From: Junio C Hamano Date: Wed, 15 Dec 2010 19:38:19 +0000 (-0800) Subject: Git 1.7.0.9 X-Git-Tag: v1.7.0.9^0 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/cb198b3b67feb2c0a6f22199ec14fa48d18ac1ce?hp=-c Git 1.7.0.9 Signed-off-by: Junio C Hamano --- cb198b3b67feb2c0a6f22199ec14fa48d18ac1ce diff --combined Documentation/RelNotes/1.7.0.9.txt index 0000000000,0000000000..bfb3166387 new file mode 100644 --- /dev/null +++ b/Documentation/RelNotes/1.7.0.9.txt @@@ -1,0 -1,0 +1,8 @@@ ++Git v1.7.0.9 Release Notes ++========================== ++ ++Fixes since v1.7.0.8 ++-------------------- ++ ++ * "gitweb" can sometimes be tricked into parrotting a filename argument ++ given in a request without properly quoting. diff --combined GIT-VERSION-GEN index 4149fa9eb7,7d16b01382..c07c5959bb --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@@ -1,7 -1,7 +1,7 @@@ #!/bin/sh GVF=GIT-VERSION-FILE - DEF_VER=v1.7.0.8 -DEF_VER=v1.6.6.3 ++DEF_VER=v1.7.0.9 LF=' ' diff --combined RelNotes index 882532b048,3dad2389f6..2e4322a073 --- a/RelNotes +++ b/RelNotes @@@ -1,1 -1,1 +1,1 @@@ - Documentation/RelNotes/1.7.0.8.txt -Documentation/RelNotes/1.6.6.3.txt ++Documentation/RelNotes/1.7.0.9.txt diff --combined gitweb/gitweb.perl index 9d4c58238e,0fe8539321..f1d857961c --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@@ -221,12 -221,6 +221,12 @@@ our %avatar_size = 'double' => 32 ); +# Used to set the maximum load that we will still respond to gitweb queries. +# If server load exceed this value then return "503 server busy" error. +# If gitweb cannot determined server load, it is taken to be 0. +# Leave it undefined (or set to 'undef') to turn off load checking. +our $maxload = 300; + # You define site-wide feature defaults here; override them with # $GITWEB_CONFIG as necessary. our %feature = ( @@@ -454,11 -448,7 +454,11 @@@ sub gitweb_get_feature $feature{$name}{'sub'}, $feature{$name}{'override'}, @{$feature{$name}{'default'}}); - if (!$override) { return @defaults; } + # project specific override is possible only if we have project + our $git_dir; # global variable, declared later + if (!$override || !defined $git_dir) { + return @defaults; + } if (!defined $sub) { warn "feature $name is not overridable"; return @defaults; @@@ -554,36 -544,11 +554,36 @@@ sub filter_snapshot_fmts } our $GITWEB_CONFIG = $ENV{'GITWEB_CONFIG'} || "++GITWEB_CONFIG++"; +our $GITWEB_CONFIG_SYSTEM = $ENV{'GITWEB_CONFIG_SYSTEM'} || "++GITWEB_CONFIG_SYSTEM++"; +# die if there are errors parsing config file if (-e $GITWEB_CONFIG) { do $GITWEB_CONFIG; -} else { - our $GITWEB_CONFIG_SYSTEM = $ENV{'GITWEB_CONFIG_SYSTEM'} || "++GITWEB_CONFIG_SYSTEM++"; - do $GITWEB_CONFIG_SYSTEM if -e $GITWEB_CONFIG_SYSTEM; + die $@ if $@; +} elsif (-e $GITWEB_CONFIG_SYSTEM) { + do $GITWEB_CONFIG_SYSTEM; + die $@ if $@; +} + +# Get loadavg of system, to compare against $maxload. +# Currently it requires '/proc/loadavg' present to get loadavg; +# if it is not present it returns 0, which means no load checking. +sub get_loadavg { + if( -e '/proc/loadavg' ){ + open my $fd, '<', '/proc/loadavg' + or return 0; + my @load = split(/\s+/, scalar <$fd>); + close $fd; + + # The first three columns measure CPU and IO utilization of the last one, + # five, and 10 minute periods. The fourth column shows the number of + # currently running processes and the total number of processes in the m/n + # format. The last column displays the last process ID used. + return $load[0] || 0; + } + # additional checks for load average should go here for things that don't export + # /proc/loadavg + + return 0; } # version of the core git binary @@@ -592,10 -557,6 +592,10 @@@ $number_of_git_cmds++ $projects_list ||= $projectroot; +if (defined $maxload && get_loadavg() > $maxload) { + die_error(503, "The load average on the server is too high"); +} + # ====================================================================== # input validation and dispatch @@@ -1176,6 -1137,13 +1176,13 @@@ sub esc_url return $str; } + # quote unsafe characters in HTML attributes + sub esc_attr { + + # for XHTML conformance escaping '"' to '"' is not enough + return esc_html(@_); + } + # replace invalid utf8 character with SUBSTITUTION sequence sub esc_html { my $str = shift; @@@ -1337,6 -1305,7 +1344,6 @@@ sub chop_str $str =~ m/^(.*?)($begre)$/; my ($lead, $body) = ($1, $2); if (length($lead) > 4) { - $body =~ s/^[^;]*;// if ($lead =~ m/&[^;]*$/); $lead = " ..."; } return "$lead$body"; @@@ -1347,6 -1316,8 +1354,6 @@@ $str =~ m/^(.*?)($begre)$/; my ($mid, $right) = ($1, $2); if (length($mid) > 5) { - $left =~ s/&[^;]*$//; - $right =~ s/^[^;]*;// if ($mid =~ m/&[^;]*$/); $mid = " ... "; } return "$left$mid$right"; @@@ -1356,6 -1327,7 +1363,6 @@@ my $body = $1; my $tail = $2; if (length($tail) > 4) { - $body =~ s/&[^;]*$//; $tail = "... "; } return "$body$tail"; @@@ -1577,7 -1549,7 +1584,7 @@@ sub format_ref_marker hash=>$dest )}, $name); - $markers .= " " . + $markers .= " " . $link . ""; } } @@@ -1661,7 -1633,7 +1668,7 @@@ sub git_get_avatar return $pre_white . "" . $post_white; } else { @@@ -2209,8 -2181,6 +2216,8 @@@ sub config_to_multi sub git_get_project_config { my ($key, $type) = @_; + return unless defined $git_dir; + # key sanity check return unless ($key); $key =~ s/^gitweb\.//; @@@ -2372,7 -2342,7 +2379,7 @@@ sub git_show_project_tagcloud } else { my @tags = sort { $cloud->{$a}->{count} <=> $cloud->{$b}->{count} } keys %$cloud; return '

' . join (', ', map { - "$cloud->{$_}->{topname}" + $cgi->a({-href=>"$home_link?by_tag=$_"}, $cloud->{$_}->{topname}) } splice(@tags, 0, $count)) . '

'; } } @@@ -3203,11 -3173,11 +3210,11 @@@ EO # print out each stylesheet that exist, providing backwards capability # for those people who defined $stylesheet in a config file if (defined $stylesheet) { - print ''."\n"; + print ''."\n"; } else { foreach my $stylesheet (@stylesheets) { next unless $stylesheet; - print ''."\n"; + print ''."\n"; } } if (defined $project) { @@@ -3220,7 -3190,7 +3227,7 @@@ my $type = lc($format); my %link_attr = ( '-rel' => 'alternate', - '-title' => "$project - $href_params{'-title'} - $format feed", + '-title' => esc_attr("$project - $href_params{'-title'} - $format feed"), '-type' => "application/$type+xml" ); @@@ -3247,26 -3217,26 +3254,26 @@@ } else { printf(''."\n", - $site_name, href(project=>undef, action=>"project_index")); + esc_attr($site_name), href(project=>undef, action=>"project_index")); printf(''."\n", - $site_name, href(project=>undef, action=>"opml")); + esc_attr($site_name), href(project=>undef, action=>"opml")); } if (defined $favicon) { - print qq(\n); + print qq(\n); } print "\n" . "\n"; - if (-f $site_header) { + if (defined $site_header && -f $site_header) { insert_file($site_header); } print "
\n" . $cgi->a({-href => esc_url($logo_url), -title => $logo_label}, - qq()); + qq()); print $cgi->a({-href => esc_url($home_link)}, $home_link_str) . " / "; if (defined $project) { print $cgi->a({-href => href(action=>"summary")}, esc_html($project)); @@@ -3360,13 -3330,12 +3367,13 @@@ sub git_footer_html print "
\n"; # class="page_footer" } - if (-f $site_footer) { + if (defined $site_footer && -f $site_footer) { insert_file($site_footer); } - print qq!\n!; + print qq!\n!; - if ($action eq 'blame_incremental') { + if (defined $action && + $action eq 'blame_incremental') { print qq!