Instead of reimplementing URL parameter parsing from scratch, use
url_decode_parameter_name() and url_decode_parameter_value() which are
already provided by Git.
Also, change the return type of http_parse_querystring() to void since
its only caller already ignores the return value.
John Keeping [Sat, 13 Aug 2016 10:54:46 +0000 (11:54 +0100)]
ui-tree: remove a fixed size buffer
As libgit.a moves away from using fixed size buffers, there is no
guarantee that PATH_MAX is sufficient for all of the paths in a Git
tree, so we should use a dynamically sized buffer here.
Coverity-Id: 141884 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 13 Aug 2016 10:53:24 +0000 (11:53 +0100)]
ui-tag: clean up taginfo
Free the taginfo when we're done with it. Also reduce the scope of a
couple of variables so that it's clear that this is the only path that
uses the taginfo structure.
Coverity-Id: 141883 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Wed, 13 Jul 2016 19:19:42 +0000 (20:19 +0100)]
tree: allow skipping through single-child trees
If we have only a single element in a directory (for example in Java
package paths), display multiple directories in one go so that it is
possible to navigate directly to the first directory that contains
either files or multiple directories.
John Keeping [Sun, 7 Aug 2016 15:14:49 +0000 (16:14 +0100)]
ui-ssdiff: fix decl-after-statement warnings
git.git's coding style avoids decl-after-statement and we generally try
to follow it but a few warnings have crept in recently. Fix the one in
ui-ssdiff.c
John Keeping [Sun, 7 Aug 2016 15:13:30 +0000 (16:13 +0100)]
ui-shared: fix decl-after-statement warnings
git.git's coding style avoids decl-after-statement and we generally try
to follow it but a few warnings have crept in recently. Fix the ones in
ui-shared.c
It is very unlikely that EOF cast to "unsigned char" will end up in a
character that has the GIT_SPACE bit set, but the standard only requires
that EOF be a negative integer, so it could access any value in the
sane_ctype array.
If it does end up returning true for isspace() then this loop will never
terminate, so handle EOF as a special value in the same way as the other
loops in this function.
Lukas Fleischer [Tue, 24 May 2016 16:15:18 +0000 (18:15 +0200)]
Avoid ambiguities when prettifying snapshot names
When composing snapshot file names for a tag with a prefix of the form
v[0-9] (resp. V[0-9]), the leading "v" (resp. "V") is stripped. This
leads to conflicts if a tag with the stripped name already exists or if
there are tags only differing in the capitalization of the leading "v".
Make sure we do not strip the "v" in these cases.
Otherwise we get the classic Python UTF-8 errors, and the text is all
out of order. While we're at it, switch to python3 so we only have to
support one set of oddball semantics.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Suggested-by: Daniel Campbell <dlcampbell@gmx.com>
Tim Nordell [Fri, 26 Feb 2016 20:58:41 +0000 (14:58 -0600)]
ui-log: Simplify decoration code
The decoration code inside of git returns the decoration type, so
utilize this to create the decoration spans. Additionally, use
prettify_refname(...) to get the shorter name for the ref.
Signed-off-by: Tim Nordell <tim.nordell@logicpd.com>
Christian Hesse [Tue, 23 Feb 2016 09:47:25 +0000 (10:47 +0100)]
css: use less blurry icon for external link
Your mileage may vary, but for me the old icon looks blurry. The new
one is character 0xf08e from OTF font awsome in size 10.
The icon color is black, gray level is adjusted via opacity.
Joe Anakata [Mon, 22 Feb 2016 17:45:53 +0000 (18:45 +0100)]
ui-plain: fix to show a repo's root directory listing in plain view
This is to fix the case of accessing http://host.com/cgit.cgi/repo.git/plain/
There is code here to make this case work (match_baselen is set to -1
for top-of-the-tree views) but the unsigned to signed comparison was
always false in this case, causing an empty directory listing without
this fix.
Signed-off-by: Joe Anakata <jea-signup-github@anakata.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
John Keeping [Mon, 8 Feb 2016 15:06:27 +0000 (15:06 +0000)]
ui-atom: avoid DATE_STRFTIME
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.
Since Atom accepts ISO8601 dates [1], we can use Git's
DATE_ISO8601_STRICT instead, which does get this right. Additionally,
we never use the local timezone here so we can use the
date_mode_from_type() wrapper to simplify the code a bit.
John Keeping [Mon, 8 Feb 2016 15:05:54 +0000 (15:05 +0000)]
Avoid DATE_STRFTIME for long/short dates
Git's DATE_STRFTIME ignores the timezone argument and just uses the
local timezone regardless of whether the "local" flag is set.
Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much
perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a
date_mode_type directly in cgit_date_mode().
John Keeping [Mon, 8 Feb 2016 14:12:35 +0000 (14:12 +0000)]
ui-stats: cast pointer before checking for zero
We abuse the "void *util" field as a counter and recently started to
cast it to a uintptr_t to avoid risking nasal demons by performing
arithmetic on a void pointer.
However, compilers are also known to do "interesting" things if they
know that a pointer is or isn't NULL. Make this safer by checking if
the counter (after casting) is non-zero rather than checking if the
pointer is non-null.
John Keeping [Sat, 16 Jan 2016 11:03:07 +0000 (11:03 +0000)]
cache: don't check for match with no key
We call open_slot() from cache_ls() without a key since we simply want
to read the path out of the header. Should the file happen to contain
an empty key then we end up calling memcmp() with NULL and a non-zero
length. Fix this by assigning slot->match only if a key is set, which
is always will be in the code paths where we use slot->match.
Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk>
John Keeping [Sat, 16 Jan 2016 11:03:05 +0000 (11:03 +0000)]
ui-log: handle parse_commit() errors
If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.
There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.
Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk>
Peter Colberg [Tue, 8 Dec 2015 17:53:09 +0000 (12:53 -0500)]
ui-repolist: return HTTP 404 if no repositories found
Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Lukas Fleischer [Sun, 13 Dec 2015 00:27:13 +0000 (01:27 +0100)]
Fix segmentation fault in hc()
The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
filter: avoid integer overflow in authenticate_post
ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>