Christian Hesse [Tue, 23 Feb 2016 09:47:25 +0000 (10:47 +0100)]
css: use less blurry icon for external link
Your mileage may vary, but for me the old icon looks blurry. The new
one is character 0xf08e from OTF font awsome in size 10.
The icon color is black, gray level is adjusted via opacity.
Joe Anakata [Mon, 22 Feb 2016 17:45:53 +0000 (18:45 +0100)]
ui-plain: fix to show a repo's root directory listing in plain view
This is to fix the case of accessing http://host.com/cgit.cgi/repo.git/plain/
There is code here to make this case work (match_baselen is set to -1
for top-of-the-tree views) but the unsigned to signed comparison was
always false in this case, causing an empty directory listing without
this fix.
Signed-off-by: Joe Anakata <jea-signup-github@anakata.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
John Keeping [Mon, 8 Feb 2016 15:06:27 +0000 (15:06 +0000)]
ui-atom: avoid DATE_STRFTIME
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.
Since Atom accepts ISO8601 dates [1], we can use Git's
DATE_ISO8601_STRICT instead, which does get this right. Additionally,
we never use the local timezone here so we can use the
date_mode_from_type() wrapper to simplify the code a bit.
John Keeping [Mon, 8 Feb 2016 15:05:54 +0000 (15:05 +0000)]
Avoid DATE_STRFTIME for long/short dates
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.
Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much
perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a
date_mode_type directly in cgit_date_mode().
John Keeping [Mon, 8 Feb 2016 14:12:35 +0000 (14:12 +0000)]
ui-stats: cast pointer before checking for zero
We abuse the "void *util" field as a counter and recently started to
cast it to a uintptr_t to avoid risking nasal demons by performing
arithmetic on a void pointer.
However, compilers are also known to do "interesting" things if they
know that a pointer is or isn't NULL. Make this safer by checking if
the counter (after casting) is non-zero rather than checking if the
pointer is non-null.
John Keeping [Sat, 16 Jan 2016 11:03:07 +0000 (11:03 +0000)]
cache: don't check for match with no key
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header. Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length. Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.
Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 16 Jan 2016 11:03:05 +0000 (11:03 +0000)]
ui-log: handle parse_commit() errors
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.
There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.
Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk>
Peter Colberg [Tue, 8 Dec 2015 17:53:09 +0000 (12:53 -0500)]
ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Lukas Fleischer [Sun, 13 Dec 2015 00:27:13 +0000 (01:27 +0100)]
Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Christian Hesse [Sun, 16 Aug 2015 12:53:53 +0000 (14:53 +0200)]
ui-summary: send images plain for about page
The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.
John Keeping [Fri, 14 Aug 2015 11:47:20 +0000 (12:47 +0100)]
tree: move layout into page function
This also allows us to return proper HTTP error codes when the requested
tree is not found and display an error message in one case (invalid path
inside valid commit) where we previously just displayed an empty page.
cgit_print_error_page() has the advantage that it sets a suitable HTTP
status code for the response. Note that setting "mimetype" is redundant
here since it cannot have changed since being initialized in
cgit.c::prepare_context(), so we do not need to worry that
cgit_print_error_page() does not set it.
John Keeping [Fri, 14 Aug 2015 11:47:08 +0000 (12:47 +0100)]
snapshot: use cgit_print_error_page() for HTTP status codes
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:06 +0000 (12:47 +0100)]
blob: use cgit_print_error_page() to add HTTP headers
This is a bugfix as well as an improvement to the HTTP status code
handling since previously we would not print HTTP headers on any of
these code paths.
John Keeping [Fri, 14 Aug 2015 11:47:02 +0000 (12:47 +0100)]
cgit: use cgit_print_error_page() where appropriate
These are more-or-less one-to-one translations but in the final hunk we
gain an HTTP error code where we used to send "200 OK", which is an
improvement.
Christian Hesse [Thu, 13 Aug 2015 22:02:50 +0000 (00:02 +0200)]
ui-patch: make sure to send http headers
Requesting a text/plain patch with bad commit id made cgit send text
without proper http headers. This results in "500 Internal Server Error"
with "Premature end of script headers" in server logs.
So print http headers before error message and return.
Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>