aboutsummaryrefslogtreecommitdiffstats
Commit message (Expand)AuthorAgeFilesLines
* ui-stats: cast pointer before checking for zero•••We abuse the "void *util" field as a counter and recently started to cast it to a uintptr_t to avoid risking nasal demons by performing arithmetic on a void pointer. However, compilers are also known to do "interesting" things if they know that a pointer is or isn't NULL. Make this safer by checking if the counter (after casting) is non-zero rather than checking if the pointer is non-null. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-081-2/+2
* ui-stats: if we're going to abuse void*, do it safelyJason A. Donenfeld2016-02-081-10/+7
* git: update to v2.7.1•••Update to git version v2.7.1, no changes required. Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2016-02-082-1/+1
* ui-shared: remove cgit_print_date()•••There are no longer any users of this function. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-082-21/+0
* ui-atom: use show_date directly for atom dates•••This will allow us to remove cgit_print_date and use Git's show_date consistently. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-081-2/+7
* ui-shared: use show_date for footer timestamp•••Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-081-1/+1
* ui: show ages in the originator's timezone•••This affects the tooltip showing the full time and the case when a date is sufficiently old to be shown in full rather than as an offset. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-085-18/+18
* ui-{commit,tag}: show dates in originator's timezone•••This is done by switching to Git's show_date() function and the mode given by cgit_date_mode(). Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-082-3/+6
* ui-shared: add cgit_date_mode()•••This returns the correct mode value for use with Git's show_date() based on the current CGit configuration and will be used in the following patches. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-082-0/+10
* parsing: add timezone to ident structures•••This will allow us to mimic Git's behaviour of showing times in the originator's timezone when displaying commits and tags. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-082-4/+9
* ui-shared: remove "format" from cgit_print_age()•••We never use any format other than FMT_SHORTDATE, so move that into the function. Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-02-085-9/+9
* ui-tree: put reverse path in titleJason A. Donenfeld2016-01-181-0/+34
* syntax-highlighting: always use utf-8 to avoid ascii codec issuesJason A. Donenfeld2016-01-181-0/+3
* cache: don't check for match with no key•••We call open_slot() from cache_ls() without a key since we simply want to read the path out of the header. Should the file happen to contain an empty key then we end up calling memcmp() with NULL and a non-zero length. Fix this by assigning slot->match only if a key is set, which is always will be in the code paths where we use slot->match. Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-01-171-2/+3
* cache: use size_t for string lengths•••Avoid integer truncation on 64-bit systems. Coverity-id: 13864 Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-01-171-2/+2
* ui-log: handle parse_commit() errors•••If parse_commit() fails, none of the fields in the commit structure will have been populated so we will dereference NULL when accessing item->tree. There isn't much we can do about the error at this point, but if we return true then we'll try parsing the commit again from print_commit() and we can report an error to the user at that point. Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk> John Keeping2016-01-171-1/+3
* Bump versionJason A. Donenfeld2016-01-141-1/+1
* ui-plain: add enable-html-serving flag•••Unrestricts plain/ to contents likely to be executed by browser. Jason A. Donenfeld2016-01-145-0/+29
* ui-blob: set CSP just in caseJason A. Donenfeld2016-01-141-0/+3
* ui-blob: always use generic mimetypesJason A. Donenfeld2016-01-141-6/+4
* ui-blob: Do not accept mimetype from userJason A. Donenfeld2016-01-143-4/+0
* ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld2016-01-143-3/+32
* ui-shared: Avoid new line injection into redirect headerJason A. Donenfeld2016-01-141-1/+3
* Fix missing prototype declarations•••Signed-off-by: Peter Colberg <peter@colberg.org> Peter Colberg2016-01-146-15/+15
* ui-repolist: return HTTP 404 if no repositories found•••Return HTTP status code 404 Not found when querying a non-existent repository, which signals to search engines that a repository no longer exists. Further, some webservers such as nginx permit logging requests to different files depending on the HTTP code. Signed-off-by: Peter Colberg <peter@colberg.org> Peter Colberg2016-01-131-3/+17
* ui-repolist: extract repo visibility criteria to separate function•••Signed-off-by: Peter Colberg <peter@colberg.org> Peter Colberg2016-01-131-3/+10
* Fix segmentation fault in hc()•••The ctx.qry.page variable might be unset at this point, e.g. when an invalid command is passed and cgit_print_pageheader() is called to show an error message. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de> Lukas Fleischer2016-01-131-0/+3
* git: update to v2.7.0•••Update to git version v2.7.0. * Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove get_object_hash.) changed API: Convert all instances of get_object_hash to use an appropriate reference to the hash member of the oid member of struct object. This provides no functional change, as it is essentially a macro substitution. Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2016-01-1313-26/+26
* ui-repolist: initialize char *buf to NULL•••readfile() can fail if the agefile is not readable. Make sure free() does not free an ininitialized string. Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2016-01-131-1/+1
* filter: avoid integer overflow in authenticate_post•••ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Jason A. Donenfeld2015-11-241-1/+1
* about-formatting.sh: comment text out of dateJason A. Donenfeld2015-11-121-1/+1
* filters: port syntax-highlighting.py to python 3.x•••Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-121-10/+9
* md2html: the default of stdin works fine•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Jason A. Donenfeld2015-10-121-2/+1
* filters: misc cleanups•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Jason A. Donenfeld2015-10-122-2/+1
* md2html: use pure python•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Jason A. Donenfeld2015-10-121-6/+9
* cache: fix resource leak: close file handle before return•••Coverity-id: 13910 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-3/+9
* ui-atom: fix resource leak: free allocation from cgit_pageurl•••Coverity-id: 13945 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-1/+4
* ui-atom: fix resource leak: free before return•••Coverity-id: 13946 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-1/+2
* ui-atom: fix resource leak: free allocation from cgit_repourl•••Coverity-id: 13947 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-1/+3
* ui-blob: fix resource leak: free before return•••Coverity-id: 13944 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-0/+1
* ui-blob: fix resource leak: free before return•••Coverity-id: 13943 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-101-0/+1
* ui-plain: fix resource leak: free before assigning NULL•••Coverity-id: 13939 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-1/+3
* ui-plain: fix resource leak: free before return•••Coverity-id: 13940 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-0/+1
* ui-repolist: fix resource leak: free allocation from cgit_currenturl•••Coverity-id: 13930 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-1/+3
* ui-repolist: fix resource leak: free before return•••Coverity-id: 13931 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-1/+3
* filters: Simplify converters•••Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Jason A. Donenfeld2015-10-094-1734/+284
* ui-shared: fix resource leak: free allocation from cgit_hosturl•••Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-2/+3
* ui-shared: return value of cgit_hosturl is not const•••Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-092-4/+4
* cmd: fix resource leak: free allocation from cgit_currenturl and fmtalloc•••Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-3/+7
* ui-shared: fix resource leak: free allocation from cgit_currenturl•••Coverity-id: 13927 Signed-off-by: Christian Hesse <mail@eworm.de> Christian Hesse2015-10-091-3/+8
generated by cgit (git 2.51.1) at 2025-12-13 06:45:59 +0000