $file_name, $hash");
        my $mimetype = blob_mimetype($fd, $file_name);
@@ -2429,16 +2674,20 @@ sub git_blob {
                                        " | ";
                        }
                        $formats_nav .=
+                               $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+                                                      hash=>$hash, file_name=>$file_name)},
+                                       "history") .
+                               " | " .
                                $cgi->a({-href => href(action=>"blob_plain",
                                                       hash=>$hash, file_name=>$file_name)},
-                                       "plain") .
+                                       "raw") .
                                " | " .
                                $cgi->a({-href => href(action=>"blob",
                                                       hash_base=>"HEAD", file_name=>$file_name)},
-                                       "head");
+                                       "HEAD");
                } else {
                        $formats_nav .=
-                               $cgi->a({-href => href(action=>"blob_plain", hash=>$hash)}, "plain");
+                               $cgi->a({-href => href(action=>"blob_plain", hash=>$hash)}, "raw");
                }
                git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
                git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
@@ -2464,6 +2713,9 @@ sub git_blob {
 }
 
 sub git_tree {
+       my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
+       my $have_snapshot = (defined $ctype && defined $suffix);
+
        if (!defined $hash) {
                $hash = git_get_head_hash($project);
                if (defined $file_name) {
@@ -2484,14 +2736,29 @@ sub git_tree {
        my $refs = git_get_references();
        my $ref = format_ref_marker($refs, $hash_base);
        git_header_html();
-       my %base_key = ();
        my $base = "";
-       my $have_blame = gitweb_check_feature('blame');
+       my ($have_blame) = gitweb_check_feature('blame');
        if (defined $hash_base && (my %co = parse_commit($hash_base))) {
-               $base_key{hash_base} = $hash_base;
-               git_print_page_nav('tree','', $hash_base);
+               my @views_nav = ();
+               if (defined $file_name) {
+                       push @views_nav,
+                               $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
+                                                      hash=>$hash, file_name=>$file_name)},
+                                       "history"),
+                               $cgi->a({-href => href(action=>"tree",
+                                                      hash_base=>"HEAD", file_name=>$file_name)},
+                                       "HEAD"),
+               }
+               if ($have_snapshot) {
+                       # FIXME: Should be available when we have no hash base as well.
+                       push @views_nav,
+                               $cgi->a({-href => href(action=>"snapshot", hash=>$hash)},
+                                       "snapshot");
+               }
+               git_print_page_nav('tree','', $hash_base, undef, undef, join(' | ', @views_nav));
                git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash_base);
        } else {
+               undef $hash_base;
                print "<div class=\"page_nav\">\n";
                print "<br/><br/></div>\n";
                print "<div class=\"title\">$hash</div>\n";
@@ -2504,54 +2771,17 @@ sub git_tree {
        print "<table cellspacing=\"0\">\n";
        my $alternate = 0;
        foreach my $line (@entries) {
-               #'100644        blob    0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa        panic.c'
-               $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/;
-               my $t_mode = $1;
-               my $t_type = $2;
-               my $t_hash = $3;
-               my $t_name = validate_input($4);
+               my %t = parse_ls_tree_line($line, -z => 1);
+
                if ($alternate) {
                        print "<tr class=\"dark\">\n";
                } else {
                        print "<tr class=\"light\">\n";
                }
                $alternate ^= 1;
-               print "<td class=\"mode\">" . mode_str($t_mode) . "</td>\n";
-               if ($t_type eq "blob") {
-                       print "<td class=\"list\">" .
-                             $cgi->a({-href => href(action=>"blob", hash=>$t_hash, file_name=>"$base$t_name", %base_key),
-                                     -class => "list"}, esc_html($t_name)) .
-                             "</td>\n" .
-                             "<td class=\"link\">" .
-                             $cgi->a({-href => href(action=>"blob", hash=>$t_hash, file_name=>"$base$t_name", %base_key)},
-                                     "blob");
-                       if ($have_blame) {
-                               print " | " .
-                                       $cgi->a({-href => href(action=>"blame", hash=>$t_hash, file_name=>"$base$t_name", %base_key)},
-                                               "blame");
-                       }
-                       print " | " .
-                             $cgi->a({-href => href(action=>"history", hash_base=>$hash_base,
-                                                    hash=>$t_hash, file_name=>"$base$t_name")},
-                                     "history") .
-                             " | " .
-                             $cgi->a({-href => href(action=>"blob_plain",
-                                                    hash=>$t_hash, file_name=>"$base$t_name")},
-                                     "raw") .
-                             "</td>\n";
-               } elsif ($t_type eq "tree") {
-                       print "<td class=\"list\">" .
-                             $cgi->a({-href => href(action=>"tree", hash=>$t_hash, file_name=>"$base$t_name", %base_key)},
-                                     esc_html($t_name)) .
-                             "</td>\n" .
-                             "<td class=\"link\">" .
-                             $cgi->a({-href => href(action=>"tree", hash=>$t_hash, file_name=>"$base$t_name", %base_key)},
-                                     "tree") .
-                             " | " .
-                             $cgi->a({-href => href(action=>"history", hash_base=>$hash_base, file_name=>"$base$t_name")},
-                                     "history") .
-                             "</td>\n";
-               }
+
+               git_print_tree_entry(\%t, $base, $hash_base, $have_blame);
+
                print "</tr>\n";
        }
        print "</table>\n" .
@@ -2630,6 +2860,8 @@ sub git_log {
                      $cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") .
                      " | " .
                      $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") .
+                     " | " .
+                     $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree") .
                      "<br/>\n" .
                      "</div>\n" .
                      "<i>" . esc_html($co{'author_name'}) .  " [$ad{'rfc2822'}]</i><br/>\n" .
@@ -2670,17 +2902,22 @@ sub git_commit {
        my ($ctype, $suffix, $command) = gitweb_check_feature('snapshot');
        my $have_snapshot = (defined $ctype && defined $suffix);
 
