summaryrefslogtreecommitdiffstatshomepage
path: root/ui-shared.c
Commit message (Collapse)AuthorAge
* ui-shared: ban strcat()Christian Hesse2018-09-11
| | | | | | | | | | | Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de>
* Fix gcc 8.1.1 compiler warningsJason A. Donenfeld2018-07-04
| | | | | | | | | | | | | | | | | | | | | | CC ../shared.o ../shared.c: In function ‘expand_macro’: ../shared.c:487:3: warning: ‘strncpy’ specified bound depends on the length of the source argument [-Wstringop-overflow=] strncpy(name, value, len); ^~~~~~~~~~~~~~~~~~~~~~~~~ ../shared.c:484:9: note: length computed here len = strlen(value); ^~~~~~~~~~~~~ ../ui-shared.c: In function ‘cgit_repobasename’: ../ui-shared.c:136:2: warning: ‘strncpy’ specified bound 1024 equals destination size [-Wstringop-truncation] strncpy(rvbuf, reponame, sizeof(rvbuf)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ CC ../ui-ssdiff.o ../ui-ssdiff.c: In function ‘replace_tabs’: ../ui-ssdiff.c:142:4: warning: ‘strncat’ output truncated copying between 1 and 8 bytes from a string of length 8 [-Wstringop-truncation] strncat(result, spaces, 8 - (strlen(result) % 8)); ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* snapshot: support tar signature for compressed tarChristian Hesse2018-07-03
| | | | | | | | | | | | This adds support for kernel.org style signatures where the uncompressed tar archive is signed and compressed later. The signature is valid for all tar* snapshots. We have a filter which snapshots may be generated and downloaded. This has to allow tar signatures now even if tar itself is not allowed. To simplify things we allow all signatures. Signed-off-by: Christian Hesse <mail@eworm.de>
* extra-head-content: introduce another option for meta tagsJason A. Donenfeld2018-07-03
| | | | | | | This is to support things like go-import meta tags, which are on a per-repo basis. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* global: remove functionality we deprecated for cgit v1.0Christian Hesse2018-06-27
| | | | | | | | The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
* snapshot: strip bit from struct cgit_snapshot_formatChristian Hesse2018-06-27
| | | | | | | We had a static bit value in struct cgit_snapshot_format. We do not rely on it and things can be calculated on the fly. So strip it. Signed-off-by: Christian Hesse <mail@eworm.de>
* snapshot: support archive signaturesJohn Keeping2018-06-27
| | | | | | | | | | | | | | | | | | Read signatures from the notes refs refs/notes/signatures/$FORMAT where FORMAT is one of our archive formats ("tar", "tar.gz", ...). The note is expected to simply contain the signature content to be returned when the snapshot "${filename}.asc" is requested, so the signature for cgit-1.1.tar.xz can be stored against the v1.1 tag with: git notes --ref=refs/notes/signatures/tar.xz add -C "$( gpg --output - --armor --detach-sign cgit-1.1.tar.xz | git hash-object -w --stdin )" v1.1 and then downloaded by simply appending ".asc" to the archive URL. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: pass separator in to cgit_print_snapshot_links()John Keeping2018-06-27
| | | | | | | | | cgit_print_snapshot_links() is almost identical to print_tag_downloads(), so let's extract the difference to a parameter in preparation for removing print_tag_downloads() in the next commit. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: use the same snapshot logic as ui-refsJohn Keeping2018-06-27
| | | | | | | | | Make snapshot links in the commit UI use the same prefix algorithm as those in the summary UI, so that refs starting with the snapshot prefix are used as-is rather than composed with the prefix repeated. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: rename parameter to cgit_print_snapshot_links()John Keeping2018-06-27
| | | | | | | | This is expected to be a ref not a hex object ID, so name it more appropriately. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: remove unused parameterJohn Keeping2018-06-27
| | | | | | | | The "head" parameter to cgit_print_snapshot_links() is never used, so remove it. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* Add "snapshot-prefix" repo configurationJohn Keeping2018-06-27
| | | | | | | | | | | | Allow using a user-specified value for the prefix in snapshot files instead of the repository basename. For example, files downloaded from the linux-stable.git repository should be named linux-$VERSION and not linux-stable-$VERSION, which can be achieved by setting: repo.snapshot-prefix=linux Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* ui-shared: pass repo object to print_snapshot_links()John Keeping2018-06-27
