upload-pack: simplify request validation
[gitweb.git] / git-cvsimport.perl
index bbf327f3e891cacdd14c0b18b51702ce14b2b6df..0a31ebd82020f3aca0020d357c2028d5e7b5e37b 100755 (executable)
 use Time::Local;
 use IO::Socket;
 use IO::Pipe;
-use POSIX qw(strftime dup2 ENOENT);
+use POSIX qw(strftime tzset dup2 ENOENT);
 use IPC::Open2;
 
 $SIG{'PIPE'}="IGNORE";
-$ENV{'TZ'}="UTC";
+set_timezone('UTC');
 
 our ($opt_h,$opt_o,$opt_v,$opt_k,$opt_u,$opt_d,$opt_p,$opt_C,$opt_z,$opt_i,$opt_P, $opt_s,$opt_m,@opt_M,$opt_A,$opt_S,$opt_L, $opt_a, $opt_r, $opt_R);
-my (%conv_author_name, %conv_author_email);
+my (%conv_author_name, %conv_author_email, %conv_author_tz);
 
 sub usage(;$) {
        my $msg = shift;
@@ -59,6 +59,14 @@ ($)
                        $conv_author_name{$user} = $2;
                        $conv_author_email{$user} = $3;
                }
+               # or with an optional timezone:
+               #   spawn=Simon Pawn <spawn@frog-pond.org> America/Chicago
+               elsif (m/^(\S+?)\s*=\s*(.+?)\s*<(.+)>\s*(\S+?)\s*$/) {
+                       $user = $1;
+                       $conv_author_name{$user} = $2;
+                       $conv_author_email{$user} = $3;
+                       $conv_author_tz{$user} = $4;
+               }
                # However, we also read from CVSROOT/users format
                # to ease migration.
                elsif (/^(\w+):(['"]?)(.+?)\2\s*$/) {
@@ -84,11 +92,22 @@ ($)
          die("Failed to open $file for writing: $!");
 
        foreach (keys %conv_author_name) {
-               print $f "$_=$conv_author_name{$_} <$conv_author_email{$_}>\n";
+               print $f "$_=$conv_author_name{$_} <$conv_author_email{$_}>";
+               print $f " $conv_author_tz{$_}" if ($conv_author_tz{$_});
+               print $f "\n";
        }
        close ($f);
 }
 
+# Versions of perl before 5.10.0 may not automatically check $TZ each
+# time localtime is run (most platforms will do so only the first time).
+# We can work around this by using tzset() to update the internal
+# variable whenever we change the environment.
+sub set_timezone {
+       $ENV{TZ} = shift;
+       tzset();
+}
+
 # convert getopts specs for use by git config
 my %longmap = (
        'A:' => 'authors-file',
@@ -227,6 +246,31 @@ sub new {
        return $self;
 }
 
+sub find_password_entry {
+       my ($cvspass, @cvsroot) = @_;
+       my ($file, $delim) = @$cvspass;
+       my $pass;
+       local ($_);
+
+       if (open(my $fh, $file)) {
+               # :pserver:cvs@mea.tmt.tele.fi:/cvsroot/zmailer Ah<Z
+               CVSPASSFILE:
+               while (<$fh>) {
+                       chomp;
+                       s/^\/\d+\s+//;
+                       my ($w, $p) = split($delim,$_,2);
+                       for my $cvsroot (@cvsroot) {
+                               if ($w eq $cvsroot) {
+                                       $pass = $p;
+                                       last CVSPASSFILE;
+                               }
+                       }
+               }
+               close($fh);
+       }
+       return $pass;
+}
+
 sub conn {
        my $self = shift;
        my $repo = $self->{'fullrep'};
@@ -259,19 +303,23 @@ sub conn {
                if ($pass) {
                        $pass = $self->_scramble($pass);
                } else {
-                       open(H,$ENV{'HOME'}."/.cvspass") and do {
-                               # :pserver:cvs@mea.tmt.tele.fi:/cvsroot/zmailer Ah<Z
-                               while (<H>) {
-                                       chomp;
-                                       s/^\/\d+\s+//;
-                                       my ($w,$p) = split(/\s/,$_,2);
-                                       if ($w eq $rr or $w eq $rr2) {
-                                               $pass = $p;
-                                               last;
-                                       }
+                       my @cvspass = ([$ENV{'HOME'}."/.cvspass", qr/\s/],
+                                      [$ENV{'HOME'}."/.cvs/cvspass", qr/=/]);
+                       my @loc = ();
+                       foreach my $cvspass (@cvspass) {
+                               my $p = find_password_entry($cvspass, $rr, $rr2);
+                               if ($p) {
+                                       push @loc, $cvspass->[0];
+                                       $pass = $p;
                                }
-                       };
-                       $pass = "A" unless $pass;
+                       }
+
+                       if (1 < @loc) {
+                               die("Multiple cvs password files have ".
+                                   "entries for CVSROOT $opt_d: @loc");
+                       } elsif (!$pass) {
+                               $pass = "A";
+                       }
                }
 
