gitweb: allow space as delimiter in mime.types

[Gitweb] / gitweb.perl
diff --git a/gitweb.perl b/gitweb.perl

index 3e0ca4eac614743554baf7961905af78283fd07f032403ca2b16f9432cef60f6..dacd4dc0b1f8b589c8d7538a373eba969835d81b6e9f87940b2f6cd480e6886d 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -7,25 +7,63 @@
  #
  # This program is licensed under the GPLv2
  
  #
  # This program is licensed under the GPLv2
  
+use 5.008;
  use strict;
  use warnings;
  use CGI qw(:standard :escapeHTML -nosticky);
  use CGI::Util qw(unescape);
  use strict;
  use warnings;
  use CGI qw(:standard :escapeHTML -nosticky);
  use CGI::Util qw(unescape);
-use CGI::Carp qw(fatalsToBrowser);
+use CGI::Carp qw(fatalsToBrowser set_message);
  use Encode;
  use Fcntl ':mode';
  use File::Find qw();
  use File::Basename qw(basename);
  use Encode;
  use Fcntl ':mode';
  use File::Find qw();
  use File::Basename qw(basename);
+use Time::HiRes qw(gettimeofday tv_interval);
  binmode STDOUT, ':utf8';
  
  binmode STDOUT, ':utf8';
  
+our $t0 = [ gettimeofday() ];
+our $number_of_git_cmds = 0;
+
  BEGIN {
         CGI->compile() if $ENV{'MOD_PERL'};
  }
  
  BEGIN {
         CGI->compile() if $ENV{'MOD_PERL'};
  }
  
-our $cgi = new CGI;
  our $version = "++GIT_VERSION++";
  our $version = "++GIT_VERSION++";
-our $my_url = $cgi->url();
-our $my_uri = $cgi->url(-absolute => 1);
+
+our ($my_url, $my_uri, $base_url, $path_info, $home_link);
+sub evaluate_uri {
+       our $cgi;
+
+       our $my_url = $cgi->url();
+       our $my_uri = $cgi->url(-absolute => 1);
+
+       # Base URL for relative URLs in gitweb ($logo, $favicon, ...),
+       # needed and used only for URLs with nonempty PATH_INFO
+       our $base_url = $my_url;
+
+       # When the script is used as DirectoryIndex, the URL does not contain the name
+       # of the script file itself, and $cgi->url() fails to strip PATH_INFO, so we
+       # have to do it ourselves. We make $path_info global because it's also used
+       # later on.
+       #
+       # Another issue with the script being the DirectoryIndex is that the resulting
+       # $my_url data is not the full script URL: this is good, because we want
+       # generated links to keep implying the script name if it wasn't explicitly
+       # indicated in the URL we're handling, but it means that $my_url cannot be used
+       # as base URL.
+       # Therefore, if we needed to strip PATH_INFO, then we know that we have
+       # to build the base URL ourselves:
+       our $path_info = $ENV{"PATH_INFO"};
+       if ($path_info) {
+               if ($my_url =~ s,\Q$path_info\E$,, &&
+                   $my_uri =~ s,\Q$path_info\E$,, &&
+                   defined $ENV{'SCRIPT_NAME'}) {
+                       $base_url = $cgi->url(-base => 1) . $ENV{'SCRIPT_NAME'};
+               }
+       }
+
+       # target of the home link on top of all pages
+       our $home_link = $my_uri || "/";
+}
  
  # core git executable to use
  # this can just be "git" if your webserver has a sensible PATH
  
  # core git executable to use
  # this can just be "git" if your webserver has a sensible PATH
@@ -39,9 +77,6 @@ our $projectroot = "++GITWEB_PROJECTROOT++";
  # the number is relative to the projectroot
  our $project_maxdepth = "++GITWEB_PROJECT_MAXDEPTH++";
  
  # the number is relative to the projectroot
  our $project_maxdepth = "++GITWEB_PROJECT_MAXDEPTH++";
  
-# target of the home link on top of all pages
-our $home_link = $my_uri || "/";
-
  # string of the home link on top of all pages
  our $home_link_str = "++GITWEB_HOME_LINK_STR++";
  
  # string of the home link on top of all pages
  our $home_link_str = "++GITWEB_HOME_LINK_STR++";
  
@@ -66,11 +101,13 @@ our $stylesheet = undef;
  our $logo = "++GITWEB_LOGO++";
  # URI of GIT favicon, assumed to be image/png type
  our $favicon = "++GITWEB_FAVICON++";
  our $logo = "++GITWEB_LOGO++";
  # URI of GIT favicon, assumed to be image/png type
  our $favicon = "++GITWEB_FAVICON++";
+# URI of gitweb.js (JavaScript code for gitweb)
+our $javascript = "++GITWEB_JS++";
  
  # URI and label (title) of GIT logo link
  #our $logo_url = "http://www.kernel.org/pub/software/scm/git/docs/";
  #our $logo_label = "git documentation";
  
  # URI and label (title) of GIT logo link
  #our $logo_url = "http://www.kernel.org/pub/software/scm/git/docs/";
  #our $logo_label = "git documentation";
-our $logo_url = "http://git.or.cz/";
+our $logo_url = "http://git-scm.com/";
  our $logo_label = "git homepage";
  
  # source of projects list
  our $logo_label = "git homepage";
  
  # source of projects list
@@ -79,6 +116,14 @@ our $projects_list = "++GITWEB_LIST++";
  # the width (in characters) of the projects list "Description" column
  our $projects_list_description_width = 25;
  
  # the width (in characters) of the projects list "Description" column
  our $projects_list_description_width = 25;
  
+# group projects by category on the projects list
+# (enabled if this variable evaluates to true)
+our $projects_list_group_categories = 0;
+
+# default category if none specified
+# (leave the empty string for no category)
+our $project_list_default_category = "";
+
  # default order of projects list
  # valid values are none, project, descr, owner, and age
  our $default_projects_order = "project";
  # default order of projects list
  # valid values are none, project, descr, owner, and age
  our $default_projects_order = "project";
@@ -87,6 +132,11 @@ our $default_projects_order = "project";
  # (only effective if this variable evaluates to true)
  our $export_ok = "++GITWEB_EXPORT_OK++";
  
  # (only effective if this variable evaluates to true)
  our $export_ok = "++GITWEB_EXPORT_OK++";
  
+# show repository only if this subroutine returns true
+# when given the path to the project, for example:
+#    sub { return -e "$_[0]/git-daemon-export-ok"; }
+our $export_auth_hook = undef;
+
  # only allow viewing of repositories also shown on the overview page
  our $strict_export = "++GITWEB_STRICT_EXPORT++";
  
  # only allow viewing of repositories also shown on the overview page
  our $strict_export = "++GITWEB_STRICT_EXPORT++";
  
@@ -119,6 +169,16 @@ our $fallback_encoding = 'latin1';
  # - one might want to include '-B' option, e.g. '-B', '-M'
  our @diff_opts = ('-M'); # taken from git_commit
  
  # - one might want to include '-B' option, e.g. '-B', '-M'
  our @diff_opts = ('-M'); # taken from git_commit
  
+# Disables features that would allow repository owners to inject script into
+# the gitweb domain.
+our $prevent_xss = 0;
+
+# Path to the highlight executable to use (must be the one from
+# http://www.andre-simon.de due to assumptions about parameters and output).
+# Useful if highlight is not installed on your webserver's PATH.
+# [Default: highlight]
+our $highlight_bin = "++HIGHLIGHT_BIN++";
+
  # information about snapshot formats that gitweb is capable of serving
  our %known_snapshot_formats = (
         # name => {
  # information about snapshot formats that gitweb is capable of serving
  our %known_snapshot_formats = (
         # name => {
@@ -127,14 +187,15 @@ our %known_snapshot_formats = (
         #       'suffix' => filename suffix,
         #       'format' => --format for git-archive,
         #       'compressor' => [compressor command and arguments]
         #       'suffix' => filename suffix,
         #       'format' => --format for git-archive,
         #       'compressor' => [compressor command and arguments]
-       #                       (array reference, optional)}
+       #                       (array reference, optional)
+       #       'disabled' => boolean (optional)}
         #
         'tgz' => {
                 'display' => 'tar.gz',
                 'type' => 'application/x-gzip',
                 'suffix' => '.tar.gz',
                 'format' => 'tar',
         #
         'tgz' => {
                 'display' => 'tar.gz',
                 'type' => 'application/x-gzip',
                 'suffix' => '.tar.gz',
                 'format' => 'tar',
-               'compressor' => ['gzip']},
+               'compressor' => ['gzip', '-n']},
  
         'tbz2' => {
                 'display' => 'tar.bz2',
  
         'tbz2' => {
                 'display' => 'tar.bz2',
@@ -143,6 +204,14 @@ our %known_snapshot_formats = (
                 'format' => 'tar',
                 'compressor' => ['bzip2']},
  
                 'format' => 'tar',
                 'compressor' => ['bzip2']},
  
+       'txz' => {
+               'display' => 'tar.xz',
+               'type' => 'application/x-xz',
+               'suffix' => '.tar.xz',
+               'format' => 'tar',
+               'compressor' => ['xz'],
+               'disabled' => 1},
+
         'zip' => {
                 'display' => 'zip',
                 'type' => 'application/x-zip',
         'zip' => {
                 'display' => 'zip',
                 'type' => 'application/x-zip',
@@ -155,6 +224,7 @@ our %known_snapshot_formats = (
  our %known_snapshot_format_aliases = (
         'gzip'  => 'tgz',
         'bzip2' => 'tbz2',
  our %known_snapshot_format_aliases = (
         'gzip'  => 'tgz',
         'bzip2' => 'tbz2',
+       'xz'    => 'txz',
  
         # backward compatibility: legacy gitweb config support
         'x-gzip' => undef, 'gz' => undef,
  
         # backward compatibility: legacy gitweb config support
         'x-gzip' => undef, 'gz' => undef,
@@ -162,6 +232,44 @@ our %known_snapshot_format_aliases = (
         'x-zip' => undef, '' => undef,
  );
  
         'x-zip' => undef, '' => undef,
  );
  
+# Pixel sizes for icons and avatars. If the default font sizes or lineheights
+# are changed, it may be appropriate to change these values too via
+# $GITWEB_CONFIG.
+our %avatar_size = (
+       'default' => 16,
+       'double'  => 32
+);
+
+# Used to set the maximum load that we will still respond to gitweb queries.
+# If server load exceed this value then return "503 server busy" error.
+# If gitweb cannot determined server load, it is taken to be 0.
+# Leave it undefined (or set to 'undef') to turn off load checking.
+our $maxload = 300;
+
+# configuration for 'highlight' (http://www.andre-simon.de/)
+# match by basename
+our %highlight_basename = (
+       #'Program' => 'py',
+       #'Library' => 'py',
+       'SConstruct' => 'py', # SCons equivalent of Makefile
+       'Makefile' => 'make',
+);
+# match by extension
+our %highlight_ext = (
+       # main extensions, defining name of syntax;
+       # see files in /usr/share/highlight/langDefs/ directory
+       map { $_ => $_ }
+               qw(py c cpp rb java css php sh pl js tex bib xml awk bat ini spec tcl sql make),
+       # alternate extensions, see /etc/highlight/filetypes.conf
+       'h' => 'c',
+       map { $_ => 'sh'  } qw(bash zsh ksh),
+       map { $_ => 'cpp' } qw(cxx c++ cc),
+       map { $_ => 'php' } qw(php3 php4 php5 phps),
+       map { $_ => 'pl'  } qw(perl pm), # perhaps also 'cgi'
+       map { $_ => 'make'} qw(mak mk),
+       map { $_ => 'xml' } qw(xhtml html htm),
+);
+
  # You define site-wide feature defaults here; override them with
  # $GITWEB_CONFIG as necessary.
  our %feature = (
  # You define site-wide feature defaults here; override them with
  # $GITWEB_CONFIG as necessary.
  our %feature = (
@@ -175,9 +283,11 @@ our %feature = (
         # return value of feature-sub indicates if to enable specified feature
         #
         # if there is no 'sub' key (no feature-sub), then feature cannot be
         # return value of feature-sub indicates if to enable specified feature
         #
         # if there is no 'sub' key (no feature-sub), then feature cannot be
-       # overriden
+       # overridden
         #
         #
-       # use gitweb_check_feature(<feature>) to check if <feature> is enabled
+       # use gitweb_get_feature(<feature>) to retrieve the <feature> value
+       # (an array) or gitweb_check_feature(<feature>) to check if <feature>
+       # is enabled
  
         # Enable the 'blame' blob view, showing the last commit that modified
         # each line in the file. This can be very CPU-intensive.
  
         # Enable the 'blame' blob view, showing the last commit that modified
         # each line in the file. This can be very CPU-intensive.
@@ -188,7 +298,7 @@ our %feature = (
         # $feature{'blame'}{'override'} = 1;
         # and in project config gitweb.blame = 0|1;
         'blame' => {
         # $feature{'blame'}{'override'} = 1;
         # and in project config gitweb.blame = 0|1;
         'blame' => {
-               'sub' => \&feature_blame,
+               'sub' => sub { feature_bool('blame', @_) },
                 'override' => 0,
                 'default' => [0]},
  
                 'override' => 0,
                 'default' => [0]},
  
@@ -226,6 +336,7 @@ our %feature = (
         # $feature{'grep'}{'override'} = 1;
         # and in project config gitweb.grep = 0|1;
         'grep' => {
         # $feature{'grep'}{'override'} = 1;
         # and in project config gitweb.grep = 0|1;
         'grep' => {
+               'sub' => sub { feature_bool('grep', @_) },
                 'override' => 0,
                 'default' => [1]},
  
                 'override' => 0,
                 'default' => [1]},
  
@@ -239,7 +350,20 @@ our %feature = (
         # $feature{'pickaxe'}{'override'} = 1;
         # and in project config gitweb.pickaxe = 0|1;
         'pickaxe' => {
         # $feature{'pickaxe'}{'override'} = 1;
         # and in project config gitweb.pickaxe = 0|1;
         'pickaxe' => {
-               'sub' => \&feature_pickaxe,
+               'sub' => sub { feature_bool('pickaxe', @_) },
+               'override' => 0,
+               'default' => [1]},
+
+       # Enable showing size of blobs in a 'tree' view, in a separate
+       # column, similar to what 'ls -l' does.  This cost a bit of IO.
+
+       # To disable system wide have in $GITWEB_CONFIG
+       # $feature{'show-sizes'}{'default'} = [0];
+       # To have project specific config enable override in $GITWEB_CONFIG
+       # $feature{'show-sizes'}{'override'} = 1;
+       # and in project config gitweb.showsizes = 0|1;
+       'show-sizes' => {
+               'sub' => sub { feature_bool('showsizes', @_) },
                 'override' => 0,
                 'default' => [1]},
  
                 'override' => 0,
                 'default' => [1]},
  
@@ -276,33 +400,182 @@ our %feature = (
         'forks' => {
                 'override' => 0,
                 'default' => [0]},
         'forks' => {
                 'override' => 0,
                 'default' => [0]},
+
+       # Insert custom links to the action bar of all project pages.
+       # This enables you mainly to link to third-party scripts integrating
+       # into gitweb; e.g. git-browser for graphical history representation
+       # or custom web-based repository administration interface.
+
+       # The 'default' value consists of a list of triplets in the form
+       # (label, link, position) where position is the label after which
+       # to insert the link and link is a format string where %n expands
+       # to the project name, %f to the project path within the filesystem,
+       # %h to the current hash (h gitweb parameter) and %b to the current
+       # hash base (hb gitweb parameter); %% expands to %.
+
+       # To enable system wide have in $GITWEB_CONFIG e.g.
+       # $feature{'actions'}{'default'} = [('graphiclog',
+       #       '/git-browser/by-commit.html?r=%n', 'summary')];
+       # Project specific override is not supported.
+       'actions' => {
+               'override' => 0,
+               'default' => []},
+
+       # Allow gitweb scan project content tags of project repository,
+       # and display the popular Web 2.0-ish "tag cloud" near the projects
+       # list.  Note that this is something COMPLETELY different from the
+       # normal Git tags.
+
+       # gitweb by itself can show existing tags, but it does not handle
+       # tagging itself; you need to do it externally, outside gitweb.
+       # The format is described in git_get_project_ctags() subroutine.
+       # You may want to install the HTML::TagCloud Perl module to get
+       # a pretty tag cloud instead of just a list of tags.
+
+       # To enable system wide have in $GITWEB_CONFIG
+       # $feature{'ctags'}{'default'} = [1];
+       # Project specific override is not supported.
+
+       # In the future whether ctags editing is enabled might depend
+       # on the value, but using 1 should always mean no editing of ctags.
+       'ctags' => {
+               'override' => 0,
+               'default' => [0]},
+
+       # The maximum number of patches in a patchset generated in patch
+       # view. Set this to 0 or undef to disable patch view, or to a
+       # negative number to remove any limit.
+
+       # To disable system wide have in $GITWEB_CONFIG
+       # $feature{'patches'}{'default'} = [0];
+       # To have project specific config enable override in $GITWEB_CONFIG
+       # $feature{'patches'}{'override'} = 1;
+       # and in project config gitweb.patches = 0|n;
+       # where n is the maximum number of patches allowed in a patchset.
+       'patches' => {
+               'sub' => \&feature_patches,
+               'override' => 0,
+               'default' => [16]},
+
+       # Avatar support. When this feature is enabled, views such as
+       # shortlog or commit will display an avatar associated with
+       # the email of the committer(s) and/or author(s).
+
+       # Currently available providers are gravatar and picon.
+       # If an unknown provider is specified, the feature is disabled.
+
+       # Gravatar depends on Digest::MD5.
+       # Picon currently relies on the indiana.edu database.
+
+       # To enable system wide have in $GITWEB_CONFIG
+       # $feature{'avatar'}{'default'} = ['<provider>'];
+       # where <provider> is either gravatar or picon.
+       # To have project specific config enable override in $GITWEB_CONFIG
+       # $feature{'avatar'}{'override'} = 1;
+       # and in project config gitweb.avatar = <provider>;
+       'avatar' => {
+               'sub' => \&feature_avatar,
+               'override' => 0,
+               'default' => ['']},
+
+       # Enable displaying how much time and how many git commands
+       # it took to generate and display page.  Disabled by default.
+       # Project specific override is not supported.
+       'timed' => {
+               'override' => 0,
+               'default' => [0]},
+
+       # Enable turning some links into links to actions which require
+       # JavaScript to run (like 'blame_incremental').  Not enabled by
+       # default.  Project specific override is currently not supported.
+       'javascript-actions' => {
+               'override' => 0,
+               'default' => [0]},
+
+       # Enable and configure ability to change common timezone for dates
+       # in gitweb output via JavaScript.  Enabled by default.
+       # Project specific override is not supported.
+       'javascript-timezone' => {
+               'override' => 0,
+               'default' => [
+                       'local',     # default timezone: 'utc', 'local', or '(-|+)HHMM' format,
+                                    # or undef to turn off this feature
+                       'gitweb_tz', # name of cookie where to store selected timezone
+                       'datetime',  # CSS class used to mark up dates for manipulation
+               ]},
+
+       # Syntax highlighting support. This is based on Daniel Svensson's
+       # and Sham Chukoury's work in gitweb-xmms2.git.
+       # It requires the 'highlight' program present in $PATH,
+       # and therefore is disabled by default.
+
+       # To enable system wide have in $GITWEB_CONFIG
+       # $feature{'highlight'}{'default'} = [1];
+
+       'highlight' => {
+               'sub' => sub { feature_bool('highlight', @_) },
+               'override' => 0,
+               'default' => [0]},
+
+       # Enable displaying of remote heads in the heads list
+
+       # To enable system wide have in $GITWEB_CONFIG
+       # $feature{'remote_heads'}{'default'} = [1];
+       # To have project specific config enable override in $GITWEB_CONFIG
+       # $feature{'remote_heads'}{'override'} = 1;
+       # and in project config gitweb.remote_heads = 0|1;
+       'remote_heads' => {
+               'sub' => sub { feature_bool('remote_heads', @_) },
+               'override' => 0,
+               'default' => [0]},
  );
  
  );
  
-sub gitweb_check_feature {
+sub gitweb_get_feature {
         my ($name) = @_;
         return unless exists $feature{$name};
         my ($sub, $override, @defaults) = (
                 $feature{$name}{'sub'},
                 $feature{$name}{'override'},
                 @{$feature{$name}{'default'}});
         my ($name) = @_;
         return unless exists $feature{$name};
         my ($sub, $override, @defaults) = (
                 $feature{$name}{'sub'},
                 $feature{$name}{'override'},
                 @{$feature{$name}{'default'}});
-       if (!$override) { return @defaults; }
+       # project specific override is possible only if we have project
+       our $git_dir; # global variable, declared later
+       if (!$override || !defined $git_dir) {
+               return @defaults;
+       }
         if (!defined $sub) {
         if (!defined $sub) {
-               warn "feature $name is not overrideable";
+               warn "feature $name is not overridable";
                 return @defaults;
         }
         return $sub->(@defaults);
  }
  
                 return @defaults;
         }
         return $sub->(@defaults);
  }
  
-sub feature_blame {
-       my ($val) = git_get_project_config('blame', '--bool');
+# A wrapper to check if a given feature is enabled.
+# With this, you can say
+#
+#   my $bool_feat = gitweb_check_feature('bool_feat');
+#   gitweb_check_feature('bool_feat') or somecode;
+#
+# instead of
+#
+#   my ($bool_feat) = gitweb_get_feature('bool_feat');
+#   (gitweb_get_feature('bool_feat'))[0] or somecode;
+#
+sub gitweb_check_feature {
+       return (gitweb_get_feature(@_))[0];
+}
+
  
  
-       if ($val eq 'true') {
-               return 1;
+sub feature_bool {
+       my $key = shift;
+       my ($val) = git_get_project_config($key, '--bool');
+
+       if (!defined $val) {
+               return ($_[0]);
+       } elsif ($val eq 'true') {
+               return (1);
         } elsif ($val eq 'false') {
         } elsif ($val eq 'false') {
-               return 0;
+               return (0);
         }
         }
-
-       return $_[0];
  }
  
  sub feature_snapshot {
  }
  
  sub feature_snapshot {
@@ -317,28 +590,20 @@ sub feature_snapshot {
         return @fmts;
  }
  
         return @fmts;
  }
  
-sub feature_grep {
-       my ($val) = git_get_project_config('grep', '--bool');
+sub feature_patches {
+       my @val = (git_get_project_config('patches', '--int'));
  
  
-       if ($val eq 'true') {
-               return (1);
-       } elsif ($val eq 'false') {
-               return (0);
+       if (@val) {
+               return @val;
         }
  
         return ($_[0]);
  }
  
         }
  
         return ($_[0]);
  }
  
-sub feature_pickaxe {
-       my ($val) = git_get_project_config('pickaxe', '--bool');
-
-       if ($val eq 'true') {
-               return (1);
-       } elsif ($val eq 'false') {
-               return (0);
-       }
+sub feature_avatar {
+       my @val = (git_get_project_config('avatar'));
  
  
-       return ($_[0]);
+       return @val ? @val : @_;
  }
  
  # checking HEAD file with -e is fragile if the repository was
  }
  
  # checking HEAD file with -e is fragile if the repository was
@@ -354,7 +619,8 @@ sub check_head_link {
  sub check_export_ok {
         my ($dir) = @_;
         return (check_head_link($dir) &&
  sub check_export_ok {
         my ($dir) = @_;
         return (check_head_link($dir) &&
-               (!$export_ok || -e "$dir/$export_ok"));
+               (!$export_ok || -e "$dir/$export_ok") &&
+               (!$export_auth_hook || $export_auth_hook->($dir)));
  }
  
  # process alternate names for backward compatibility
  }
  
  # process alternate names for backward compatibility
@@ -365,288 +631,715 @@ sub filter_snapshot_fmts {
         @fmts = map {
                 exists $known_snapshot_format_aliases{$_} ?
                        $known_snapshot_format_aliases{$_} : $_} @fmts;
         @fmts = map {
                 exists $known_snapshot_format_aliases{$_} ?
                        $known_snapshot_format_aliases{$_} : $_} @fmts;
-       @fmts = grep(exists $known_snapshot_formats{$_}, @fmts);
-
+       @fmts = grep {
+               exists $known_snapshot_formats{$_} &&
+               !$known_snapshot_formats{$_}{'disabled'}} @fmts;
  }
  