-       my $formats_nav = '';
+       my @views_nav = ();
        if (defined $file_name && defined $co{'parent'}) {
                my $parent = $co{'parent'};
-               $formats_nav .=
+               push @views_nav,
                        $cgi->a({-href => href(action=>"blame", hash_parent=>$parent, file_name=>$file_name)},
                                "blame");
        }
+       if (defined $co{'parent'}) {
+               push @views_nav,
+                       $cgi->a({-href => href(action=>"shortlog", hash=>$hash)}, "shortlog"),
+                       $cgi->a({-href => href(action=>"log", hash=>$hash)}, "log");
+       }
        git_header_html(undef, $expires);
        git_print_page_nav('commit', defined $co{'parent'} ? '' : 'commitdiff',
                           $hash, $co{'tree'}, $hash,
-                          $formats_nav);
+                          join (' | ', @views_nav));
 
        if (defined $co{'parent'}) {
                git_print_header_div('commitdiff', esc_html($co{'title'}) . $ref, $hash);
@@ -2732,7 +2969,7 @@ sub git_commit {
                      "<td class=\"link\">" .
                      $cgi->a({-href => href(action=>"commit", hash=>$par)}, "commit") .
                      " | " .
-                     $cgi->a({-href => href(action=>"commitdiff", hash=>$hash, hash_parent=>$par)}, "commitdiff") .
+                     $cgi->a({-href => href(action=>"commitdiff", hash=>$hash, hash_parent=>$par)}, "diff") .
                      "</td>" .
                      "</tr>\n";
        }
@@ -2770,10 +3007,6 @@ sub git_blobdiff {
                        @difftree
                                or die_error('404 Not Found', "Blob diff not found");
 
-               } elsif (defined $hash) { # try to find filename from $hash
-                       if ($hash !~ /[0-9a-fA-F]{40}/) {
-                               $hash = git_to_hash($hash);
-                       }
                } elsif (defined $hash &&
                         $hash =~ /[0-9a-fA-F]{40}/) {
                        # try to find filename from $hash
@@ -2863,7 +3096,7 @@ sub git_blobdiff {
                                               hash=>$hash, hash_parent=>$hash_parent,
                                               hash_base=>$hash_base, hash_parent_base=>$hash_parent_base,
                                               file_name=>$file_name, file_parent=>$file_parent)},
-                               "plain");
+                               "raw");
                git_header_html(undef, $expires);
                if (defined $hash_base && (my %co = parse_commit($hash_base))) {
                        git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
@@ -2883,7 +3116,7 @@ sub git_blobdiff {
                        -type => 'text/plain',
                        -charset => 'utf-8',
                        -expires => $expires,
-                       -content_disposition => qq(inline; filename="${file_name}.patch"));
+                       -content_disposition => qq(inline; filename=") . quotemeta($file_name) . qq(.patch"));
 
                print "X-Git-Url: " . $cgi->self_url() . "\n\n";
 
@@ -2903,8 +3136,8 @@ sub git_blobdiff {
 
        } else {
                while (my $line = <$fd>) {
-                       $line =~ s!a/($hash|$hash_parent)!a/$diffinfo{'from_file'}!g;
-                       $line =~ s!b/($hash|$hash_parent)!b/$diffinfo{'to_file'}!g;
+                       $line =~ s!a/($hash|$hash_parent)!'a/'.esc_html($diffinfo{'from_file'})!eg;
+                       $line =~ s!b/($hash|$hash_parent)!'b/'.esc_html($diffinfo{'to_file'})!eg;
 
