gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it> Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git://git.kernel.org/pub/scm/gitk/gitk:
gitk: Add Brazilian Portuguese (pt-BR) translation
gitk: Make text selectable on Mac
gitk: Prevent the text pane from becoming editable
gitk: Add the equivalent of diff --color-words
gitk: Update Swedish translation (290t)
gitk: Show notes by default (like git log does)
* maint:
Prepare for 1.7.3.4
use persistent memory for rejected paths
do not overwrite files in leading path
lstat_cache: optionally return match_len
add function check_ok_to_remove()
t7607: add leading-path tests
t7607: use test-lib functions and check MERGE_HEAD
Do not link with -lcrypto under NO_OPENSSL
An aborted merge prints the list of rejected paths as part of the
error message. Since commit f66caaf9 (do not overwrite files in
leading path), some of those paths do not have static buffers, so
we have to keep a copy. Use string_list's to accomplish this.
This changes the order of the list to the order in which the paths
are processed. Previously, it was reversed.
Signed-off-by: Clemens Buchacher <drizzd@aon.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
t7607: use test-lib functions and check MERGE_HEAD
Use the test_commit and test_path_is_missing
functions from the test library.
Also make sure that a merge which fails due to
pre-merge checks aborts properly and does not
leave MERGE_HEAD behind.
The "will not overwrite removed file" test is an
exception to this. It notices the untracked file
at a stage where the merge is already well under
way. Therefore we cannot abort the merge without
major restructuring. See the following thread for
more details.
Merge branch 'tc/http-urls-ends-with-slash' into maint
* tc/http-urls-ends-with-slash:
http-fetch: rework url handling
http-push: add trailing slash at arg-parse time, instead of later on
http-push: check path length before using it
http-push: Normalise directory names when pushing to some WebDAV servers
http-backend: use end_url_with_slash()
url: add str wrapper for end_url_with_slash()
shift end_url_with_slash() from http.[ch] to url.[ch]
t5550-http-fetch: add test for http-fetch
t5550-http-fetch: add missing '&&'
Translating a SCM is tricky due to amount of jargon, so, I tried to
keep the wording consistent with both the German and Italian git
translations and the pt-BR translation of other SCMs.
Signed-off-by: Alexandre Erwin Ittner <alexandre@ittner.com.br> Signed-off-by: Paul Mackerras <paulus@samba.org>
There are some common but minor errors we tend to make in
writing test scripts:
1. Scripts are left non-executable. This is not usually
noticed immediately because "make test" does not need
the bit, but it is a matter of git policy to make them
executable (and is a slight convenience when running
individual scripts).
2. Two scripts are allocated the same number. Usually this
happens on separate branches, and the problem only
comes about during a merge. But since there is no
textual conflict, the merger would have to be very
observant to notice.
This is also a minor error, but can make GIT_SKIP_TESTS
ambiguous.
This patch introduces a "test-lint" target which checks
both. It is not invoked by default. You can invoke it as
"make test-lint", or you can make it a prerequisite of
running the tests by specifying "TEST_LINT = test-lint" in
your config.mak or on the command line.
Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* gb/web--browse:
web--browse: better support for chromium
web--browse: support opera, seamonkey and elinks
web--browse: split valid_tool list
web--browse: coding style
* jn/parse-options-extra:
update-index: migrate to parse-options API
setup: save prefix (original cwd relative to toplevel) in startup_info
parse-options: make resuming easier after PARSE_OPT_STOP_AT_NON_OPTION
parse-options: allow git commands to invent new option types
parse-options: never suppress arghelp if LITERAL_ARGHELP is set
parse-options: do not infer PARSE_OPT_NOARG from option type
parse-options: sanity check PARSE_OPT_NOARG flag
parse-options: move NODASH sanity checks to parse_options_check
parse-options: clearer reporting of API misuse
parse-options: Don't call parse_options_check() so much
* tc/http-urls-ends-with-slash:
http-fetch: rework url handling
http-push: add trailing slash at arg-parse time, instead of later on
http-push: check path length before using it
http-push: Normalise directory names when pushing to some WebDAV servers
http-backend: use end_url_with_slash()
url: add str wrapper for end_url_with_slash()
shift end_url_with_slash() from http.[ch] to url.[ch]
t5550-http-fetch: add test for http-fetch
t5550-http-fetch: add missing '&&'
* ef/win32-dirent:
win32: use our own dirent.h
msvc: opendir: handle paths ending with a slash
win32: dirent: handle errors
msvc: opendir: do not start the search
msvc: opendir: allocate enough memory
msvc: opendir: fix malloc-failure
* jn/git-cmd-h-bypass-setup:
update-index -h: show usage even with corrupt index
merge -h: show usage even with corrupt index
ls-files -h: show usage even with corrupt index
gc -h: show usage even with broken configuration
commit/status -h: show usage even with broken configuration
checkout-index -h: show usage even in an invalid repository
branch -h: show usage even in an invalid repository
Stolen from git-gui, 23effa79f7 (original log message by
Shawn O. Pearce <spearce@spearce.org> follows):
git-gui: Force focus to the diff viewer on mouse click.
