gitweb: Introduce esc_attr to escape attributes of HTML elements
It is needed only to escape attributes of handcrafted HTML elements,
and not those generated using CGI.pm subroutines / methods for HTML
generation.
While at it, add esc_url and esc_html where needed, and prefer to use
CGI.pm HTML generating methods than handcrafted HTML code. Most of
those are probably unnecessary (could be exploited only by person with
write access to gitweb config, or at least access to the repository).
This fixes CVE-2010-3906
Reported-by: Emanuele Gentili <e.gentili@tigersecurity.it> Helped-by: John 'Warthog9' Hawley <warthog9@kernel.org> Helped-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
add: introduce add.ignoreerrors synonym for add.ignore-errors
The "[add] ignore-errors" tweakable introduced by v1.5.6-rc0~30^2 (Add
a config option to ignore errors for git-add, 2008-05-12) does not
follow the usual convention for naming values in the git configuration
file.
What convention? Glad you asked.
The section name indicates the affected subsystem.
The subsection name, if any, indicates which of
an unbound set of things to set the value for.
The variable name describes the effect of tweaking
this knob.
The section and variable names can be broken into
words using bumpyCaps in documentation as a hint to
the reader. These word breaks are not significant
at the level of code, since the section and variable
names are not case sensitive.
The name "add.ignore-errors" includes a dash, meaning a naive
configuration file like
[add]
ignoreErrors
does not have any effect. Avoid such confusion by renaming to the
more consistent add.ignoreErrors, but keep the old version for
backwards compatibility.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Reported-by: Julien Cristau <jcristau@debian.org> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* maint-1.6.6:
request-pull.txt: Document -p option
Check size of path buffer before writing into it
rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option
* maint-1.6.5:
request-pull.txt: Document -p option
Check size of path buffer before writing into it
rev-parse: fix --parse-opt --keep-dashdash --stop-at-non-option
The ?: operator has a lower priority than |, so the implicit associativity
made the 6th argument of parse_options be PARSE_OPT_KEEP_DASHDASH if
keep_dashdash was true discarding PARSE_OPT_STOP_AT_NON_OPTION and
PARSE_OPT_SHELL_EVAL.
Signed-off-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Setting NO_CURL leaves some variables like REMOTE_CURL_ALIASES
empty, which creates no fun when for-looping over
$(REMOTE_CURL_ALIASES) unconditionally. Make it conditional.
Reported-by: Paul Walker <PWalker752@aol.com> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
xdi_diff_outf() overrides the structure members of its last parameter,
ignoring any value that callers pass in. It's no surprise then that all
callers pass a pointer to an uninitialized structure. They also don't
read it after the call, so the parameter is neither used for input nor
for output. Turn it into a local variable of xdi_diff_outf().
Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Acked-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
git-submodule inherits variables from the environment it is started in,
expects the internal variables init= and recursive= to have an empty
value, but doesn't initialize them appropriately. Thanks to the
selftests, this can be reproduced through
init=1 make test
recursive=1 make test
With this commit the variables are initialized, and the selftests
succeed even if these variables have some values in the environment.
The bug was discovered through the Debian autobuilders
http://bugs.debian.org/569594
Signed-off-by: Gerrit Pape <pape@smarden.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation improvements for the description of short format.
Incorporates the detailed explanation from Jeff King in
<20100410040959.GA11977@coredump.intra.peff.net> and fixes
the bug noted by Junio C Hamano in
<7vmxxc1i8g.fsf@alter.siamese.dyndns.org>.
Signed-off-by: Eric S. Raymond <esr@thyrsus.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/Makefile: fix interrupted builds of user-manual.xml
Unlike gcc, asciidoc does not atomically write its output file or
delete it when interrupted. If it is interrupted in the middle of
writing an XML file, the result will be truncated input for xsltproc.
XSLTPROC user-manual.html
user-manual.xml:998: parser error : Premature end of data in t
Take care of this case by writing to a temporary and renaming it when
finished.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Currently, there are 6 tests which are not even written but are
'test_expect_failure message false'.
