summaryrefslogtreecommitdiff
path: root/gitweb/gitweb.perl
AgeCommit message (Collapse)AuthorFilesLines
2018-03-05gitweb: hard-depend on the Digest::MD5 5.8 moduleLibravatar Ævar Arnfjörð Bjarmason1-13/+4
Since my d48b284183 ("perl: bump the required Perl version to 5.8 from 5.6.[21]", 2010-09-24), we've depended on 5.8, so there's no reason to conditionally require Digest::MD5 anymore. It was released with perl v5.7.3[1] The initial introduction of the dependency in e9fdd74e53 ("gitweb: (gr)avatar support", 2009-06-30) says as much, this also undoes part of the later 2e9c8789b7 ("gitweb: Mention optional Perl modules in INSTALL", 2011-02-04) since gitweb will always be run on at least 5.8, so there's no need to mention Digest::MD5 as a required module in the documentation, let's instead say that we require perl 5.8. 1. $ corelist Digest::MD5 Data for 2015-02-14 Digest::MD5 was first released with perl v5.7.3 Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-11-06Merge branch 'gc/gitweb-filetest-acl'Libravatar Junio C Hamano1-0/+2
"gitweb" checks if a directory is searchable with Perl's "-x" operator, which can be enhanced by using "filetest 'access'" pragma, which now we do. * gc/gitweb-filetest-acl: gitweb: use filetest to allow ACLs
2017-10-24gitweb: use filetest to allow ACLsLibravatar Guillaume Castagnino1-0/+2
In commit 46a1385 (gitweb: skip unreadable subdirectories, 2017-07-18) we forgot to handle non-unix ACLs as well. Fix this. Signed-off-by: Guillaume Castagnino <casta@xwing.info> Reviewed-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-08-26Merge branch 'js/gitweb-raw-blob-link-in-history'Libravatar Junio C Hamano1-0/+3
"gitweb" shows a link to visit the 'raw' contents of blbos in the history overview page. * js/gitweb-raw-blob-link-in-history: gitweb: add 'raw' blob_plain link in history overview
2017-08-23Merge branch 'hb/gitweb-project-list' into maintLibravatar Junio C Hamano1-0/+2
When a directory is not readable, "gitweb" fails to build the project list. Work this around by skipping such a directory. It might end up hiding a problem under the rug and a better solution might be to loudly complain to the administrator pointing out the problematic directory, but this will at least make it "work". * hb/gitweb-project-list: gitweb: skip unreadable subdirectories
2017-08-22gitweb: add 'raw' blob_plain link in history overviewLibravatar Job Snijders1-0/+3
For people that work with very large plain text files it may be easier if one can bypass viewing the htmlized blob and instead click directly to the raw file (rather then click through 'blob' and then to 'raw'). Signed-off-by: Job Snijders <job@instituut.net> Reviewed-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-08-11Merge branch 'hb/gitweb-project-list'Libravatar Junio C Hamano1-0/+2
When a directory is not readable, "gitweb" fails to build the project list. Work this around by skipping such a directory. * hb/gitweb-project-list: gitweb: skip unreadable subdirectories
2017-07-18gitweb: skip unreadable subdirectoriesLibravatar Hielke Christian Braun1-0/+2
gitweb terminates and shows no project list, if it can not access a sub-directory in the project root directory while looking for projects to show. Work it around by skipping unreadable directories. Signed-off-by: Hielke Christian Braun <hcb@unco.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-06-27Spelling fixesLibravatar Ville Skyttä1-2/+2
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-15doc: use https links to Wikipedia to avoid http redirectsLibravatar Sven Strickroth1-1/+1
Signed-off-by: Sven Strickroth <email@cs-ware.de> Reviewed-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-26Merge branch 'ab/gitweb-abbrev-links'Libravatar Junio C Hamano1-3/+17
In addition to purely abbreviated commit object names, "gitweb" learned to turn "git describe" output (e.g. v2.9.3-599-g2376d31787) into clickable links in its output. * ab/gitweb-abbrev-links: gitweb: link to "git describe"'d commits in log messages gitweb: link to 7-char+ SHA-1s, not only 8-char+ gitweb: fix a typo in a comment
2016-10-14gitweb: link to "git describe"'d commits in log messagesLibravatar Ævar Arnfjörð Bjarmason1-2/+16