                my ($s, $rep);
@@ -766,7 +814,7 @@ ()
        return $tree;
 }
 
-my ($patchset,$date,$author_name,$author_email,$branch,$ancestor,$tag,$logmsg);
+my ($patchset,$date,$author_name,$author_email,$author_tz,$branch,$ancestor,$tag,$logmsg);
 my (@old,@new,@skipped,%ignorebranch,@commit_revisions);
 
 # commits that cvsps cannot place anywhere...
@@ -815,7 +863,9 @@ sub commit {
                }
        }
 
-       my $commit_date = strftime("+0000 %Y-%m-%d %H:%M:%S",gmtime($date));
+       set_timezone($author_tz);
+       my $commit_date = strftime("%s %z", localtime($date));
+       set_timezone('UTC');
        $ENV{GIT_AUTHOR_NAME} = $author_name;
        $ENV{GIT_AUTHOR_EMAIL} = $author_email;
        $ENV{GIT_AUTHOR_DATE} = $commit_date;
@@ -860,10 +910,37 @@ sub commit {
                $xtag =~ s/\s+\*\*.*$//; # Remove stuff like ** INVALID ** and ** FUNKY **
                $xtag =~ tr/_/\./ if ( $opt_u );
                $xtag =~ s/[\/]/$opt_s/g;
-               $xtag =~ s/\[//g;
 
-               system('git' , 'tag', '-f', $xtag, $cid) == 0
-                       or die "Cannot create tag $xtag: $!\n";
+               # See refs.c for these rules.
+               # Tag cannot contain bad chars. (See bad_ref_char in refs.c.)
+               $xtag =~ s/[ ~\^:\\\*\?\[]//g;
+               # Other bad strings for tags:
+               # (See check_refname_component in refs.c.)
+               1 while $xtag =~ s/
+                       (?: \.\.        # Tag cannot contain '..'.
+                       |   \@{         # Tag cannot contain '@{'.
+                       | ^ -           # Tag cannot begin with '-'.
+                       |   \.lock $    # Tag cannot end with '.lock'.
+                       | ^ \.          # Tag cannot begin...
+                       |   \. $        # ...or end with '.'
+                       )//xg;
+               # Tag cannot be empty.
+               if ($xtag eq '') {
+                       warn("warning: ignoring tag '$tag'",
+                       " with invalid tagname\n");
+                       return;
+               }
+
+               if (system('git' , 'tag', '-f', $xtag, $cid) != 0) {
+                       # We did our best to sanitize the tag, but still failed
+                       # for whatever reason. Bail out, and give the user
+                       # enough information to understand if/how we should
+                       # improve the translation in the future.
+                       if ($tag ne $xtag) {
+                               print "Translated '$tag' tag to '$xtag'\n";
+                       }
+                       die "Cannot create tag $xtag: $!\n";
+               }
 
                print "Created tag '$xtag' on '$branch'\n" if $opt_v;
        }
@@ -889,12 +966,14 @@ sub commit {
                }
                $state=3;
        } elsif ($state == 3 and s/^Author:\s+//) {
+               $author_tz = "UTC";
                s/\s+$//;
                if (/^(.*?)\s+<(.*)>/) {
                    ($author_name, $author_email) = ($1, $2);
                } elsif ($conv_author_name{$_}) {
                        $author_name = $conv_author_name{$_};
                        $author_email = $conv_author_email{$_};
+                       $author_tz = $conv_author_tz{$_} if ($conv_author_tz{$_});
                } else {
                    $author_name = $author_email = $_;
                }