From b87d78d60ce3798c8938ba1d3ed176b6ed9ba539 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 7 Aug 2005 20:21:04 +0200 Subject: [PATCH 1/1] v107 --- gitweb.cgi | 537 +++++++++++++++++++++++++++++++++-------------------- 1 file changed, 338 insertions(+), 199 deletions(-) diff --git a/gitweb.cgi b/gitweb.cgi index fa7a0f590b..ec68636c24 100755 --- a/gitweb.cgi +++ b/gitweb.cgi @@ -5,39 +5,79 @@ # (C) 2005, Kay Sievers # (C) 2005, Christian Gierke # -# This file is licensed under the GPL v2, or a later version +# This program is licensed under the GPL v2, or a later version use strict; use warnings; use CGI qw(:standard :escapeHTML); use CGI::Carp qw(fatalsToBrowser); +use Fcntl ':mode'; my $cgi = new CGI; +my $version = "107"; +my $my_url = $cgi->url(); +my $my_uri = $cgi->url(-absolute => 1); +my $rss_link = ""; -# begin config +# absolute fs-path which will be prepended to the project path my $projectroot = "/pub/scm"; -$projectroot = "/home/kay/public_html/pub/scm"; -my $home_link = "/git"; -$home_link = "/~kay/git"; + +# location of the git-core binaries my $gitbin = "/usr/bin"; + +# location for temporary files needed for diffs my $gittmp = "/tmp/gitweb"; -my $logo_link = "/pub/software/scm/cogito"; -$logo_link = "/~kay/pub/software/scm/cogito"; -# end config -my $version = "089"; -my $my_url = $cgi->url(); -my $my_uri = $cgi->url(-absolute => 1); -my $rss_link = ""; +# target of the home link on top of all pages +my $home_link = $my_uri; +$home_link = "/git"; + +# handler to return the list of projects +sub get_projects_list { + my @list; + + # search in directory +# my $dir = $projectroot; +# opendir my $dh, $dir || return undef; +# while (my $dir = readdir($dh)) { +# if (-e "$projectroot/$dir/HEAD") { +# push @list, $dir; +# } +# } +# closedir($dh); + + # read from file + my $file = "index/index.txt"; + open my $fd , $file || return undef; + while (my $line = <$fd>) { + chomp $line; + if (-e "$projectroot/$line/HEAD") { + push @list, $line; + } + } + close $fd; + + @list = sort @list; + return \@list; +} +# input validation my $project = $cgi->param('p'); -if (defined($project)) { - if ($project =~ /(^|\/)(|\.|\.\.)($|\/)/) { - $project = ""; - die_error("", "Invalid project parameter."); +if (defined $project) { + if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) { + undef $project; + die_error("", "Non-canonical project parameter."); + } + if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) { + undef $project; + die_error("", "Invalid character in project parameter."); } if (!(-d "$projectroot/$project")) { - $project = ""; + undef $project; + die_error("", "No such directory."); + } + if (!(-e "$projectroot/$project/HEAD")) { + undef $project; die_error("", "No such project."); } $rss_link = ""; @@ -45,40 +85,57 @@ if (defined($project)) { } my $file_name = $cgi->param('f'); -if (defined($file_name) && $file_name =~ /(^|\/)(|\.|\.\.)($|\/)/) { - $file_name = ""; - die_error("", "Invalid file parameter."); +if (defined $file_name) { + if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) { + undef $file_name; + die_error("", "Non-canonical file parameter."); + } + if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) { + undef $file_name; + die_error("", "Invalid character in file parameter."); + } } my $action = $cgi->param('a'); -if (defined($action) && $action =~ m/[^0-9a-zA-Z\.\-]+$/) { - $action = ""; - die_error("", "Invalid action parameter."); +if (defined $action) { + if ($action =~ m/[^0-9a-zA-Z\.\-]+/) { + undef $action; + die_error("", "Invalid action parameter."); + } +} else { + $action = "log"; } my $hash = $cgi->param('h'); -if (defined($hash) && !($hash =~ m/^[0-9a-fA-F]{40}$/)) { - $hash = ""; +if (defined $hash && !($hash =~ m/^[0-9a-fA-F]{40}$/)) { + undef $hash; die_error("", "Invalid hash parameter."); } my $hash_parent = $cgi->param('hp'); -if (defined($hash_parent) && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) { - $hash_parent = ""; +if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) { + undef $hash_parent; die_error("", "Invalid parent hash parameter."); } my $time_back = $cgi->param('t'); -if (defined($time_back) && !($time_back =~ m/^[0-9]+$/)) { - $time_back = ""; - die_error("", "Invalid time parameter."); +if (defined $time_back) { + if ($time_back =~ m/^[^0-9]+$/) { + undef $time_back; + die_error("", "Invalid time parameter."); + } } -mkdir($gittmp, 0700); - sub git_header_html { my $status = shift || "200 OK"; + my $title = "git"; + if (defined $project) { + $title .= " - $project"; + if (defined $action) { + $title .= "/$action"; + } + } print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status); print < @@ -86,7 +143,7 @@ sub git_header_html { -git - $project +$title $rss_link