Change the log formatting function to know about "git describe" output such as "v2.8.0-4-g867ad08", in addition to just plain "867ad08". There are still many valid refnames that we don't link to e.g. v2.10.0-rc1~2^2~1 is also a valid way to refer to v2.8.0-4-g867ad08, but I'm not supporting that with this commit, similarly it's trivially possible to create some refnames like "æ/var-gf6727b0" or which won't be picked up by this regex. There's surely room for improvement here, but I just wanted to address the very common case of sticking "git describe" output into commit messages without trying to link to all possible refnames, that's going to be a rather futile exercise given that this is free text, and it would be prohibitively expensive to look up whether the references in question exist in our repository. There was on-list discussion about how we could do better than this patch. Junio suggested to update parse_commits() to call a new "gitweb--helper" command which would pass each of the revision candidates through "rev-parse --verify --quiet". That would cut down on our false positives (e.g. we'll link to "deadbeef"), and also allow us to be more aggressive in selecting candidate revisions. That may be too expensive to work in practice, or it may not. Investigating that would be a good follow-up to this patch. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-14gitweb: link to 7-char+ SHA-1s, not only 8-char+Libravatar Ævar Arnfjörð Bjarmason1-1/+1
Change the minimum length of an abbreviated object identifier in the commit message gitweb tries to turn into link from 8 hexchars to 7. This arbitrary minimum length of 8 was introduced in bfe2191 ("gitweb: SHA-1 in commit log message links to "object" view", 2006-12-10), but the default abbreviation length is 7, and has been for a long time. It's still possible to reference SHA-1s down to 4 characters in length, see v1.7.4-1-gdce9648's MINIMUM_ABBREV, but I can't see how to make git actually produce that, so I doubt anyone is putting that into log messages in practice, but people definitely do put 7 character SHA-1s into log messages. I think it's fairly dubious to link to things matching [0-9a-fA-F] here as opposed to just [0-9a-f], that dates back to the initial version of gitweb from 161332a ("first working version", 2005-08-07). Git will accept all-caps SHA-1s, but didn't ever produce them as far as I can tell. Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-14gitweb: fix a typo in a commentLibravatar Ævar Arnfjörð Bjarmason1-1/+1
Change a typo'd MIME type in a comment. The Content-Type is application/xhtml+xml, not application/xhtm+xml. Fixes up code originally added in 53c4031 ("gitweb: Strip non-printable characters from syntax highlighter output", 2011-09-16). Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-25gitweb: use highlight's shebang detectionLibravatar Ian Kelling1-5/+5
The "highlight" binary can, in some cases, determine the language type by the means of file contents, for example the shebang in the first line for some scripting languages. Make use of this autodetection for files which syntax is not known by gitweb. In that case, pass the blob contents to "highlight --force"; the parameter is needed to make it always generate HTML output (which includes HTML-escaping). Although we now run highlight on files which do not end up highlighted, performance is virtually unaffected because when we call highlight, it is used for escaping HTML. In the case that highlight is used, gitweb calls sanitize() instead of esc_html(), and the latter is significantly slower (it does more, being roughly a superset of sanitize()). Simple benchmark comparing performance of 'blob' view of files without syntax highlighting in gitweb before and after this change indicates ±1% difference in request time for all file types. Benchmark was performed on local instance on Debian, using Apache/2.4.23 web server and CGI. Document the feature and improve syntax highlight documentation, add test to ensure gitweb doesn't crash when language detection is used. Signed-off-by: Ian Kelling <ian@iankelling.org> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-25gitweb: remove unused guess_file_syntax() parameterLibravatar Ian Kelling1-2/+2
