| Commit message (Expand) | Author | Age | Files | Lines |
|---|
| * | ui-log: handle parse_commit() errors•••If parse_commit() fails, none of the fields in the commit structure will
have been populated so we will dereference NULL when accessing
item->tree.
There isn't much we can do about the error at this point, but if we
return true then we'll try parsing the commit again from print_commit()
and we can report an error to the user at that point.
Coverity-id: 13801
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2016-01-17 | 1 | -1/+3 |
| * | Bump version | Jason A. Donenfeld | 2016-01-14 | 1 | -1/+1 |
| * | ui-plain: add enable-html-serving flag•••Unrestricts plain/ to contents likely to be executed by browser.
| Jason A. Donenfeld | 2016-01-14 | 5 | -0/+29 |
| * | ui-blob: set CSP just in case | Jason A. Donenfeld | 2016-01-14 | 1 | -0/+3 |
| * | ui-blob: always use generic mimetypes | Jason A. Donenfeld | 2016-01-14 | 1 | -6/+4 |
| * | ui-blob: Do not accept mimetype from user | Jason A. Donenfeld | 2016-01-14 | 3 | -4/+0 |
| * | ui-shared: prevent malicious filename from injecting headers | Jason A. Donenfeld | 2016-01-14 | 3 | -3/+32 |
| * | ui-shared: Avoid new line injection into redirect header | Jason A. Donenfeld | 2016-01-14 | 1 | -1/+3 |
| * | Fix missing prototype declarations•••Signed-off-by: Peter Colberg <peter@colberg.org>
| Peter Colberg | 2016-01-14 | 6 | -15/+15 |
| * | ui-repolist: return HTTP 404 if no repositories found•••Return HTTP status code 404 Not found when querying a non-existent
repository, which signals to search engines that a repository no
longer exists. Further, some webservers such as nginx permit
logging requests to different files depending on the HTTP code.
Signed-off-by: Peter Colberg <peter@colberg.org>
| Peter Colberg | 2016-01-13 | 1 | -3/+17 |
| * | ui-repolist: extract repo visibility criteria to separate function•••Signed-off-by: Peter Colberg <peter@colberg.org>
| Peter Colberg | 2016-01-13 | 1 | -3/+10 |
| * | Fix segmentation fault in hc()•••The ctx.qry.page variable might be unset at this point, e.g. when an
invalid command is passed and cgit_print_pageheader() is called to show
an error message.
Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
| Lukas Fleischer | 2016-01-13 | 1 | -0/+3 |
| * | git: update to v2.7.0•••Update to git version v2.7.0.
* Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove
get_object_hash.) changed API:
Convert all instances of get_object_hash to use an appropriate
reference to the hash member of the oid member of struct object.
This provides no functional change, as it is essentially a macro
substitution.
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2016-01-13 | 13 | -26/+26 |
| * | ui-repolist: initialize char *buf to NULL•••readfile() can fail if the agefile is not readable. Make sure free()
does not free an ininitialized string.
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2016-01-13 | 1 | -1/+1 |
| * | filter: avoid integer overflow in authenticate_post•••ctx.env.content_length is an unsigned int, coming from the
CONTENT_LENGTH environment variable, which is parsed by strtoul. The
HTTP/1.1 spec says that "any Content-Length greater than or equal to
zero is a valid value." By storing this into an int, we potentially
overflow it, resulting in the following bounding check failing, leading
to a buffer overflow.