| | | | | | | | | | Both call sites of cgit_print_snapshot_links() use the same values for the snapshot mask and repository name, which are derived from the cgit_repo structure so let's pass in the structure and access the fields directly. Signed-off-by: John Keeping <john@keeping.me.uk> Reviewed-by: Christian Hesse <mail@eworm.de>
* print git version string in footerChristian Hesse2018-06-27
| | | | | | | | | | | This helps tracking what git version cgit uses. The security implications are low as anybody can look up the version of our submodule anyway. The paranoid can use a custom footer. :-p On the other hand this brings potential security issues to the administrators eyes... Signed-off-by: Christian Hesse <mail@eworm.de>
* git: update to v2.17.1Christian Hesse2018-06-27
| | | | | | | | | Update to git version v2.17.1. Required changes: * The function 'typename' has been renamed to 'type_name' (upstream commit debca9d2fe784193dc2d9f98b5edac605ddfefbb) Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: use type='search' for the search boxVille Skyttä2017-10-15
| | | | Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
* ui-tree: link to blame UI if enabledJeff Smith2017-10-03
| | | | | | | Create links to the blame page. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-shared: make a char* parameter constJeff Smith2017-10-03
| | | | | | | | | | | All cgit_xxx_link functions take const char* for the 'name' parameter, except for cgit_commit_link, which takes a char* and subsequently modifies the contents. Avoiding the content changes, and making it const char* will avoid the need to make copies of const char* strings being passed to cgit_commit_link. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-tree: move set_title_from_path to ui-sharedJeff Smith2017-10-03
| | | | | | | | The ui-blame code will also need to call set_title_from_path, so go ahead and move it to ui-shared. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk>
* ui-shared: don't print path crumbs without a repoJohn Keeping2017-08-10
| | | | | | | | | | | | | | | cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo is non-null. Currently we don't have any commands that set want_vpath without also setting want_repo so it shouldn't be possible to fail this test, but the check in cgit.c is in the wrong order so it is possible to specify a query string like "?p=log&path=foo/bar" to end up here without a valid repository. This was found by American fuzzy lop [0]. [0] http://lcamtuf.coredump.cx/afl/ Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: replace 'unsigned char sha1[20]' with 'struct object_id oid'Christian Hesse2016-10-04
| | | | | | Upstream git is replacing 'unsigned char sha1[20]' with 'struct object_id oid'. We have some code that can be changed independent from upstream. So here we go...
* ui-shared: fix decl-after-statement warningsJohn Keeping2016-10-01
| | | | | | | | git.git's coding style avoids decl-after-statement and we generally try to follow it but a few warnings have crept in recently. Fix the ones in ui-shared.c Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: fix segfault when defbranch is NULLEric Wong2016-07-06
| | | | | | | | Not sure if there's a better fix for this. defbranch is NULL here on my setup when a crawler hit an invalid URL, causing strcmp to segfault. Signed-off-by: Eric Wong <normalperson@yhbt.net>
* Avoid ambiguities when prettifying snapshot namesLukas Fleischer2016-07-05
| | | | | | | | | | | When composing snapshot file names for a tag with a prefix of the form v[0-9] (resp. V[0-9]), the leading "v" (resp. "V") is stripped. This leads to conflicts if a tag with the stripped name already exists or if there are tags only differing in the capitalization of the leading "v". Make sure we do not strip the "v" in these cases. Reported-by: Juuso Lapinlampi <wub@partyvan.eu> Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* Hosted on HTTPS nowJason A. Donenfeld2016-06-07
|
* forms: action should not be emptyJason A. Donenfeld2016-05-12
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: Remove a name attribute with an empty valueJuuso Lapinlampi2016-05-12
| | | | | | | | The name attribute is optional in an input element, but it must not be an empty value. See: https://html.spec.whatwg.org/#attr-fe-name See: https://html.spec.whatwg.org/#the-input-element
* ui-shared: HTML-ize DOCTYPE and <html>Juuso Lapinlampi2016-05-12
| | | | | Get rid of the XHTML headers, bringing cgit slowly to the modern age of HTML.