  }
  
-our $GITWEB_CONFIG = $ENV{'GITWEB_CONFIG'} || "++GITWEB_CONFIG++";
-if (-e $GITWEB_CONFIG) {
-       do $GITWEB_CONFIG;
-} else {
-       our $GITWEB_CONFIG_SYSTEM = $ENV{'GITWEB_CONFIG_SYSTEM'} || "++GITWEB_CONFIG_SYSTEM++";
-       do $GITWEB_CONFIG_SYSTEM if -e $GITWEB_CONFIG_SYSTEM;
+# If it is set to code reference, it is code that it is to be run once per
+# request, allowing updating configurations that change with each request,
+# while running other code in config file only once.
+#
+# Otherwise, if it is false then gitweb would process config file only once;
+# if it is true then gitweb config would be run for each request.
+our $per_request_config = 1;
+
+# read and parse gitweb config file given by its parameter.
+# returns true on success, false on recoverable error, allowing
+# to chain this subroutine, using first file that exists.
+# dies on errors during parsing config file, as it is unrecoverable.
+sub read_config_file {
+       my $filename = shift;
+       return unless defined $filename;
+       # die if there are errors parsing config file
+       if (-e $filename) {
+               do $filename;
+               die $@ if $@;
+               return 1;
+       }
+       return;
  }
  
  }
  
-# version of the core git binary
-our $git_version = qx($GIT --version) =~ m/git version (.*)$/ ? $1 : "unknown";
-
-$projects_list ||= $projectroot;
+our ($GITWEB_CONFIG, $GITWEB_CONFIG_SYSTEM);
+sub evaluate_gitweb_config {
+       our $GITWEB_CONFIG = $ENV{'GITWEB_CONFIG'} || "++GITWEB_CONFIG++";
+       our $GITWEB_CONFIG_SYSTEM = $ENV{'GITWEB_CONFIG_SYSTEM'} || "++GITWEB_CONFIG_SYSTEM++";
  
  
-# ======================================================================
-# input validation and dispatch
-our $action = $cgi->param('a');
-if (defined $action) {
-       if ($action =~ m/[^0-9a-zA-Z\.\-_]/) {
-               die_error(undef, "Invalid action parameter");
-       }
+       # use first config file that exists
+       read_config_file($GITWEB_CONFIG) or
+       read_config_file($GITWEB_CONFIG_SYSTEM);
  }
  
  }
  
-# parameters which are pathnames
-our $project = $cgi->param('p');
-if (defined $project) {
-       if (!validate_pathname($project) ||
-           !(-d "$projectroot/$project") ||
-           !check_head_link("$projectroot/$project") ||
-           ($export_ok && !(-e "$projectroot/$project/$export_ok")) ||
-           ($strict_export && !project_in_list($project))) {
-               undef $project;
-               die_error(undef, "No such project");
-       }
-}
+# Get loadavg of system, to compare against $maxload.
+# Currently it requires '/proc/loadavg' present to get loadavg;
+# if it is not present it returns 0, which means no load checking.
+sub get_loadavg {
+       if( -e '/proc/loadavg' ){
+               open my $fd, '<', '/proc/loadavg'
+                       or return 0;
+               my @load = split(/\s+/, scalar <$fd>);
+               close $fd;
  
  
-our $file_name = $cgi->param('f');
-if (defined $file_name) {
-       if (!validate_pathname($file_name)) {
-               die_error(undef, "Invalid file parameter");
+               # The first three columns measure CPU and IO utilization of the last one,
+               # five, and 10 minute periods.  The fourth column shows the number of
+               # currently running processes and the total number of processes in the m/n
+               # format.  The last column displays the last process ID used.
+               return $load[0] || 0;
         }
         }
-}
+       # additional checks for load average should go here for things that don't export
+       # /proc/loadavg
  
  
-our $file_parent = $cgi->param('fp');
-if (defined $file_parent) {
-       if (!validate_pathname($file_parent)) {
-               die_error(undef, "Invalid file parent parameter");
-       }
+       return 0;
  }
  
  }
  
-# parameters which are refnames
-our $hash = $cgi->param('h');
-if (defined $hash) {
-       if (!validate_refname($hash)) {
-               die_error(undef, "Invalid hash parameter");
-       }
+# version of the core git binary
+our $git_version;
+sub evaluate_git_version {
+       our $git_version = qx("$GIT" --version) =~ m/git version (.*)$/ ? $1 : "unknown";
+       $number_of_git_cmds++;
  }
  
  }
  
-our $hash_parent = $cgi->param('hp');
-if (defined $hash_parent) {
-       if (!validate_refname($hash_parent)) {
-               die_error(undef, "Invalid hash parent parameter");
+sub check_loadavg {
+       if (defined $maxload && get_loadavg() > $maxload) {
+               die_error(503, "The load average on the server is too high");
         }
  }
  
         }
  }
  
-our $hash_base = $cgi->param('hb');
-if (defined $hash_base) {
-       if (!validate_refname($hash_base)) {
-               die_error(undef, "Invalid hash base parameter");
-       }
-}
+# ======================================================================
+# input validation and dispatch
  
  
-my %allowed_options = (
-       "--no-merges" => [ qw(rss atom log shortlog history) ],
-);
+# input parameters can be collected from a variety of sources (presently, CGI
+# and PATH_INFO), so we define an %input_params hash that collects them all
+# together during validation: this allows subsequent uses (e.g. href()) to be
+# agnostic of the parameter origin
  
  
-our @extra_options = $cgi->param('opt');
-if (defined @extra_options) {
-       foreach my $opt (@extra_options) {
-               if (not exists $allowed_options{$opt}) {
-                       die_error(undef, "Invalid option parameter");
-               }
-               if (not grep(/^$action$/, @{$allowed_options{$opt}})) {
-                       die_error(undef, "Invalid option parameter for this action");
-               }
-       }
-}
+our %input_params = ();
  
  
-our $hash_parent_base = $cgi->param('hpb');
-if (defined $hash_parent_base) {
-       if (!validate_refname($hash_parent_base)) {
-               die_error(undef, "Invalid hash parent base parameter");
-       }
-}
+# input parameters are stored with the long parameter name as key. This will
+# also be used in the href subroutine to convert parameters to their CGI
+# equivalent, and since the href() usage is the most frequent one, we store
+# the name -> CGI key mapping here, instead of the reverse.
+#
+# XXX: Warning: If you touch this, check the search form for updating,
+# too.
+
+our @cgi_param_mapping = (
+       project => "p",
+       action => "a",
+       file_name => "f",
+       file_parent => "fp",
+       hash => "h",
+       hash_parent => "hp",
+       hash_base => "hb",
+       hash_parent_base => "hpb",
+       page => "pg",
+       order => "o",
+       searchtext => "s",
+       searchtype => "st",
+       snapshot_format => "sf",
+       extra_options => "opt",
+       search_use_regexp => "sr",
+       ctag => "by_tag",
+       # this must be last entry (for manipulation from JavaScript)
+       javascript => "js"
+);
+our %cgi_param_mapping = @cgi_param_mapping;
  
  
-# other parameters
-our $page = $cgi->param('pg');
-if (defined $page) {
-       if ($page =~ m/[^0-9]/) {
-               die_error(undef, "Invalid page parameter");
-       }
-}
+# we will also need to know the possible actions, for validation
+our %actions = (
+       "blame" => \&git_blame,
+       "blame_incremental" => \&git_blame_incremental,
+       "blame_data" => \&git_blame_data,
+       "blobdiff" => \&git_blobdiff,
+       "blobdiff_plain" => \&git_blobdiff_plain,
+       "blob" => \&git_blob,
+       "blob_plain" => \&git_blob_plain,
+       "commitdiff" => \&git_commitdiff,
+       "commitdiff_plain" => \&git_commitdiff_plain,
+       "commit" => \&git_commit,
+       "forks" => \&git_forks,
+       "heads" => \&git_heads,
+       "history" => \&git_history,
+       "log" => \&git_log,
+       "patch" => \&git_patch,
+       "patches" => \&git_patches,
+       "remotes" => \&git_remotes,
+       "rss" => \&git_rss,
+       "atom" => \&git_atom,
+       "search" => \&git_search,
+       "search_help" => \&git_search_help,
+       "shortlog" => \&git_shortlog,
+       "summary" => \&git_summary,
+       "tag" => \&git_tag,
+       "tags" => \&git_tags,
+       "tree" => \&git_tree,
+       "snapshot" => \&git_snapshot,
+       "object" => \&git_object,
+       # those below don't need $project
+       "opml" => \&git_opml,
+       "project_list" => \&git_project_list,
+       "project_index" => \&git_project_index,
+);
  
  
-our $searchtype = $cgi->param('st');
-if (defined $searchtype) {
-       if ($searchtype =~ m/[^a-z]/) {
-               die_error(undef, "Invalid searchtype parameter");
-       }
-}
+# finally, we have the hash of allowed extra_options for the commands that
+# allow them
+our %allowed_options = (
+       "--no-merges" => [ qw(rss atom log shortlog history) ],
+);
  
  
-our $search_use_regexp = $cgi->param('sr');
+# fill %input_params with the CGI parameters. All values except for 'opt'
+# should be single values, but opt can be an array. We should probably
+# build an array of parameters that can be multi-valued, but since for the time
+# being it's only this one, we just single it out
+sub evaluate_query_params {
+       our $cgi;
  
  
-our $searchtext = $cgi->param('s');
-our $search_regexp;
-if (defined $searchtext) {
-       if (length($searchtext) < 2) {
-               die_error(undef, "At least two characters are required for search parameter");
+       while (my ($name, $symbol) = each %cgi_param_mapping) {
+               if ($symbol eq 'opt') {
+                       $input_params{$name} = [ $cgi->param($symbol) ];
+               } else {
+                       $input_params{$name} = $cgi->param($symbol);
+               }
         }
         }
-       $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
  }
  
  }
  
-# now read PATH_INFO and use it as alternative to parameters
+# now read PATH_INFO and update the parameter list for missing parameters
  sub evaluate_path_info {
  sub evaluate_path_info {
-       return if defined $project;
-       my $path_info = $ENV{"PATH_INFO"};
+       return if defined $input_params{'project'};
         return if !$path_info;
         $path_info =~ s,^/+,,;
         return if !$path_info;
         return if !$path_info;
         $path_info =~ s,^/+,,;
         return if !$path_info;
+
         # find which part of PATH_INFO is project
         # find which part of PATH_INFO is project
-       $project = $path_info;
+       my $project = $path_info;
         $project =~ s,/+$,,;
         while ($project && !check_head_link("$projectroot/$project")) {
                 $project =~ s,/*[^/]*$,,;
         }
         $project =~ s,/+$,,;
         while ($project && !check_head_link("$projectroot/$project")) {
                 $project =~ s,/*[^/]*$,,;
         }
-       # validate project
-       $project = validate_pathname($project);
-       if (!$project ||
-           ($export_ok && !-e "$projectroot/$project/$export_ok") ||
-           ($strict_export && !project_in_list($project))) {
-               undef $project;
-               return;
-       }
+       return unless $project;
+       $input_params{'project'} = $project;
+
         # do not change any parameters if an action is given using the query string
         # do not change any parameters if an action is given using the query string
-       return if $action;
+       return if $input_params{'action'};
         $path_info =~ s,^\Q$project\E/*,,;
         $path_info =~ s,^\Q$project\E/*,,;
-       my ($refname, $pathname) = split(/:/, $path_info, 2);
+
+       # next, check if we have an action
+       my $action = $path_info;
+       $action =~ s,/.*$,,;
+       if (exists $actions{$action}) {
+               $path_info =~ s,^$action/*,,;
+               $input_params{'action'} = $action;
+       }
+
+       # list of actions that want hash_base instead of hash, but can have no
+       # pathname (f) parameter
+       my @wants_base = (
+               'tree',
+               'history',
+       );
+
+       # we want to catch, among others
+       # [$hash_parent_base[:$file_parent]..]$hash_parent[:$file_name]
+       my ($parentrefname, $parentpathname, $refname, $pathname) =
+               ($path_info =~ /^(?:(.+?)(?::(.+))?\.\.)?([^:]+?)?(?::(.+))?$/);
+
+       # first, analyze the 'current' part
         if (defined $pathname) {
         if (defined $pathname) {
-               # we got "project.git/branch:filename" or "project.git/branch:dir/"
-               # we could use git_get_type(branch:pathname), but it needs $git_dir
+               # we got "branch:filename" or "branch:dir/"
+               # we could use git_get_type(branch:pathname), but:
+               # - it needs $git_dir
+               # - it does a git() call
+               # - the convention of terminating directories with a slash
+               #   makes it superfluous
+               # - embedding the action in the PATH_INFO would make it even
+               #   more superfluous
                 $pathname =~ s,^/+,,;
                 if (!$pathname || substr($pathname, -1) eq "/") {
                 $pathname =~ s,^/+,,;
                 if (!$pathname || substr($pathname, -1) eq "/") {
-                       $action  ||= "tree";
+                       $input_params{'action'} ||= "tree";
                         $pathname =~ s,/$,,;
                 } else {
                         $pathname =~ s,/$,,;
                 } else {
-                       $action  ||= "blob_plain";
+                       # the default action depends on whether we had parent info
+                       # or not
+                       if ($parentrefname) {
+                               $input_params{'action'} ||= "blobdiff_plain";
+                       } else {
+                               $input_params{'action'} ||= "blob_plain";
+                       }
                 }
                 }
-               $hash_base ||= validate_refname($refname);
-               $file_name ||= validate_pathname($pathname);
+               $input_params{'hash_base'} ||= $refname;
+               $input_params{'file_name'} ||= $pathname;
         } elsif (defined $refname) {
         } elsif (defined $refname) {
-               # we got "project.git/branch"
-               $action ||= "shortlog";
-               $hash   ||= validate_refname($refname);
+               # we got "branch". In this case we have to choose if we have to
+               # set hash or hash_base.
+               #
+               # Most of the actions without a pathname only want hash to be
+               # set, except for the ones specified in @wants_base that want
+               # hash_base instead. It should also be noted that hand-crafted
+               # links having 'history' as an action and no pathname or hash
+               # set will fail, but that happens regardless of PATH_INFO.
+               if (defined $parentrefname) {
+                       # if there is parent let the default be 'shortlog' action
+                       # (for http://git.example.com/repo.git/A..B links); if there
+                       # is no parent, dispatch will detect type of object and set
+                       # action appropriately if required (if action is not set)
+                       $input_params{'action'} ||= "shortlog";
+               }
+               if ($input_params{'action'} &&
+                   grep { $_ eq $input_params{'action'} } @wants_base) {
+                       $input_params{'hash_base'} ||= $refname;
+               } else {
+                       $input_params{'hash'} ||= $refname;
+               }
+       }
+
+       # next, handle the 'parent' part, if present
+       if (defined $parentrefname) {
+               # a missing pathspec defaults to the 'current' filename, allowing e.g.
+               # someproject/blobdiff/oldrev..newrev:/filename
+               if ($parentpathname) {
+                       $parentpathname =~ s,^/+,,;
+                       $parentpathname =~ s,/$,,;
+                       $input_params{'file_parent'} ||= $parentpathname;
+               } else {
+                       $input_params{'file_parent'} ||= $input_params{'file_name'};
+               }
+               # we assume that hash_parent_base is wanted if a path was specified,
+               # or if the action wants hash_base instead of hash
+               if (defined $input_params{'file_parent'} ||
+                       grep { $_ eq $input_params{'action'} } @wants_base) {
+                       $input_params{'hash_parent_base'} ||= $parentrefname;
+               } else {
+                       $input_params{'hash_parent'} ||= $parentrefname;
+               }
+       }
+
+       # for the snapshot action, we allow URLs in the form
+       # $project/snapshot/$hash.ext
+       # where .ext determines the snapshot and gets removed from the
+       # passed $refname to provide the $hash.
+       #
+       # To be able to tell that $refname includes the format extension, we
+       # require the following two conditions to be satisfied:
+       # - the hash input parameter MUST have been set from the $refname part
+       #   of the URL (i.e. they must be equal)
+       # - the snapshot format MUST NOT have been defined already (e.g. from
+       #   CGI parameter sf)
+       # It's also useless to try any matching unless $refname has a dot,
+       # so we check for that too
+       if (defined $input_params{'action'} &&
+               $input_params{'action'} eq 'snapshot' &&
+               defined $refname && index($refname, '.') != -1 &&
+               $refname eq $input_params{'hash'} &&
+               !defined $input_params{'snapshot_format'}) {
+               # We loop over the known snapshot formats, checking for
+               # extensions. Allowed extensions are both the defined suffix
+               # (which includes the initial dot already) and the snapshot
+               # format key itself, with a prepended dot
+               while (my ($fmt, $opt) = each %known_snapshot_formats) {
+                       my $hash = $refname;
+                       unless ($hash =~ s/(\Q$opt->{'suffix'}\E|\Q.$fmt\E)$//) {
+                               next;
+                       }
+                       my $sfx = $1;
+                       # a valid suffix was found, so set the snapshot format
+                       # and reset the hash parameter
+                       $input_params{'snapshot_format'} = $fmt;
+                       $input_params{'hash'} = $hash;
+                       # we also set the format suffix to the one requested
+                       # in the URL: this way a request for e.g. .tgz returns
+                       # a .tgz instead of a .tar.gz
+                       $known_snapshot_formats{$fmt}{'suffix'} = $sfx;
+                       last;
+               }
+       }
+}
+
+our ($action, $project, $file_name, $file_parent, $hash, $hash_parent, $hash_base,
+     $hash_parent_base, @extra_options, $page, $searchtype, $search_use_regexp,
+     $searchtext, $search_regexp);
+sub evaluate_and_validate_params {
+       our $action = $input_params{'action'};
+       if (defined $action) {
+               if (!validate_action($action)) {
+                       die_error(400, "Invalid action parameter");
+               }
+       }
+
+       # parameters which are pathnames
+       our $project = $input_params{'project'};
+       if (defined $project) {
+               if (!validate_project($project)) {
+                       undef $project;
+                       die_error(404, "No such project");
+               }
+       }
+
+       our $file_name = $input_params{'file_name'};
+       if (defined $file_name) {
+               if (!validate_pathname($file_name)) {
+                       die_error(400, "Invalid file parameter");
+               }
+       }
+
+       our $file_parent = $input_params{'file_parent'};
+       if (defined $file_parent) {
+               if (!validate_pathname($file_parent)) {
+                       die_error(400, "Invalid file parent parameter");
+               }
+       }
+
+       # parameters which are refnames
+       our $hash = $input_params{'hash'};
+       if (defined $hash) {
+               if (!validate_refname($hash)) {
+                       die_error(400, "Invalid hash parameter");
+               }
+       }
+
+       our $hash_parent = $input_params{'hash_parent'};
+       if (defined $hash_parent) {
+               if (!validate_refname($hash_parent)) {
+                       die_error(400, "Invalid hash parent parameter");
+               }
+       }
+
+       our $hash_base = $input_params{'hash_base'};
+       if (defined $hash_base) {
+               if (!validate_refname($hash_base)) {
+                       die_error(400, "Invalid hash base parameter");
+               }
+       }
+
+       our @extra_options = @{$input_params{'extra_options'}};
+       # @extra_options is always defined, since it can only be (currently) set from
+       # CGI, and $cgi->param() returns the empty array in array context if the param
+       # is not set
+       foreach my $opt (@extra_options) {
+               if (not exists $allowed_options{$opt}) {
+                       die_error(400, "Invalid option parameter");
+               }
+               if (not grep(/^$action$/, @{$allowed_options{$opt}})) {
+                       die_error(400, "Invalid option parameter for this action");
+               }
+       }
+
+       our $hash_parent_base = $input_params{'hash_parent_base'};
+       if (defined $hash_parent_base) {
+               if (!validate_refname($hash_parent_base)) {
+                       die_error(400, "Invalid hash parent base parameter");
+               }
+       }
+
+       # other parameters
+       our $page = $input_params{'page'};
+       if (defined $page) {
+               if ($page =~ m/[^0-9]/) {
+                       die_error(400, "Invalid page parameter");
+               }
+       }
+
+       our $searchtype = $input_params{'searchtype'};
+       if (defined $searchtype) {
+               if ($searchtype =~ m/[^a-z]/) {
+                       die_error(400, "Invalid searchtype parameter");
+               }
+       }
+
+       our $search_use_regexp = $input_params{'search_use_regexp'};
+
+       our $searchtext = $input_params{'searchtext'};
+       our $search_regexp;
+       if (defined $searchtext) {
+               if (length($searchtext) < 2) {
+                       die_error(403, "At least two characters are required for search parameter");
+               }
+               $search_regexp = $search_use_regexp ? $searchtext : quotemeta $searchtext;
         }
  }
         }
  }
-evaluate_path_info();
  
  # path to the current git repository
  our $git_dir;
  
  # path to the current git repository
  our $git_dir;
-$git_dir = "$projectroot/$project" if $project;
+sub evaluate_git_dir {
+       our $git_dir = "$projectroot/$project" if $project;
+}
  
  
-# dispatch
-my %actions = (
-       "blame" => \&git_blame2,
-       "blobdiff" => \&git_blobdiff,
-       "blobdiff_plain" => \&git_blobdiff_plain,
-       "blob" => \&git_blob,
-       "blob_plain" => \&git_blob_plain,
-       "commitdiff" => \&git_commitdiff,
-       "commitdiff_plain" => \&git_commitdiff_plain,
-       "commit" => \&git_commit,
-       "forks" => \&git_forks,
-       "heads" => \&git_heads,
-       "history" => \&git_history,
-       "log" => \&git_log,
-       "rss" => \&git_rss,
-       "atom" => \&git_atom,
-       "search" => \&git_search,
-       "search_help" => \&git_search_help,
-       "shortlog" => \&git_shortlog,
-       "summary" => \&git_summary,
-       "tag" => \&git_tag,
-       "tags" => \&git_tags,
-       "tree" => \&git_tree,
-       "snapshot" => \&git_snapshot,
-       "object" => \&git_object,
-       # those below don't need $project
-       "opml" => \&git_opml,
-       "project_list" => \&git_project_list,
-       "project_index" => \&git_project_index,
-);
+our (@snapshot_fmts, $git_avatar);
+sub configure_gitweb_features {
+       # list of supported snapshot formats
+       our @snapshot_fmts = gitweb_get_feature('snapshot');
+       @snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
  