Signed-off-by: Ian Kelling <ian@iankelling.org> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-08-01gitweb: escape link body in format_ref_markerLibravatar Andreas Brauchli1-1/+1
Fix a case where an html link can be generated from unescaped input resulting in invalid strict xhtml or potentially injected code. An overview of a repo with a tag "1.0.0&0.0.1" would previously result in an unescaped ampersand in the link body. Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net> Acked-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-18Merge branch 'sk/gitweb-highlight-encoding' into HEADLibravatar Junio C Hamano1-0/+3
Some multi-byte encoding can have a backslash byte as a later part of one letter, which would confuse "highlight" filter used in gitweb. * sk/gitweb-highlight-encoding: gitweb: apply fallback encoding before highlight
2016-05-03gitweb: apply fallback encoding before highlightLibravatar Shin Kojima1-0/+3
Some multi-byte character encodings (such as Shift_JIS and GBK) have characters whose final bytes is an ASCII '\' (0x5c), and they will be displayed as funny-characters even if $fallback_encoding is correct. This is because `highlight` command always expects UTF-8 encoded strings from STDIN. $ echo 'my $v = "申";' | highlight --syntax perl | w3m -T text/html -dump my $v = "申"; $ echo 'my $v = "申";' | iconv -f UTF-8 -t Shift_JIS | highlight \ --syntax perl | iconv -f Shift_JIS -t UTF-8 | w3m -T text/html -dump iconv: (stdin):9:135: cannot convert my $v = " This patch prepare git blob objects to be encoded into UTF-8 before highlighting in the manner of `to_utf8` subroutine. Signed-off-by: Shin Kojima <shin@kojima.org> Reviewed-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-01-12gitweb: squelch "uninitialized value" warningLibravatar Øyvind A. Holm1-1/+1
git_object() chomps $type that is read from "cat-file -t", but it does so before checking if $type is defined, resulting in a Perl warning in the server error log: gitweb.cgi: Use of uninitialized value $type in scalar chomp at [...]/gitweb.cgi line 7579., referer: [...] when trying to access a non-existing commit, for example: http://HOST/?p=PROJECT.git;a=commit;h=NON_EXISTING_COMMIT Check the value in $type before chomping. This will cause us to call href with its action parameter set to undef when formulating the URL to redirect to, but that is harmless, as the function treats a parameter that set to undef as if it does not exist. Signed-off-by: Øyvind A. Holm <sunny@sunbase.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-11-18gitweb: hack around CGI's list-context param() handlingLibravatar Jeff King1-1/+5
As of CGI.pm's 4.08 release, the behavior to call CGI::param() in a list context is deprecated (because it can be potentially unsafe if called inside a hash constructor). This causes gitweb to issue a warning for some of our code, which in turn causes the tests to fail. Our use is in fact _not_ one of the dangerous cases, as we are intentionally using a list context. The recommended route by 4.08 is to use the new CGI::multi_param() call to make it explicit that we know what we are doing. However, that function is only available in 4.08, which is about a month old; we cannot rely on having it. One option would be to set $CGI::LIST_CONTEXT_WARN globally, which turns off the warning. However, that would eliminate the protection these newer releases are trying to provide. We want to annotate each site as OK using the new function. So instead, let's check whether CGI provides the multi_param() function, and if not, provide an implementation that just wraps param(). That will work on both old and new versions of CGI. Sadly, we cannot just check defined(\&CGI::multi_param), because CGI uses the autoload feature, which claims that all functions are defined. Instead, we just do a version check. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-16gitweb: use start_form, not startform that was removed in CGI.pm 4.04Libravatar Roland Mas1-2/+2
