aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* new versionHEADmasterWolfgang Wiedmeyer2016-03-157-14/+12
| | | | | | sync debian folder with latest debian release Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* Merge branch 'master' of git://git.zx2c4.com/cgitWolfgang Wiedmeyer2016-03-1521-80/+103
|\
| * Renamed repo-specific configuration for enable-html-serving in cgitrc.5.txtMatt Comben2016-03-081-1/+1
| |
| * ui-shared: redirect should not exit early for cacheJason A. Donenfeld2016-02-261-1/+0
| | | | | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| * about: path_info might not be validJason A. Donenfeld2016-02-261-1/+2
| |
| * tabs: do not use target=_blankJason A. Donenfeld2016-02-231-1/+1
| |
| * css: fix indentationJason A. Donenfeld2016-02-231-4/+4
| |
| * css: use less blurry icon for external linkChristian Hesse2016-02-231-1/+2
| | | | | | | | | | | | | | | | Your mileage may vary, but for me the old icon looks blurry. The new one is character 0xf08e from OTF font awsome in size 10. The icon color is black, gray level is adjusted via opacity. Signed-off-by: Christian Hesse <mail@eworm.de>
| * md2html: Do syntax highlighting tooJason A. Donenfeld2016-02-231-1/+5
| |
| * git: update to v2.7.2Christian Hesse2016-02-232-1/+1
| | | | | | | | | | | | Update to git version v2.7.2, no changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
| * ui-plain: fix to show a repo's root directory listing in plain viewJoe Anakata2016-02-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | This is to fix the case of accessing http://host.com/cgit.cgi/repo.git/plain/ There is code here to make this case work (match_baselen is set to -1 for top-of-the-tree views) but the unsigned to signed comparison was always false in this case, causing an empty directory listing without this fix. Signed-off-by: Joe Anakata <jea-signup-github@anakata.org> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| * cmd: redirect empty about/ to homepage or summaryJason A. Donenfeld2016-02-221-1/+10
| | | | | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| * ui-shared: add homepage to tabsJason A. Donenfeld2016-02-227-5/+26
| | | | | | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
| * ui-atom: avoid DATE_STRFTIMEJohn Keeping2016-02-082-12/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Git's DATE_STRFTIME ignores the timezone argument and just uses the local timezone regardless of whether the "local" flag is set. Since Atom accepts ISO8601 dates [1], we can use Git's DATE_ISO8601_STRICT instead, which does get this right. Additionally, we never use the local timezone here so we can use the date_mode_from_type() wrapper to simplify the code a bit. [1] https://tools.ietf.org/html/rfc4287#section-3.3 Signed-off-by: John Keeping <john@keeping.me.uk>
| * Avoid DATE_STRFTIME for long/short datesJohn Keeping2016-02-085-13/+10
| | | | | | | | | | | | | | | | | | | | | | Git's DATE_STRFTIME ignores the timezone argument and just uses the local timezone regardless of whether the "local" flag is set. Since our existing FMT_LONGDATE and FMT_SHORTDATE are pretty-much perfect matches to DATE_ISO8601 and DATE_SHORT, switch to taking a date_mode_type directly in cgit_date_mode(). Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-stats: cast pointer before checking for zeroJohn Keeping2016-02-081-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | We abuse the "void *util" field as a counter and recently started to cast it to a uintptr_t to avoid risking nasal demons by performing arithmetic on a void pointer. However, compilers are also known to do "interesting" things if they know that a pointer is or isn't NULL. Make this safer by checking if the counter (after casting) is non-zero rather than checking if the pointer is non-null. Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-stats: if we're going to abuse void*, do it safelyJason A. Donenfeld2016-02-081-10/+7
| |
| * git: update to v2.7.1Christian Hesse2016-02-082-1/+1
| | | | | | | | | | | | Update to git version v2.7.1, no changes required. Signed-off-by: Christian Hesse <mail@eworm.de>
| * ui-shared: remove cgit_print_date()John Keeping2016-02-082-21/+0
| | | | | | | | | | | | There are no longer any users of this function. Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-atom: use show_date directly for atom datesJohn Keeping2016-02-081-2/+7
| | | | | | | | | | | | | | This will allow us to remove cgit_print_date and use Git's show_date consistently. Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-shared: use show_date for footer timestampJohn Keeping2016-02-081-1/+1
| | | | | | | | Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui: show ages in the originator's timezoneJohn Keeping2016-02-085-18/+18
| | | | | | | | | | | | | | This affects the tooltip showing the full time and the case when a date is sufficiently old to be shown in full rather than as an offset. Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-{commit,tag}: show dates in originator's timezoneJohn Keeping2016-02-082-3/+6
| | | | | | | | | | | | | | This is done by switching to Git's show_date() function and the mode given by cgit_date_mode(). Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-shared: add cgit_date_mode()John Keeping2016-02-082-0/+10
