gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it> Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
add: introduce add.ignoreerrors synonym for add.ignore-errors
The "[add] ignore-errors" tweakable introduced by v1.5.6-rc0~30^2 (Add
a config option to ignore errors for git-add, 2008-05-12) does not
follow the usual convention for naming values in the git configuration
file.
What convention? Glad you asked.
The section name indicates the affected subsystem.
The subsection name, if any, indicates which of
an unbound set of things to set the value for.
The variable name describes the effect of tweaking
this knob.
The section and variable names can be broken into
words using bumpyCaps in documentation as a hint to
the reader. These word breaks are not significant
at the level of code, since the section and variable
names are not case sensitive.
The name "add.ignore-errors" includes a dash, meaning a naive
configuration file like
[add]
ignoreErrors
does not have any effect. Avoid such confusion by renaming to the
more consistent add.ignoreErrors, but keep the old version for
backwards compatibility.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reported-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* maint-1.6.6:
request-pull.txt: Document -p option
Check size of path buffer before writing into it
rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option
* maint-1.6.5:
request-pull.txt: Document -p option
Check size of path buffer before writing into it
rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option
Some have found the wording of the description to be somewhat ambiguous
with respect to when it is desirable to use test_must_fail instead of
"! <git-command>". Tweak the wording somewhat to hopefully clarify that
it is _because_ test_must_fail can detect segmentation fault that it is
desirable to use it instead of "! <git-command>".
Signed-off-by: Brandon Casey <casey@nrlssc.navy.mil> Signed-off-by: Junio C Hamano <gitster@pobox.com>
The correct responses to a D and a T line in .git/objects/info/packs
are the same, so combine their case arms. In both cases we already
‘goto’ out of the switch so while at it, remove a redundant ‘break’
to avoid yet another line of code.
Signed-off-by: Ralf Thielow <ralf.thielow@googlemail.com> Reviewed-by: Jonathan Nieder <jrnieder <at> gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation: add submodule.* to the big configuration variable list
The url, path, and the update items in [submodule "foo"] stanzas
are nicely explained in the .gitmodules and ‘git submodule’
documentation. Point there from the config documentation.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
There is already excellent documentation for this facility in
git-submodule.1, but it is not so discoverable.
Relative paths in .gitmodules can be useful for serving the
same repository over multiple protocols, for example.
Thanks to Peter for pointing this out.
Cc: Peter Krefting <peter@softwolves.pp.se> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Earlier, 452e225 (gitweb: fix esc_param, 2009-10-13) fixed CGI escaping
rules used in esc_url. A very similar logic exists in esc_param and needs
to be fixed the same way.
Signed-off-by: Pavan Kumar Sunkara <pavan.sss1991@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
t0005: work around strange $? in ksh when program terminated by a signal
ksh93 is known to report $? of programs that terminated by a signal as
256 + signal number instead of 128 + signal number like other POSIX
compliant shells (ksh's behavior is still POSIX compliant in this regard).
Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
The ?: operator has a lower priority than |, so the implicit associativity
made the 6th argument of parse_options be PARSE_OPT_KEEP_DASHDASH if
keep_dashdash was true discarding PARSE_OPT_STOP_AT_NON_OPTION and
PARSE_OPT_SHELL_EVAL.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'tr/receive-pack-aliased-update-fix' into maint
* tr/receive-pack-aliased-update-fix:
check_aliased_update: strcpy() instead of strcat() to copy
receive-pack: detect aliased updates which can occur with symrefs
receive-pack: switch global variable 'commands' to a parameter
When you have for example a bare repository stored on NFS, and that you
create new workdirs locally (using contrib's git-new-workdir), logs/refs
is a symlink to a different device. Hence when the reflogs are renamed,
all must happen below logs/refs or one gets cross device rename errors
like:
git branch -m foo
error: unable to move logfile logs/refs/heads/master to tmp-renamed-log: Invalid cross-device link
fatal: Branch rename failed
The fix is hence to use logs/refs/.tmp-renamed-log as a temporary log
name, instead of just tmp-renamed-log.
Signed-off-by: Pierre Habouzit <madcoder@debian.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
xdiff: optimise for no whitespace difference when ignoring whitespace.
In xdl_recmatch, do the memcmp to check if the two lines are equal before
checking if whitespace flags are set. If the lines are identical, then
there is no need to check if they differ only in whitespace.
This makes the common case (there is no whitespace difference) faster.
It costs the case where lines are the same length and contain
whitespace differences, but the common case is more than 20% faster.