Apparently a "feature" of Tcl/Tk on Mac OS X is that a disabled text
widget cannot receive focus or receive a selection within it. This
makes the diff viewer almost useless on that platform as you cannot
select individual parts of the buffer.
Now we force focus into the diff viewer when its clicked on with
button 1. This works around the feature and allows selection to
work within the viewer just like it does on other less sane systems,
like Microsoft Windows.
Signed-off-by: Stefan Haller <stefan@haller-berlin.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
gitk: Prevent the text pane from becoming editable
When setting the "Patch/Tree" radio buttons to "Tree" and
clicking on a file to display it, the text pane would
accidentally become editable (because of the early return
in getblobline).
Signed-off-by: Stefan Haller <stefan@haller-berlin.de> Signed-off-by: Paul Mackerras <paulus@samba.org>
Use the newly added 'diff --word-diff=porcelain' to teach gitk a
color-words mode, with two different modes analogous to the
--word-diff=plain and --word-diff=color settings. These are selected
by a dropdown box.
As an extra twist, automatically enable this word-diff support when
the user mentions a word-diff related option on the command line.
These options were previously ignored because they would break diff
parsing.
Both of these features are only enabled if we have a version of git
that supports --word-diff=porcelain, meaning at least 1.7.2.
Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Paul Mackerras <paulus@samba.org>
* mg/maint-tag-rfc1991:
tag: recognize rfc1991 signatures
tag: factor out sig detection for tag display
tag: factor out sig detection for body edits
verify-tag: factor out signature detection
t/t7004-tag: test handling of rfc1991 signatures
Move the responsibility for that gymnastics to the header file from the
files that include it. This approach makes it easier to later declare new
services that are related to threading in thread-utils.h and have them
available to all the threading code.
t9143: do not fail when unhandled.log.gz is not created
Do not depend on internal implementation details of svn,
which right now uses perl to create a .gz file.
So this test case will even work in the future,
when svn changes its implementation.
Signed-off-by: Torsten Bögershausen <tboegi@web.de> Acked-by: Eric Wong <normalperson@yhbt.net>
contrib/hooks/post-receive-email: fix return values from prep_for_email
The function was returning 0 for failure and 1 for success which was
breaking the logic in the main loop. It now also returns in all
cases, rather than exiting.
Signed-off-by: Alan Raison <alan@theraisons.me.uk> Acked-by: Kevin P. Fleming <kpfleming@digium.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
With 401857c (imap-send: link against libcrypto for HMAC and others,
2010-11-24) we started linking imap-send unconditionally with -lcrypto by
mistake; disable this when we are building under NO_OPENSSL.
* gb/gitweb-remote-heads:
git instaweb: enable remote_heads
gitweb: group remote heads by remote
gitweb: provide a routine to display (sub)sections
gitweb: refactor repository URL printing
gitweb: remotes view for a single remote
gitweb: allow action specialization in page header
gitweb: nagivation menu for tags, heads and remotes
gitweb: separate heads and remotes lists
gitweb: git_get_heads_list accepts an optional list of refs
gitweb: introduce remote_heads feature
gitweb: use fullname as hash_base in heads link
* mg/maint-tag-rfc1991:
tag: recognize rfc1991 signatures
tag: factor out sig detection for tag display
tag: factor out sig detection for body edits
verify-tag: factor out signature detection
t/t7004-tag: test handling of rfc1991 signatures
* jh/notes-merge: (23 commits)
Provide 'git merge --abort' as a synonym to 'git reset --merge'
cmd_merge(): Parse options before checking MERGE_HEAD
Provide 'git notes get-ref' to easily retrieve current notes ref
git notes merge: Add testcases for merging notes trees at different fanouts
git notes merge: Add another auto-resolving strategy: "cat_sort_uniq"
git notes merge: --commit should fail if underlying notes ref has moved
git notes merge: List conflicting notes in notes merge commit message
git notes merge: Manual conflict resolution, part 2/2
git notes merge: Manual conflict resolution, part 1/2
Documentation: Preliminary docs on 'git notes merge'
git notes merge: Add automatic conflict resolvers (ours, theirs, union)
git notes merge: Handle real, non-conflicting notes merges
builtin/notes.c: Refactor creation of notes commits.
git notes merge: Initial implementation handling trivial merges only
builtin/notes.c: Split notes ref DWIMmery into a separate function
notes.c: Use two newlines (instead of one) when concatenating notes
(trivial) t3303: Indent with tabs instead of spaces for consistency
notes.h/c: Propagate combine_notes_fn return value to add_note() and beyond
notes.h/c: Allow combine_notes functions to remove notes
notes.c: Reorder functions in preparation for next commit
...
--refresh and --really-refresh accept flags (like -q) and modify
an error indicator. It might make sense to make the error
indicator global, but just pass the flags and a pointer to the error
indicator in a struct instead.
--cacheinfo wants 3 arguments. Use the OPTION_LOWLEVEL_CALLBACK
extension to grab them and PARSE_OPT_NOARG to disallow the "sticked"
--cacheinfo=foo form. (The resulting message
$ git update-index --cacheinfo=foo
error: option `cacheinfo' takes no value
is unfortunately incorrect.)