  
-if (!defined $action) {
-       if (defined $hash) {
-               $action = git_get_type($hash);
-       } elsif (defined $hash_base && defined $file_name) {
-               $action = git_get_type("$hash_base:$file_name");
-       } elsif (defined $project) {
-               $action = 'summary';
+       # check that the avatar feature is set to a known provider name,
+       # and for each provider check if the dependencies are satisfied.
+       # if the provider name is invalid or the dependencies are not met,
+       # reset $git_avatar to the empty string.
+       our ($git_avatar) = gitweb_get_feature('avatar');
+       if ($git_avatar eq 'gravatar') {
+               $git_avatar = '' unless (eval { require Digest::MD5; 1; });
+       } elsif ($git_avatar eq 'picon') {
+               # no dependencies
         } else {
         } else {
-               $action = 'project_list';
+               $git_avatar = '';
         }
  }
         }
  }
-if (!defined($actions{$action})) {
-       die_error(undef, "Unknown action");
+
+# custom error handler: 'die <message>' is Internal Server Error
+sub handle_errors_html {
+       my $msg = shift; # it is already HTML escaped
+
+       # to avoid infinite loop where error occurs in die_error,
+       # change handler to default handler, disabling handle_errors_html
+       set_message("Error occured when inside die_error:\n$msg");
+
+       # you cannot jump out of die_error when called as error handler;
+       # the subroutine set via CGI::Carp::set_message is called _after_
+       # HTTP headers are already written, so it cannot write them itself
+       die_error(undef, undef, $msg, -error_handler => 1, -no_http_header => 1);
+}
+set_message(\&handle_errors_html);
+
+# dispatch
+sub dispatch {
+       if (!defined $action) {
+               if (defined $hash) {
+                       $action = git_get_type($hash);
+               } elsif (defined $hash_base && defined $file_name) {
+                       $action = git_get_type("$hash_base:$file_name");
+               } elsif (defined $project) {
+                       $action = 'summary';
+               } else {
+                       $action = 'project_list';
+               }
+       }
+       if (!defined($actions{$action})) {
+               die_error(400, "Unknown action");
+       }
+       if ($action !~ m/^(?:opml|project_list|project_index)$/ &&
+           !$project) {
+               die_error(400, "Project needed");
+       }
+       $actions{$action}->();
+}
+
+sub reset_timer {
+       our $t0 = [ gettimeofday() ]
+               if defined $t0;
+       our $number_of_git_cmds = 0;
+}
+
+our $first_request = 1;
+sub run_request {
+       reset_timer();
+
+       evaluate_uri();
+       if ($first_request) {
+               evaluate_gitweb_config();
+               evaluate_git_version();
+       }
+       if ($per_request_config) {
+               if (ref($per_request_config) eq 'CODE') {
+                       $per_request_config->();
+               } elsif (!$first_request) {
+                       evaluate_gitweb_config();
+               }
+       }
+       check_loadavg();
+
+       # $projectroot and $projects_list might be set in gitweb config file
+       $projects_list ||= $projectroot;
+
+       evaluate_query_params();
+       evaluate_path_info();
+       evaluate_and_validate_params();
+       evaluate_git_dir();
+
+       configure_gitweb_features();
+
+       dispatch();
+}
+
+our $is_last_request = sub { 1 };
+our ($pre_dispatch_hook, $post_dispatch_hook, $pre_listen_hook);
+our $CGI = 'CGI';
+our $cgi;
+sub configure_as_fcgi {
+       require CGI::Fast;
+       our $CGI = 'CGI::Fast';
+
+       my $request_number = 0;
+       # let each child service 100 requests
+       our $is_last_request = sub { ++$request_number > 100 };
+}
+sub evaluate_argv {
+       my $script_name = $ENV{'SCRIPT_NAME'} || $ENV{'SCRIPT_FILENAME'} || __FILE__;
+       configure_as_fcgi()
+               if $script_name =~ /\.fcgi$/;
+
+       return unless (@ARGV);
+
+       require Getopt::Long;
+       Getopt::Long::GetOptions(
+               'fastcgi|fcgi|f' => \&configure_as_fcgi,
+               'nproc|n=i' => sub {
+                       my ($arg, $val) = @_;
+                       return unless eval { require FCGI::ProcManager; 1; };
+                       my $proc_manager = FCGI::ProcManager->new({
+                               n_processes => $val,
+                       });
+                       our $pre_listen_hook    = sub { $proc_manager->pm_manage()        };
+                       our $pre_dispatch_hook  = sub { $proc_manager->pm_pre_dispatch()  };
+                       our $post_dispatch_hook = sub { $proc_manager->pm_post_dispatch() };
+               },
+       );
  }
  }
-if ($action !~ m/^(opml|project_list|project_index)$/ &&
-    !$project) {
-       die_error(undef, "Project needed");
+
+sub run {
+       evaluate_argv();
+
+       $first_request = 1;
+       $pre_listen_hook->()
+               if $pre_listen_hook;
+
+ REQUEST:
+       while ($cgi = $CGI->new()) {
+               $pre_dispatch_hook->()
+                       if $pre_dispatch_hook;
+
+               run_request();
+
+               $post_dispatch_hook->()
+                       if $post_dispatch_hook;
+               $first_request = 0;
+
+               last REQUEST if ($is_last_request->());
+       }
+
+ DONE_GITWEB:
+       1;
+}
+
+run();
+
+if (defined caller) {
+       # wrapped in a subroutine processing requests,
+       # e.g. mod_perl with ModPerl::Registry, or PSGI with Plack::App::WrapCGI
+       return;
+} else {
+       # pure CGI script, serving single request
+       exit;
  }
  }
-$actions{$action}->();
-exit;
  
  ## ======================================================================
  ## action links
  
  
  ## ======================================================================
  ## action links
  
-sub href (%) {
+# possible values of extra options
+# -full => 0|1      - use absolute/full URL ($my_uri/$my_url as base)
+# -replay => 1      - start from a current view (replay with modifications)
+# -path_info => 0|1 - don't use/use path_info URL (if possible)
+# -anchor => ANCHOR - add #ANCHOR to end of URL, implies -replay if used alone
+sub href {
         my %params = @_;
         # default is to use -absolute url() i.e. $my_uri
         my $href = $params{-full} ? $my_url : $my_uri;
  
         my %params = @_;
         # default is to use -absolute url() i.e. $my_uri
         my $href = $params{-full} ? $my_url : $my_uri;
  
-       # XXX: Warning: If you touch this, check the search form for updating,
-       # too.
-
-       my @mapping = (
-               project => "p",
-               action => "a",
-               file_name => "f",
-               file_parent => "fp",
-               hash => "h",
-               hash_parent => "hp",
-               hash_base => "hb",
-               hash_parent_base => "hpb",
-               page => "pg",
-               order => "o",
-               searchtext => "s",
-               searchtype => "st",
-               snapshot_format => "sf",
-               extra_options => "opt",
-               search_use_regexp => "sr",
-       );
-       my %mapping = @mapping;
+       # implicit -replay, must be first of implicit params
+       $params{-replay} = 1 if (keys %params == 1 && $params{-anchor});
  
         $params{'project'} = $project unless exists $params{'project'};
  
         if ($params{-replay}) {
  
         $params{'project'} = $project unless exists $params{'project'};
  
         if ($params{-replay}) {
-               while (my ($name, $symbol) = each %mapping) {
+               while (my ($name, $symbol) = each %cgi_param_mapping) {
                         if (!exists $params{$name}) {
                         if (!exists $params{$name}) {
-                               # to allow for multivalued params we use arrayref form
-                               $params{$name} = [ $cgi->param($symbol) ];
+                               $params{$name} = $input_params{$name};
                         }
                 }
         }
  
                         }
                 }
         }
  
-       my ($use_pathinfo) = gitweb_check_feature('pathinfo');
-       if ($use_pathinfo) {
-               # use PATH_INFO for project name
-               $href .= "/".esc_url($params{'project'}) if defined $params{'project'};
+       my $use_pathinfo = gitweb_check_feature('pathinfo');
+       if (defined $params{'project'} &&
+           (exists $params{-path_info} ? $params{-path_info} : $use_pathinfo)) {
+               # try to put as many parameters as possible in PATH_INFO:
+               #   - project name
+               #   - action
+               #   - hash_parent or hash_parent_base:/file_parent
+               #   - hash or hash_base:/filename
+               #   - the snapshot_format as an appropriate suffix
+
+               # When the script is the root DirectoryIndex for the domain,
+               # $href here would be something like http://gitweb.example.com/
+               # Thus, we strip any trailing / from $href, to spare us double
+               # slashes in the final URL
+               $href =~ s,/$,,;
+
+               # Then add the project name, if present
+               $href .= "/".esc_path_info($params{'project'});
                 delete $params{'project'};
  
                 delete $params{'project'};
  
-               # Summary just uses the project path URL
-               if (defined $params{'action'} && $params{'action'} eq 'summary') {
+               # since we destructively absorb parameters, we keep this
+               # boolean that remembers if we're handling a snapshot
+               my $is_snapshot = $params{'action'} eq 'snapshot';
+
+               # Summary just uses the project path URL, any other action is
+               # added to the URL
+               if (defined $params{'action'}) {
+                       $href .= "/".esc_path_info($params{'action'})
+                               unless $params{'action'} eq 'summary';
                         delete $params{'action'};
                 }
                         delete $params{'action'};
                 }
+
+               # Next, we put hash_parent_base:/file_parent..hash_base:/file_name,
+               # stripping nonexistent or useless pieces
+               $href .= "/" if ($params{'hash_base'} || $params{'hash_parent_base'}
+                       || $params{'hash_parent'} || $params{'hash'});
+               if (defined $params{'hash_base'}) {
+                       if (defined $params{'hash_parent_base'}) {
+                               $href .= esc_path_info($params{'hash_parent_base'});
+                               # skip the file_parent if it's the same as the file_name
+                               if (defined $params{'file_parent'}) {
+                                       if (defined $params{'file_name'} && $params{'file_parent'} eq $params{'file_name'}) {
+                                               delete $params{'file_parent'};
+                                       } elsif ($params{'file_parent'} !~ /\.\./) {
+                                               $href .= ":/".esc_path_info($params{'file_parent'});
+                                               delete $params{'file_parent'};
+                                       }
+                               }
+                               $href .= "..";
+                               delete $params{'hash_parent'};
+                               delete $params{'hash_parent_base'};
+                       } elsif (defined $params{'hash_parent'}) {
+                               $href .= esc_path_info($params{'hash_parent'}). "..";
+                               delete $params{'hash_parent'};
+                       }
+
+                       $href .= esc_path_info($params{'hash_base'});
+                       if (defined $params{'file_name'} && $params{'file_name'} !~ /\.\./) {
+                               $href .= ":/".esc_path_info($params{'file_name'});
+                               delete $params{'file_name'};
+                       }
+                       delete $params{'hash'};
+                       delete $params{'hash_base'};
+               } elsif (defined $params{'hash'}) {
+                       $href .= esc_path_info($params{'hash'});
+                       delete $params{'hash'};
+               }
+
+               # If the action was a snapshot, we can absorb the
+               # snapshot_format parameter too
+               if ($is_snapshot) {
+                       my $fmt = $params{'snapshot_format'};
+                       # snapshot_format should always be defined when href()
+                       # is called, but just in case some code forgets, we
+                       # fall back to the default
+                       $fmt ||= $snapshot_fmts[0];
+                       $href .= $known_snapshot_formats{$fmt}{'suffix'};
+                       delete $params{'snapshot_format'};
+               }
         }
  
         # now encode the parameters explicitly
         my @result = ();
         }
  
         # now encode the parameters explicitly
         my @result = ();
-       for (my $i = 0; $i < @mapping; $i += 2) {
-               my ($name, $symbol) = ($mapping[$i], $mapping[$i+1]);
+       for (my $i = 0; $i < @cgi_param_mapping; $i += 2) {
+               my ($name, $symbol) = ($cgi_param_mapping[$i], $cgi_param_mapping[$i+1]);
                 if (defined $params{$name}) {
                         if (ref($params{$name}) eq "ARRAY") {
                                 foreach my $par (@{$params{$name}}) {
                 if (defined $params{$name}) {
                         if (ref($params{$name}) eq "ARRAY") {
                                 foreach my $par (@{$params{$name}}) {
@@ -659,6 +1352,13 @@ sub href (%) {
         }
         $href .= "?" . join(';', @result) if scalar @result;
  
         }
         $href .= "?" . join(';', @result) if scalar @result;
  
+       # final transformation: trailing spaces must be escaped (URI-encoded)
+       $href =~ s/(\s+)$/CGI::escape($1)/e;
+
+       if ($params{-anchor}) {
+               $href .= "#".esc_param($params{-anchor});
+       }
+
         return $href;
  }
  
         return $href;
  }
  
@@ -666,6 +1366,24 @@ sub href (%) {
  ## ======================================================================
  ## validation, quoting/unquoting and escaping
  
  ## ======================================================================
  ## validation, quoting/unquoting and escaping
  
+sub validate_action {
+       my $input = shift || return undef;
+       return undef unless exists $actions{$input};
+       return $input;
+}
+
+sub validate_project {
+       my $input = shift || return undef;
+       if (!validate_pathname($input) ||
+               !(-d "$projectroot/$input") ||
+               !check_export_ok("$projectroot/$input") ||
+               ($strict_export && !project_in_list($input))) {
+               return undef;
+       } else {
+               return $input;
+       }
+}
+
  sub validate_pathname {
         my $input = shift || return undef;
  
  sub validate_pathname {
         my $input = shift || return undef;
  
@@ -704,6 +1422,7 @@ sub validate_refname {
  # in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
  sub to_utf8 {
         my $str = shift;
  # in utf-8 thanks to "binmode STDOUT, ':utf8'" at beginning
  sub to_utf8 {
         my $str = shift;
+       return undef unless defined $str;
         if (utf8::valid($str)) {
                 utf8::decode($str);
                 return $str;
         if (utf8::valid($str)) {
                 utf8::decode($str);
                 return $str;
@@ -716,26 +1435,46 @@ sub to_utf8 {
  # correct, but quoted slashes look too horrible in bookmarks
  sub esc_param {
         my $str = shift;
  # correct, but quoted slashes look too horrible in bookmarks
  sub esc_param {
         my $str = shift;
-       $str =~ s/([^A-Za-z0-9\-_.~()\/:@])/sprintf("%%%02X", ord($1))/eg;
-       $str =~ s/\+/%2B/g;
+       return undef unless defined $str;
+       $str =~ s/([^A-Za-z0-9\-_.~()\/:@ ]+)/CGI::escape($1)/eg;
         $str =~ s/ /\+/g;
         return $str;
  }
  
         $str =~ s/ /\+/g;
         return $str;
  }
  
-# quote unsafe chars in whole URL, so some charactrs cannot be quoted
+# the quoting rules for path_info fragment are slightly different
+sub esc_path_info {
+       my $str = shift;
+       return undef unless defined $str;
+
+       # path_info doesn't treat '+' as space (specially), but '?' must be escaped
+       $str =~ s/([^A-Za-z0-9\-_.~();\/;:@&= +]+)/CGI::escape($1)/eg;
+
+       return $str;
+}
+
+# quote unsafe chars in whole URL, so some characters cannot be quoted
  sub esc_url {
         my $str = shift;
  sub esc_url {
         my $str = shift;
-       $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg;
-       $str =~ s/\+/%2B/g;
+       return undef unless defined $str;
+       $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&= ]+)/CGI::escape($1)/eg;
         $str =~ s/ /\+/g;
         return $str;
  }
  
         $str =~ s/ /\+/g;
         return $str;
  }
  
+# quote unsafe characters in HTML attributes
+sub esc_attr {
+
+       # for XHTML conformance escaping '"' to '&quot;' is not enough
+       return esc_html(@_);
+}
+
  # replace invalid utf8 character with SUBSTITUTION sequence
  # replace invalid utf8 character with SUBSTITUTION sequence
-sub esc_html ($;%) {
+sub esc_html {
         my $str = shift;
         my %opts = @_;
  
         my $str = shift;
         my %opts = @_;
  
+       return undef unless defined $str;
+
         $str = to_utf8($str);
         $str = $cgi->escapeHTML($str);
         if ($opts{'-nbsp'}) {
         $str = to_utf8($str);
         $str = $cgi->escapeHTML($str);
         if ($opts{'-nbsp'}) {
@@ -750,6 +1489,8 @@ sub esc_path {
         my $str = shift;
         my %opts = @_;
  
         my $str = shift;
         my %opts = @_;
  
+       return undef unless defined $str;
+
         $str = to_utf8($str);
         $str = $cgi->escapeHTML($str);
         if ($opts{'-nbsp'}) {
         $str = to_utf8($str);
         $str = $cgi->escapeHTML($str);
         if ($opts{'-nbsp'}) {
@@ -776,7 +1517,7 @@ sub quot_cec {
         );
         my $chr = ( (exists $es{$cntrl})
                     ? $es{$cntrl}
         );
         my $chr = ( (exists $es{$cntrl})
                     ? $es{$cntrl}
-                   : sprintf('\%03o', ord($cntrl)) );
+                   : sprintf('\%2x', ord($cntrl)) );
         if ($opts{-nohtml}) {
                 return $chr;
         } else {
         if ($opts{-nohtml}) {
                 return $chr;
         } else {
@@ -892,7 +1633,6 @@ sub chop_str {
                 $str =~ m/^(.*?)($begre)$/;
                 my ($lead, $body) = ($1, $2);
                 if (length($lead) > 4) {
                 $str =~ m/^(.*?)($begre)$/;
                 my ($lead, $body) = ($1, $2);
                 if (length($lead) > 4) {
-                       $body =~ s/^[^;]*;// if ($lead =~ m/&[^;]*$/);
                         $lead = " ...";
                 }
                 return "$lead$body";
                         $lead = " ...";
                 }
                 return "$lead$body";
@@ -903,8 +1643,6 @@ sub chop_str {
                 $str =~ m/^(.*?)($begre)$/;
                 my ($mid, $right) = ($1, $2);
                 if (length($mid) > 5) {
                 $str =~ m/^(.*?)($begre)$/;
                 my ($mid, $right) = ($1, $2);
                 if (length($mid) > 5) {
-                       $left  =~ s/&[^;]*$//;
-                       $right =~ s/^[^;]*;// if ($mid =~ m/&[^;]*$/);
                         $mid = " ... ";
                 }
                 return "$left$mid$right";
                         $mid = " ... ";
                 }
                 return "$left$mid$right";
@@ -914,7 +1652,6 @@ sub chop_str {
                 my $body = $1;
                 my $tail = $2;
                 if (length($tail) > 4) {
                 my $body = $1;
                 my $tail = $2;
                 if (length($tail) > 4) {
-                       $body =~ s/&[^;]*$//;
                         $tail = "... ";
                 }
                 return "$body$tail";
                         $tail = "... ";
                 }
                 return "$body$tail";
@@ -931,7 +1668,7 @@ sub chop_and_escape_str {
         if ($chopped eq $str) {
                 return esc_html($chopped);
         } else {
         if ($chopped eq $str) {
                 return esc_html($chopped);
         } else {
-               $str =~ s/([[:cntrl:]])/?/g;
+               $str =~ s/[[:cntrl:]]/?/g;
                 return $cgi->span({-title=>$str}, esc_html($chopped));
         }
  }
                 return $cgi->span({-title=>$str}, esc_html($chopped));
         }
  }
@@ -992,7 +1729,7 @@ use constant {
  };
  
  # submodule/subproject, a commit object reference
  };
  
  # submodule/subproject, a commit object reference
-sub S_ISGITLINK($) {
+sub S_ISGITLINK {
         my $mode = shift;
  
         return (($mode & S_IFMT) == S_IFGITLINK)
         my $mode = shift;
  
         return (($mode & S_IFMT) == S_IFGITLINK)
@@ -1080,24 +1817,32 @@ sub format_log_line_html {
         my $line = shift;
  
         $line = esc_html($line, -nbsp=>1);
         my $line = shift;
  
         $line = esc_html($line, -nbsp=>1);
-       if ($line =~ m/([0-9a-fA-F]{8,40})/) {
-               my $hash_text = $1;
-               my $link =
-                       $cgi->a({-href => href(action=>"object", hash=>$hash_text),
-                               -class => "text"}, $hash_text);
-               $line =~ s/$hash_text/$link/;
-       }
+       $line =~ s{\b([0-9a-fA-F]{8,40})\b}{
+               $cgi->a({-href => href(action=>"object", hash=>$1),
+                                       -class => "text"}, $1);
+       }eg;
+
         return $line;
  }
  
  # format marker of refs pointing to given object
         return $line;
  }
  
  # format marker of refs pointing to given object
+
+# the destination action is chosen based on object type and current context:
+# - for annotated tags, we choose the tag view unless it's the current view
+#   already, in which case we go to shortlog view
+# - for other refs, we keep the current view if we're in history, shortlog or
+#   log view, and select shortlog otherwise
  sub format_ref_marker {
         my ($refs, $id) = @_;
         my $markers = '';
  
         if (defined $refs->{$id}) {
                 foreach my $ref (@{$refs->{$id}}) {
  sub format_ref_marker {
         my ($refs, $id) = @_;
         my $markers = '';
  
         if (defined $refs->{$id}) {
                 foreach my $ref (@{$refs->{$id}}) {
+                       # this code exploits the fact that non-lightweight tags are the
+                       # only indirect objects, and that they are the only objects for which
+                       # we want to use tag instead of shortlog as action
                         my ($type, $name) = qw();
                         my ($type, $name) = qw();
+                       my $indirect = ($ref =~ s/\^\{\}$//);
                         # e.g. tags/v2.6.11 or heads/next
                         if ($ref =~ m!^(.*?)s?/(.*)$!) {
                                 $type = $1;
                         # e.g. tags/v2.6.11 or heads/next
                         if ($ref =~ m!^(.*?)s?/(.*)$!) {
                                 $type = $1;
@@ -1107,8 +1852,29 @@ sub format_ref_marker {
                                 $name = $ref;
                         }
  
                                 $name = $ref;
                         }
  
-                       $markers .= " <span class=\"$type\" title=\"$ref\">" .
-                                   esc_html($name) . "</span>";
+                       my $class = $type;
+                       $class .= " indirect" if $indirect;
+
+                       my $dest_action = "shortlog";
+
+                       if ($indirect) {
+                               $dest_action = "tag" unless $action eq "tag";
+                       } elsif ($action =~ /^(history|(short)?log)$/) {
+                               $dest_action = $action;
+                       }
+
+                       my $dest = "";
+                       $dest .= "refs/" unless $ref =~ m!^refs/!;
+                       $dest .= $ref;
+
+                       my $link = $cgi->a({
+                               -href => href(
+                                       action=>$dest_action,
+                                       hash=>$dest
+                               )}, $name);
+
+                       $markers .= " <span class=\"".esc_attr($class)."\" title=\"".esc_attr($ref)."\">" .
+                               $link . "</span>";
                 }
         }
  
                 }
         }
  
@@ -1125,15 +1891,117 @@ sub format_subject_html {
         $extra = '' unless defined($extra);
  
         if (length($short) < length($long)) {
         $extra = '' unless defined($extra);
  
         if (length($short) < length($long)) {
+               $long =~ s/[[:cntrl:]]/?/g;
                 return $cgi->a({-href => $href, -class => "list subject",
                                 -title => to_utf8($long)},
                 return $cgi->a({-href => $href, -class => "list subject",
                                 -title => to_utf8($long)},
-                      esc_html($short) . $extra);
+                      esc_html($short)) . $extra;
         } else {
                 return $cgi->a({-href => $href, -class => "list subject"},
         } else {
                 return $cgi->a({-href => $href, -class => "list subject"},
-                      esc_html($long)  . $extra);
+                      esc_html($long)) . $extra;
+       }
+}
+
+# Rather than recomputing the url for an email multiple times, we cache it
+# after the first hit. This gives a visible benefit in views where the avatar
+# for the same email is used repeatedly (e.g. shortlog).
+# The cache is shared by all avatar engines (currently gravatar only), which
+# are free to use it as preferred. Since only one avatar engine is used for any
+# given page, there's no risk for cache conflicts.
+our %avatar_cache = ();
+
+# Compute the picon url for a given email, by using the picon search service over at
+# http://www.cs.indiana.edu/picons/search.html
+sub picon_url {
+       my $email = lc shift;
+       if (!$avatar_cache{$email}) {
+               my ($user, $domain) = split('@', $email);
+               $avatar_cache{$email} =
+                       "http://www.cs.indiana.edu/cgi-pub/kinzler/piconsearch.cgi/" .
+                       "$domain/$user/" .
+                       "users+domains+unknown/up/single";
+       }
+       return $avatar_cache{$email};
+}
+
+# Compute the gravatar url for a given email, if it's not in the cache already.
+# Gravatar stores only the part of the URL before the size, since that's the
+# one computationally more expensive. This also allows reuse of the cache for
+# different sizes (for this particular engine).
+sub gravatar_url {
+       my $email = lc shift;
+       my $size = shift;
+       $avatar_cache{$email} ||=
+               "http://www.gravatar.com/avatar/" .
+                       Digest::MD5::md5_hex($email) . "?s=";
+       return $avatar_cache{$email} . $size;
+}
+
+# Insert an avatar for the given $email at the given $size if the feature
+# is enabled.
+sub git_get_avatar {
+       my ($email, %opts) = @_;
+       my $pre_white  = ($opts{-pad_before} ? "&nbsp;" : "");
+       my $post_white = ($opts{-pad_after}  ? "&nbsp;" : "");
+       $opts{-size} ||= 'default';
+       my $size = $avatar_size{$opts{-size}} || $avatar_size{'default'};
+       my $url = "";
+       if ($git_avatar eq 'gravatar') {
+               $url = gravatar_url($email, $size);
+       } elsif ($git_avatar eq 'picon') {
+               $url = picon_url($email);
+       }
+       # Other providers can be added by extending the if chain, defining $url
+       # as needed. If no variant puts something in $url, we assume avatars
+       # are completely disabled/unavailable.
+       if ($url) {
+               return $pre_white .
+                      "<img width=\"$size\" " .
+                           "class=\"avatar\" " .
+                           "src=\"".esc_url($url)."\" " .
+                           "alt=\"\" " .
+                      "/>" . $post_white;
+       } else {
+               return "";
         }
  }
  
