From f5aa79d909f8c4838bf500c22fa5f7967d219925 Mon Sep 17 00:00:00 2001 From: Jakub Narebski Date: Sat, 17 Jun 2006 13:32:15 +0200 Subject: gitweb: safely output binary files for 'blob_plain' action gitweb tries now to output correct Content-Type header for 'blob_plain' action; for now text/plain for text files, appropriate image MIME type for *.png, *.gif and *.jpg/*.jpeg files, and application/octet-stream for other binary files. Introduced new configuration variables: $default_blob_plain_mimetype and $default_text_plain_charset (only 'utf-8' is guaranteed to work for the latter). binmode changed to ':raw' in git_blob_plain for output of non-text files. Signed-off-by: Junio C Hamano --- gitweb/gitweb.cgi | 43 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 39 insertions(+), 4 deletions(-) diff --git a/gitweb/gitweb.cgi b/gitweb/gitweb.cgi index 736d1068d2..b61b6ccbe6 100755 --- a/gitweb/gitweb.cgi +++ b/gitweb/gitweb.cgi @@ -39,12 +39,16 @@ my $home_link = $my_uri; my $home_text = "indextext.html"; # URI of default stylesheet -my $stylesheet = "gitweb.css"; +my $stylesheet = "gitweb.css"; # source of projects list #my $projects_list = $projectroot; my $projects_list = "index/index.aux"; +# default blob_plain mimetype and default charset for text/plain blob +my $default_blob_plain_mimetype = 'text/plain'; +my $default_text_plain_charset = 'utf-8'; # can be undefined + # input validation and dispatch my $action = $cgi->param('a'); if (defined $action) { @@ -1482,15 +1486,46 @@ sub git_blob { git_footer_html(); } +sub git_blob_plain_mimetype { + my $fd = shift; + my $filename = shift; + + # just in case + return $default_blob_plain_mimetype unless $fd; + + if (-T $fd) { + return 'text/plain' . + ($default_text_plain_charset ? '; charset='.$default_text_plain_charset : ''); + } elsif (! $filename) { + return 'application/octet-stream'; + } elsif ($filename =~ m/\.png$/i) { + return 'image/png'; + } elsif ($filename =~ m/\.gif$/i) { + return 'image/gif'; + } elsif ($filename =~ m/\.jpe?g$/i) { + return 'image/jpeg'; + } else { + return 'application/octet-stream'; + } +} + sub git_blob_plain { - my $save_as = "$hash.txt"; + open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return; + my $type = git_blob_plain_mimetype($fd, $file_name); + + # save as filename, even when no $file_name is given + my $save_as = "$hash"; if (defined $file_name) { $save_as = $file_name; + } elsif ($type =~ m/^text\//) { + $save_as .= '.txt'; } - print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"$save_as\""); - open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return; + + print $cgi->header(-type => "$type", '-content-disposition' => "inline; filename=\"$save_as\""); undef $/; + binmode STDOUT, ':raw' unless $type =~ m/^text\//; print <$fd>; + binmode STDOUT, ':utf8' unless $type =~ m/^text\//; $/ = "\n"; close $fd; } -- cgit v1.2.3