| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | tests: properly quote arguments to printf•••v2: incorporate remarks of Lukas
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
| Ferry Huberts | 2012-03-18 | 1 | -1/+1 |
| * | tests: handle paths with whitespace•••v2: incorporate remarks of Lukas
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
| Ferry Huberts | 2012-03-18 | 2 | -2/+2 |
| * | CGIT-0.9.0.3•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2012-03-18 | 1 | -1/+1 |
| * | segfault fix on some bogus requests•••ctx.qry.head can be NULL in some cases due to bad requests
by weird bots. I managed to reproduce with:
PATH_INFO=/repo.git/shop.php QUERY_STRING=id=
Signed-off-by: Eric Wong <normalperson@yhbt.net>
| Eric Wong | 2012-03-18 | 1 | -2/+2 |
| * | use correct type for sizeof•••**L would have worked well too. Depending on the distribution sizeof *L
may return 8 instead of 4. **L is preferable, but since we don't expect
this datatype to change very often, sizeof int is less subtle and easier
to understand.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
| Jamie Couture | 2012-03-18 | 1 | -1/+1 |
| * | ui-ssdiff.c: correct length check for LCS table•••Each individual string may be too long for its respective
dimension of the LCS table.
Signed-off-by: Eric Wong <normalperson@yhbt.net>
| Eric Wong | 2012-01-08 | 1 | -4/+2 |
| * | Fix segmentation fault in empty repository•••When a repository is empty, the ATOM feed link is written in the header,
but this involves formatting ctx->qry.head which is NULL in this case.
With glibc, vsnprintf formats "%s" with a NULL input as "(null)" but on
Solaris this results in a segmentation fault. Since we don't have a
meaningful head for the atom feed in an empty repository, it's simplest
not to write out the link element at all.
Signed-off-by: John Keeping <john@metanate.com>
| John Keeping | 2012-01-03 | 1 | -1/+1 |
| * | Makefile: fetch git tarballs from http://hjemli.net/git/git/•••The git tarballs are currently not available from kernel.org, so for now
the makefile will download autogenerated tarballs from cgit.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2012-01-03 | 1 | -1/+1 |
| * | fix css color value and vertical-align value | Norberto Lopes | 2012-01-03 | 1 | -2/+2 |
| * | Fix diff mode switching when side-by-side-diffs=1•••When side-by-side-diffs=1 was set in cgitrc, specyfing 'ss=0' in the query-
string would not switch to unified diffs. This patch fixes the issue by
introducing a separate variable to track the occurrence of "ss" in the
querystring.
| Tim Chen | 2012-01-03 | 3 | -2/+3 |
| * | ui-log.c: do not show remote heads if enable-remote-branches=0•••If remote branches are not enabled, the branches are still listed in
the log view. This patch removes them if enable-remote-branches=0.
| Georg Müller | 2012-01-03 | 1 | -0/+3 |
| * | Add sort parameter to pager of repo list•••When the repolist is paged, the page-links are missing the sort parameter,
causing the initial page to be custom sorted, but any clicked page will
then be with the default sort order again.
| Tobias Grimm | 2012-01-03 | 3 | -13/+19 |
| * | ui-ssdiff: move LCS table away from the stack•••Printing deferred line changes for files containing long lines would
cause a segfault.
- limit LCS table size: 128x128.
- move LCS table to global context: avoid allocating/freeing memory
for every deferred line change.
