From: Junio C Hamano Date: Wed, 15 Dec 2010 19:27:41 +0000 (-0800) Subject: Git 1.6.5.9 X-Git-Tag: v1.6.5.9^0 X-Git-Url: https://git.lorimer.id.au/gitweb.git/diff_plain/ec82874ad47627a44b6b22a6645551a214293711?hp=-c Git 1.6.5.9 Signed-off-by: Junio C Hamano --- ec82874ad47627a44b6b22a6645551a214293711 diff --combined Documentation/RelNotes/1.6.5.9.txt index 0000000000,0000000000..bb469dd71e new file mode 100644 --- /dev/null +++ b/Documentation/RelNotes/1.6.5.9.txt @@@ -1,0 -1,0 +1,18 @@@ ++Git v1.6.5.9 Release Notes ++========================== ++ ++Fixes since v1.6.5.8 ++-------------------- ++ ++ * An overlong line after ".gitdir: " in a git file caused out of bounds ++ access to an array on the stack. ++ ++ * "git blame -L $start,$end" segfaulted when too large $start was given. ++ ++ * "git rev-parse --parseopt --stop-at-non-option" did not stop at non option ++ when --keep-dashdash was in effect. ++ ++ * "gitweb" can sometimes be tricked into parrotting a filename argument ++ given in a request without properly quoting. ++ ++Other minor fixes and documentation updates are included. diff --combined GIT-VERSION-GEN index 52b058a586,d453662e5a..1d79f48296 --- a/GIT-VERSION-GEN +++ b/GIT-VERSION-GEN @@@ -1,7 -1,7 +1,7 @@@ #!/bin/sh GVF=GIT-VERSION-FILE - DEF_VER=v1.6.5.8 -DEF_VER=v1.6.4.5 ++DEF_VER=v1.6.5.9 LF=' ' diff --combined RelNotes index f60e868f47,feba6e4124..3c23099a37 --- a/RelNotes +++ b/RelNotes @@@ -1,1 -1,1 +1,1 @@@ - Documentation/RelNotes-1.6.5.8.txt -Documentation/RelNotes/1.6.4.5.txt ++Documentation/RelNotes/1.6.5.9.txt diff --combined gitweb/gitweb.perl index c77cd0341d,c3a04b1223..620b5bdbbe --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@@ -160,8 -160,7 +160,8 @@@ our %known_snapshot_formats = # 'suffix' => filename suffix, # 'format' => --format for git-archive, # 'compressor' => [compressor command and arguments] - # (array reference, optional)} + # (array reference, optional) + # 'disabled' => boolean (optional)} # 'tgz' => { 'display' => 'tar.gz', @@@ -177,14 -176,6 +177,14 @@@ 'format' => 'tar', 'compressor' => ['bzip2']}, + 'txz' => { + 'display' => 'tar.xz', + 'type' => 'application/x-xz', + 'suffix' => '.tar.xz', + 'format' => 'tar', + 'compressor' => ['xz'], + 'disabled' => 1}, + 'zip' => { 'display' => 'zip', 'type' => 'application/x-zip', @@@ -197,7 -188,6 +197,7 @@@ our %known_snapshot_format_aliases = ( 'gzip' => 'tgz', 'bzip2' => 'tbz2', + 'xz' => 'txz', # backward compatibility: legacy gitweb config support 'x-gzip' => undef, 'gz' => undef, @@@ -504,8 -494,7 +504,8 @@@ sub filter_snapshot_fmts exists $known_snapshot_format_aliases{$_} ? $known_snapshot_format_aliases{$_} : $_} @fmts; @fmts = grep { - exists $known_snapshot_formats{$_} } @fmts; + exists $known_snapshot_formats{$_} && + !$known_snapshot_formats{$_}{'disabled'}} @fmts; } our $GITWEB_CONFIG = $ENV{'GITWEB_CONFIG'} || "++GITWEB_CONFIG++"; @@@ -951,13 -940,10 +951,13 @@@ sub href if (defined $params{'hash_parent_base'}) { $href .= esc_url($params{'hash_parent_base'}); # skip the file_parent if it's the same as the file_name - delete $params{'file_parent'} if $params{'file_parent'} eq $params{'file_name'}; - if (defined $params{'file_parent'} && $params{'file_parent'} !~ /\.\./) { - $href .= ":/".esc_url($params{'file_parent'}); - delete $params{'file_parent'}; + if (defined $params{'file_parent'}) { + if (defined $params{'file_name'} && $params{'file_parent'} eq $params{'file_name'}) { + delete $params{'file_parent'}; + } elsif ($params{'file_parent'} !~ /\.\./) { + $href .= ":/".esc_url($params{'file_parent'}); + delete $params{'file_parent'}; + } } $href .= ".."; delete $params{'hash_parent'}; @@@ -1083,7 -1069,8 +1083,7 @@@ sub to_utf8 # correct, but quoted slashes look too horrible in bookmarks sub esc_param { my $str = shift; - $str =~ s/([^A-Za-z0-9\-_.~()\/:@])/sprintf("%%%02X", ord($1))/eg; - $str =~ s/\+/%2B/g; + $str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg; $str =~ s/ /\+/g; return $str; } @@@ -1097,6 -1084,13 +1097,13 @@@ sub esc_url return $str; } + # quote unsafe characters in HTML attributes + sub esc_attr { + + # for XHTML conformance escaping '"' to '"' is not enough + return esc_html(@_); + } + # replace invalid utf8 character with SUBSTITUTION sequence sub esc_html { my $str = shift; @@@ -1502,7 -1496,7 +1509,7 @@@ sub format_ref_marker hash=>$dest )}, $name); - $markers .= " " . + $markers .= " " . $link . ""; } } @@@ -1523,10 -1517,10 +1530,10 @@@ sub format_subject_html $long =~ s/[[:cntrl:]]/?/g; return $cgi->a({-href => $href, -class => "list subject", -title => to_utf8($long)}, - esc_html($short) . $extra); + esc_html($short)) . $extra; } else { return $cgi->a({-href => $href, -class => "list subject"}, - esc_html($long) . $extra); + esc_html($long)) . $extra; } } @@@ -1586,7 -1580,7 +1593,7 @@@ sub git_get_avatar return $pre_white . "" . $post_white; } else { @@@ -2258,7 -2252,7 +2265,7 @@@ sub git_show_project_tagcloud } else { my @tags = sort { $cloud->{$a}->{count} <=> $cloud->{$b}->{count} } keys %$cloud; return '