CGI.pm 4.04 removed the startform method, which had previously been deprecated in favour of start_form. Changes file for CGI.pm says: 4.04 2014-09-04 [ REMOVED / DEPRECATIONS ] - startform and endform methods removed (previously deprecated, you should be using the start_form and end_form methods) Signed-off-by: Roland Mas <lolando@debian.org> Reviewed-by: Jakub Narębski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-04-08Merge branch 'jl/nor-or-nand-and'Libravatar Junio C Hamano1-1/+1
Eradicate mistaken use of "nor" (that is, essentially "nor" used not in "neither A nor B" ;-)) from in-code comments, command output strings, and documentations. * jl/nor-or-nand-and: code and test: fix misuses of "nor" comments: fix misuses of "nor" contrib: fix misuses of "nor" Documentation: fix misuses of "nor"
2014-03-31comments: fix misuses of "nor"Libravatar Justin Lebar1-1/+1
Signed-off-by: Justin Lebar <jlebar@google.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-02-20gitweb: Avoid overflowing page body frame with large imagesLibravatar Andrew Keller1-1/+1
When displaying a blob in gitweb, if it's an image, specify constraints for maximum display width and height to prevent the image from overflowing the frame of the enclosing page_body div. This change assumes that it is more desirable to see the whole image without scrolling (new behavior) than it is to see every pixel without zooming (previous behavior). Signed-off-by: Andrew Keller <andrew@kellerfarm.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12gitweb: Denote non-heads, non-remotes branchesLibravatar Krzesimir Nowak1-5/+29
Given two branches residing in refs/heads/master and refs/wip/feature the list-of-branches view will present them in following way: master feature (wip) When getting a snapshot of a 'feature' branch, the tarball is going to have name like 'project-wip-feature-<short hash>.tgz'. Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12gitweb: Add a feature for adding more branch refsLibravatar Krzesimir Nowak1-12/+68
Allow extra-branch-refs feature to tell gitweb to show refs from additional hierarchies in addition to branches in the list-of-branches view. Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12gitweb: Return 1 on validation success instead of passed inputLibravatar Krzesimir Nowak1-29/+32
Users of validate_* passing "0" might get failures on correct name because of coercion of "0" to false in code like: die_error(500, "invalid ref") unless (check_ref_format ("0")); Also, the validate_foo subs are renamed to is_valid_foo. Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12gitweb: Move check-ref-format code into separate functionLibravatar Krzesimir Nowak1-4/+13
This check will be used in more than one place later. Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-09-17Merge branch 'ab/gitweb-author-initials'Libravatar Junio C Hamano1-0/+1
* ab/gitweb-author-initials: gitweb: Fix the author initials in blame for non-ASCII names
2013-09-11Merge branch 'tf/gitweb-ss-tweak'Libravatar Junio C Hamano1-3/+3
Tweak Gitweb CSS to layout some elements better. * tf/gitweb-ss-tweak: gitweb: make search help link less ugly gitweb: omit the repository owner when it is unset gitweb: vertically centre contents of page footer gitweb: ensure OPML text fits inside its box
2013-08-30gitweb: Fix the author initials in blame for non-ASCII namesLibravatar Ævar Arnfjörð Bjarmason1-0/+1
Change the @author_initials feature Jakub added in v1.6.4-rc2-14-ga36817b to match non-ASCII author initials as intended. The regexp Jakub added was intended to match non-ASCII (/\b([[:upper:]])\B/g). But in Perl this doesn't actually match non-ASCII upper-case characters unless the string being matched against has the UTF8 flag. So when we open a pipe to "git blame" we need to mark the file descriptor we're opening as utf8 explicitly. So as a result it abbreviates me to "AB" not "ÆAB", entirely because "Æ" isn't /[[:upper:]]/ unless the string being matched against has the UTF8 flag. Here's something that demonstrates the issue: #!/usr/bin/env perl use strict; use warnings; binmode STDOUT, ':utf8' if $ENV{UTF8}; open my $fd, "-|", "git", "blame", "--incremental", "--", "Makefile" or die "Can't open: $!"; binmode $fd, ":utf8" if $ENV{UTF8}; while (my $line = <$fd>) { next unless my ($author) = $line =~ /^author (.