Signed-off-by: Dylan Reid <dgreid@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-rev-parse.txt: Add more examples for caret and colon
Several items in the caret, colon and friends section contain examples
already. Make sure they all come with examples, and that examples come
early so that they serve as a visual guide, as well.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
The empty treeish in ":path" means "index". This is actually a special
case of the ":stage:path" syntax where it is documented, but mentioning
it also together with "treeish:path" is helpful, so do it.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
In particular, using the normal (or production) compiler
warning level (-W3), msvc complains as follows:
.../sha1.c(244) : warning C4018: '<' : signed/unsigned mismatch
.../sha1.c(270) : warning C4244: 'function' : conversion from \
'unsigned __int64' to 'unsigned long', possible loss of data
.../sha1.c(271) : warning C4244: 'function' : conversion from \
'unsigned __int64' to 'unsigned long', possible loss of data
Note that gcc issues a similar complaint about line 244 when
compiling with -Wextra.
Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Signed-off-by: Junio C Hamano <gitster@pobox.com>
msvc: Fix some "expr evaluates to function" compiler warnings
In particular, the following warning is issued while compiling
notes.c:
notes.c(927) : warning C4550: expression evaluates to a \
function which is missing an argument list
along with identical warnings on lines 928, 1016 and 1017.
In order to suppress the warning, we change the definition of
combine_notes_fn, so that the symbol type is an (explicit)
"pointer to function ...". As a result, several other
declarations need some minor fix-up to take account of the
new typedef.
Signed-off-by: Ramsay Jones <ramsay@ramsay1.demon.co.uk> Acked-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* tc/merge-m-log:
merge: --log appends shortlog to message if specified
fmt-merge-msg: add function to append shortlog only
fmt-merge-msg: refactor merge title formatting
fmt-merge-msg: minor refactor of fmt_merge_msg()
merge: rename variable
merge: update comment
t7604-merge-custom-message: show that --log doesn't append to -m
t7604-merge-custom-message: shift expected output creation
* pc/remove-warn:
Remove a redundant errno test in a usage of remove_path
Introduce remove_or_warn function
Implement the rmdir_or_warn function
Generalise the unlink_or_warn function
git-send-email passes on an 8bit mail as-is even if it does not
declare a content-type. Because the user can edit email between
format-patch and send-email, such invalid mails are unfortunately not
very hard to come by.
Make git-send-email stop and ask about the encoding to use if it
encounters any such mail. Also provide a configuration setting to
permanently configure an encoding.
Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com>
When traversing trees with an index, the current index pointer
(o->cache_bottom) occasionally has to be temporarily advanced forwards to
match the traversal order of the tree, which is not the same as the sort
order of the index. The existing algorithm that did this (introduced in 730f72840cc50c523fe4cdd796ea2d2fc4571a28) would get "stuck" when the
cache_bottom was popped and then repeatedly check the same index entries
over and over. This represents a serious performance regression for
large repositories compared to the old "broken" traversal order.
This commit makes a simple change to mitigate this. Whenever
find_cache_pos sees that the current pos is also the cache_bottom, and
it has already been unpacked, it advances the cache_bottom as well as
the current pos. This prevents the above "sticking" behavior without
dramatically changing the algorithm.
In addition, this commit moves the unpacked check above the
ce_in_traverse_path() check. The simple bitmask check is cheaper, and
in the case described above will be firing quite a bit to advance the
cache_bottom after a tree pop.
This yields considerable performance improvements for large trees.
The following are the number of function calls for "git diff HEAD" on
the Linux kernel tree, with 33,307 files:
Symbol Calls Before Calls After
------------------- ------------ -----------
unpack_callback 35,332 35,332
find_cache_pos 37,357 37,357
ce_in_traverse_path 4,979,473 37,357
do_compare_entry 6,828,181 251,925
df_name_compare 6,828,181 251,925
And on a repository of 187,456 files:
Symbol Calls Before Calls After
------------------- ------------ -----------
unpack_callback 197,958 197,958
find_cache_pos 208,460 208,460
ce_in_traverse_path 37,308,336 208,460
do_compare_entry 156,950,469 2,690,626
df_name_compare 156,950,469 2,690,626
On the latter repository, user time for "git diff HEAD" was reduced from
5.58 to 0.42 seconds. This is compared to 0.30 seconds before the
traversal order fix was implemented.
Signed-off-by: Brian Downing <bdowning@lavos.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'cb/maint-stash-orphaned-file' into maint
* cb/maint-stash-orphaned-file:
stash tests: stash can lose data in a file removed from the index
stash: Don't overwrite files that have gone from the index