' . join (', ', map { - "$cloud->{$_}->{topname}" + $cgi->a({-href=>"$home_link?by_tag=$_"}, $cloud->{$_}->{topname}) } splice(@tags, 0, $count)) . '

'; } } @@@ -3074,11 -3068,11 +3081,11 @@@ EO # print out each stylesheet that exist, providing backwards capability # for those people who defined $stylesheet in a config file if (defined $stylesheet) { - print ''."\n"; + print ''."\n"; } else { foreach my $stylesheet (@stylesheets) { next unless $stylesheet; - print ''."\n"; + print ''."\n"; } } if (defined $project) { @@@ -3091,7 -3085,7 +3098,7 @@@ my $type = lc($format); my %link_attr = ( '-rel' => 'alternate', - '-title' => "$project - $href_params{'-title'} - $format feed", + '-title' => esc_attr("$project - $href_params{'-title'} - $format feed"), '-type' => "application/$type+xml" ); @@@ -3118,13 -3112,13 +3125,13 @@@ } else { printf(''."\n", - $site_name, href(project=>undef, action=>"project_index")); + esc_attr($site_name), href(project=>undef, action=>"project_index")); printf(''."\n", - $site_name, href(project=>undef, action=>"opml")); + esc_attr($site_name), href(project=>undef, action=>"opml")); } if (defined $favicon) { - print qq(\n); + print qq(\n); } print "\n" . @@@ -3137,7 -3131,7 +3144,7 @@@ print "
\n" . $cgi->a({-href => esc_url($logo_url), -title => $logo_label}, - qq()); + qq()); print $cgi->a({-href => esc_url($home_link)}, $home_link_str) . " / "; if (defined $project) { print $cgi->a({-href => href(action=>"summary")}, esc_html($project)); @@@ -4813,7 -4807,7 +4820,7 @@@ sub git_blame git_print_page_path($file_name, $ftype, $hash_base); # page body - my @rev_color = qw(light2 dark2); + my @rev_color = qw(light dark); my $num_colors = scalar(@rev_color); my $current_color = 0; my %metainfo = (); @@@ -4831,18 -4825,15 +4838,18 @@@ HTM my ($full_rev, $orig_lineno, $lineno, $group_size) = ($line =~ /^([0-9a-f]{40}) (\d+) (\d+)(?: (\d+))?$/); if (!exists $metainfo{$full_rev}) { - $metainfo{$full_rev} = {}; + $metainfo{$full_rev} = { 'nprevious' => 0 }; } my $meta = $metainfo{$full_rev}; my $data; while ($data = <$fd>) { chomp $data; last if ($data =~ s/^\t//); # contents of line - if ($data =~ /^(\S+) (.*)$/) { - $meta->{$1} = $2; + if ($data =~ /^(\S+)(?: (.*))?$/) { + $meta->{$1} = $2 unless exists $meta->{$1}; + } + if ($data =~ /^previous /) { + $meta->{'nprevious'}++; } } my $short_rev = substr($full_rev, 0, 8); @@@ -4853,11 -4844,7 +4860,11 @@@ if ($group_size) { $current_color = ($current_color + 1) % $num_colors; } - print "\n"; + my $tr_class = $rev_color[$current_color]; + $tr_class .= ' boundary' if (exists $meta->{'boundary'}); + $tr_class .= ' no-previous' if ($meta->{'nprevious'} == 0); + $tr_class .= ' multiple-previous' if ($meta->{'nprevious'} > 1); + print "\n"; if ($group_size) { print "$full_rev, file_name=>$file_name)}, esc_html($short_rev)); + if ($group_size >= 2) { + my @author_initials = ($author =~ /\b([[:upper:]])\B/g); + if (@author_initials) { + print "
" . + esc_html(join('', @author_initials)); + # or join('.', ...) + } + } print "\n"; } - my $parent_commit; - if (!exists $meta->{'parent'}) { - open (my $dd, "-|", git_cmd(), "rev-parse", "$full_rev^") - or die_error(500, "Open git-rev-parse failed"); - $parent_commit = <$dd>; - close $dd; - chomp($parent_commit); - $meta->{'parent'} = $parent_commit; - } else { - $parent_commit = $meta->{'parent'}; - } + # 'previous' + if (exists $meta->{'previous'} && + $meta->{'previous'} =~ /^([a-fA-F0-9]{40}) (.*)$/) { + $meta->{'parent'} = $1; + $meta->{'file_parent'} = unquote($2); + } + my $linenr_commit = + exists($meta->{'parent'}) ? + $meta->{'parent'} : $full_rev; + my $linenr_filename = + exists($meta->{'file_parent'}) ? + $meta->{'file_parent'} : unquote($meta->{'filename'}); my $blamed = href(action => 'blame', - file_name => $meta->{'filename'}, - hash_base => $parent_commit); + file_name => $linenr_filename, + hash_base => $linenr_commit); print ""; print $cgi->a({ -href => "$blamed#l$orig_lineno", -class => "linenr" }, @@@ -5045,14 -5023,14 +5052,14 @@@ sub git_blob } else { print "
\n" . "