Reported-by: Erik Cabetas <Erik@cabetas.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-11-24 | 1 | -1/+1 |
| * | about-formatting.sh: comment text out of date | Jason A. Donenfeld | 2015-11-12 | 1 | -1/+1 |
| * | filters: port syntax-highlighting.py to python 3.x•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-12 | 1 | -10/+9 |
| * | md2html: the default of stdin works fine•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-10-12 | 1 | -2/+1 |
| * | filters: misc cleanups•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-10-12 | 2 | -2/+1 |
| * | md2html: use pure python•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-10-12 | 1 | -6/+9 |
| * | cache: fix resource leak: close file handle before return•••Coverity-id: 13910
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -3/+9 |
| * | ui-atom: fix resource leak: free allocation from cgit_pageurl•••Coverity-id: 13945
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -1/+4 |
| * | ui-atom: fix resource leak: free before return•••Coverity-id: 13946
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -1/+2 |
| * | ui-atom: fix resource leak: free allocation from cgit_repourl•••Coverity-id: 13947
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -1/+3 |
| * | ui-blob: fix resource leak: free before return•••Coverity-id: 13944
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -0/+1 |
| * | ui-blob: fix resource leak: free before return•••Coverity-id: 13943
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-10 | 1 | -0/+1 |
| * | ui-plain: fix resource leak: free before assigning NULL•••Coverity-id: 13939
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -1/+3 |
| * | ui-plain: fix resource leak: free before return•••Coverity-id: 13940
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -0/+1 |
| * | ui-repolist: fix resource leak: free allocation from cgit_currenturl•••Coverity-id: 13930
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -1/+3 |
| * | ui-repolist: fix resource leak: free before return•••Coverity-id: 13931
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -1/+3 |
| * | filters: Simplify converters•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-10-09 | 4 | -1734/+284 |
| * | ui-shared: fix resource leak: free allocation from cgit_hosturl•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -2/+3 |
| * | ui-shared: return value of cgit_hosturl is not const•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 2 | -4/+4 |
| * | cmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -3/+7 |
| * | ui-shared: fix resource leak: free allocation from cgit_currenturl•••Coverity-id: 13927
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -3/+8 |
| * | ui-shared: return value of cgit_currenturl is not const•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 2 | -3/+3 |
| * | ui-shared: fix resource leak: free allocation from cgit_fileurl•••Coverity-id: 13918
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -5/+11 |
| * | ui-ssdiff: fix resource leak: free allocation from cgit_fileurl•••Coverity-id: 13929
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -2/+6 |
| * | ui-tree: fix resource leak: free before return•••Coverity-id: 13938
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-09 | 1 | -0/+1 |
| * | Avoid use of non-reentrant functions•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-10-09 | 1 | -3/+3 |
| * | Makefile: fix MAKEFLAGS tests with multiple flags•••findstring is defined as $(findstring FIND,IN) so if multiple flags are
set these tests do the wrong thing unless $(MAKEFLAGS) is the second
argument.
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2015-10-09 | 1 | -1/+1 |
| * | ui-refs: remove useless null check•••There is no way that "tag" can be null here.
Coverity-id: 13950
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2015-10-09 | 1 | -1/+1 |
| * | ui-blob: remove useless null check•••We have already called strlen() on "path" by the time we get here, so we
know it can't be null.
Coverity-id: 13954
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2015-10-09 | 1 | -1/+1 |
| * | scan-tree: remove useless strdup()•••parse_configfile() takes a "const char *" and doesn't hold any
references to it after it returns; there is no reason to pass it a
duplicate.
Coverity-id: 13941
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2015-10-09 | 1 | -1/+1 |
| * | cgit.c: remove useless null check•••Everywhere else in this function we do not check whether the value is
null and parse_configfile() never passes a null value to this callback.
Coverity-id: 13846
Signed-off-by: John Keeping <john@keeping.me.uk>
| John Keeping | 2015-10-09 | 1 | -1/+1 |
| * | git: update to v2.6.1•••Update to git version v2.6.1, no changes required.
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-10-06 | 2 | -1/+1 |
| * | mime: rewrite detection function•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| Jason A. Donenfeld | 2015-08-17 | 1 | -36/+26 |
| * | ui-summary: send images plain for about page•••The about page used to display just fine, but images were broken: The
binary image data was embedded in html code.
Use cgit_print_plain() to send images in plain mode and make them
available on about page.
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-08-17 | 1 | -2/+13 |
| * | refactor get_mimetype_from_file() to get_mimetype_for_filename()•••* handle mimetype within a single function
* return allocated memory on success
Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-08-17 | 3 | -47/+40 |
| * | move get_mimetype_from_file() to shared•••Signed-off-by: Christian Hesse <mail@eworm.de>
| Christian Hesse | 2015-08-17 | 3 | -40/+42 |