                        print $line;
 
@@ -2966,7 +3199,7 @@ sub git_commitdiff {
                my $formats_nav =
                        $cgi->a({-href => href(action=>"commitdiff_plain",
                                               hash=>$hash, hash_parent=>$hash_parent)},
-                               "plain");
+                               "raw");
 
                git_header_html(undef, $expires);
                git_print_page_nav('commitdiff','', $hash,$co{'tree'},$hash, $formats_nav);
@@ -3028,29 +3261,70 @@ sub git_history {
        if (!defined $hash_base) {
                $hash_base = git_get_head_hash($project);
        }
+       if (!defined $page) {
+               $page = 0;
+       }
        my $ftype;
        my %co = parse_commit($hash_base);
        if (!%co) {
                die_error(undef, "Unknown commit object");
        }
+
        my $refs = git_get_references();
-       git_header_html();
-       git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base);
-       git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
+       my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
+
        if (!defined $hash && defined $file_name) {
                $hash = git_get_hash_by_path($hash_base, $file_name);
        }
        if (defined $hash) {
                $ftype = git_get_type($hash);
        }
-       git_print_page_path($file_name, $ftype, $hash_base);
 
        open my $fd, "-|",
-               git_cmd(), "rev-list", "--full-history", $hash_base, "--", $file_name;
+               git_cmd(), "rev-list", $limit, "--full-history", $hash_base, "--", $file_name
+                       or die_error(undef, "Open git-rev-list-failed");
+       my @revlist = map { chomp; $_ } <$fd>;
+       close $fd
+               or die_error(undef, "Reading git-rev-list failed");
 
-       git_history_body($fd, $refs, $hash_base, $ftype);
+       my $paging_nav = '';
+       if ($page > 0) {
+               $paging_nav .=
+                       $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base,
+                                              file_name=>$file_name)},
+                               "first");
+               $paging_nav .= " &sdot; " .
+                       $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base,
+                                              file_name=>$file_name, page=>$page-1),
+                                -accesskey => "p", -title => "Alt-p"}, "prev");
+       } else {
+               $paging_nav .= "first";
+               $paging_nav .= " &sdot; prev";
+       }
+       if ($#revlist >= (100 * ($page+1)-1)) {
+               $paging_nav .= " &sdot; " .
+                       $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base,
+                                              file_name=>$file_name, page=>$page+1),
+                                -accesskey => "n", -title => "Alt-n"}, "next");
+       } else {
+               $paging_nav .= " &sdot; next";
+       }
+       my $next_link = '';
+       if ($#revlist >= (100 * ($page+1)-1)) {
+               $next_link =
+                       $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base,
+                                              file_name=>$file_name, page=>$page+1),
+                                -title => "Alt-n"}, "next");
+       }
+
+       git_header_html();
+       git_print_page_nav('history','', $hash_base,$co{'tree'},$hash_base, $paging_nav);
+       git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
+       git_print_page_path($file_name, $ftype, $hash_base);
+
+       git_history_body(\@revlist, ($page * 100), $#revlist,
+                        $refs, $hash_base, $ftype, $next_link);
 
-       close $fd;
        git_footer_html();
 }
 
@@ -3065,8 +3339,7 @@ sub git_search {
        if (!%co) {
                die_error(undef, "Unknown commit object");
        }
-       # pickaxe may take all resources of your box and run for several minutes
-       # with every query - so decide by yourself how public you make this feature :)
+
        my $commit_search = 1;
        my $author_search = 0;
        my $committer_search = 0;
@@ -3078,6 +3351,13 @@ sub git_search {
        } elsif ($searchtext =~ s/^pickaxe\\://i) {
                $commit_search = 0;
                $pickaxe_search = 1;
+
+               # pickaxe may take all resources of your box and run for several minutes
+               # with every query - so decide by yourself how public you make this feature
+               my ($have_pickaxe) = gitweb_check_feature('pickaxe');
+               if (!$have_pickaxe) {
+                       die_error('403 Permission denied', "Permission denied");
+               }
        }
        git_header_html();
        git_print_page_nav('','', $hash,$co{'tree'},$hash);
@@ -3286,7 +3566,7 @@ sub git_rss {
                        if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) {
                                next;
                        }
-                       my $file = validate_input(unquote($7));
+                       my $file = esc_html(unquote($7));
                        $file = decode("utf8", $file, Encode::FB_DEFAULT);
                        print "$file<br/>\n";
                }