\n" . - "
$hash
\n"; + "
".esc_html($hash)."
\n"; } git_print_page_path($file_name, "blob", $hash_base); print "
\n"; if ($mimetype =~ m!^image/!) { - print qq!$file_name$hash, @@@ -5064,8 -5042,7 +5071,9 @@@ chomp $line; $nr++; $line = untabify($line); - printf "
1) - printf "
%4i %s
\n", ++ printf "\n", $nr, $nr, $nr, esc_html($line, -nbsp=>1); } } @@@ -5124,7 -5101,7 +5132,7 @@@ sub git_tree undef $hash_base; print "
\n"; print "

\n"; - print "
$hash
\n"; + print "
".esc_html($hash)."
\n"; } if (defined $file_name) { $basedir = $file_name; @@@ -5190,8 -5167,6 +5198,8 @@@ sub git_snapshot die_error(400, "Invalid snapshot format parameter"); } elsif (!exists($known_snapshot_formats{$format})) { die_error(400, "Unknown snapshot format"); + } elsif ($known_snapshot_formats{$format}{'disabled'}) { + die_error(403, "Snapshot format not allowed"); } elsif (!grep($_ eq $format, @snapshot_fmts)) { die_error(403, "Unsupported snapshot format"); } @@@ -5328,7 -5303,7 +5336,7 @@@ sub git_commit } @$parents ) . ')'; } - if (gitweb_check_feature('patches')) { + if (gitweb_check_feature('patches') && @$parents <= 1) { $formats_nav .= " | " . $cgi->a({-href => href(action=>"patch", -replay=>1)}, "patch"); @@@ -5543,7 -5518,7 +5551,7 @@@ sub git_blobdiff git_print_header_div('commit', esc_html($co{'title'}), $hash_base); } else { print "

$formats_nav
\n"; - print "
$hash vs $hash_parent
\n"; + print "
".esc_html("$hash vs $hash_parent")."
\n"; } if (defined $file_name) { git_print_page_path($file_name, "blob", $hash_base); @@@ -5616,7 -5591,7 +5624,7 @@@ sub git_commitdiff $formats_nav = $cgi->a({-href => href(action=>"commitdiff_plain", -replay=>1)}, "raw"); - if ($patch_max) { + if ($patch_max && @{$co{'parents'}} <= 1) { $formats_nav .= " | " . $cgi->a({-href => href(action=>"patch", -replay=>1)}, "patch"); @@@ -5824,7 -5799,7 +5832,7 @@@ sub git_commitdiff_plain # format-patch-style patches sub git_patch { - git_commitdiff(-format => 'patch', -single=> 1); + git_commitdiff(-format => 'patch', -single => 1); } sub git_patches {