| | | | | | | | | | | | | | | | This returns the correct mode value for use with Git's show_date() based on the current CGit configuration and will be used in the following patches. Signed-off-by: John Keeping <john@keeping.me.uk>
| * parsing: add timezone to ident structuresJohn Keeping2016-02-082-4/+9
| | | | | | | | | | | | | | This will allow us to mimic Git's behaviour of showing times in the originator's timezone when displaying commits and tags. Signed-off-by: John Keeping <john@keeping.me.uk>
| * ui-shared: remove "format" from cgit_print_age()John Keeping2016-02-085-9/+9
| | | | | | | | | | | | | | We never use any format other than FMT_SHORTDATE, so move that into the function. Signed-off-by: John Keeping <john@keeping.me.uk>
* | added debian folder from official debian packageWolfgang Wiedmeyer2016-01-2120-0/+696
|/ | | | | | | updated debian patches new release Signed-off-by: Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de>
* ui-tree: put reverse path in titleJason A. Donenfeld2016-01-181-0/+34
|
* syntax-highlighting: always use utf-8 to avoid ascii codec issuesJason A. Donenfeld2016-01-181-0/+3
|
* cache: don't check for match with no keyJohn Keeping2016-01-171-2/+3
| | | | | | | | | | | We call open_slot() from cache_ls() without a key since we simply want to read the path out of the header. Should the file happen to contain an empty key then we end up calling memcmp() with NULL and a non-zero length. Fix this by assigning slot->match only if a key is set, which is always will be in the code paths where we use slot->match. Coverity-id: 13807 Signed-off-by: John Keeping <john@keeping.me.uk>
* cache: use size_t for string lengthsJohn Keeping2016-01-171-2/+2
| | | | | | | Avoid integer truncation on 64-bit systems. Coverity-id: 13864 Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-log: handle parse_commit() errorsJohn Keeping2016-01-171-1/+3
| | | | | | | | | | | | | If parse_commit() fails, none of the fields in the commit structure will have been populated so we will dereference NULL when accessing item->tree. There isn't much we can do about the error at this point, but if we return true then we'll try parsing the commit again from print_commit() and we can report an error to the user at that point. Coverity-id: 13801 Signed-off-by: John Keeping <john@keeping.me.uk>
* Bump versionv0.12Jason A. Donenfeld2016-01-141-1/+1
|
* ui-plain: add enable-html-serving flagJason A. Donenfeld2016-01-145-0/+29
| | | | Unrestricts plain/ to contents likely to be executed by browser.
* ui-blob: set CSP just in caseJason A. Donenfeld2016-01-141-0/+3
|
* ui-blob: always use generic mimetypesJason A. Donenfeld2016-01-141-6/+4
|
* ui-blob: Do not accept mimetype from userJason A. Donenfeld2016-01-143-4/+0
|
* ui-shared: prevent malicious filename from injecting headersJason A. Donenfeld2016-01-143-3/+32
|
* ui-shared: Avoid new line injection into redirect headerJason A. Donenfeld2016-01-141-1/+3
|
* Fix missing prototype declarationsPeter Colberg2016-01-146-15/+15
| | | | Signed-off-by: Peter Colberg <peter@colberg.org>
* ui-repolist: return HTTP 404 if no repositories foundPeter Colberg2016-01-131-3/+17
| | | | | | | | | Return HTTP status code 404 Not found when querying a non-existent repository, which signals to search engines that a repository no longer exists. Further, some webservers such as nginx permit logging requests to different files depending on the HTTP code. Signed-off-by: Peter Colberg <peter@colberg.org>
* ui-repolist: extract repo visibility criteria to separate functionPeter Colberg2016-01-131-3/+10
| | | | Signed-off-by: Peter Colberg <peter@colberg.org>
* Fix segmentation fault in hc()Lukas Fleischer2016-01-131-0/+3
| | | | | | | | The ctx.qry.page variable might be unset at this point, e.g. when an invalid command is passed and cgit_print_pageheader() is called to show an error message. Signed-off-by: Lukas Fleischer <lfleischer@lfos.de>
* git: update to v2.7.0Christian Hesse2016-01-1313-26/+26
| | | | | | | | | | | | | | Update to git version v2.7.0. * Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove get_object_hash.) changed API: Convert all instances of get_object_hash to use an appropriate reference to the hash member of the oid member of struct object. This provides no functional change, as it is essentially a macro substitution. Signed-off-by: Christian Hesse <mail@eworm.de>
* ui-repolist: initialize char *buf to NULLChristian Hesse2016-01-131-1/+1
| | | | | | | readfile() can fail if the agefile is not readable. Make sure free() does not free an ininitialized string. Signed-off-by: Christian Hesse <mail@eworm.de>
* filter: avoid integer overflow in authenticate_postJason A. Donenfeld2015-11-241-1/+1
| | | | | | | | | | | | ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas <Erik@cabetas.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* about-formatting.sh: comment text out of dateJason A. Donenfeld2015-11-121-1/+1
|
* filters: port syntax-highlighting.py to python 3.xChristian Hesse2015-10-121-10/+9
| | | | Signed-off-by: Christian Hesse <mail@eworm.de>
* md2html: the default of stdin works fineJason A. Donenfeld2015-10-121-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filters: misc cleanupsJason A. Donenfeld2015-10-122-2/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>