         }
  }
  
+sub format_search_author {
+       my ($author, $searchtype, $displaytext) = @_;
+       my $have_search = gitweb_check_feature('search');
+
+       if ($have_search) {
+               my $performed = "";
+               if ($searchtype eq 'author') {
+                       $performed = "authored";
+               } elsif ($searchtype eq 'committer') {
+                       $performed = "committed";
+               }
+
+               return $cgi->a({-href => href(action=>"search", hash=>$hash,
+                               searchtext=>$author,
+                               searchtype=>$searchtype), class=>"list",
+                               title=>"Search for commits $performed by $author"},
+                               $displaytext);
+
+       } else {
+               return $displaytext;
+       }
+}
+
+# format the author name of the given commit with the given tag
+# the author name is chopped and escaped according to the other
+# optional parameters (see chop_str).
+sub format_author_html {
+       my $tag = shift;
+       my $co = shift;
+       my $author = chop_and_escape_str($co->{'author_name'}, @_);
+       return "<$tag class=\"author\">" .
+              format_search_author($co->{'author_name'}, "author",
+                      git_get_avatar($co->{'author_email'}, -pad_after => 1) .
+                      $author) .
+              "</$tag>";
+}
+
  # format git diff header line, i.e. "diff --(git|combined|cc) ..."
  sub format_git_diff_header_line {
         my $line = shift;
  # format git diff header line, i.e. "diff --(git|combined|cc) ..."
  sub format_git_diff_header_line {
         my $line = shift;
@@ -1420,8 +2288,6 @@ sub format_diff_line {
  # linked.  Pass the hash of the tree/commit to snapshot.
  sub format_snapshot_links {
         my ($hash) = @_;
  # linked.  Pass the hash of the tree/commit to snapshot.
  sub format_snapshot_links {
         my ($hash) = @_;
-       my @snapshot_fmts = gitweb_check_feature('snapshot');
-       @snapshot_fmts = filter_snapshot_fmts(@snapshot_fmts);
         my $num_fmts = @snapshot_fmts;
         if ($num_fmts > 1) {
                 # A parenthesized list of links bearing format names.
         my $num_fmts = @snapshot_fmts;
         if ($num_fmts > 1) {
                 # A parenthesized list of links bearing format names.
@@ -1498,26 +2364,42 @@ sub get_feed_info {
  
  # returns path to the core git executable and the --git-dir parameter as list
  sub git_cmd {
  
  # returns path to the core git executable and the --git-dir parameter as list
  sub git_cmd {
+       $number_of_git_cmds++;
         return $GIT, '--git-dir='.$git_dir;
  }
  
         return $GIT, '--git-dir='.$git_dir;
  }
  
-# returns path to the core git executable and the --git-dir parameter as string
-sub git_cmd_str {
-       return join(' ', git_cmd());
+# quote the given arguments for passing them to the shell
+# quote_command("command", "arg 1", "arg with ' and ! characters")
+# => "'command' 'arg 1' 'arg with '\'' and '\!' characters'"
+# Try to avoid using this function wherever possible.
+sub quote_command {
+       return join(' ',
+               map { my $a = $_; $a =~ s/(['!])/'\\$1'/g; "'$a'" } @_ );
  }
  
  # get HEAD ref of given project as hash
  sub git_get_head_hash {
  }
  
  # get HEAD ref of given project as hash
  sub git_get_head_hash {
-       my $project = shift;
+       return git_get_full_hash(shift, 'HEAD');
+}
+
+sub git_get_full_hash {
+       return git_get_hash(@_);
+}
+
+sub git_get_short_hash {
+       return git_get_hash(@_, '--short=7');
+}
+
+sub git_get_hash {
+       my ($project, $hash, @options) = @_;
         my $o_git_dir = $git_dir;
         my $retval = undef;
         $git_dir = "$projectroot/$project";
         my $o_git_dir = $git_dir;
         my $retval = undef;
         $git_dir = "$projectroot/$project";
-       if (open my $fd, "-|", git_cmd(), "rev-parse", "--verify", "HEAD") {
-               my $head = <$fd>;
+       if (open my $fd, '-|', git_cmd(), 'rev-parse',
+           '--verify', '-q', @options, $hash) {
+               $retval = <$fd>;
+               chomp $retval if defined $retval;
                 close $fd;
                 close $fd;
-               if (defined $head && $head =~ /^([0-9a-fA-F]{40})$/) {
-                       $retval = $1;
-               }
         }
         if (defined $o_git_dir) {
                 $git_dir = $o_git_dir;
         }
         if (defined $o_git_dir) {
                 $git_dir = $o_git_dir;
@@ -1577,18 +2459,19 @@ sub git_parse_project_config {
         return %config;
  }
  
         return %config;
  }
  
-# convert config value to boolean, 'true' or 'false'
+# convert config value to boolean: 'true' or 'false'
  # no value, number > 0, 'true' and 'yes' values are true
  # rest of values are treated as false (never as error)
  sub config_to_bool {
         my $val = shift;
  
  # no value, number > 0, 'true' and 'yes' values are true
  # rest of values are treated as false (never as error)
  sub config_to_bool {
         my $val = shift;
  
+       return 1 if !defined $val;             # section.key
+
         # strip leading and trailing whitespace
         $val =~ s/^\s+//;
         $val =~ s/\s+$//;
  
         # strip leading and trailing whitespace
         $val =~ s/^\s+//;
         $val =~ s/\s+$//;
  
-       return (!defined $val ||               # section.key
-               ($val =~ /^\d+$/ && $val) ||   # section.key = 1
+       return (($val =~ /^\d+$/ && $val) ||   # section.key = 1
                 ($val =~ /^(?:true|yes)$/i));  # section.key = true
  }
  
                 ($val =~ /^(?:true|yes)$/i));  # section.key = true
  }
  
@@ -1622,6 +2505,8 @@ sub config_to_multi {
  sub git_get_project_config {
         my ($key, $type) = @_;
  
  sub git_get_project_config {
         my ($key, $type) = @_;
  
+       return unless defined $git_dir;
+
         # key sanity check
         return unless ($key);
         $key =~ s/^gitweb\.//;
         # key sanity check
         return unless ($key);
         $key =~ s/^gitweb\.//;
@@ -1641,6 +2526,9 @@ sub git_get_project_config {
                 $config_file = "$git_dir/config";
         }
  
                 $config_file = "$git_dir/config";
         }
  
+       # check if config variable (key) exists
+       return unless exists $config{"gitweb.$key"};
+
         # ensure given type
         if (!defined $type) {
                 return $config{"gitweb.$key"};
         # ensure given type
         if (!defined $type) {
                 return $config{"gitweb.$key"};
@@ -1662,7 +2550,7 @@ sub git_get_hash_by_path {
         $path =~ s,/+$,,;
  
         open my $fd, "-|", git_cmd(), "ls-tree", $base, "--", $path
         $path =~ s,/+$,,;
  
         open my $fd, "-|", git_cmd(), "ls-tree", $base, "--", $path
-               or die_error(undef, "Open git-ls-tree failed");
+               or die_error(500, "Open git-ls-tree failed");
         my $line = <$fd>;
         close $fd or return undef;
  
         my $line = <$fd>;
         close $fd or return undef;
  
@@ -1686,46 +2574,183 @@ sub git_get_path_by_hash {
         my $base = shift || return;
         my $hash = shift || return;
  
         my $base = shift || return;
         my $hash = shift || return;
  
-       local $/ = "\0";
+       local $/ = "\0";
+
+       open my $fd, "-|", git_cmd(), "ls-tree", '-r', '-t', '-z', $base
+               or return undef;
+       while (my $line = <$fd>) {
+               chomp $line;
+
+               #'040000 tree 595596a6a9117ddba9fe379b6b012b558bac8423  gitweb'
+               #'100644 blob e02e90f0429be0d2a69b76571101f20b8f75530f  gitweb/README'
+               if ($line =~ m/(?:[0-9]+) (?:.+) $hash\t(.+)$/) {
+                       close $fd;
+                       return $1;
+               }
+       }
+       close $fd;
+       return undef;
+}
+
+## ......................................................................
+## git utility functions, directly accessing git repository
+
+# get the value of config variable either from file named as the variable
+# itself in the repository ($GIT_DIR/$name file), or from gitweb.$name
+# configuration variable in the repository config file.
+sub git_get_file_or_project_config {
+       my ($path, $name) = @_;
+
+       $git_dir = "$projectroot/$path";
+       open my $fd, '<', "$git_dir/$name"
+               or return git_get_project_config($name);
+       my $conf = <$fd>;
+       close $fd;
+       if (defined $conf) {
+               chomp $conf;
+       }
+       return $conf;
+}
+
+sub git_get_project_description {
+       my $path = shift;
+       return git_get_file_or_project_config($path, 'description');
+}
+
+sub git_get_project_category {
+       my $path = shift;
+       return git_get_file_or_project_config($path, 'category');
+}
+
+
+# supported formats:
+# * $GIT_DIR/ctags/<tagname> file (in 'ctags' subdirectory)
+#   - if its contents is a number, use it as tag weight,
+#   - otherwise add a tag with weight 1
+# * $GIT_DIR/ctags file, each line is a tag (with weight 1)
+#   the same value multiple times increases tag weight
+# * `gitweb.ctag' multi-valued repo config variable
+sub git_get_project_ctags {
+       my $project = shift;
+       my $ctags = {};
+
+       $git_dir = "$projectroot/$project";
+       if (opendir my $dh, "$git_dir/ctags") {
+               my @files = grep { -f $_ } map { "$git_dir/ctags/$_" } readdir($dh);
+               foreach my $tagfile (@files) {
+                       open my $ct, '<', $tagfile
+                               or next;
+                       my $val = <$ct>;
+                       chomp $val if $val;
+                       close $ct;
+
+                       (my $ctag = $tagfile) =~ s#.*/##;
+                       if ($val =~ /^\d+$/) {
+                               $ctags->{$ctag} = $val;
+                       } else {
+                               $ctags->{$ctag} = 1;
+                       }
+               }
+               closedir $dh;
+
+       } elsif (open my $fh, '<', "$git_dir/ctags") {
+               while (my $line = <$fh>) {
+                       chomp $line;
+                       $ctags->{$line}++ if $line;
+               }
+               close $fh;
+
+       } else {
+               my $taglist = config_to_multi(git_get_project_config('ctag'));
+               foreach my $tag (@$taglist) {
+                       $ctags->{$tag}++;
+               }
+       }
  
  
-       open my $fd, "-|", git_cmd(), "ls-tree", '-r', '-t', '-z', $base
-               or return undef;
-       while (my $line = <$fd>) {
-               chomp $line;
+       return $ctags;
+}
  
  
-               #'040000 tree 595596a6a9117ddba9fe379b6b012b558bac8423  gitweb'
-               #'100644 blob e02e90f0429be0d2a69b76571101f20b8f75530f  gitweb/README'
-               if ($line =~ m/(?:[0-9]+) (?:.+) $hash\t(.+)$/) {
-                       close $fd;
-                       return $1;
+# return hash, where keys are content tags ('ctags'),
+# and values are sum of weights of given tag in every project
+sub git_gather_all_ctags {
+       my $projects = shift;
+       my $ctags = {};
+
+       foreach my $p (@$projects) {
+               foreach my $ct (keys %{$p->{'ctags'}}) {
+                       $ctags->{$ct} += $p->{'ctags'}->{$ct};
                 }
         }
                 }
         }
-       close $fd;
-       return undef;
+
+       return $ctags;
  }
  
  }
  
-## ......................................................................
-## git utility functions, directly accessing git repository
+sub git_populate_project_tagcloud {
+       my $ctags = shift;
  
  
-sub git_get_project_description {
-       my $path = shift;
+       # First, merge different-cased tags; tags vote on casing
+       my %ctags_lc;
+       foreach (keys %$ctags) {
+               $ctags_lc{lc $_}->{count} += $ctags->{$_};
+               if (not $ctags_lc{lc $_}->{topcount}
+                   or $ctags_lc{lc $_}->{topcount} < $ctags->{$_}) {
+                       $ctags_lc{lc $_}->{topcount} = $ctags->{$_};
+                       $ctags_lc{lc $_}->{topname} = $_;
+               }
+       }
  
  
-       $git_dir = "$projectroot/$path";
-       open my $fd, "$git_dir/description"
-               or return git_get_project_config('description');
-       my $descr = <$fd>;
-       close $fd;
-       if (defined $descr) {
-               chomp $descr;
+       my $cloud;
+       my $matched = $cgi->param('by_tag');
+       if (eval { require HTML::TagCloud; 1; }) {
+               $cloud = HTML::TagCloud->new;
+               foreach my $ctag (sort keys %ctags_lc) {
+                       # Pad the title with spaces so that the cloud looks
+                       # less crammed.
+                       my $title = esc_html($ctags_lc{$ctag}->{topname});
+                       $title =~ s/ /&nbsp;/g;
+                       $title =~ s/^/&nbsp;/g;
+                       $title =~ s/$/&nbsp;/g;
+                       if (defined $matched && $matched eq $ctag) {
+                               $title = qq(<span class="match">$title</span>);
+                       }
+                       $cloud->add($title, href(project=>undef, ctag=>$ctag),
+                                   $ctags_lc{$ctag}->{count});
+               }
+       } else {
+               $cloud = {};
+               foreach my $ctag (keys %ctags_lc) {
+                       my $title = esc_html($ctags_lc{$ctag}->{topname}, -nbsp=>1);
+                       if (defined $matched && $matched eq $ctag) {
+                               $title = qq(<span class="match">$title</span>);
+                       }
+                       $cloud->{$ctag}{count} = $ctags_lc{$ctag}->{count};
+                       $cloud->{$ctag}{ctag} =
+                               $cgi->a({-href=>href(project=>undef, ctag=>$ctag)}, $title);
+               }
+       }
+       return $cloud;
+}
+
+sub git_show_project_tagcloud {
+       my ($cloud, $count) = @_;
+       if (ref $cloud eq 'HTML::TagCloud') {
+               return $cloud->html_and_css($count);
+       } else {
+               my @tags = sort { $cloud->{$a}->{'count'} <=> $cloud->{$b}->{'count'} } keys %$cloud;
+               return
+                       '<div id="htmltagcloud"'.($project ? '' : ' align="center"').'>' .
+                       join (', ', map {
+                               $cloud->{$_}->{'ctag'}
+                       } splice(@tags, 0, $count)) .
+                       '</div>';
         }
         }
-       return $descr;
  }
  
  sub git_get_project_url_list {
         my $path = shift;
  
         $git_dir = "$projectroot/$path";
  }
  
  sub git_get_project_url_list {
         my $path = shift;
  
         $git_dir = "$projectroot/$path";
-       open my $fd, "$git_dir/cloneurl"
+       open my $fd, '<', "$git_dir/cloneurl"
                 or return wantarray ?
                 @{ config_to_multi(git_get_project_config('url')) } :
                    config_to_multi(git_get_project_config('url'));
                 or return wantarray ?
                 @{ config_to_multi(git_get_project_config('url')) } :
                    config_to_multi(git_get_project_config('url'));
@@ -1736,43 +2761,47 @@ sub git_get_project_url_list {
  }
  
  sub git_get_projects_list {
  }
  
  sub git_get_projects_list {
-       my ($filter) = @_;
+       my $filter = shift || '';
         my @list;
  
         my @list;
  
-       $filter ||= '';
         $filter =~ s/\.git$//;
  
         $filter =~ s/\.git$//;
  
-       my ($check_forks) = gitweb_check_feature('forks');
-
         if (-d $projects_list) {
                 # search in directory
         if (-d $projects_list) {
                 # search in directory
-               my $dir = $projects_list . ($filter ? "/$filter" : '');
+               my $dir = $projects_list;
                 # remove the trailing "/"
                 $dir =~ s!/+$!!;
                 # remove the trailing "/"
                 $dir =~ s!/+$!!;
-               my $pfxlen = length("$dir");
-               my $pfxdepth = ($dir =~ tr!/!!);
+               my $pfxlen = length("$projects_list");
+               my $pfxdepth = ($projects_list =~ tr!/!!);
+               # when filtering, search only given subdirectory
+               if ($filter) {
+                       $dir .= "/$filter";
+                       $dir =~ s!/+$!!;
+               }
  
                 File::Find::find({
                         follow_fast => 1, # follow symbolic links
                         follow_skip => 2, # ignore duplicates
                         dangling_symlinks => 0, # ignore dangling symlinks, silently
                         wanted => sub {
  
                 File::Find::find({
                         follow_fast => 1, # follow symbolic links
                         follow_skip => 2, # ignore duplicates
                         dangling_symlinks => 0, # ignore dangling symlinks, silently
                         wanted => sub {
+                               # global variables
+                               our $project_maxdepth;
+                               our $projectroot;
                                 # skip project-list toplevel, if we get it.
                                 return if (m!^[/.]$!);
                                 # only directories can be git repositories
                                 return unless (-d $_);
                                 # don't traverse too deep (Find is super slow on os x)
                                 # skip project-list toplevel, if we get it.
                                 return if (m!^[/.]$!);
                                 # only directories can be git repositories
                                 return unless (-d $_);
                                 # don't traverse too deep (Find is super slow on os x)
+                               # $project_maxdepth excludes depth of $projectroot
                                 if (($File::Find::name =~ tr!/!!) - $pfxdepth > $project_maxdepth) {
                                         $File::Find::prune = 1;
                                         return;
                                 }
  
                                 if (($File::Find::name =~ tr!/!!) - $pfxdepth > $project_maxdepth) {
                                         $File::Find::prune = 1;
                                         return;
                                 }
  
-                               my $subdir = substr($File::Find::name, $pfxlen + 1);
+                               my $path = substr($File::Find::name, $pfxlen + 1);
                                 # we check related file in $projectroot
                                 # we check related file in $projectroot
-                               if ($check_forks and $subdir =~ m#/.#) {
-                                       $File::Find::prune = 1;
-                               } elsif (check_export_ok("$projectroot/$filter/$subdir")) {
-                                       push @list, { path => ($filter ? "$filter/" : '') . $subdir };
+                               if (check_export_ok("$projectroot/$path")) {
+                                       push @list, { path => $path };
                                         $File::Find::prune = 1;
                                 }
                         },
                                         $File::Find::prune = 1;
                                 }
                         },
@@ -1783,8 +2812,7 @@ sub git_get_projects_list {
                 # 'git%2Fgit.git Linus+Torvalds'
                 # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
                 # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
                 # 'git%2Fgit.git Linus+Torvalds'
                 # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
                 # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
-               my %paths;
-               open my ($fd), $projects_list or return;
+               open my $fd, '<', $projects_list or return;
         PROJECT:
                 while (my $line = <$fd>) {
                         chomp $line;
         PROJECT:
                 while (my $line = <$fd>) {
                         chomp $line;
@@ -1794,32 +2822,9 @@ sub git_get_projects_list {
                         if (!defined $path) {
                                 next;
                         }
                         if (!defined $path) {
                                 next;
                         }
-                       if ($filter ne '') {
-                               # looking for forks;
-                               my $pfx = substr($path, 0, length($filter));
-                               if ($pfx ne $filter) {
-                                       next PROJECT;
-                               }
-                               my $sfx = substr($path, length($filter));
-                               if ($sfx !~ /^\/.*\.git$/) {
-                                       next PROJECT;
-                               }
-                       } elsif ($check_forks) {
-                       PATH:
-                               foreach my $filter (keys %paths) {
-                                       # looking for forks;
-                                       my $pfx = substr($path, 0, length($filter));
-                                       if ($pfx ne $filter) {
-                                               next PATH;
-                                       }
-                                       my $sfx = substr($path, length($filter));
-                                       if ($sfx !~ /^\/.*\.git$/) {
-                                               next PATH;
-                                       }
-                                       # is a fork, don't include it in
-                                       # the list
-                                       next PROJECT;
-                               }
+                       # if $filter is rpovided, check if $path begins with $filter
+                       if ($filter && $path !~ m!^\Q$filter\E/!) {
+                               next;
                         }
                         if (check_export_ok("$projectroot/$path")) {
                                 my $pr = {
                         }
                         if (check_export_ok("$projectroot/$path")) {
                                 my $pr = {
@@ -1827,8 +2832,6 @@ sub git_get_projects_list {
                                         owner => to_utf8($owner),
                                 };
                                 push @list, $pr;
                                         owner => to_utf8($owner),
                                 };
                                 push @list, $pr;
-                               (my $forks_path = $path) =~ s/\.git$//;
-                               $paths{$forks_path}++;
                         }
                 }
                 close $fd;
                         }
                 }
                 close $fd;
@@ -1836,6 +2839,98 @@ sub git_get_projects_list {
         return @list;
  }
  
         return @list;
  }
  
+# written with help of Tree::Trie module (Perl Artistic License, GPL compatibile)
+# as side effects it sets 'forks' field to list of forks for forked projects
+sub filter_forks_from_projects_list {
+       my $projects = shift;
+
+       my %trie; # prefix tree of directories (path components)
+       # generate trie out of those directories that might contain forks
+       foreach my $pr (@$projects) {
+               my $path = $pr->{'path'};
+               $path =~ s/\.git$//;      # forks of 'repo.git' are in 'repo/' directory
+               next if ($path =~ m!/$!); # skip non-bare repositories, e.g. 'repo/.git'
+               next unless ($path);      # skip '.git' repository: tests, git-instaweb
+               next unless (-d $path);   # containing directory exists
+               $pr->{'forks'} = [];      # there can be 0 or more forks of project
+
+               # add to trie
+               my @dirs = split('/', $path);
+               # walk the trie, until either runs out of components or out of trie
+               my $ref = \%trie;
+               while (scalar @dirs &&
+                      exists($ref->{$dirs[0]})) {
+                       $ref = $ref->{shift @dirs};
+               }
+               # create rest of trie structure from rest of components
+               foreach my $dir (@dirs) {
+                       $ref = $ref->{$dir} = {};
+               }
+               # create end marker, store $pr as a data
+               $ref->{''} = $pr if (!exists $ref->{''});
+       }
+
+       # filter out forks, by finding shortest prefix match for paths
+       my @filtered;
+ PROJECT:
+       foreach my $pr (@$projects) {
+               # trie lookup
+               my $ref = \%trie;
+       DIR:
+               foreach my $dir (split('/', $pr->{'path'})) {
+                       if (exists $ref->{''}) {
+                               # found [shortest] prefix, is a fork - skip it
+                               push @{$ref->{''}{'forks'}}, $pr;
+                               next PROJECT;
+                       }
+                       if (!exists $ref->{$dir}) {
+                               # not in trie, cannot have prefix, not a fork
+                               push @filtered, $pr;
+                               next PROJECT;
+                       }
+                       # If the dir is there, we just walk one step down the trie.
+                       $ref = $ref->{$dir};
+               }
+               # we ran out of trie
+               # (shouldn't happen: it's either no match, or end marker)
+               push @filtered, $pr;
+       }
+
+       return @filtered;
+}
+
+# note: fill_project_list_info must be run first,
+# for 'descr_long' and 'ctags' to be filled
+sub search_projects_list {
+       my ($projlist, %opts) = @_;
+       my $tagfilter  = $opts{'tagfilter'};
+       my $searchtext = $opts{'searchtext'};
+
+       return @$projlist
+               unless ($tagfilter || $searchtext);
+
+       my @projects;
+ PROJECT:
+       foreach my $pr (@$projlist) {
+
+               if ($tagfilter) {
+                       next unless ref($pr->{'ctags'}) eq 'HASH';
+                       next unless
+                               grep { lc($_) eq lc($tagfilter) } keys %{$pr->{'ctags'}};
+               }
+
+               if ($searchtext) {
+                       next unless
+                               $pr->{'path'} =~ /$searchtext/ ||
+                               $pr->{'descr_long'} =~ /$searchtext/;
+               }
+
+               push @projects, $pr;
+       }
+
+       return @projects;
+}
+
  our $gitweb_project_owner = undef;
  sub git_get_project_list_from_file {
  
  our $gitweb_project_owner = undef;
  sub git_get_project_list_from_file {
  
@@ -1847,7 +2942,7 @@ sub git_get_project_list_from_file {
         # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
         # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
         if (-f $projects_list) {
         # 'libs%2Fklibc%2Fklibc.git H.+Peter+Anvin'
         # 'linux%2Fhotplug%2Fudev.git Greg+Kroah-Hartman'
         if (-f $projects_list) {
-               open (my $fd , $projects_list);
+               open(my $fd, '<', $projects_list);
                 while (my $line = <$fd>) {
                         chomp $line;
                         my ($pr, $ow) = split ' ', $line;
                 while (my $line = <$fd>) {
                         chomp $line;
                         my ($pr, $ow) = split ' ', $line;
@@ -1904,6 +2999,44 @@ sub git_get_last_activity {
         return (undef, undef);
  }
  
         return (undef, undef);
  }
  
+# Implementation note: when a single remote is wanted, we cannot use 'git
+# remote show -n' because that command always work (assuming it's a remote URL
+# if it's not defined), and we cannot use 'git remote show' because that would
+# try to make a network roundtrip. So the only way to find if that particular
+# remote is defined is to walk the list provided by 'git remote -v' and stop if
+# and when we find what we want.
+sub git_get_remotes_list {
+       my $wanted = shift;
+       my %remotes = ();
+
+       open my $fd, '-|' , git_cmd(), 'remote', '-v';
+       return unless $fd;
+       while (my $remote = <$fd>) {
+               chomp $remote;
+               $remote =~ s!\t(.*?)\s+\((\w+)\)$!!;
+               next if $wanted and not $remote eq $wanted;
+               my ($url, $key) = ($1, $2);
+
+               $remotes{$remote} ||= { 'heads' => () };
+               $remotes{$remote}{$key} = $url;
+       }
+       close $fd or return;
+       return wantarray ? %remotes : \%remotes;
+}
+
+# Takes a hash of remotes as first parameter and fills it by adding the
+# available remote heads for each of the indicated remotes.
+sub fill_remote_heads {
+       my $remotes = shift;
+       my @heads = map { "remotes/$_" } keys %$remotes;
+       my @remoteheads = git_get_heads_list(undef, @heads);
+       foreach my $remote (keys %$remotes) {
+               $remotes->{$remote}{'heads'} = [ grep {
+                       $_->{'name'} =~ s!^$remote/!!
+                       } @remoteheads ];
+       }
+}
+
  sub git_get_references {
         my $type = shift || "";
         my %refs;
  sub git_get_references {
         my $type = shift || "";
         my %refs;
@@ -1915,7 +3048,7 @@ sub git_get_references {
  
         while (my $line = <$fd>) {
                 chomp $line;
  
         while (my $line = <$fd>) {
                 chomp $line;
-               if ($line =~ m!^([0-9a-fA-F]{40})\srefs/($type/?[^^]+)!) {
+               if ($line =~ m!^([0-9a-fA-F]{40})\srefs/($type.*)$!) {
                         if (defined $refs{$1}) {
                                 push @{$refs{$1}}, $2;
                         } else {
                         if (defined $refs{$1}) {
                                 push @{$refs{$1}}, $2;
                         } else {
@@ -1966,8 +3099,10 @@ sub parse_date {
         $date{'iso-8601'}  = sprintf "%04d-%02d-%02dT%02d:%02d:%02dZ",
                              1900+$year, 1+$mon, $mday, $hour ,$min, $sec;
  