* ui-shared: Simplify cgit_print_error_page() logicJuuso Lapinlampi2016-05-12
|
* ui-shared: redirect should not exit early for cacheJason A. Donenfeld2016-02-26
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tabs: do not use target=_blankJason A. Donenfeld2016-02-23
|
* ui-shared: add homepage to tabsJason A. Donenfeld2016-02-22
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Avoid DATE_STRFTIME for long/short datesJohn Keeping2016-02-08
| | | | | | | | | | | Git's DATE_STRFTIME ignores the timezone argument and just uses the local timezone regardless of whether the "local" flag is set. Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a date_mode_type directly in cgit_date_mode(). Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: remove cgit_print_date()John Keeping2016-02-08
| | | | | | There are no longer any users of this function. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: use show_date for footer timestampJohn Keeping2016-02-08
| | | | Signed-off-by: John Keeping <john@keeping.me.uk>
* ui: show ages in the originator's timezoneJohn Keeping2016-02-08
| | | | | | | This affects the tooltip showing the full time and the case when a date is sufficiently old to be shown in full rather than as an offset. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: add cgit_date_mode()John Keeping2016-02-08
| | | | | | | | This returns the correct mode value for use with Git's show_date() based on the current CGit configuration and will be used in the following patches. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: remove "format" from cgit_print_age()John Keeping2016-02-08
| | | | | | | We never use any format other than FMT_SHORTDATE, so move that into the function. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld2016-01-14
|
* ui-shared: Avoid new line injection into redirect headerJason A. Donenfeld2016-01-14
|
* Fix segmentation fault in hc()Lukas Fleischer2016-01-13
| | | | | | | | The ctx.qry.page variable might be unset at this point, e.g. when an invalid command is passed and cgit_print_pageheader() is called to show an error message. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* git: update to v2.7.0Christian Hesse2016-01-13
| | | | | | | | | | | | | | Update to git version v2.7.0. * Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove get_object_hash.) changed API: Convert all instances of get_object_hash to use an appropriate reference to the hash member of the oid member of struct object. This provides no functional change, as it is essentially a macro substitution. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: fix resource leak: free allocation from cgit_hosturlChristian Hesse2015-10-09
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: return value of cgit_hosturl is not constChristian Hesse2015-10-09
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: fix resource leak: free allocation from cgit_currenturlChristian Hesse2015-10-09
| | | | | Coverity-id: 13927 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: return value of cgit_currenturl is not constChristian Hesse2015-10-09
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: fix resource leak: free allocation from cgit_fileurlChristian Hesse2015-10-09
| | | | | Coverity-id: 13918 Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-shared: cache errors for "dynamic TTL"John Keeping2015-08-14
| | | | | | | Most errors we generate are (potentially) transient, such as non-existent object IDs so we don't want them to be cached forever. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: add cgit_print_layout_{start,end}()John Keeping2015-08-14
| | | | | | | | These will avoid needing to call three functions to start page layout in subsequent patches when we move the layout setup into each individual page. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: add cgit_print_error_page() functionJohn Keeping2015-08-14
| | | | | | | This will allow us to generate error responses with the correct HTTP response code without needing all of the layout boilerplate. Signed-off-by: John Keeping <john@keeping.me.uk>