--assume-unchanged and --no-assume-unchanged probably should use the
OPT_UYN feature; but use a callback for now so the existing MARK_FLAG
and UNMARK_FLAG values can be used.
--stdin and --index-info are still constrained to be the last argument
(implemented using the OPTION_LOWLEVEL_CALLBACK extension).
--unresolve and --again consume all arguments that come after them
(also using OPTION_LOWLEVEL_CALLBACK).
The order of options matters. Each path on the command line is
affected only by the options that come before it. A custom
argument-parsing loop with parse_options_step() brings that about.
In exchange for all the fuss, we get the usual perks: support for
un-sticked options, better usage error messages, more useful -h
output, and argument parsing code that should be easier to tweak
in the future.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
setup: save prefix (original cwd relative to toplevel) in startup_info
Save the path from the original cwd to the cwd at the end of the
setup procedure in the startup_info struct introduced in e37c1329
(2010-08-05). The value cannot vary from thread to thread anyway,
since the cwd is global.
So now in your builtin command, instead of passing prefix around,
when you want to convert a user-supplied path to a cwd-relative
path, you can use startup_info->prefix directly.
Caveat: As with the return value from setup_git_directory_gently(),
startup_info->prefix would be NULL when the original cwd is not a
subdir of the toplevel.
Longer term, this would allow the prefix to be reused when several
noncooperating functions require access to the same repository (for
example, when accessing configuration before running a builtin).
Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
parse-options: make resuming easier after PARSE_OPT_STOP_AT_NON_OPTION
Introduce a PARSE_OPT_NON_OPTION state, so parse_option_step()
callers can easily distinguish between non-options and other
reasons for option parsing termination (like "--").
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
parse-options: allow git commands to invent new option types
parse-options provides a variety of option behaviors, including
OPTION_CALLBACK, which should take care of just about any sane
behavior. All supported behaviors obey the following constraint:
A --foo option can only accept (and base its behavior on)
one argument, which would be the following command-line
argument in the "unsticked" form.
Alas, some existing git commands have options that do not obey that
constraint. For example, update-index --cacheinfo takes three
arguments, and update-index --resolve takes all later parameters as
arguments.
Introduces an OPTION_LOWLEVEL_CALLBACK backdoor to parse-options so
such option types can be supported without tempting inventors of other
commands through mention in the public API. Commands can set the
callback field to a function accepting three arguments: the option
parsing context, the option itself, and a flag indicating whether the
the option was negated. When the option is encountered, that function
is called to take over from get_value(). The return value should be
zero for success, -1 for usage errors.
Thanks to Stephen Boyd for API guidance.
Improved-by: Stephen Boyd <bebarino@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
parse-options: never suppress arghelp if LITERAL_ARGHELP is set
The PARSE_OPT_LITERAL_ARGHELP flag allows a program to override the
standard "<argument> for mandatory, [argument] for optional" markup in
its help message. Extend it to override the usual "no text for
disallowed", too (for the PARSE_OPT_NOARG | PARSE_OPT_LITERAL_ARGHELP
case, which was previously meaningless), to be more intuitive.
The motivation is to allow update-index to correctly advertise
--cacheinfo <mode> <object> <path>
add the specified entry to the index
while abusing PARSE_OPT_NOARG to disallow the "sticked form"
--cacheinfo=<mode> <object> <path>
Noticed-by: Stephen Boyd <bebarino@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
parse-options: do not infer PARSE_OPT_NOARG from option type
Simplify the "takes no value" error path by relying on PARSE_OPT_NOARG
being set correctly. That is:
- if the PARSE_OPT_NOARG flag is set, reject --opt=value
regardless of the option type;
- if the PARSE_OPT_NOARG flag is unset, accept --opt=value
regardless of the option type.
This way, the accepted usage more closely matches the usage advertised
with --help-all.
No functional change intended, since the NOARG flag is only used
with "boolean-only" option types in existing parse_options callers.
Signed-off-by: Stephen Boyd <bebarino@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Some option types cannot use an argument --- boolean options that
would set a bit or flag or increment a counter, for example. If
configured in the flag word to accept an argument anyway, the result
is an argument that is advertised in "program -h" output only to be
rejected by parse-options::get_value.
Luckily all current users of these option types use PARSE_OPT_NOARG
and do not use PARSE_OPT_OPTARG. Add a check to ensure that that
remains true. The check is run once for each invocation of
parse_option_start().
Improved-by: Stephen Boyd <bebarino@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
parse-options: move NODASH sanity checks to parse_options_check
A dashless switch (like '(' passed to 'git grep') cannot be negated,
cannot be attached to an argument, and cannot have a long form.
Currently parse-options runs the related sanity checks when the
dashless option is used; better to always check them at the start of
option parsing, so mistakes can be caught more quickly.
The error message at the new call site is less specific about the
nature of the error, for simplicity. On the other hand, it prints
which switch was problematic. Before:
fatal: BUG: dashless options can't be long
After:
error: BUG: switch '(' uses feature not supported for dashless options
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>