         $date{'iso-8601'}  = sprintf "%04d-%02d-%02dT%02d:%02d:%02dZ",
                              1900+$year, 1+$mon, $mday, $hour ,$min, $sec;
  
-       $tz =~ m/^([+\-][0-9][0-9])([0-9][0-9])$/;
-       my $local = $epoch + ((int $1 + ($2/60)) * 3600);
+       my ($tz_sign, $tz_hour, $tz_min) =
+               ($tz =~ m/^([-+])(\d\d)(\d\d)$/);
+       $tz_sign = ($tz_sign eq '-' ? -1 : +1);
+       my $local = $epoch + $tz_sign*((($tz_hour*60) + $tz_min)*60);
         ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday) = gmtime($local);
         $date{'hour_local'} = $hour;
         $date{'minute_local'} = $min;
         ($sec, $min, $hour, $mday, $mon, $year, $wday, $yday) = gmtime($local);
         $date{'hour_local'} = $hour;
         $date{'minute_local'} = $min;
@@ -1995,8 +3130,14 @@ sub parse_tag {
                         $tag{'name'} = $1;
                 } elsif ($line =~ m/^tagger (.*) ([0-9]+) (.*)$/) {
                         $tag{'author'} = $1;
                         $tag{'name'} = $1;
                 } elsif ($line =~ m/^tagger (.*) ([0-9]+) (.*)$/) {
                         $tag{'author'} = $1;
-                       $tag{'epoch'} = $2;
-                       $tag{'tz'} = $3;
+                       $tag{'author_epoch'} = $2;
+                       $tag{'author_tz'} = $3;
+                       if ($tag{'author'} =~ m/^([^<]+) <([^>]*)>/) {
+                               $tag{'author_name'}  = $1;
+                               $tag{'author_email'} = $2;
+                       } else {
+                               $tag{'author_name'} = $tag{'author'};
+                       }
                 } elsif ($line =~ m/--BEGIN/) {
                         push @comment, $line;
                         last;
                 } elsif ($line =~ m/--BEGIN/) {
                         push @comment, $line;
                         last;
@@ -2036,7 +3177,7 @@ sub parse_commit_text {
                 } elsif ((!defined $withparents) && ($line =~ m/^parent ([0-9a-fA-F]{40})$/)) {
                         push @parents, $1;
                 } elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
                 } elsif ((!defined $withparents) && ($line =~ m/^parent ([0-9a-fA-F]{40})$/)) {
                         push @parents, $1;
                 } elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
-                       $co{'author'} = $1;
+                       $co{'author'} = to_utf8($1);
                         $co{'author_epoch'} = $2;
                         $co{'author_tz'} = $3;
                         if ($co{'author'} =~ m/^([^<]+) <([^>]*)>/) {
                         $co{'author_epoch'} = $2;
                         $co{'author_tz'} = $3;
                         if ($co{'author'} =~ m/^([^<]+) <([^>]*)>/) {
@@ -2046,10 +3187,9 @@ sub parse_commit_text {
                                 $co{'author_name'} = $co{'author'};
                         }
                 } elsif ($line =~ m/^committer (.*) ([0-9]+) (.*)$/) {
                                 $co{'author_name'} = $co{'author'};
                         }
                 } elsif ($line =~ m/^committer (.*) ([0-9]+) (.*)$/) {
-                       $co{'committer'} = $1;
+                       $co{'committer'} = to_utf8($1);
                         $co{'committer_epoch'} = $2;
                         $co{'committer_tz'} = $3;
                         $co{'committer_epoch'} = $2;
                         $co{'committer_tz'} = $3;
-                       $co{'committer_name'} = $co{'committer'};
                         if ($co{'committer'} =~ m/^([^<]+) <([^>]*)>/) {
                                 $co{'committer_name'}  = $1;
                                 $co{'committer_email'} = $2;
                         if ($co{'committer'} =~ m/^([^<]+) <([^>]*)>/) {
                                 $co{'committer_name'}  = $1;
                                 $co{'committer_email'} = $2;
@@ -2089,7 +3229,7 @@ sub parse_commit_text {
                         last;
                 }
         }
                         last;
                 }
         }
-       if ($co{'title'} eq "") {
+       if (! defined $co{'title'} || $co{'title'} eq "") {
                 $co{'title'} = $co{'title_short'} = '(no commit message)';
         }
         # remove added spaces
                 $co{'title'} = $co{'title_short'} = '(no commit message)';
         }
         # remove added spaces
@@ -2124,7 +3264,7 @@ sub parse_commit {
                 "--max-count=1",
                 $commit_id,
                 "--",
                 "--max-count=1",
                 $commit_id,
                 "--",
-               or die_error(undef, "Open git-rev-list failed");
+               or die_error(500, "Open git-rev-list failed");
         %co = parse_commit_text(<$fd>, 1);
         close $fd;
  
         %co = parse_commit_text(<$fd>, 1);
         close $fd;
  
@@ -2149,7 +3289,7 @@ sub parse_commits {
                 $commit_id,
                 "--",
                 ($filename ? ($filename) : ())
                 $commit_id,
                 "--",
                 ($filename ? ($filename) : ())
-               or die_error(undef, "Open git-rev-list failed");
+               or die_error(500, "Open git-rev-list failed");
         while (my $line = <$fd>) {
                 my %co = parse_commit_text($line);
                 push @cos, \%co;
         while (my $line = <$fd>) {
                 my %co = parse_commit_text($line);
                 push @cos, \%co;
@@ -2159,49 +3299,6 @@ sub parse_commits {
         return wantarray ? @cos : \@cos;
  }
  
         return wantarray ? @cos : \@cos;
  }
  
-# parse ref from ref_file, given by ref_id, with given type
-sub parse_ref {
-       my $ref_file = shift;
-       my $ref_id = shift;
-       my $type = shift || git_get_type($ref_id);
-       my %ref_item;
-
-       $ref_item{'type'} = $type;
-       $ref_item{'id'} = $ref_id;
-       $ref_item{'epoch'} = 0;
-       $ref_item{'age'} = "unknown";
-       if ($type eq "tag") {
-               my %tag = parse_tag($ref_id);
-               $ref_item{'comment'} = $tag{'comment'};
-               if ($tag{'type'} eq "commit") {
-                       my %co = parse_commit($tag{'object'});
-                       $ref_item{'epoch'} = $co{'committer_epoch'};
-                       $ref_item{'age'} = $co{'age_string'};
-               } elsif (defined($tag{'epoch'})) {
-                       my $age = time - $tag{'epoch'};
-                       $ref_item{'epoch'} = $tag{'epoch'};
-                       $ref_item{'age'} = age_string($age);
-               }
-               $ref_item{'reftype'} = $tag{'type'};
-               $ref_item{'name'} = $tag{'name'};
-               $ref_item{'refid'} = $tag{'object'};
-       } elsif ($type eq "commit"){
-               my %co = parse_commit($ref_id);
-               $ref_item{'reftype'} = "commit";
-               $ref_item{'name'} = $ref_file;
-               $ref_item{'title'} = $co{'title'};
-               $ref_item{'refid'} = $ref_id;
-               $ref_item{'epoch'} = $co{'committer_epoch'};
-               $ref_item{'age'} = $co{'age_string'};
-       } else {
-               $ref_item{'reftype'} = $type;
-               $ref_item{'name'} = $ref_file;
-               $ref_item{'refid'} = $ref_id;
-       }
-
-       return %ref_item;
-}
-
  # parse line of git-diff-tree "raw" output
  sub parse_difftree_raw_line {
         my $line = shift;
  # parse line of git-diff-tree "raw" output
  sub parse_difftree_raw_line {
         my $line = shift;
@@ -2255,21 +3352,36 @@ sub parsed_difftree_line {
  }
  
  # parse line of git-ls-tree output
  }
  
  # parse line of git-ls-tree output
-sub parse_ls_tree_line ($;%) {
+sub parse_ls_tree_line {
         my $line = shift;
         my %opts = @_;
         my %res;
  
         my $line = shift;
         my %opts = @_;
         my %res;
  
-       #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
-       $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/s;
+       if ($opts{'-l'}) {
+               #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa   16717  panic.c'
+               $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40}) +(-|[0-9]+)\t(.+)$/s;
  
  
-       $res{'mode'} = $1;
-       $res{'type'} = $2;
-       $res{'hash'} = $3;
-       if ($opts{'-z'}) {
-               $res{'name'} = $4;
+               $res{'mode'} = $1;
+               $res{'type'} = $2;
+               $res{'hash'} = $3;
+               $res{'size'} = $4;
+               if ($opts{'-z'}) {
+                       $res{'name'} = $5;
+               } else {
+                       $res{'name'} = unquote($5);
+               }
         } else {
         } else {
-               $res{'name'} = unquote($4);
+               #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
+               $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t(.+)$/s;
+
+               $res{'mode'} = $1;
+               $res{'type'} = $2;
+               $res{'hash'} = $3;
+               if ($opts{'-z'}) {
+                       $res{'name'} = $4;
+               } else {
+                       $res{'name'} = unquote($4);
+               }
         }
  
         return wantarray ? %res : \%res;
         }
  
         return wantarray ? %res : \%res;
@@ -2325,13 +3437,15 @@ sub parse_from_to_diffinfo {
  ## parse to array of hashes functions
  
  sub git_get_heads_list {
  ## parse to array of hashes functions
  
  sub git_get_heads_list {
-       my $limit = shift;
+       my ($limit, @classes) = @_;
+       @classes = ('heads') unless @classes;
+       my @patterns = map { "refs/$_" } @classes;
         my @headslist;
  
         open my $fd, '-|', git_cmd(), 'for-each-ref',
                 ($limit ? '--count='.($limit+1) : ()), '--sort=-committerdate',
                 '--format=%(objectname) %(refname) %(subject)%00%(committer)',
         my @headslist;
  
         open my $fd, '-|', git_cmd(), 'for-each-ref',
                 ($limit ? '--count='.($limit+1) : ()), '--sort=-committerdate',
                 '--format=%(objectname) %(refname) %(subject)%00%(committer)',
-               'refs/heads'
+               @patterns
                 or return;
         while (my $line = <$fd>) {
                 my %ref_item;
                 or return;
         while (my $line = <$fd>) {
                 my %ref_item;
@@ -2342,7 +3456,7 @@ sub git_get_heads_list {
                 my ($committer, $epoch, $tz) =
                         ($committerinfo =~ /^(.*) ([0-9]+) (.*)$/);
                 $ref_item{'fullname'}  = $name;
                 my ($committer, $epoch, $tz) =
                         ($committerinfo =~ /^(.*) ([0-9]+) (.*)$/);
                 $ref_item{'fullname'}  = $name;
-               $name =~ s!^refs/heads/!!;
+               $name =~ s!^refs/(?:head|remote)s/!!;
  
                 $ref_item{'name'}  = $name;
                 $ref_item{'id'}    = $hash;
  
                 $ref_item{'name'}  = $name;
                 $ref_item{'id'}    = $hash;
@@ -2426,6 +3540,15 @@ sub get_file_owner {
         return to_utf8($owner);
  }
  
         return to_utf8($owner);
  }
  
+# assume that file exists
+sub insert_file {
+       my $filename = shift;
+
+       open my $fd, '<', $filename;
+       print map { to_utf8($_) } <$fd>;
+       close $fd;
+}
+
  ## ......................................................................
  ## mimetype related functions
  
  ## ......................................................................
  ## mimetype related functions
  
@@ -2435,18 +3558,15 @@ sub mimetype_guess_file {
         -r $mimemap or return undef;
  
         my %mimemap;
         -r $mimemap or return undef;
  
         my %mimemap;
-       open(MIME, $mimemap) or return undef;
-       while (<MIME>) {
+       open(my $mh, '<', $mimemap) or return undef;
+       while (<$mh>) {
                 next if m/^#/; # skip comments
                 next if m/^#/; # skip comments
-               my ($mime, $exts) = split(/\t+/);
-               if (defined $exts) {
-                       my @exts = split(/\s+/, $exts);
-                       foreach my $ext (@exts) {
-                               $mimemap{$ext} = $mime;
-                       }
+               my ($mimetype, @exts) = split(/\s+/);
+               foreach my $ext (@exts) {
+                       $mimemap{$ext} = $mimetype;
                 }
         }
                 }
         }
-       close(MIME);
+       close($mh);
  
         $filename =~ /\.([^.]*)$/;
         return $mimemap{$1};
  
         $filename =~ /\.([^.]*)$/;
         return $mimemap{$1};
@@ -2482,8 +3602,7 @@ sub blob_mimetype {
         return $default_blob_plain_mimetype unless $fd;
  
         if (-T $fd) {
         return $default_blob_plain_mimetype unless $fd;
  
         if (-T $fd) {
-               return 'text/plain' .
-                      ($default_text_plain_charset ? '; charset='.$default_text_plain_charset : '');
+               return 'text/plain';
         } elsif (! $filename) {
                 return 'application/octet-stream';
         } elsif ($filename =~ m/\.png$/i) {
         } elsif (! $filename) {
                 return 'application/octet-stream';
         } elsif ($filename =~ m/\.png$/i) {
@@ -2497,74 +3616,81 @@ sub blob_mimetype {
         }
  }
  
         }
  }
  
+sub blob_contenttype {
+       my ($fd, $file_name, $type) = @_;
+
+       $type ||= blob_mimetype($fd, $file_name);
+       if ($type eq 'text/plain' && defined $default_text_plain_charset) {
+               $type .= "; charset=$default_text_plain_charset";
+       }
+
+       return $type;
+}
+
+# guess file syntax for syntax highlighting; return undef if no highlighting
+# the name of syntax can (in the future) depend on syntax highlighter used
+sub guess_file_syntax {
+       my ($highlight, $mimetype, $file_name) = @_;
+       return undef unless ($highlight && defined $file_name);
+       my $basename = basename($file_name, '.in');
+       return $highlight_basename{$basename}
+               if exists $highlight_basename{$basename};
+
+       $basename =~ /\.([^.]*)$/;
+       my $ext = $1 or return undef;
+       return $highlight_ext{$ext}
+               if exists $highlight_ext{$ext};
+
+       return undef;
+}
+
+# run highlighter and return FD of its output,
+# or return original FD if no highlighting
+sub run_highlighter {
+       my ($fd, $highlight, $syntax) = @_;
+       return $fd unless ($highlight && defined $syntax);
+
+       close $fd;
+       open $fd, quote_command(git_cmd(), "cat-file", "blob", $hash)." | ".
+                 quote_command($highlight_bin).
+                 " --replace-tabs=8 --fragment --syntax $syntax |"
+               or die_error(500, "Couldn't open file or run syntax highlighter");
+       return $fd;
+}
+
  ## ======================================================================
  ## functions printing HTML: header, footer, error page
  
  ## ======================================================================
  ## functions printing HTML: header, footer, error page
  
-sub git_header_html {
-       my $status = shift || "200 OK";
-       my $expires = shift;
+sub get_page_title {
+       my $title = to_utf8($site_name);
  
  
-       my $title = "$site_name";
-       if (defined $project) {
-               $title .= " - " . to_utf8($project);
-               if (defined $action) {
-                       $title .= "/$action";
-                       if (defined $file_name) {
-                               $title .= " - " . esc_path($file_name);
-                               if ($action eq "tree" && $file_name !~ m|/$|) {
-                                       $title .= "/";
-                               }
-                       }
-               }
-       }
-       my $content_type;
-       # require explicit support from the UA if we are to send the page as
-       # 'application/xhtml+xml', otherwise send it as plain old 'text/html'.
-       # we have to do this because MSIE sometimes globs '*/*', pretending to
-       # support xhtml+xml but choking when it gets what it asked for.
-       if (defined $cgi->http('HTTP_ACCEPT') &&
-           $cgi->http('HTTP_ACCEPT') =~ m/(,|;|\s|^)application\/xhtml\+xml(,|;|\s|$)/ &&
-           $cgi->Accept('application/xhtml+xml') != 0) {
-               $content_type = 'application/xhtml+xml';
-       } else {
-               $content_type = 'text/html';
-       }
-       print $cgi->header(-type=>$content_type, -charset => 'utf-8',
-                          -status=> $status, -expires => $expires);
-       my $mod_perl_version = $ENV{'MOD_PERL'} ? " $ENV{'MOD_PERL'}" : '';
-       print <<EOF;
-<?xml version="1.0" encoding="utf-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
-<!-- git web interface version $version, (C) 2005-2006, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke -->
-<!-- git core binaries version $git_version -->
-<head>
-<meta http-equiv="content-type" content="$content_type; charset=utf-8"/>
-<meta name="generator" content="gitweb/$version git/$git_version$mod_perl_version"/>
-<meta name="robots" content="index, nofollow"/>
-<title>$title</title>
-EOF
-# print out each stylesheet that exist
-       if (defined $stylesheet) {
-#provides backwards capability for those people who define style sheet in a config file
-               print '<link rel="stylesheet" type="text/css" href="'.$stylesheet.'"/>'."\n";
-       } else {
-               foreach my $stylesheet (@stylesheets) {
-                       next unless $stylesheet;
-                       print '<link rel="stylesheet" type="text/css" href="'.$stylesheet.'"/>'."\n";
-               }
+       return $title unless (defined $project);
+       $title .= " - " . to_utf8($project);
+
+       return $title unless (defined $action);
+       $title .= "/$action"; # $action is US-ASCII (7bit ASCII)
+
+       return $title unless (defined $file_name);
+       $title .= " - " . esc_path($file_name);
+       if ($action eq "tree" && $file_name !~ m|/$|) {
+               $title .= "/";
         }
         }
+
+       return $title;
+}
+
+sub print_feed_meta {
         if (defined $project) {
                 my %href_params = get_feed_info();
                 if (!exists $href_params{'-title'}) {
                         $href_params{'-title'} = 'log';
                 }
  
         if (defined $project) {
                 my %href_params = get_feed_info();
                 if (!exists $href_params{'-title'}) {
                         $href_params{'-title'} = 'log';
                 }
  
-               foreach my $format qw(RSS Atom) {
+               foreach my $format (qw(RSS Atom)) {
                         my $type = lc($format);
                         my %link_attr = (
                                 '-rel' => 'alternate',
                         my $type = lc($format);
                         my %link_attr = (
                                 '-rel' => 'alternate',
-                               '-title' => "$project - $href_params{'-title'} - $format feed",
+                               '-title' => esc_attr("$project - $href_params{'-title'} - $format feed"),
                                 '-type' => "application/$type+xml"
                         );
  
                                 '-type' => "application/$type+xml"
                         );
  
@@ -2591,39 +3717,103 @@ EOF
         } else {
                 printf('<link rel="alternate" title="%s projects list" '.
                        'href="%s" type="text/plain; charset=utf-8" />'."\n",
         } else {
                 printf('<link rel="alternate" title="%s projects list" '.
                        'href="%s" type="text/plain; charset=utf-8" />'."\n",
-                      $site_name, href(project=>undef, action=>"project_index"));
+                      esc_attr($site_name), href(project=>undef, action=>"project_index"));
                 printf('<link rel="alternate" title="%s projects feeds" '.
                        'href="%s" type="text/x-opml" />'."\n",
                 printf('<link rel="alternate" title="%s projects feeds" '.
                        'href="%s" type="text/x-opml" />'."\n",
-                      $site_name, href(project=>undef, action=>"opml"));
+                      esc_attr($site_name), href(project=>undef, action=>"opml"));
+       }
+}
+
+sub git_header_html {
+       my $status = shift || "200 OK";
+       my $expires = shift;
+       my %opts = @_;
+
+       my $title = get_page_title();
+       my $content_type;
+       # require explicit support from the UA if we are to send the page as
+       # 'application/xhtml+xml', otherwise send it as plain old 'text/html'.
+       # we have to do this because MSIE sometimes globs '*/*', pretending to
+       # support xhtml+xml but choking when it gets what it asked for.
+       if (defined $cgi->http('HTTP_ACCEPT') &&
+           $cgi->http('HTTP_ACCEPT') =~ m/(,|;|\s|^)application\/xhtml\+xml(,|;|\s|$)/ &&
+           $cgi->Accept('application/xhtml+xml') != 0) {
+               $content_type = 'application/xhtml+xml';
+       } else {
+               $content_type = 'text/html';
+       }
+       print $cgi->header(-type=>$content_type, -charset => 'utf-8',
+                          -status=> $status, -expires => $expires)
+               unless ($opts{'-no_http_header'});
+       my $mod_perl_version = $ENV{'MOD_PERL'} ? " $ENV{'MOD_PERL'}" : '';
+       print <<EOF;
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US">
+<!-- git web interface version $version, (C) 2005-2006, Kay Sievers <kay.sievers\@vrfy.org>, Christian Gierke -->
+<!-- git core binaries version $git_version -->
+<head>
+<meta http-equiv="content-type" content="$content_type; charset=utf-8"/>
+<meta name="generator" content="gitweb/$version git/$git_version$mod_perl_version"/>
+<meta name="robots" content="index, nofollow"/>
+<title>$title</title>
+EOF
+       # the stylesheet, favicon etc urls won't work correctly with path_info
+       # unless we set the appropriate base URL
+       if ($ENV{'PATH_INFO'}) {
+               print "<base href=\"".esc_url($base_url)."\" />\n";
         }
         }
+       # print out each stylesheet that exist, providing backwards capability
+       # for those people who defined $stylesheet in a config file
+       if (defined $stylesheet) {
+               print '<link rel="stylesheet" type="text/css" href="'.esc_url($stylesheet).'"/>'."\n";
+       } else {
+               foreach my $stylesheet (@stylesheets) {
+                       next unless $stylesheet;
+                       print '<link rel="stylesheet" type="text/css" href="'.esc_url($stylesheet).'"/>'."\n";
+               }
+       }
+       print_feed_meta()
+               if ($status eq '200 OK');
         if (defined $favicon) {
         if (defined $favicon) {
-               print qq(<link rel="shortcut icon" href="$favicon" type="image/png" />\n);
+               print qq(<link rel="shortcut icon" href=").esc_url($favicon).qq(" type="image/png" />\n);
         }
  
         print "</head>\n" .
               "<body>\n";
  