Do not abuse test_expect_failure as a to do marker, but mark them as
'#TODO' instead.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Acked-by: Nguyen Thai Ngoc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
The description for core.autocrlf refers to reads from / writes to
"the filesystem", the only use of this rather ambiguous term, which
technically could be referring to the git object database. (All other
mentions are part of phrases such as "..filesystems (like NFS)..").
Other sections, including the section on core.safecrlf, use the term
"work tree" for the same purpose as the term "the filesystem" is used in
the core.autocrlf section, so that seems like a good alternative, which
makes it clearer what direction the addition/removal of CR characters
occurs in.
Signed-off-by: Will Palmer <wmpalmer@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
diff: use large integers for diffstat calculations
The diffstat "added" and "changed" fields generally store
line counts; however, for binary files, they store file
sizes. Since we store and print these values as ints, a
diffstat on a file larger than 2G can show a negative size.
Instead, let's use uintmax_t, which should be at least 64
bits on modern platforms.
Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
t1010-mktree: Adjust expected result to code and documentation
The last two tests here were always supposed to fail in the sense
that, according to code and documentation, mktree should read non-recursive
ls-tree output, but not recursive one, and therefore explicitely refuses
to deal with slashes.
Adjust the test (must_fail) so that it succeeds when mktree dies on
slashes.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Consider an evil merge of two commits A and B, both of which have a
file 'foo', but the merge result does not have that file.
The combined-diff code learned in 4462731 (combine-diff: do not punt
on removed or added files., 2006-02-06) to concisely show only the
removal, since that is the evil part and the previous contents are
presumably uninteresting.
However, to diagnose an empty merge result, it overloaded the variable
that holds the file's length. This means that the check also triggers
for truncated files. Consequently, such files were not shown in the
diff at all despite the merge being clearly evil.
Fix this by adding a new variable that distinguishes whether the file
was deleted (which is the case 4462731 handled) or truncated. In the
truncated case, we show the full combined diff again, which is rather
spammy but at least does not hide the evilness.
Reported-by: David Martínez Martí <desarrollo@gestiweb.com> Signed-off-by: Thomas Rast <trast@student.ethz.ch> Signed-off-by: Junio C Hamano <gitster@pobox.com>
v1.7.0-rc0~18^2 (branch -d: base the "already-merged" safety on the
branch it merges with, 2009-12-29) taught ‘git branch’ a new heuristic
for when it is safe to delete a branch without forcing the issue. It
is safe to delete a branch "topic" without second thought if:
- the branch "topic" is set up to pull from a (remote-tracking,
usually) branch and is fully merged in that "upstream" branch, or
- there is no branch.topic.merge configuration and branch "topic" is
fully merged in the current HEAD.
Update the man page to acknowledge the new rules.
Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Let check_preimage() use memset() to initialize "struct checkout"
Every code site except check_preimage() uses either memset() or declares
a static instance of "struct checkout" to achieve proper initialization.
Lets use memset() instead of explicit initialization of all members here
too to be on the safe side in case this structure is expanded someday.
Signed-off-by: Jens Lehmann <Jens.Lehmann@web.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
- use "<options>" instead of just "options".
- use "[<repository> [<refspec>...]]" to indicate that <repository> and
<refspec> are optional, and that <refspec> cannot be specified
without specifying <repository>.
Note that when called without specifying <repository> (eg. "git fetch
-f"), it is accurate to say that the "git fetch [<options>]
[<repository> ...]" case takes precedence over "git fetch [<options>]
<group>".
Signed-off-by: Tay Ray Chuan <rctay89@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
branch: say "Reset to" in reflog entries for 'git branch -f' operations
In 5f856dd (fix reflog entries for "git-branch"), it is mentioned that
'git branch -f' is intended to be equivalent to 'git reset'. Since we
usually say "reset to <commit>" in the git-reset Documentation and
elsewhere, it would make sense to say "Reset to" here as well, instead
of "Reset from" previously.
Signed-off-by: Tay Ray Chuan <rctay89@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Since commit 0fcabdeb52b79775173d009ccc179db104dfbb66, compat/bswap.h
redefined htonl and ntohl to bswap32 not only if bswap32 has been
defined earlier in compat/bswap.h (which is done only on selected
platforms), but also if bswap32 has been defined anywhere else. This
broke Git at least for NetBSD systems running on big-endian machines
(where ntohl and htonl should, of course, be NOOPs), since NetBSD
defines a bswap32 macro in the system headers.