*)/; my @author_initials = ($author =~ /\b([[:upper:]])\B/g); printf "%s (%s)\n", join("", @author_initials), $author; } When that's run with and without UTF8 being true in the environment it gives, on git.git: $ UTF8=0 perl author-initials.pl | sort | uniq -c | sort -nr | head -n 5 99 JH (Junio C Hamano) 35 JN (Jonathan Nieder) 35 JK (Jeff King) 20 JS (Johannes Schindelin) 16 AB (Ævar Arnfjörð Bjarmason) $ UTF8=1 perl author-initials.pl | sort | uniq -c | sort -nr | head -n 5 99 JH (Junio C Hamano) 35 JN (Jonathan Nieder) 35 JK (Jeff King) 20 JS (Johannes Schindelin) 16 ÆAB (Ævar Arnfjörð Bjarmason) Acked-by: Jakub Narębski <jnareb@gmail.com> Tested-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com> Tested-by: Simon Ruderich <simon@ruderich.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-20gitweb: make search help link less uglyLibravatar Tony Finch1-2/+2
The search help link was a superscript question mark right next to a drop-down menu, which looks misaligned and is a cramped and awkward click target. Remove the superscript tags and add some spacing to fix these nits. Add a title attribute to provide an explanatory mouseover. Signed-off-by: Tony Finch <dot@dotat.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-20gitweb: omit the repository owner when it is unsetLibravatar Tony Finch1-1/+1
On the repository summary page, leave the owner line out if the repo does not have an owner, rather than displaying a labelled empty field. This does not affect the owner column in the projects list page, which is present unless $omit_owner is true. Signed-off-by: Tony Finch <dot@dotat.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-04gitweb: allow extra breadcrumbs to prefix the trailLibravatar Tony Finch1-1/+6
There are often parent pages logically above the gitweb projects list, e.g. home pages of the organization and department that host the gitweb server. This change allows you to include links to those pages in gitweb's breadcrumb trail. Signed-off-by: Tony Finch <dot@dotat.at> Reviewed-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-06-07gitweb: fix problem causing erroneous project listLibravatar Charles McGarvey1-1/+1
The bug is manifest when running gitweb in a persistent process (e.g. FastCGI, PSGI), and it's easy to reproduce. If a gitweb request includes the searchtext parameter (i.e. s), subsequent requests using the project_list action--which is the default action--and without a searchtext parameter will be filtered by the searchtext value of the first request. This is because the value of the $search_regexp global (the value of which is based on the searchtext parameter) is currently being persisted between requests. Instead, clear $search_regexp before dispatching each request. Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-04-12Correct common spelling mistakes in comments and testsLibravatar Stefano Lattarini1-3/+3
Most of these were found using Lucas De Marchi's codespell tool. Signed-off-by: Stefano Lattarini <stefano.lattarini@gmail.com> Signed-off-by: Jonathan Nieder <jrnieder@gmail.com> Acked-by: Matthieu Moy <Matthieu.Moy@imag.fr> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-01-28gitweb: refer to picon/gravatar images over the same schemeLibravatar Andrej E Baranov1-2/+2
With the current code, the images from picon and gravatar are requested over http://, and browsers give mixed contents warning when gitweb is served over https://. Just drop the scheme: part from the URL, so that these external sites are accessed over https:// in such a case. Signed-off-by: Andrej E Baranov <admin@andrej-andb.ru> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-01-11Merge branch 'os/gitweb-highlight-uncaptured' into maintLibravatar Junio C Hamano1-1/+1
"gitweb", when sorting by age to show repositories with new activities first, used to sort repositories with absolutely nothing in it early, which was not very useful. * os/gitweb-highlight-uncaptured: gitweb: fix error in sanitize when highlight is enabled
2013-01-10Merge branch 'md/gitweb-sort-by-age' into maintLibravatar Junio C Hamano1-14/+21
* md/gitweb-sort-by-age: gitweb: Sort projects with undefined ages last
2013-01-01gitweb: fix error in sanitize when highlight is enabledLibravatar Orgad Shaneh1-1/+1