         }
  
         print "</head>\n" .
               "<body>\n";
  
-       if (-f $site_header) {
-               open (my $fd, $site_header);
-               print <$fd>;
-               close $fd;
+       if (defined $site_header && -f $site_header) {
+               insert_file($site_header);
         }
  
         }
  
-       print "<div class=\"page_header\">\n" .
-             $cgi->a({-href => esc_url($logo_url),
-                      -title => $logo_label},
-                     qq(<img src="$logo" width="72" height="27" alt="git" class="logo"/>));
+       print "<div class=\"page_header\">\n";
+       if (defined $logo) {
+               print $cgi->a({-href => esc_url($logo_url),
+                              -title => $logo_label},
+                             $cgi->img({-src => esc_url($logo),
+                                        -width => 72, -height => 27,
+                                        -alt => "git",
+                                        -class => "logo"}));
+       }
         print $cgi->a({-href => esc_url($home_link)}, $home_link_str) . " / ";
         if (defined $project) {
                 print $cgi->a({-href => href(action=>"summary")}, esc_html($project));
                 if (defined $action) {
         print $cgi->a({-href => esc_url($home_link)}, $home_link_str) . " / ";
         if (defined $project) {
                 print $cgi->a({-href => href(action=>"summary")}, esc_html($project));
                 if (defined $action) {
-                       print " / $action";
+                       my $action_print = $action ;
+                       if (defined $opts{-action_extra}) {
+                               $action_print = $cgi->a({-href => href(action=>$action)},
+                                       $action);
+                       }
+                       print " / $action_print";
+               }
+               if (defined $opts{-action_extra}) {
+                       print " / $opts{-action_extra}";
                 }
                 print "\n";
         }
         print "</div>\n";
  
                 }
                 print "\n";
         }
         print "</div>\n";
  
-       my ($have_search) = gitweb_check_feature('search');
+       my $have_search = gitweb_check_feature('search');
         if (defined $project && $have_search) {
                 if (!defined $searchtext) {
                         $searchtext = "";
         if (defined $project && $have_search) {
                 if (!defined $searchtext) {
                         $searchtext = "";
@@ -2637,7 +3827,7 @@ EOF
                         $search_hash = "HEAD";
                 }
                 my $action = $my_uri;
                         $search_hash = "HEAD";
                 }
                 my $action = $my_uri;
-               my ($use_pathinfo) = gitweb_check_feature('pathinfo');
+               my $use_pathinfo = gitweb_check_feature('pathinfo');
                 if ($use_pathinfo) {
                         $action .= "/".esc_url($project);
                 }
                 if ($use_pathinfo) {
                         $action .= "/".esc_url($project);
                 }
@@ -2677,7 +3867,7 @@ sub git_footer_html {
                 }
                 $href_params{'-title'} ||= 'log';
  
                 }
                 $href_params{'-title'} ||= 'log';
  
-               foreach my $format qw(RSS Atom) {
+               foreach my $format (qw(RSS Atom)) {
                         $href_params{'action'} = lc($format);
                         print $cgi->a({-href => href(%href_params),
                                       -title => "$href_params{'-title'} $format feed",
                         $href_params{'action'} = lc($format);
                         print $cgi->a({-href => href(%href_params),
                                       -title => "$href_params{'-title'} $format feed",
@@ -2692,30 +3882,94 @@ sub git_footer_html {
         }
         print "</div>\n"; # class="page_footer"
  
         }
         print "</div>\n"; # class="page_footer"
  
-       if (-f $site_footer) {
-               open (my $fd, $site_footer);
-               print <$fd>;
-               close $fd;
+       if (defined $t0 && gitweb_check_feature('timed')) {
+               print "<div id=\"generating_info\">\n";
+               print 'This page took '.
+                     '<span id="generating_time" class="time_span">'.
+                     tv_interval($t0, [ gettimeofday() ]).
+                     ' seconds </span>'.
+                     ' and '.
+                     '<span id="generating_cmd">'.
+                     $number_of_git_cmds.
+                     '</span> git commands '.
+                     " to generate.\n";
+               print "</div>\n"; # class="page_footer"
+       }
+
+       if (defined $site_footer && -f $site_footer) {
+               insert_file($site_footer);
+       }
+
+       print qq!<script type="text/javascript" src="!.esc_url($javascript).qq!"></script>\n!;
+       if (defined $action &&
+           $action eq 'blame_incremental') {
+               print qq!<script type="text/javascript">\n!.
+                     qq!startBlame("!. href(action=>"blame_data", -replay=>1) .qq!",\n!.
+                     qq!           "!. href() .qq!");\n!.
+                     qq!</script>\n!;
+       } else {
+               my ($jstimezone, $tz_cookie, $datetime_class) =
+                       gitweb_get_feature('javascript-timezone');
+
+               print qq!<script type="text/javascript">\n!.
+                     qq!window.onload = function () {\n!;
+               if (gitweb_check_feature('javascript-actions')) {
+                       print qq!       fixLinks();\n!;
+               }
+               if ($jstimezone && $tz_cookie && $datetime_class) {
+                       print qq!       var tz_cookie = { name: '$tz_cookie', expires: 14, path: '/' };\n!. # in days
+                             qq!       onloadTZSetup('$jstimezone', tz_cookie, '$datetime_class');\n!;
+               }
+               print qq!};\n!.
+                     qq!</script>\n!;
         }
  
         print "</body>\n" .
               "</html>";
  }
  
         }
  
         print "</body>\n" .
               "</html>";
  }
  
+# die_error(<http_status_code>, <error_message>[, <detailed_html_description>])
+# Example: die_error(404, 'Hash not found')
+# By convention, use the following status codes (as defined in RFC 2616):
+# 400: Invalid or missing CGI parameters, or
+#      requested object exists but has wrong type.
+# 403: Requested feature (like "pickaxe" or "snapshot") not enabled on
+#      this server or project.
+# 404: Requested object/revision/project doesn't exist.
+# 500: The server isn't configured properly, or
+#      an internal error occurred (e.g. failed assertions caused by bugs), or
+#      an unknown error occurred (e.g. the git binary died unexpectedly).
+# 503: The server is currently unavailable (because it is overloaded,
+#      or down for maintenance).  Generally, this is a temporary state.
  sub die_error {
  sub die_error {
-       my $status = shift || "403 Forbidden";
-       my $error = shift || "Malformed query, file missing or permission denied";
+       my $status = shift || 500;
+       my $error = esc_html(shift) || "Internal Server Error";
+       my $extra = shift;
+       my %opts = @_;
  
  
-       git_header_html($status);
+       my %http_responses = (
+               400 => '400 Bad Request',
+               403 => '403 Forbidden',
+               404 => '404 Not Found',
+               500 => '500 Internal Server Error',
+               503 => '503 Service Unavailable',
+       );
+       git_header_html($http_responses{$status}, undef, %opts);
         print <<EOF;
  <div class="page_body">
  <br /><br />
  $status - $error
  <br />
         print <<EOF;
  <div class="page_body">
  <br /><br />
  $status - $error
  <br />
-</div>
  EOF
  EOF
+       if (defined $extra) {
+               print "<hr />\n" .
+                     "$extra\n";
+       }
+       print "</div>\n";
+
         git_footer_html();
         git_footer_html();
-       exit;
+       goto DONE_GITWEB
+               unless ($opts{'-error_handler'});
  }
  
  ## ----------------------------------------------------------------------
  }
  
  ## ----------------------------------------------------------------------
@@ -2741,35 +3995,62 @@ sub git_print_page_nav {
                         }
                 }
         }
                         }
                 }
         }
+
         $arg{'tree'}{'hash'} = $treehead if defined $treehead;
         $arg{'tree'}{'hash_base'} = $treebase if defined $treebase;
  
         $arg{'tree'}{'hash'} = $treehead if defined $treehead;
         $arg{'tree'}{'hash_base'} = $treebase if defined $treebase;
  
+       my @actions = gitweb_get_feature('actions');
+       my %repl = (
+               '%' => '%',
+               'n' => $project,         # project name
+               'f' => $git_dir,         # project path within filesystem
+               'h' => $treehead || '',  # current hash ('h' parameter)
+               'b' => $treebase || '',  # hash base ('hb' parameter)
+       );
+       while (@actions) {
+               my ($label, $link, $pos) = splice(@actions,0,3);
+               # insert
+               @navs = map { $_ eq $pos ? ($_, $label) : $_ } @navs;
+               # munch munch
+               $link =~ s/%([%nfhb])/$repl{$1}/g;
+               $arg{$label}{'_href'} = $link;
+       }
+
         print "<div class=\"page_nav\">\n" .
                 (join " | ",
                  map { $_ eq $current ?
         print "<div class=\"page_nav\">\n" .
                 (join " | ",
                  map { $_ eq $current ?
-                      $_ : $cgi->a({-href => href(%{$arg{$_}})}, "$_")
+                      $_ : $cgi->a({-href => ($arg{$_}{_href} ? $arg{$_}{_href} : href(%{$arg{$_}}))}, "$_")
                  } @navs);
         print "<br/>\n$extra<br/>\n" .
               "</div>\n";
  }
  
                  } @navs);
         print "<br/>\n$extra<br/>\n" .
               "</div>\n";
  }
  
+# returns a submenu for the nagivation of the refs views (tags, heads,
+# remotes) with the current view disabled and the remotes view only
+# available if the feature is enabled
+sub format_ref_views {
+       my ($current) = @_;
+       my @ref_views = qw{tags heads};
+       push @ref_views, 'remotes' if gitweb_check_feature('remote_heads');
+       return join " | ", map {
+               $_ eq $current ? $_ :
+               $cgi->a({-href => href(action=>$_)}, $_)
+       } @ref_views
+}
+
  sub format_paging_nav {
  sub format_paging_nav {
-       my ($action, $hash, $head, $page, $has_next_link) = @_;
+       my ($action, $page, $has_next_link) = @_;
         my $paging_nav;
  
  
         my $paging_nav;
  
  
-       if ($hash ne $head || $page) {
-               $paging_nav .= $cgi->a({-href => href(action=>$action)}, "HEAD");
-       } else {
-               $paging_nav .= "HEAD";
-       }
-
         if ($page > 0) {
         if ($page > 0) {
-               $paging_nav .= " &sdot; " .
+               $paging_nav .=
+                       $cgi->a({-href => href(-replay=>1, page=>undef)}, "first") .
+                       " &sdot; " .
                         $cgi->a({-href => href(-replay=>1, page=>$page-1),
                                  -accesskey => "p", -title => "Alt-p"}, "prev");
         } else {
                         $cgi->a({-href => href(-replay=>1, page=>$page-1),
                                  -accesskey => "p", -title => "Alt-p"}, "prev");
         } else {
-               $paging_nav .= " &sdot; prev";
+               $paging_nav .= "first &sdot; prev";
         }
  
         if ($has_next_link) {
         }
  
         if ($has_next_link) {
@@ -2800,22 +4081,111 @@ sub git_print_header_div {
               "\n</div>\n";
  }
  
               "\n</div>\n";
  }
  
-#sub git_print_authorship (\%) {
+sub format_repo_url {
+       my ($name, $url) = @_;
+       return "<tr class=\"metadata_url\"><td>$name</td><td>$url</td></tr>\n";
+}
+
+# Group output by placing it in a DIV element and adding a header.
+# Options for start_div() can be provided by passing a hash reference as the
+# first parameter to the function.
+# Options to git_print_header_div() can be provided by passing an array
+# reference. This must follow the options to start_div if they are present.
+# The content can be a scalar, which is output as-is, a scalar reference, which
+# is output after html escaping, an IO handle passed either as *handle or
+# *handle{IO}, or a function reference. In the latter case all following
+# parameters will be taken as argument to the content function call.
+sub git_print_section {
+       my ($div_args, $header_args, $content);
+       my $arg = shift;
+       if (ref($arg) eq 'HASH') {
+               $div_args = $arg;
+               $arg = shift;
+       }
+       if (ref($arg) eq 'ARRAY') {
+               $header_args = $arg;
+               $arg = shift;
+       }
+       $content = $arg;
+
+       print $cgi->start_div($div_args);
+       git_print_header_div(@$header_args);
+
+       if (ref($content) eq 'CODE') {
+               $content->(@_);
+       } elsif (ref($content) eq 'SCALAR') {
+               print esc_html($$content);
+       } elsif (ref($content) eq 'GLOB' or ref($content) eq 'IO::Handle') {
+               print <$content>;
+       } elsif (!ref($content) && defined($content)) {
+               print $content;
+       }
+
+       print $cgi->end_div;
+}
+
+sub format_timestamp_html {
+       my $date = shift;
+       my $strtime = $date->{'rfc2822'};
+
+       my (undef, undef, $datetime_class) =
+               gitweb_get_feature('javascript-timezone');
+       if ($datetime_class) {
+               $strtime = qq!<span class="$datetime_class">$strtime</span>!;
+       }
+
+       my $localtime_format = '(%02d:%02d %s)';
+       if ($date->{'hour_local'} < 6) {
+               $localtime_format = '(<span class="atnight">%02d:%02d</span> %s)';
+       }
+       $strtime .= ' ' .
+                   sprintf($localtime_format,
+                           $date->{'hour_local'}, $date->{'minute_local'}, $date->{'tz_local'});
+
+       return $strtime;
+}
+
+# Outputs the author name and date in long form
  sub git_print_authorship {
         my $co = shift;
  sub git_print_authorship {
         my $co = shift;
+       my %opts = @_;
+       my $tag = $opts{-tag} || 'div';
+       my $author = $co->{'author_name'};
  
         my %ad = parse_date($co->{'author_epoch'}, $co->{'author_tz'});
  
         my %ad = parse_date($co->{'author_epoch'}, $co->{'author_tz'});
-       print "<div class=\"author_date\">" .
-             esc_html($co->{'author_name'}) .
-             " [$ad{'rfc2822'}";
-       if ($ad{'hour_local'} < 6) {
-               printf(" (<span class=\"atnight\">%02d:%02d</span> %s)",
-                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
-       } else {
-               printf(" (%02d:%02d %s)",
-                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
+       print "<$tag class=\"author_date\">" .
+             format_search_author($author, "author", esc_html($author)) .
+             " [".format_timestamp_html(\%ad)."]".
+             git_get_avatar($co->{'author_email'}, -pad_before => 1) .
+             "</$tag>\n";
+}
+
+# Outputs table rows containing the full author or committer information,
+# in the format expected for 'commit' view (& similar).
+# Parameters are a commit hash reference, followed by the list of people
+# to output information for. If the list is empty it defaults to both
+# author and committer.
+sub git_print_authorship_rows {
+       my $co = shift;
+       # too bad we can't use @people = @_ || ('author', 'committer')
+       my @people = @_;
+       @people = ('author', 'committer') unless @people;
+       foreach my $who (@people) {
+               my %wd = parse_date($co->{"${who}_epoch"}, $co->{"${who}_tz"});
+               print "<tr><td>$who</td><td>" .
+                     format_search_author($co->{"${who}_name"}, $who,
+                                          esc_html($co->{"${who}_name"})) . " " .
+                     format_search_author($co->{"${who}_email"}, $who,
+                                          esc_html("<" . $co->{"${who}_email"} . ">")) .
+                     "</td><td rowspan=\"2\">" .
+                     git_get_avatar($co->{"${who}_email"}, -size => 'double') .
+                     "</td></tr>\n" .
+                     "<tr>" .
+                     "<td></td><td>" .
+                     format_timestamp_html(\%wd) .
+                     "</td>" .
+                     "</tr>\n";
         }
         }
-       print "]</div>\n";
  }
  
  sub git_print_page_path {
  }
  
  sub git_print_page_path {
@@ -2856,8 +4226,7 @@ sub git_print_page_path {
         print "<br/></div>\n";
  }
  
         print "<br/></div>\n";
  }
  
-# sub git_print_log (\@;%) {
-sub git_print_log ($;%) {
+sub git_print_log {
         my $log = shift;
         my %opts = @_;
  
         my $log = shift;
         my %opts = @_;
  
@@ -2915,7 +4284,7 @@ sub git_get_link_target {
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
                 or return;
         {
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
                 or return;
         {
-               local $/;
+               local $/ = undef;
                 $link_target = <$fd>;
         }
         close $fd
                 $link_target = <$fd>;
         }
         close $fd
@@ -2928,10 +4297,7 @@ sub git_get_link_target {
  # return target of link relative to top directory (top tree);
  # return undef if it is not possible (including absolute links).
  sub normalize_link_target {
  # return target of link relative to top directory (top tree);
  # return undef if it is not possible (including absolute links).
  sub normalize_link_target {
-       my ($link_target, $basedir, $hash_base) = @_;
-
-       # we can normalize symlink target only if $hash_base is provided
-       return unless $hash_base;
+       my ($link_target, $basedir) = @_;
  
         # absolute symlinks (beginning with '/') cannot be normalized
         return if (substr($link_target, 0, 1) eq '/');
  
         # absolute symlinks (beginning with '/') cannot be normalized
         return if (substr($link_target, 0, 1) eq '/');
@@ -2979,6 +4345,9 @@ sub git_print_tree_entry {
         # and link is the action links of the entry.
  
         print "<td class=\"mode\">" . mode_str($t->{'mode'}) . "</td>\n";
         # and link is the action links of the entry.
  
         print "<td class=\"mode\">" . mode_str($t->{'mode'}) . "</td>\n";
+       if (exists $t->{'size'}) {
+               print "<td class=\"size\">$t->{'size'}</td>\n";
+       }
         if ($t->{'type'} eq "blob") {
                 print "<td class=\"list\">" .
                         $cgi->a({-href => href(action=>"blob", hash=>$t->{'hash'},
         if ($t->{'type'} eq "blob") {
                 print "<td class=\"list\">" .
                         $cgi->a({-href => href(action=>"blob", hash=>$t->{'hash'},
@@ -2987,7 +4356,7 @@ sub git_print_tree_entry {
                 if (S_ISLNK(oct $t->{'mode'})) {
                         my $link_target = git_get_link_target($t->{'hash'});
                         if ($link_target) {
                 if (S_ISLNK(oct $t->{'mode'})) {
                         my $link_target = git_get_link_target($t->{'hash'});
                         if ($link_target) {
-                               my $norm_target = normalize_link_target($link_target, $basedir, $hash_base);
+                               my $norm_target = normalize_link_target($link_target, $basedir);
                                 if (defined $norm_target) {
                                         print " -> " .
                                               $cgi->a({-href => href(action=>"object", hash_base=>$hash_base,
                                 if (defined $norm_target) {
                                         print " -> " .
                                               $cgi->a({-href => href(action=>"object", hash_base=>$hash_base,
@@ -3024,12 +4393,14 @@ sub git_print_tree_entry {
         } elsif ($t->{'type'} eq "tree") {
                 print "<td class=\"list\">";
                 print $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
         } elsif ($t->{'type'} eq "tree") {
                 print "<td class=\"list\">";
                 print $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
-                                            file_name=>"$basedir$t->{'name'}", %base_key)},
+                                            file_name=>"$basedir$t->{'name'}",
+                                            %base_key)},
                               esc_path($t->{'name'}));
                 print "</td>\n";
                 print "<td class=\"link\">";
                 print $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
                               esc_path($t->{'name'}));
                 print "</td>\n";
                 print "<td class=\"link\">";
                 print $cgi->a({-href => href(action=>"tree", hash=>$t->{'hash'},
-                                            file_name=>"$basedir$t->{'name'}", %base_key)},
+                                            file_name=>"$basedir$t->{'name'}",
+                                            %base_key)},
                               "tree");
                 if (defined $hash_base) {
                         print " | " .
                               "tree");
                 if (defined $hash_base) {
                         print " | " .
@@ -3097,7 +4468,7 @@ sub is_patch_split {
  sub git_difftree_body {
         my ($difftree, $hash, @parents) = @_;
         my ($parent) = $parents[0];
  sub git_difftree_body {
         my ($difftree, $hash, @parents) = @_;
         my ($parent) = $parents[0];
-       my ($have_blame) = gitweb_check_feature('blame');
+       my $have_blame = gitweb_check_feature('blame');
         print "<div class=\"list_head\">\n";
         if ($#{$difftree} > 10) {
                 print(($#{$difftree} + 1) . " files changed:\n");
         print "<div class=\"list_head\">\n";
         if ($#{$difftree} > 10) {
                 print(($#{$difftree} + 1) . " files changed:\n");
@@ -3162,7 +4533,8 @@ sub git_difftree_body {
                                 # link to patch
                                 $patchno++;
                                 print "<td class=\"link\">" .
                                 # link to patch
                                 $patchno++;
                                 print "<td class=\"link\">" .
-                                     $cgi->a({-href => "#patch$patchno"}, "patch") .
+                                     $cgi->a({-href => href(-anchor=>"patch$patchno")},
+                                             "patch") .
                                       " | " .
                                       "</td>\n";
                         }
                                       " | " .
                                       "</td>\n";
                         }
@@ -3239,7 +4611,7 @@ sub git_difftree_body {
                 }
                 if ($diff->{'from_mode'} ne ('0' x 6)) {
                         $from_mode_oct = oct $diff->{'from_mode'};
                 }
                 if ($diff->{'from_mode'} ne ('0' x 6)) {
                         $from_mode_oct = oct $diff->{'from_mode'};
-                       if (S_ISREG($to_mode_oct)) { # only for regular file
+                       if (S_ISREG($from_mode_oct)) { # only for regular file
                                 $from_mode_str = sprintf("%04o", $from_mode_oct & 0777); # permission bits
                         }
                         $from_file_type = file_type($diff->{'from_mode'});
                                 $from_mode_str = sprintf("%04o", $from_mode_oct & 0777); # permission bits
                         }
                         $from_file_type = file_type($diff->{'from_mode'});
@@ -3259,8 +4631,9 @@ sub git_difftree_body {
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
-                               print $cgi->a({-href => "#patch$patchno"}, "patch");
-                               print " | ";
+                               print $cgi->a({-href => href(-anchor=>"patch$patchno")},
+                                             "patch") .
+                                     " | ";
                         }
                         print $cgi->a({-href => href(action=>"blob", hash=>$diff->{'to_id'},
                                                      hash_base=>$hash, file_name=>$diff->{'file'})},
                         }
                         print $cgi->a({-href => href(action=>"blob", hash=>$diff->{'to_id'},
                                                      hash_base=>$hash, file_name=>$diff->{'file'})},
@@ -3279,8 +4652,9 @@ sub git_difftree_body {
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
-                               print $cgi->a({-href => "#patch$patchno"}, "patch");
-                               print " | ";
+                               print $cgi->a({-href => href(-anchor=>"patch$patchno")},
+                                             "patch") .
+                                     " | ";
                         }
                         print $cgi->a({-href => href(action=>"blob", hash=>$diff->{'from_id'},
                                                      hash_base=>$parent, file_name=>$diff->{'file'})},
                         }
                         print $cgi->a({-href => href(action=>"blob", hash=>$diff->{'from_id'},
                                                      hash_base=>$parent, file_name=>$diff->{'file'})},
@@ -3321,7 +4695,8 @@ sub git_difftree_body {
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
-                               print $cgi->a({-href => "#patch$patchno"}, "patch") .
+                               print $cgi->a({-href => href(-anchor=>"patch$patchno")},
+                                             "patch") .
                                       " | ";
                         } elsif ($diff->{'to_id'} ne $diff->{'from_id'}) {
                                 # "commit" view and modified file (not onlu mode changed)
                                       " | ";
                         } elsif ($diff->{'to_id'} ne $diff->{'from_id'}) {
                                 # "commit" view and modified file (not onlu mode changed)
@@ -3366,7 +4741,8 @@ sub git_difftree_body {
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
                         if ($action eq 'commitdiff') {
                                 # link to patch
                                 $patchno++;
-                               print $cgi->a({-href => "#patch$patchno"}, "patch") .
+                               print $cgi->a({-href => href(-anchor=>"patch$patchno")},
+                                             "patch") .
                                       " | ";
                         } elsif ($diff->{'to_id'} ne $diff->{'from_id'}) {
                                 # "commit" view and modified file (not only pure rename or copy)
                                       " | ";
                         } elsif ($diff->{'to_id'} ne $diff->{'from_id'}) {
                                 # "commit" view and modified file (not only pure rename or copy)
@@ -3521,8 +4897,8 @@ sub git_patchset_body {
                 print "</div>\n"; # class="patch"
         }
  
                 print "</div>\n"; # class="patch"
         }
  
-       # for compact combined (--cc) format, with chunk and patch simpliciaction
-       # patchset might be empty, but there might be unprocessed raw lines
+       # for compact combined (--cc) format, with chunk and patch simplification
+       # the patchset might be empty, but there might be unprocessed raw lines
         for (++$patch_idx if $patch_number > 0;
              $patch_idx < @$difftree;
              ++$patch_idx) {
         for (++$patch_idx if $patch_number > 0;
              $patch_idx < @$difftree;
              ++$patch_idx) {
@@ -3550,103 +4926,134 @@ sub git_patchset_body {
  
  # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
  
  
  # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
  
-sub git_project_list_body {
-       my ($projlist, $order, $from, $to, $extra, $no_header) = @_;
-
-       my ($check_forks) = gitweb_check_feature('forks');
-
+# fills project list info (age, description, owner, category, forks)
+# for each project in the list, removing invalid projects from
+# returned list
+# NOTE: modifies $projlist, but does not remove entries from it
+sub fill_project_list_info {
+       my $projlist = shift;
         my @projects;
         my @projects;
+
+       my $show_ctags = gitweb_check_feature('ctags');
+ PROJECT:
         foreach my $pr (@$projlist) {
         foreach my $pr (@$projlist) {
-               my (@aa) = git_get_last_activity($pr->{'path'});
-               unless (@aa) {
-                       next;
+               my (@activity) = git_get_last_activity($pr->{'path'});
+               unless (@activity) {
+                       next PROJECT;
                 }
                 }
-               ($pr->{'age'}, $pr->{'age_string'}) = @aa;
+               ($pr->{'age'}, $pr->{'age_string'}) = @activity;
                 if (!defined $pr->{'descr'}) {
                         my $descr = git_get_project_description($pr->{'path'}) || "";
                 if (!defined $pr->{'descr'}) {
                         my $descr = git_get_project_description($pr->{'path'}) || "";
-                       $pr->{'descr_long'} = to_utf8($descr);
+                       $descr = to_utf8($descr);
+                       $pr->{'descr_long'} = $descr;
                         $pr->{'descr'} = chop_str($descr, $projects_list_description_width, 5);
                 }
                 if (!defined $pr->{'owner'}) {
                         $pr->{'owner'} = git_get_project_owner("$pr->{'path'}") || "";
                 }
                         $pr->{'descr'} = chop_str($descr, $projects_list_description_width, 5);
                 }
                 if (!defined $pr->{'owner'}) {
                         $pr->{'owner'} = git_get_project_owner("$pr->{'path'}") || "";
                 }
-               if ($check_forks) {
-                       my $pname = $pr->{'path'};
-                       if (($pname =~ s/\.git$//) &&
-                           ($pname !~ /\/$/) &&
-                           (-d "$projectroot/$pname")) {
-                               $pr->{'forks'} = "-d $projectroot/$pname";
-                       }
-                       else {
-                               $pr->{'forks'} = 0;
-                       }
+               if ($show_ctags) {
+                       $pr->{'ctags'} = git_get_project_ctags($pr->{'path'});
                 }
                 }
+               if ($projects_list_group_categories && !defined $pr->{'category'}) {
+                       my $cat = git_get_project_category($pr->{'path'}) ||
+                                                          $project_list_default_category;
+                       $pr->{'category'} = to_utf8($cat);
+               }
+
                 push @projects, $pr;
         }
  
                 push @projects, $pr;
         }
  
-       $order ||= $default_projects_order;
+       return @projects;
+}
+
+sub sort_projects_list {
+       my ($projlist, $order) = @_;
+       my @projects;
+
+       my %order_info = (
+               project => { key => 'path', type => 'str' },
+               descr => { key => 'descr_long', type => 'str' },
+               owner => { key => 'owner', type => 'str' },
+               age => { key => 'age', type => 'num' }
+       );
+       my $oi = $order_info{$order};
+       return @$projlist unless defined $oi;
+       if ($oi->{'type'} eq 'str') {
+               @projects = sort {$a->{$oi->{'key'}} cmp $b->{$oi->{'key'}}} @$projlist;
+       } else {
+               @projects = sort {$a->{$oi->{'key'}} <=> $b->{$oi->{'key'}}} @$projlist;
+       }
+
+       return @projects;
+}
+
+# returns a hash of categories, containing the list of project
+# belonging to each category
+sub build_projlist_by_category {
+       my ($projlist, $from, $to) = @_;
+       my %categories;
+
         $from = 0 unless defined $from;
         $from = 0 unless defined $from;
-       $to = $#projects if (!defined $to || $#projects < $to);
+       $to = $#$projlist if (!defined $to || $#$projlist < $to);
  
  
-       print "<table class=\"project_list\">\n";
-       unless ($no_header) {
-               print "<tr>\n";
-               if ($check_forks) {
-                       print "<th></th>\n";
-               }
-               if ($order eq "project") {
-                       @projects = sort {$a->{'path'} cmp $b->{'path'}} @projects;
-                       print "<th>Project</th>\n";
-               } else {
-                       print "<th>" .
-                             $cgi->a({-href => href(project=>undef, order=>'project'),
-                                      -class => "header"}, "Project") .
-                             "</th>\n";
-               }
-               if ($order eq "descr") {
-                       @projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects;
-                       print "<th>Description</th>\n";
-               } else {
-                       print "<th>" .
-                             $cgi->a({-href => href(project=>undef, order=>'descr'),
-                                      -class => "header"}, "Description") .
-                             "</th>\n";
-               }
-               if ($order eq "owner") {
-                       @projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects;
-                       print "<th>Owner</th>\n";
-               } else {
-                       print "<th>" .
-                             $cgi->a({-href => href(project=>undef, order=>'owner'),
-                                      -class => "header"}, "Owner") .
-                             "</th>\n";
-               }
-               if ($order eq "age") {
-                       @projects = sort {$a->{'age'} <=> $b->{'age'}} @projects;
-                       print "<th>Last Change</th>\n";
-               } else {
-                       print "<th>" .
-                             $cgi->a({-href => href(project=>undef, order=>'age'),
-                                      -class => "header"}, "Last Change") .
-                             "</th>\n";
-               }
-               print "<th></th>\n" .
-                     "</tr>\n";
+       for (my $i = $from; $i <= $to; $i++) {
+               my $pr = $projlist->[$i];
+               push @{$categories{ $pr->{'category'} }}, $pr;
+       }
+
+       return wantarray ? %categories : \%categories;
+}
+
+# print 'sort by' <th> element, generating 'sort by $name' replay link
+# if that order is not selected
+sub print_sort_th {
+       print format_sort_th(@_);
+}
+
+sub format_sort_th {
+       my ($name, $order, $header) = @_;
+       my $sort_th = "";
+       $header ||= ucfirst($name);
+
+       if ($order eq $name) {
+               $sort_th .= "<th>$header</th>\n";
+       } else {
+               $sort_th .= "<th>" .
+                           $cgi->a({-href => href(-replay=>1, order=>$name),
+                                    -class => "header"}, $header) .
+                           "</th>\n";
         }
         }
+
+       return $sort_th;
+}
+
+sub git_project_list_rows {
+       my ($projlist, $from, $to, $check_forks) = @_;
+
+       $from = 0 unless defined $from;
+       $to = $#$projlist if (!defined $to || $#$projlist < $to);
+
         my $alternate = 1;
         for (my $i = $from; $i <= $to; $i++) {
         my $alternate = 1;
         for (my $i = $from; $i <= $to; $i++) {
-               my $pr = $projects[$i];
+               my $pr = $projlist->[$i];
+
                 if ($alternate) {
                         print "<tr class=\"dark\">\n";
                 } else {
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
                 if ($alternate) {
                         print "<tr class=\"dark\">\n";
                 } else {
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
+
                 if ($check_forks) {
                         print "<td>";
                         if ($pr->{'forks'}) {
                 if ($check_forks) {
                         print "<td>";
                         if ($pr->{'forks'}) {
-                               print "<!-- $pr->{'forks'} -->\n";
-                               print $cgi->a({-href => href(project=>$pr->{'path'}, action=>"forks")}, "+");
+                               my $nforks = scalar @{$pr->{'forks'}};
+                               if ($nforks > 0) {
+                                       print $cgi->a({-href => href(project=>$pr->{'path'}, action=>"forks"),
+                                                      -title => "$nforks forks"}, "+");
+                               } else {
+                                       print $cgi->span({-title => "$nforks forks"}, "+");
+                               }
                         }
                         print "</td>\n";
                 }
                         }
                         print "</td>\n";
                 }
@@ -3667,6 +5074,84 @@ sub git_project_list_body {
                       "</td>\n" .
                       "</tr>\n";
         }
                       "</td>\n" .
                       "</tr>\n";
         }
+}
+
+sub git_project_list_body {
+       # actually uses global variable $project
+       my ($projlist, $order, $from, $to, $extra, $no_header) = @_;
+       my @projects = @$projlist;
+
+       my $check_forks = gitweb_check_feature('forks');
+       my $show_ctags  = gitweb_check_feature('ctags');
+       my $tagfilter = $show_ctags ? $cgi->param('by_tag') : undef;
+       $check_forks = undef
+               if ($tagfilter || $searchtext);
+
+       # filtering out forks before filling info allows to do less work
+       @projects = filter_forks_from_projects_list(\@projects)
+               if ($check_forks);
+       @projects = fill_project_list_info(\@projects);
+       # searching projects require filling to be run before it
+       @projects = search_projects_list(\@projects,
+                                        'searchtext' => $searchtext,
+                                        'tagfilter'  => $tagfilter)
+               if ($tagfilter || $searchtext);
+
+       $order ||= $default_projects_order;
+       $from = 0 unless defined $from;
+       $to = $#projects if (!defined $to || $#projects < $to);
+
+       # short circuit
+       if ($from > $to) {
+               print "<center>\n".
+                     "<b>No such projects found</b><br />\n".
+                     "Click ".$cgi->a({-href=>href(project=>undef)},"here")." to view all projects<br />\n".
+                     "</center>\n<br />\n";
+               return;
+       }
+
+       @projects = sort_projects_list(\@projects, $order);
+
+       if ($show_ctags) {
+               my $ctags = git_gather_all_ctags(\@projects);
+               my $cloud = git_populate_project_tagcloud($ctags);
+               print git_show_project_tagcloud($cloud, 64);
+       }
+
+       print "<table class=\"project_list\">\n";
+       unless ($no_header) {
+               print "<tr>\n";
+               if ($check_forks) {
+                       print "<th></th>\n";
+               }
+               print_sort_th('project', $order, 'Project');
+               print_sort_th('descr', $order, 'Description');
+               print_sort_th('owner', $order, 'Owner');
+               print_sort_th('age', $order, 'Last Change');
+               print "<th></th>\n" . # for links
+                     "</tr>\n";
+       }
+
+       if ($projects_list_group_categories) {
+               # only display categories with projects in the $from-$to window
+               @projects = sort {$a->{'category'} cmp $b->{'category'}} @projects[$from..$to];
+               my %categories = build_projlist_by_category(\@projects, $from, $to);
+               foreach my $cat (sort keys %categories) {
+                       unless ($cat eq "") {
+                               print "<tr>\n";
+                               if ($check_forks) {
+                                       print "<td></td>\n";
+                               }
+                               print "<td class=\"category\" colspan=\"5\">".esc_html($cat)."</td>\n";
+                               print "</tr>\n";
+                       }
+
+                       git_project_list_rows($categories{$cat}, undef, undef, $check_forks);
+               }
+       } else {
+               git_project_list_rows(\@projects, $from, $to, $check_forks);
+       }
+
         if (defined $extra) {
                 print "<tr>\n";
                 if ($check_forks) {
         if (defined $extra) {
                 print "<tr>\n";
                 if ($check_forks) {
@@ -3678,6 +5163,45 @@ sub git_project_list_body {
         print "</table>\n";
  }
  
         print "</table>\n";
  }
  
+sub git_log_body {
+       # uses global variable $project
+       my ($commitlist, $from, $to, $refs, $extra) = @_;
+
+       $from = 0 unless defined $from;
+       $to = $#{$commitlist} if (!defined $to || $#{$commitlist} < $to);
+
+       for (my $i = 0; $i <= $to; $i++) {
+               my %co = %{$commitlist->[$i]};
+               next if !%co;
+               my $commit = $co{'id'};
+               my $ref = format_ref_marker($refs, $commit);
+               git_print_header_div('commit',
+                              "<span class=\"age\">$co{'age_string'}</span>" .
+                              esc_html($co{'title'}) . $ref,
+                              $commit);
+               print "<div class=\"title_text\">\n" .
+                     "<div class=\"log_link\">\n" .
+                     $cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") .
+                     " | " .
+                     $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") .
+                     " | " .
+                     $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree") .
+                     "<br/>\n" .
+                     "</div>\n";
+                     git_print_authorship(\%co, -tag => 'span');
+                     print "<br/>\n</div>\n";
+
+               print "<div class=\"log_body\">\n";
+               git_print_log($co{'comment'}, -final_empty_line=> 1);
+               print "</div>\n";
+       }
+       if ($extra) {
+               print "<div class=\"page_nav\">\n";
+               print "$extra\n";
+               print "</div>\n";
+       }
+}
+
  sub git_shortlog_body {
         # uses global variable $project
         my ($commitlist, $from, $to, $refs, $extra) = @_;
  sub git_shortlog_body {
         # uses global variable $project
         my ($commitlist, $from, $to, $refs, $extra) = @_;
@@ -3697,11 +5221,9 @@ sub git_shortlog_body {
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
-               my $author = chop_and_escape_str($co{'author_name'}, 10);
                 # git_summary() used print "<td><i>$co{'age_string'}</i></td>\n" .
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
                 # git_summary() used print "<td><i>$co{'age_string'}</i></td>\n" .
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
-                     "<td><i>" . $author . "</i></td>\n" .
-                     "<td>";
+                     format_author_html('td', \%co, 10) . "<td>";
                 print format_subject_html($co{'title'}, $co{'title_short'},
                                           href(action=>"commit", hash=>$commit), $ref);
                 print "</td>\n" .
                 print format_subject_html($co{'title'}, $co{'title_short'},
                                           href(action=>"commit", hash=>$commit), $ref);
                 print "</td>\n" .
@@ -3726,7 +5248,8 @@ sub git_shortlog_body {
  
  sub git_history_body {
         # Warning: assumes constant type (blob or tree) during history
  
  sub git_history_body {
         # Warning: assumes constant type (blob or tree) during history
-       my ($commitlist, $from, $to, $refs, $hash_base, $ftype, $extra) = @_;
+       my ($commitlist, $from, $to, $refs, $extra,
+           $file_name, $file_hash, $ftype) = @_;
  
         $from = 0 unless defined $from;
         $to = $#{$commitlist} unless (defined $to && $to <= $#{$commitlist});
  
         $from = 0 unless defined $from;
         $to = $#{$commitlist} unless (defined $to && $to <= $#{$commitlist});
@@ -3748,11 +5271,9 @@ sub git_history_body {
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
-       # shortlog uses      chop_str($co{'author_name'}, 10)
-               my $author = chop_and_escape_str($co{'author_name'}, 15, 3);
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
-                     "<td><i>" . $author . "</i></td>\n" .
-                     "<td>";
+       # shortlog:   format_author_html('td', \%co, 10)
+                     format_author_html('td', \%co, 15, 3) . "<td>";
                 # originally git_history used chop_str($co{'title'}, 50)
                 print format_subject_html($co{'title'}, $co{'title_short'},
                                           href(action=>"commit", hash=>$commit), $ref);
                 # originally git_history used chop_str($co{'title'}, 50)
                 print format_subject_html($co{'title'}, $co{'title_short'},
                                           href(action=>"commit", hash=>$commit), $ref);
@@ -3762,7 +5283,7 @@ sub git_history_body {
                       $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff");
  
                 if ($ftype eq 'blob') {
                       $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff");
  
                 if ($ftype eq 'blob') {
-                       my $blob_current = git_get_hash_by_path($hash_base, $file_name);
+                       my $blob_current = $file_hash;
                         my $blob_parent  = git_get_hash_by_path($commit, $file_name);
                         if (defined $blob_current && defined $blob_parent &&
                                         $blob_current ne $blob_parent) {
                         my $blob_parent  = git_get_hash_by_path($commit, $file_name);
                         if (defined $blob_current && defined $blob_parent &&
                                         $blob_current ne $blob_parent) {
@@ -3874,7 +5395,7 @@ sub git_heads_body {
                       "<td class=\"link\">" .
                       $cgi->a({-href => href(action=>"shortlog", hash=>$ref{'fullname'})}, "shortlog") . " | " .
                       $cgi->a({-href => href(action=>"log", hash=>$ref{'fullname'})}, "log") . " | " .
                       "<td class=\"link\">" .
                       $cgi->a({-href => href(action=>"shortlog", hash=>$ref{'fullname'})}, "shortlog") . " | " .
                       $cgi->a({-href => href(action=>"log", hash=>$ref{'fullname'})}, "log") . " | " .
-                     $cgi->a({-href => href(action=>"tree", hash=>$ref{'fullname'}, hash_base=>$ref{'name'})}, "tree") .
+                     $cgi->a({-href => href(action=>"tree", hash=>$ref{'fullname'}, hash_base=>$ref{'fullname'})}, "tree") .
                       "</td>\n" .
                       "</tr>";
         }
                       "</td>\n" .
                       "</tr>";
         }
@@ -3886,6 +5407,101 @@ sub git_heads_body {
         print "</table>\n";
  }
  
         print "</table>\n";
  }
  
+# Display a single remote block
+sub git_remote_block {
+       my ($remote, $rdata, $limit, $head) = @_;
+
+       my $heads = $rdata->{'heads'};
+       my $fetch = $rdata->{'fetch'};
+       my $push = $rdata->{'push'};
+
+       my $urls_table = "<table class=\"projects_list\">\n" ;
+
+       if (defined $fetch) {
+               if ($fetch eq $push) {
+                       $urls_table .= format_repo_url("URL", $fetch);
+               } else {
+                       $urls_table .= format_repo_url("Fetch URL", $fetch);
+                       $urls_table .= format_repo_url("Push URL", $push) if defined $push;
+               }
+       } elsif (defined $push) {
+               $urls_table .= format_repo_url("Push URL", $push);
+       } else {
+               $urls_table .= format_repo_url("", "No remote URL");
+       }
+
+       $urls_table .= "</table>\n";
+
+       my $dots;
+       if (defined $limit && $limit < @$heads) {
+               $dots = $cgi->a({-href => href(action=>"remotes", hash=>$remote)}, "...");
+       }
+
+       print $urls_table;
+       git_heads_body($heads, $head, 0, $limit, $dots);
+}
+
+# Display a list of remote names with the respective fetch and push URLs
+sub git_remotes_list {
+       my ($remotedata, $limit) = @_;
+       print "<table class=\"heads\">\n";
+       my $alternate = 1;
+       my @remotes = sort keys %$remotedata;
+
+       my $limited = $limit && $limit < @remotes;
+
+       $#remotes = $limit - 1 if $limited;
+
+       while (my $remote = shift @remotes) {
+               my $rdata = $remotedata->{$remote};
+               my $fetch = $rdata->{'fetch'};
+               my $push = $rdata->{'push'};
+               if ($alternate) {
+                       print "<tr class=\"dark\">\n";
+               } else {
+                       print "<tr class=\"light\">\n";
+               }
+               $alternate ^= 1;
+               print "<td>" .
+                     $cgi->a({-href=> href(action=>'remotes', hash=>$remote),
+                              -class=> "list name"},esc_html($remote)) .
+                     "</td>";
+               print "<td class=\"link\">" .
+                     (defined $fetch ? $cgi->a({-href=> $fetch}, "fetch") : "fetch") .
+                     " | " .
+                     (defined $push ? $cgi->a({-href=> $push}, "push") : "push") .
+                     "</td>";
+
+               print "</tr>\n";
+       }
+
+       if ($limited) {
+               print "<tr>\n" .
+                     "<td colspan=\"3\">" .
+                     $cgi->a({-href => href(action=>"remotes")}, "...") .
+                     "</td>\n" . "</tr>\n";
+       }
+
+       print "</table>";
+}
+
+# Display remote heads grouped by remote, unless there are too many
+# remotes, in which case we only display the remote names
+sub git_remotes_body {
+       my ($remotedata, $limit, $head) = @_;
+       if ($limit and $limit < keys %$remotedata) {
+               git_remotes_list($remotedata, $limit);
+       } else {
+               fill_remote_heads($remotedata);
+               while (my ($remote, $rdata) = each %$remotedata) {
+                       git_print_section({-class=>"remote", -id=>$remote},
+                               ["remotes", $remote, $remote], sub {
+                                       git_remote_block($remote, $rdata, $limit, $head);
+                               });
+               }
+       }
+}
+
  sub git_search_grep_body {
         my ($commitlist, $from, $to, $extra) = @_;
         $from = 0 unless defined $from;
  sub git_search_grep_body {
         my ($commitlist, $from, $to, $extra) = @_;
         $from = 0 unless defined $from;
@@ -3905,9 +5521,8 @@ sub git_search_grep_body {
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
                         print "<tr class=\"light\">\n";
                 }
                 $alternate ^= 1;
-               my $author = chop_and_escape_str($co{'author_name'}, 15, 5);
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
                 print "<td title=\"$co{'age_string_age'}\"><i>$co{'age_string_date'}</i></td>\n" .
-                     "<td><i>" . $author . "</i></td>\n" .
+                     format_author_html('td', \%co, 15, 5) .
                       "<td>" .
                       $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}),
                                -class => "list subject"},
                       "<td>" .
                       $cgi->a({-href => href(action=>"commit", hash=>$co{'id'}),
                                -class => "list subject"},
@@ -3952,37 +5567,40 @@ sub git_search_grep_body {
  ## actions
  
  sub git_project_list {
  ## actions
  
  sub git_project_list {
-       my $order = $cgi->param('o');
+       my $order = $input_params{'order'};
         if (defined $order && $order !~ m/none|project|descr|owner|age/) {
         if (defined $order && $order !~ m/none|project|descr|owner|age/) {
-               die_error(undef, "Unknown order parameter");
+               die_error(400, "Unknown order parameter");
         }
  
         my @list = git_get_projects_list();
         if (!@list) {
         }
  
         my @list = git_get_projects_list();
         if (!@list) {
-               die_error(undef, "No projects found");
+               die_error(404, "No projects found");
         }
  
         git_header_html();
         }
  
         git_header_html();
-       if (-f $home_text) {
+       if (defined $home_text && -f $home_text) {
                 print "<div class=\"index_include\">\n";
                 print "<div class=\"index_include\">\n";
-               open (my $fd, $home_text);
-               print <$fd>;
-               close $fd;
+               insert_file($home_text);
                 print "</div>\n";
         }
                 print "</div>\n";
         }
+       print $cgi->startform(-method => "get") .
+             "<p class=\"projsearch\">Search:\n" .
+             $cgi->textfield(-name => "s", -value => $searchtext) . "\n" .
+             "</p>" .
+             $cgi->end_form() . "\n";
         git_project_list_body(\@list, $order);
         git_footer_html();
  }
  
  sub git_forks {
         git_project_list_body(\@list, $order);
         git_footer_html();
  }
  
  sub git_forks {
-       my $order = $cgi->param('o');
+       my $order = $input_params{'order'};
         if (defined $order && $order !~ m/none|project|descr|owner|age/) {
         if (defined $order && $order !~ m/none|project|descr|owner|age/) {
-               die_error(undef, "Unknown order parameter");
+               die_error(400, "Unknown order parameter");
         }
  
         my @list = git_get_projects_list($project);
         if (!@list) {
         }
  
         my @list = git_get_projects_list($project);
         if (!@list) {
-               die_error(undef, "No forks found");
+               die_error(404, "No forks found");
         }
  
         git_header_html();
         }
  
         git_header_html();
@@ -3993,7 +5611,10 @@ sub git_forks {
  }
  
  sub git_project_index {
  }
  
  sub git_project_index {
-       my @projects = git_get_projects_list($project);
+       my @projects = git_get_projects_list();
+       if (!@projects) {
+               die_error(404, "No projects found");
+       }
  
         print $cgi->header(
                 -type => 'text/plain',
  
         print $cgi->header(
                 -type => 'text/plain',
@@ -4021,6 +5642,7 @@ sub git_summary {
         my %co = parse_commit("HEAD");
         my %cd = %co ? parse_date($co{'committer_epoch'}, $co{'committer_tz'}) : ();
         my $head = $co{'id'};
         my %co = parse_commit("HEAD");
         my %cd = %co ? parse_date($co{'committer_epoch'}, $co{'committer_tz'}) : ();
         my $head = $co{'id'};
+       my $remote_heads = gitweb_check_feature('remote_heads');
  
         my $owner = git_get_project_owner($project);
  
  
         my $owner = git_get_project_owner($project);
  