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
| Jamie Couture | 2012-01-03 | 2 | -2/+43 |
| * | Fix potential XSS vulnerability in rename hint•••The file name displayed in the rename hint should be escaped to avoid
XSS. Note that this vulnerability is only applicable when an attacker
has gained push access to the repository.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-07-22 | 1 | -4/+6 |
| * | Remove dead initialization in cgit_parse_commit()•••The value stored to "t" during its initialization gets overwritten in
any case, so just leave it uninitialized. Spotted by clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-07-22 | 1 | -1/+1 |
| * | CGIT 0.9.0.2•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-07-21 | 1 | -1/+1 |
| * | html.c: avoid out-of-bounds access for url_escape_table•••This fixes a segfault for me with with -O2 optimization on x86
with gcc (Debian 4.4.5-8) 4.4.5
I can reliably reproduce it with the following parameters
when pointed to the git.git repository:
PATH_INFO='/git-core.git/diff/'
QUERY_STRING='id=2b93bfac0f5bcabbf60f174f4e7bfa9e318e64d5&id2=d6da71a9d16b8cf27f9d8f90692d3625c849cbc8'
Signed-off-by: Eric Wong <normalperson@yhbt.net>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Eric Wong | 2011-07-21 | 1 | -2/+2 |
| * | tests: fix failures when CDPATH is set•••Some tests would otherwise fail because commands such as
cd trash/repos/foo && git rev-list --reverse HEAD | head -1
would return 2 lines instead of 1: the 'cd' command also
prints the path when CDPATH is set.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Ferry Huberts | 2011-07-21 | 1 | -0/+1 |
| * | cgit.c: improve error message when git repo cannot be accessed•••The current 'Not a git repository' error message is not very helpful,
since it doesn't state the cause of the problem.
This patch uses errno to provide a hint of the underlying problem. It
would have been even better to give the exact cause (e.g. for ENOENT it
would be nice to know which file/directory is missing), but that would
require reimplementing setup_git_directory_gently() which seems a bit
overkill.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-18 | 1 | -1/+5 |
| * | cgitrc.5.txt: document repo.module-link•••The global module-link option can be overridden per repo, but this has
never been documented.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-15 | 1 | -0/+6 |
| * | cgitrc.5.txt: describe macro expansion of cgitrc options•••This is a new feature in cgit-0.9 which was formerly undocumented.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-13 | 1 | -4/+26 |
| * | README: update some stale information/add some new•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-13 | 1 | -16/+6 |
| * | CGIT 0.9.0.1•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-13 | 1 | -1/+1 |
| * | ui-plain.c: fix html and links generated by print_dir() and print_dir_entry()•••This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
relative urls would be incorrect
* using unescaped paths allows XSS
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-12 | 1 | -19/+46 |
| * | scan-tree.c: avoid memory leak•••No references are kept to the memory pointed to by the 'rel' variable, so
it should be free()'d before returning from add_repo().
Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Lars Hjemli <larsh@hjemli.net>
| Jamie Couture | 2011-06-06 | 1 | -0/+2 |
| * | ui-log.c: do not link from age column•••The link url wasn't properly escaped, and since the link was identical
to the one used on the commit message it didn't serve any special purpose.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-02 | 2 | -10/+1 |
| * | ui-snapshot.c: remove debug cruft•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-06-02 | 1 | -2/+0 |
| * | Properly escape ampersands inside HTML attributes•••Ampersands ("&") appearing inside HTML attributes need to be translated
to "&". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-05-30 | 1 | -1/+3 |
| * | fix virtual-root if script-name is ""•••In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set
from script-name using trim_end(). However, if script-name was the
empty string (""), which happens when cgit is used to serve the root
path on a domain (/), trim_end() returns NULL and cgit acts like
virtual-root is not available. Now, set virtual-root to "" in this
case, which fixes this bug.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Mark Lodato | 2011-05-23 | 1 | -1/+4 |
| * | ui-repolist.c: do not return random/stale data from read_agefile•••When git/date.c:parse_date() cannot parse its input it returns -1. But
read_agefile() checks if the result is different from zero, essentialy
returning random data from the date buffer when parsing fails. This
patch fixes the issue by verifying that the result from parse_date()
is positive.
Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-05-23 | 1 | -1/+1 |
| * | Avoid null pointer dereference in cgit_print_diff().•••When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-05-23 | 1 | -2/+6 |
| * | Avoid null pointer dereference in reencode().•••Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with
clang-analyzer.