$1 becomes undef by internal regex, since it has no capture groups. Match against accpetable control characters using index() instead of a regex. Signed-off-by: Orgad Shaneh <orgads@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-12-11gitweb: Sort projects with undefined ages lastLibravatar Matthew Daley1-14/+21
Sorting gitweb's project list by age ('Last Change') currently shows projects with undefined ages at the head of the list. This gives a less useful result when there are a number of projects that are missing or otherwise faulty and one is trying to see what projects have been updated recently. Fix by sorting these projects with undefined ages at the bottom of the list when sorting by age. Signed-off-by: Matthew Daley <mattjd@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-11-29Merge branch 'pp/gitweb-config-underscore'Libravatar Junio C Hamano1-2/+5
The key "gitweb.remote_heads" is not legal git config; this maps it to "gitweb.remoteheads". * pp/gitweb-config-underscore: gitweb: make remote_heads config setting work
2012-11-28Merge branch 'rh/maint-gitweb-highlight-ext' into maintLibravatar Junio C Hamano1-9/+8
Syntax highlighting in "gitweb" was not quite working. * rh/maint-gitweb-highlight-ext: gitweb.perl: fix %highlight_ext mappings
2012-11-21gitweb: make remote_heads config setting workLibravatar Phil Pennock1-2/+5
Git configuration items can not contain underscores in their section and bottom-level variable name; the 'remote_heads' feature can not be enabled on a per-repository basis with that name. This changes the git-config option to be `gitweb.remoteheads` but does not change the gitweb.conf option, to avoid backwards compatibility issues. We strip underscores from keys before looking through git-config output for them. An existing check on keynames was overly eager to reject non-word letters, but if we ever start using three-level names, the middle level string can contain almost anything, so fix that as well while we are in the vicinity. Signed-off-by: Phil Pennock <phil@apcera.com> Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-11-20Merge branch 'jk/maint-gitweb-xss'Libravatar Junio C Hamano1-0/+1
Fixes an XSS vulnerability in gitweb. * jk/maint-gitweb-xss: gitweb: escape html in rss title
2012-11-12gitweb: escape html in rss titleLibravatar Jeff King1-0/+1
The title of an RSS feed is generated from many components, including the filename provided as a query parameter, but we failed to quote it. Besides showing the wrong output, this is a vector for XSS attacks. Signed-off-by: Jeff King <peff@peff.net>
2012-11-08gitweb.perl: fix %highlight_ext mappingsLibravatar Richard Hubbell1-9/+8
When commit 592ea41 refactored the list of extensions for syntax highlighting, it failed to take into account perl's operator precedence within lists. As a result, we end up creating a dictionary of one-to-one elements when the intent was to map mutliple related types to one main type (e.g., bash, ksh, zsh, and sh should all map to sh since they share similar syntax, but we ended up just mapping "bash" to "bash" and so forth). This patch adds parentheses to make the mapping as the original change intended. It also reorganizes the list to keep mapped extensions together. Signed-off-by: Richard Hubbell <richard_hubbe11@lavabit.com> Signed-off-by: Jeff King <peff@peff.net>
2012-10-12gitweb.cgi: fix "comitter_tz" typo in feedLibravatar Dylan Alex Simon1-1/+1
gitweb's feeds sometimes contained committer timestamps in the wrong timezone due to a misspelling. Signed-off-by: Dylan Simon <dylan@dylex.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
2012-09-10Merge branch 'maint-1.7.11' into maintLibravatar Junio C Hamano1-0/+5
* maint-1.7.11: Almost 1.7.11.6 gitweb: URL-decode $my_url/$my_uri when stripping PATH_INFO rebase -i: use full onto sha1 in reflog sh-setup: protect from exported IFS receive-pack: do not leak output from auto-gc to standard output t/t5400: demonstrate breakage caused by informational message from prune setup: clarify error messages for file/revisions ambiguity send-email: improve RFC2047 quote parsing fsck: detect null sha1 in tree entries do not write null sha1s to on-disk index diff: do not use null sha1 as a sentinel value