So, we now undefine any previously defined bswap32 in compat/bswap.h
before defining our own.
Signed-off-by: Holger Weiß <holger@zedat.fu-berlin.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
gitweb: git_get_project_config requires only $git_dir, not also $project
Fix overeager early return in git_get_project_config, introduced in 9be3614
(gitweb: Fix project-specific feature override behavior, 2010-03-01). When
git_get_project_config is called from projects list page via
git_get_project_owner($path) etc., it is called with $git_dir defined (in
git_get_project_owner($path) etc.), but $project variable is not defined.
git_get_project_config doesn't use $project variable anyway.
Reported-by: Tobias Heinlein <keytoaster@gentoo.org> Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation: Clarify support for smart HTTP backend
In the description of http.getanyfile, replace the vague "older Git
clients" with the earliest release whose client is able to use the
upload pack service.
Signed-off-by: Greg Bacon <gbacon@dbresearch.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Starting with 5256b00 (Use git_mkstemp_mode instead of plain mkstemp to
create object files, 2010-02-22) utime() is invoked on read-only files.
This is not allowed on Windows and results in many warnings of the form
failed utime() on .git/objects/23/tmp_obj_VlgHlc: Permission denied
during a repack. Fix it by making the file temporarily writable.
Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
To make the code simpler, run_textconv lumps all of its
error checking into one conditional. However, the
short-circuit means that an error in reading will prevent us
from calling finish_command, leaving a zombie child.
Clean up properly after errors.
Based-on-work-by: Jeff King <peff@peff.net> Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Makefile: Remove usage of deprecated Python "has_key" method
"has_key" is a deprecated dictionary method in Python 2.6+.
Simplify the sys.path manipulation for installed scripts by
passing a default value to os.getenv() that takes a default
value to be used when the environment variable is missing.
SCRIPT_PYTHON is currently empty but this future-proofs us.
It also fixes things for users who maintain local git forks
with their own SCRIPT_PYTHON additions.
Old code replaced the first element of sys.path[] which is
typically '' (i.e. import library files relative to the script).
It is safer to prepend the extra library path instead.
Signed-off-by: David Aguilar <davvid@gmail.com> Acked-by: Johan Herland <johan@herland.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Upon failure of any of these tests (or when a test that is marked as
expecting a failure is fixed), we will end up running later tests in
random places.
b4479f0 (add -i, send-email, svn, p4, etc: use "git var GIT_EDITOR",
2009-10-30) introduced the use of "git var GIT_EDITOR" to obtain the
preferred editor program, instead of reading environment variables
themselves.
However, "git var GIT_EDITOR" run without a tty (think "cron job") would
give a fatal error "Terminal is dumb, but EDITOR unset". This is not a
problem for add-i, svn, p4 and callers of git_editor() defined in
git-sh-setup, as all of these call it just before launching the editor.
At that point, we know the caller wants to edit.
But send-email ran this near the beginning of the program, even if it is
not going to use any editor (e.g. run without --compose). Fix this by
calling the command only when we edit a file.
Reported-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Acked-by: Uwe Kleine-König <u.kleine-koenig@pengutronix.de> Acked-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Merge branch 'jk/maint-add-ignored-dir' into maint
* jk/maint-add-ignored-dir:
tests for "git add ignored-dir/file" without -f
dir: fix COLLECT_IGNORED on excluded prefixes
t0050: mark non-working test as such
Merge branch 'bg/apply-fix-blank-at-eof' into maint
* bg/apply-fix-blank-at-eof:
t3417: Add test cases for "rebase --whitespace=fix"
t4124: Add additional tests of --whitespace=fix
apply: Allow blank context lines to match beyond EOF
apply: Remove the quick rejection test
apply: Don't unnecessarily update line lengths in the preimage
If stdout has already been closed by the CGI and die() gets called,
the CGI will fail to write the "Status: 500 Internal Server Error" to
the pipe, which results in die() being called again (via safe_write).
This goes on in an infinite loop until the stack overflows and the
process is killed by SIGSEGV.