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-05-23 | 1 | -1/+4 |
| * | Fix memory leak in http_parse_querystring().•••Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-05-23 | 1 | -2/+3 |
| * | Remove unused variable from cgit_diff_tree().•••Seen with "-Wunused-but-set-variable".
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukas Fleischer | 2011-05-23 | 1 | -3/+2 |
| * | shared.c: do not modify const memory•••Noticed-by: zhongjj <zhongjj@lemote.com>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-05-23 | 1 | -11/+3 |
| * | tests: add tests for links with space in path and/or args•••These tests tries to detect bad links in various pages. On the log page,
there currently exists links which are not properly escaped due to the
use of cgit_fileurl() when building the link. For now, this bug is simply
tagged as such.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-05-23 | 3 | -3/+19 |
| * | tests/setup.sh: add support for known bugs•••This patch makes it possible to add tests for known bugs without aborting
the testrun.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-05-23 | 1 | -1/+13 |
| * | Fix escaping of paths with spaces•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Jonathon Mah | 2011-05-23 | 1 | -4/+6 |
| * | Add advice about scan-path in cgitrc.5.txt•••Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Julius Plenz | 2011-03-26 | 1 | -2/+3 |
| * | fix two encoding bugs•••reencode() takes three arguments in the order (txt, from, to), opposed to
reencode_string, which will, like iconv, handle the arguments with from
and to swapped. Fix that (this makes reencode more intuitive).
If src and dst encoding are equivalent, don't do any encoding.
If no special encoding parameter is found within the commit, assume
UTF-8 and explicitly convert to PAGE_ENCODING. The change to reencode()
mentioned above avoids re-encoding a UTF-8 string to UTF-8, for example.
Signed-off-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Julius Plenz | 2011-03-26 | 1 | -9/+15 |
| * | new_filter: correctly initialise all arguments for a new filter•••Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Ferry Huberts | 2011-03-26 | 1 | -2/+4 |
| * | source_filter: fix a memory leak•••Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Ferry Huberts | 2011-03-26 | 1 | -0/+2 |
| * | cgitrc.5: tar.xz is a supported snapshot format•••When tar.xz support was added in 0642435fed (2009-12-08: Add
.tar.xz-snapshot support), cgitrc.5 was not updated to match. This
patch fixes the issue.
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-03-26 | 1 | -1/+2 |
| * | Fix crash when projectsfile cannot be opened•••This patch makes cgit properly abort in case the projectsfile cannot
be opened. Without the added return cgit continues using the projects
pointer which is NULL and thus causes a segfault.
| Stefan Gehn | 2011-03-26 | 1 | -0/+1 |
| * | CGIT 0.9•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-03-05 | 1 | -1/+1 |
| * | Update README | Lars Hjemli | 2011-03-05 | 1 | -8/+1 |
| * | ui-diff.c: avoid html injection•••When path-filtering was used in commit-view, the path filter was
included without proper html escaping. This patch closes the hole.
Signed-off-by: Lukasz Janyst <ljanyst@cern.ch>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lukasz Janyst | 2011-03-05 | 1 | -2/+5 |
| * | Merge branch 'stable' | Lars Hjemli | 2011-03-05 | 4 | -6/+7 |
| |\ |
|
| | * | CGIT 0.8.3.5•••Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-03-05 | 1 | -1/+1 |
| | * | Avoid trailing slash in virtual-root•••When setting virtual-root from cgitrc, care is taken to avoid trailing
slashes. But when no virtual-root setting is specified, SCRIPT_FILE
from the web server is used without similar checks. This patch fixes the
inconsistency, which could lead to double-slashes in generated links.
Noticed-by: Wouter Van Hemel <wouter@duodecim.org>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
| Lars Hjemli | 2011-03-05 | 1 | -2/+3 |