Instead set a flag on the first die() invocation and if we came back to
the handler, just die silently, as it only means we failed to report the
failure---we cannot report anything anyway in such a case. This way
failures to write the error messages to the stdout pipe do not result in
an infinite loop.
We also now report on the death to stderr before we report to stdout,
to increase the chances that the cause of the die() invocation will
appear in the server's error log.
Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
fixup! http-backend.c: Don't infinite loop
Now die_webcgi() actually can return during a recursive call into it,
causing
http-backend.c:554: error: 'noreturn' function does return
The only reason we would come back to the die handler is because we
failed during it, so we cannot report anything anyway.
rev-list: use default abbrev length when abbrev-commit is in effect
Currently, rev-list has a default of "0" for abbrev which means that
switching on abbreviations with --abbrev-commit has no visible effect,
even though the option is documented.
Set abbrev to DEFAULT_ABBREV so that --abbrev-commit has the same effect
as for log.
Reported-by: Eli Barzilay <eli@barzilay.org> Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
There is a documented limitation on the body of any email not being
able to contain lines starting with "From ". This patch removes that
limitation by improving the parser to search for "From", "Date", and
"Subject" fields in the email before considering it to be an email.
Signed-off-by: Ramkumar Ramachandra <artagnon@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* maint-1.6.6:
Documentation/git-clone: Transform description list into item list
Documentation/urls: Remove spurious example markers
Documentation/gitdiffcore: Remove misleading date in heading
Documentation/git-reflog: Fix formatting of command lists
Documentation/git-clone: Transform description list into item list
so that the list of examples is formatted in the same way as for
git-fetch, and, more importantly, the different identation for the
code blocks in the examples (compared to the immediately preceding code
blocks from url.txt) doesn't look like misformatted, but is clarified by
the items' bullets.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/urls: Remove spurious example markers
In urls.txt (which is included from git-{clone,fetch,push}.txt)
several item lists are surrounded by example block markers. This is
problematic for two reasons:
- None of these lists are example lists, so they should not be marked as
such semantically.
- The html output looks weird (bulleted list with left sidebar).
Therefore, remove the example block markers. Output by the man backend
is unaffected.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Documentation/gitdiffcore: Remove misleading date in heading
Ever since the automatic conversion into man form, the heading
contained a misidentified subheading reading "June 2005".
Remove this since the documentation is more recent, and the correct
date is in the footer.
Signed-off-by: Michael J Gruber <git@drmicha.warpmail.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
55246aa (Dont use "<unknown>" for placeholders and suppress printing
of empty user formats) introduced a check to prevent empty
user-formats from being printed. This test didn't take empty commit
messages into account, and prevented the line-termination from being
output. This lead to multiple commits on a single line.
Correct it by guarding the check with a check for user-format. A
similar correction for the --graph code-path has been included.
Signed-off-by: Erik Faye-Lund <kusmabite@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
daemon: parse_host_and_port SIGSEGV if port is specified
This typo will lead to git-daemon dying any time the connect
string includes a port after the host= attribute. This can lead
for example to one of the following error messages on the client
side when someone tries git clone git://...:<port>.
When the daemon is running on localhost:
fatal: The remote end hung up unexpectedly
or when the daemon is connected through an ssh tunnel:
fatal: protocol error: bad line length character: erro
In the latter case 'erro' comes from the daemon's reply:
error: git-daemon died of signal 11
Signed-off-by: Imre Deak <imre.deak@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
If CDPATH is set, "cd" prints its destination to stdout, causing
the common (cd a && tar cf - .) | (cd b && tar xf -) idiom to fail.
For example:
make -C templates DESTDIR='' install
make[1]: Entering directory `/users/e477610/exptool/src/git-1.7.0.2/templates'
install -d -m 755 '/home/e477610/exptool/share/git-core/templates'
(cd blt && gtar cf - .) | \
(cd '/home/e477610/exptool/share/git-core/templates' && umask 022 && gtar xof -)
gtar: This does not look like a tar archive
Most git scripts already protect against use of CDPATH through
git-sh-setup, but the Makefile doesn’t.
Reported-by: Michael Cox <mhcox@bluezoosoftware.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>