@@ -4029,11 +5651,16 @@ sub git_summary {
         # there are more ...
         my @taglist  = git_get_tags_list(16);
         my @headlist = git_get_heads_list(16);
         # there are more ...
         my @taglist  = git_get_tags_list(16);
         my @headlist = git_get_heads_list(16);
+       my %remotedata = $remote_heads ? git_get_remotes_list() : ();
         my @forklist;
         my @forklist;
-       my ($check_forks) = gitweb_check_feature('forks');
+       my $check_forks = gitweb_check_feature('forks');
  
         if ($check_forks) {
  
         if ($check_forks) {
+               # find forks of a project
                 @forklist = git_get_projects_list($project);
                 @forklist = git_get_projects_list($project);
+               # filter out forks of forks
+               @forklist = filter_forks_from_projects_list(\@forklist)
+                       if (@forklist);
         }
  
         git_header_html();
         }
  
         git_header_html();
@@ -4041,10 +5668,11 @@ sub git_summary {
  
         print "<div class=\"title\">&nbsp;</div>\n";
         print "<table class=\"projects_list\">\n" .
  
         print "<div class=\"title\">&nbsp;</div>\n";
         print "<table class=\"projects_list\">\n" .
-             "<tr><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
-             "<tr><td>owner</td><td>" . esc_html($owner) . "</td></tr>\n";
+             "<tr id=\"metadata_desc\"><td>description</td><td>" . esc_html($descr) . "</td></tr>\n" .
+             "<tr id=\"metadata_owner\"><td>owner</td><td>" . esc_html($owner) . "</td></tr>\n";
         if (defined $cd{'rfc2822'}) {
         if (defined $cd{'rfc2822'}) {
-               print "<tr><td>last change</td><td>$cd{'rfc2822'}</td></tr>\n";
+               print "<tr id=\"metadata_lchange\"><td>last change</td>" .
+                     "<td>".format_timestamp_html(\%cd)."</td></tr>\n";
         }
  
         # use per project git URL list in $projectroot/$project/cloneurl
         }
  
         # use per project git URL list in $projectroot/$project/cloneurl
@@ -4054,21 +5682,35 @@ sub git_summary {
         @url_list = map { "$_/$project" } @git_base_url_list unless @url_list;
         foreach my $git_url (@url_list) {
                 next unless $git_url;
         @url_list = map { "$_/$project" } @git_base_url_list unless @url_list;
         foreach my $git_url (@url_list) {
                 next unless $git_url;
-               print "<tr><td>$url_tag</td><td>$git_url</td></tr>\n";
+               print format_repo_url($url_tag, $git_url);
                 $url_tag = "";
         }
                 $url_tag = "";
         }
-       print "</table>\n";
  
  
-       if (-s "$projectroot/$project/README.html") {
-               if (open my $fd, "$projectroot/$project/README.html") {
-                       print "<div class=\"title\">readme</div>\n" .
-                             "<div class=\"readme\">\n";
-                       print $_ while (<$fd>);
-                       print "\n</div>\n"; # class="readme"
-                       close $fd;
+       # Tag cloud
+       my $show_ctags = gitweb_check_feature('ctags');
+       if ($show_ctags) {
+               my $ctags = git_get_project_ctags($project);
+               if (%$ctags) {
+                       # without ability to add tags, don't show if there are none
+                       my $cloud = git_populate_project_tagcloud($ctags);
+                       print "<tr id=\"metadata_ctags\">" .
+                             "<td>content tags</td>" .
+                             "<td>".git_show_project_tagcloud($cloud, 48)."</td>" .
+                             "</tr>\n";
                 }
         }
  
                 }
         }
  
+       print "</table>\n";
+
+       # If XSS prevention is on, we don't include README.html.
+       # TODO: Allow a readme in some safe format.
+       if (!$prevent_xss && -s "$projectroot/$project/README.html") {
+               print "<div class=\"title\">readme</div>\n" .
+                     "<div class=\"readme\">\n";
+               insert_file("$projectroot/$project/README.html");
+               print "\n</div>\n"; # class="readme"
+       }
+
         # we need to request one more than 16 (0..15) to check if
         # those 16 are all
         my @commitlist = $head ? parse_commits($head, 17) : ();
         # we need to request one more than 16 (0..15) to check if
         # those 16 are all
         my @commitlist = $head ? parse_commits($head, 17) : ();
@@ -4093,27 +5735,32 @@ sub git_summary {
                                $cgi->a({-href => href(action=>"heads")}, "..."));
         }
  
                                $cgi->a({-href => href(action=>"heads")}, "..."));
         }
  
+       if (%remotedata) {
+               git_print_header_div('remotes');
+               git_remotes_body(\%remotedata, 15, $head);
+       }
+
         if (@forklist) {
                 git_print_header_div('forks');
         if (@forklist) {
                 git_print_header_div('forks');
-               git_project_list_body(\@forklist, undef, 0, 15,
+               git_project_list_body(\@forklist, 'age', 0, 15,
                                       $#forklist <= 15 ? undef :
                                       $cgi->a({-href => href(action=>"forks")}, "..."),
                                       $#forklist <= 15 ? undef :
                                       $cgi->a({-href => href(action=>"forks")}, "..."),
-                                     'noheader');
+                                     'no_header');
         }
  
         git_footer_html();
  }
  
  sub git_tag {
         }
  
         git_footer_html();
  }
  
  sub git_tag {
-       my $head = git_get_head_hash($project);
-       git_header_html();
-       git_print_page_nav('','', $head,undef,$head);
         my %tag = parse_tag($hash);
  
         if (! %tag) {
         my %tag = parse_tag($hash);
  
         if (! %tag) {
-               die_error(undef, "Unknown tag object");
+               die_error(404, "Unknown tag object");
         }
  
         }
  
+       my $head = git_get_head_hash($project);
+       git_header_html();
+       git_print_page_nav('','', $head,undef,$head);
         git_print_header_div('commit', esc_html($tag{'name'}), $hash);
         print "<div class=\"title_text\">\n" .
               "<table class=\"object_header\">\n" .
         git_print_header_div('commit', esc_html($tag{'name'}), $hash);
         print "<div class=\"title_text\">\n" .
               "<table class=\"object_header\">\n" .
@@ -4125,11 +5772,7 @@ sub git_tag {
                                               $tag{'type'}) . "</td>\n" .
               "</tr>\n";
         if (defined($tag{'author'})) {
                                               $tag{'type'}) . "</td>\n" .
               "</tr>\n";
         if (defined($tag{'author'})) {
-               my %ad = parse_date($tag{'epoch'}, $tag{'tz'});
-               print "<tr><td>author</td><td>" . esc_html($tag{'author'}) . "</td></tr>\n";
-               print "<tr><td></td><td>" . $ad{'rfc2822'} .
-                       sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) .
-                       "</td></tr>\n";
+               git_print_authorship_rows(\%tag, 'author');
         }
         print "</table>\n\n" .
               "</div>\n";
         }
         print "</table>\n\n" .
               "</div>\n";
@@ -4143,215 +5786,252 @@ sub git_tag {
         git_footer_html();
  }
  
         git_footer_html();
  }
  
-sub git_blame2 {
-       my $fd;
-       my $ftype;
-
-       my ($have_blame) = gitweb_check_feature('blame');
-       if (!$have_blame) {
-               die_error('403 Permission denied', "Permission denied");
+sub git_blame_common {
+       my $format = shift || 'porcelain';
+       if ($format eq 'porcelain' && $cgi->param('js')) {
+               $format = 'incremental';
+               $action = 'blame_incremental'; # for page title etc
         }
         }
-       die_error('404 Not Found', "File name not defined") if (!$file_name);
+
+       # permissions
+       gitweb_check_feature('blame')
+               or die_error(403, "Blame view not allowed");
+
+       # error checking
+       die_error(400, "No file name given") unless $file_name;
         $hash_base ||= git_get_head_hash($project);
         $hash_base ||= git_get_head_hash($project);
-       die_error(undef, "Couldn't find base commit") unless ($hash_base);
+       die_error(404, "Couldn't find base commit") unless $hash_base;
         my %co = parse_commit($hash_base)
         my %co = parse_commit($hash_base)
-               or die_error(undef, "Reading commit failed");
+               or die_error(404, "Commit not found");
+       my $ftype = "blob";
         if (!defined $hash) {
                 $hash = git_get_hash_by_path($hash_base, $file_name, "blob")
         if (!defined $hash) {
                 $hash = git_get_hash_by_path($hash_base, $file_name, "blob")
-                       or die_error(undef, "Error looking up file");
+                       or die_error(404, "Error looking up file");
+       } else {
+               $ftype = git_get_type($hash);
+               if ($ftype !~ "blob") {
+                       die_error(400, "Object is not a blob");
+               }
+       }
+
+       my $fd;
+       if ($format eq 'incremental') {
+               # get file contents (as base)
+               open $fd, "-|", git_cmd(), 'cat-file', 'blob', $hash
+                       or die_error(500, "Open git-cat-file failed");
+       } elsif ($format eq 'data') {
+               # run git-blame --incremental
+               open $fd, "-|", git_cmd(), "blame", "--incremental",
+                       $hash_base, "--", $file_name
+                       or die_error(500, "Open git-blame --incremental failed");
+       } else {
+               # run git-blame --porcelain
+               open $fd, "-|", git_cmd(), "blame", '-p',
+                       $hash_base, '--', $file_name
+                       or die_error(500, "Open git-blame --porcelain failed");
         }
         }
-       $ftype = git_get_type($hash);
-       if ($ftype !~ "blob") {
-               die_error('400 Bad Request', "Object is not a blob");
+
+       # incremental blame data returns early
+       if ($format eq 'data') {
+               print $cgi->header(
+                       -type=>"text/plain", -charset => "utf-8",
+                       -status=> "200 OK");
+               local $| = 1; # output autoflush
+               print while <$fd>;
+               close $fd
+                       or print "ERROR $!\n";
+
+               print 'END';
+               if (defined $t0 && gitweb_check_feature('timed')) {
+                       print ' '.
+                             tv_interval($t0, [ gettimeofday() ]).
+                             ' '.$number_of_git_cmds;
+               }
+               print "\n";
+
+               return;
         }
         }
-       open ($fd, "-|", git_cmd(), "blame", '-p', '--',
-             $file_name, $hash_base)
-               or die_error(undef, "Open git-blame failed");
+
+       # page header
         git_header_html();
         my $formats_nav =
                 $cgi->a({-href => href(action=>"blob", -replay=>1)},
                         "blob") .
         git_header_html();
         my $formats_nav =
                 $cgi->a({-href => href(action=>"blob", -replay=>1)},
                         "blob") .
+               " | ";
+       if ($format eq 'incremental') {
+               $formats_nav .=
+                       $cgi->a({-href => href(action=>"blame", javascript=>0, -replay=>1)},
+                               "blame") . " (non-incremental)";
+       } else {
+               $formats_nav .=
+                       $cgi->a({-href => href(action=>"blame_incremental", -replay=>1)},
+                               "blame") . " (incremental)";
+       }
+       $formats_nav .=
                 " | " .
                 $cgi->a({-href => href(action=>"history", -replay=>1)},
                         "history") .
                 " | " .
                 " | " .
                 $cgi->a({-href => href(action=>"history", -replay=>1)},
                         "history") .
                 " | " .
-               $cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
+               $cgi->a({-href => href(action=>$action, file_name=>$file_name)},
                         "HEAD");
         git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
         git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
         git_print_page_path($file_name, $ftype, $hash_base);
                         "HEAD");
         git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
         git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
         git_print_page_path($file_name, $ftype, $hash_base);
-       my @rev_color = (qw(light2 dark2));
+
+       # page body
+       if ($format eq 'incremental') {
+               print "<noscript>\n<div class=\"error\"><center><b>\n".
+                     "This page requires JavaScript to run.\n Use ".
+                     $cgi->a({-href => href(action=>'blame',javascript=>0,-replay=>1)},
+                             'this page').
+                     " instead.\n".
+                     "</b></center></div>\n</noscript>\n";
+
+               print qq!<div id="progress_bar" style="width: 100%; background-color: yellow"></div>\n!;
+       }
+
+       print qq!<div class="page_body">\n!;
+       print qq!<div id="progress_info">... / ...</div>\n!
+               if ($format eq 'incremental');
+       print qq!<table id="blame_table" class="blame" width="100%">\n!.
+             #qq!<col width="5.5em" /><col width="2.5em" /><col width="*" />\n!.
+             qq!<thead>\n!.
+             qq!<tr><th>Commit</th><th>Line</th><th>Data</th></tr>\n!.
+             qq!</thead>\n!.
+             qq!<tbody>\n!;
+
+       my @rev_color = qw(light dark);
         my $num_colors = scalar(@rev_color);
         my $current_color = 0;
         my $num_colors = scalar(@rev_color);
         my $current_color = 0;
-       my $last_rev;
-       print <<HTML;
-<div class="page_body">
-<table class="blame">
-<tr><th>Commit</th><th>Line</th><th>Data</th></tr>
-HTML
-       my %metainfo = ();
-       while (1) {
-               $_ = <$fd>;
-               last unless defined $_;
-               my ($full_rev, $orig_lineno, $lineno, $group_size) =
-                   /^([0-9a-f]{40}) (\d+) (\d+)(?: (\d+))?$/;
-               if (!exists $metainfo{$full_rev}) {
-                       $metainfo{$full_rev} = {};
-               }
-               my $meta = $metainfo{$full_rev};
-               while (<$fd>) {
-                       last if (s/^\t//);
-                       if (/^(\S+) (.*)$/) {
-                               $meta->{$1} = $2;
-                       }
-               }
-               my $data = $_;
-               chomp $data;
-               my $rev = substr($full_rev, 0, 8);
-               my $author = $meta->{'author'};
-               my %date = parse_date($meta->{'author-time'},
-                                     $meta->{'author-tz'});
-               my $date = $date{'iso-tz'};
-               if ($group_size) {
-                       $current_color = ++$current_color % $num_colors;
-               }
-               print "<tr class=\"$rev_color[$current_color]\">\n";
-               if ($group_size) {
-                       print "<td class=\"sha1\"";
-                       print " title=\"". esc_html($author) . ", $date\"";
-                       print " rowspan=\"$group_size\"" if ($group_size > 1);
-                       print ">";
-                       print $cgi->a({-href => href(action=>"commit",
-                                                    hash=>$full_rev,
-                                                    file_name=>$file_name)},
-                                     esc_html($rev));
-                       print "</td>\n";
+
+       if ($format eq 'incremental') {
+               my $color_class = $rev_color[$current_color];
+
+               #contents of a file
+               my $linenr = 0;
+       LINE:
+               while (my $line = <$fd>) {
+                       chomp $line;
+                       $linenr++;
+
+                       print qq!<tr id="l$linenr" class="$color_class">!.
+                             qq!<td class="sha1"><a href=""> </a></td>!.
+                             qq!<td class="linenr">!.
+                             qq!<a class="linenr" href="">$linenr</a></td>!;
+                       print qq!<td class="pre">! . esc_html($line) . "</td>\n";
+                       print qq!</tr>\n!;
                 }
                 }
-               open (my $dd, "-|", git_cmd(), "rev-parse", "$full_rev^")
-                       or die_error(undef, "Open git-rev-parse failed");
-               my $parent_commit = <$dd>;
-               close $dd;
-               chomp($parent_commit);
-               my $blamed = href(action => 'blame',
-                                 file_name => $meta->{'filename'},
-                                 hash_base => $parent_commit);
-               print "<td class=\"linenr\">";
-               print $cgi->a({ -href => "$blamed#l$orig_lineno",
-                               -id => "l$lineno",
-                               -class => "linenr" },
-                             esc_html($lineno));
-               print "</td>";
-               print "<td class=\"pre\">" . esc_html($data) . "</td>\n";
-               print "</tr>\n";
-       }
-       print "</table>\n";
-       print "</div>";
-       close $fd
-               or print "Reading blob failed\n";
-       git_footer_html();
-}
  
  
-sub git_blame {
-       my $fd;
+       } else { # porcelain, i.e. ordinary blame
+               my %metainfo = (); # saves information about commits
  
  
-       my ($have_blame) = gitweb_check_feature('blame');
-       if (!$have_blame) {
-               die_error('403 Permission denied', "Permission denied");
-       }
-       die_error('404 Not Found', "File name not defined") if (!$file_name);
-       $hash_base ||= git_get_head_hash($project);
-       die_error(undef, "Couldn't find base commit") unless ($hash_base);
-       my %co = parse_commit($hash_base)
-               or die_error(undef, "Reading commit failed");
-       if (!defined $hash) {
-               $hash = git_get_hash_by_path($hash_base, $file_name, "blob")
-                       or die_error(undef, "Error lookup file");
-       }
-       open ($fd, "-|", git_cmd(), "annotate", '-l', '-t', '-r', $file_name, $hash_base)
-               or die_error(undef, "Open git-annotate failed");
-       git_header_html();
-       my $formats_nav =
-               $cgi->a({-href => href(action=>"blob", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
-                       "blob") .
-               " | " .
-               $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base, file_name=>$file_name)},
-                       "history") .
-               " | " .
-               $cgi->a({-href => href(action=>"blame", file_name=>$file_name)},
-                       "HEAD");
-       git_print_page_nav('','', $hash_base,$co{'tree'},$hash_base, $formats_nav);
-       git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
-       git_print_page_path($file_name, 'blob', $hash_base);
-       print "<div class=\"page_body\">\n";
-       print <<HTML;
-<table class="blame">
-  <tr>
-    <th>Commit</th>
-    <th>Age</th>
-    <th>Author</th>
-    <th>Line</th>
-    <th>Data</th>
-  </tr>
-HTML
-       my @line_class = (qw(light dark));
-       my $line_class_len = scalar (@line_class);
-       my $line_class_num = $#line_class;
-       while (my $line = <$fd>) {
-               my $long_rev;
-               my $short_rev;
-               my $author;
-               my $time;
-               my $lineno;
-               my $data;
-               my $age;
-               my $age_str;
-               my $age_class;
+               # blame data
+       LINE:
+               while (my $line = <$fd>) {
+                       chomp $line;
+                       # the header: <SHA-1> <src lineno> <dst lineno> [<lines in group>]
+                       # no <lines in group> for subsequent lines in group of lines
+                       my ($full_rev, $orig_lineno, $lineno, $group_size) =
+                          ($line =~ /^([0-9a-f]{40}) (\d+) (\d+)(?: (\d+))?$/);
+                       if (!exists $metainfo{$full_rev}) {
+                               $metainfo{$full_rev} = { 'nprevious' => 0 };
+                       }
+                       my $meta = $metainfo{$full_rev};
+                       my $data;
+                       while ($data = <$fd>) {
+                               chomp $data;
+                               last if ($data =~ s/^\t//); # contents of line
+                               if ($data =~ /^(\S+)(?: (.*))?$/) {
+                                       $meta->{$1} = $2 unless exists $meta->{$1};
+                               }
+                               if ($data =~ /^previous /) {
+                                       $meta->{'nprevious'}++;
+                               }
+                       }
+                       my $short_rev = substr($full_rev, 0, 8);
+                       my $author = $meta->{'author'};
+                       my %date =
+                               parse_date($meta->{'author-time'}, $meta->{'author-tz'});
+                       my $date = $date{'iso-tz'};
+                       if ($group_size) {
+                               $current_color = ($current_color + 1) % $num_colors;
+                       }
+                       my $tr_class = $rev_color[$current_color];
+                       $tr_class .= ' boundary' if (exists $meta->{'boundary'});
+                       $tr_class .= ' no-previous' if ($meta->{'nprevious'} == 0);
+                       $tr_class .= ' multiple-previous' if ($meta->{'nprevious'} > 1);
+                       print "<tr id=\"l$lineno\" class=\"$tr_class\">\n";
+                       if ($group_size) {
+                               print "<td class=\"sha1\"";
+                               print " title=\"". esc_html($author) . ", $date\"";
+                               print " rowspan=\"$group_size\"" if ($group_size > 1);
+                               print ">";
+                               print $cgi->a({-href => href(action=>"commit",
+                                                            hash=>$full_rev,
+                                                            file_name=>$file_name)},
+                                             esc_html($short_rev));
+                               if ($group_size >= 2) {
+                                       my @author_initials = ($author =~ /\b([[:upper:]])\B/g);
+                                       if (@author_initials) {
+                                               print "<br />" .
+                                                     esc_html(join('', @author_initials));
+                                               #           or join('.', ...)
+                                       }
+                               }
+                               print "</td>\n";
+                       }
+                       # 'previous' <sha1 of parent commit> <filename at commit>
+                       if (exists $meta->{'previous'} &&
+                           $meta->{'previous'} =~ /^([a-fA-F0-9]{40}) (.*)$/) {
+                               $meta->{'parent'} = $1;
+                               $meta->{'file_parent'} = unquote($2);
+                       }
+                       my $linenr_commit =
+                               exists($meta->{'parent'}) ?
+                               $meta->{'parent'} : $full_rev;
+                       my $linenr_filename =
+                               exists($meta->{'file_parent'}) ?
+                               $meta->{'file_parent'} : unquote($meta->{'filename'});
+                       my $blamed = href(action => 'blame',
+                                         file_name => $linenr_filename,
+                                         hash_base => $linenr_commit);
+                       print "<td class=\"linenr\">";
+                       print $cgi->a({ -href => "$blamed#l$orig_lineno",
+                                       -class => "linenr" },
+                                     esc_html($lineno));
+                       print "</td>";
+                       print "<td class=\"pre\">" . esc_html($data) . "</td>\n";
+                       print "</tr>\n";
+               } # end while
  
  
-               chomp $line;
-               $line_class_num = ($line_class_num + 1) % $line_class_len;
-
-               if ($line =~ m/^([0-9a-fA-F]{40})\t\(\s*([^\t]+)\t(\d+) [+-]\d\d\d\d\t(\d+)\)(.*)$/) {
-                       $long_rev = $1;
-                       $author   = $2;
-                       $time     = $3;
-                       $lineno   = $4;
-                       $data     = $5;
-               } else {
-                       print qq(  <tr><td colspan="5" class="error">Unable to parse: $line</td></tr>\n);
-                       next;
-               }
-               $short_rev  = substr ($long_rev, 0, 8);
-               $age        = time () - $time;
-               $age_str    = age_string ($age);
-               $age_str    =~ s/ /&nbsp;/g;
-               $age_class  = age_class($age);
-               $author     = esc_html ($author);
-               $author     =~ s/ /&nbsp;/g;
-
-               $data = untabify($data);
-               $data = esc_html ($data);
-
-               print <<HTML;
-  <tr class="$line_class[$line_class_num]">
-    <td class="sha1"><a href="${\href (action=>"commit", hash=>$long_rev)}" class="text">$short_rev..</a></td>
-    <td class="$age_class">$age_str</td>
-    <td>$author</td>
-    <td class="linenr"><a id="$lineno" href="#$lineno" class="linenr">$lineno</a></td>
-    <td class="pre">$data</td>
-  </tr>
-HTML
-       } # while (my $line = <$fd>)
-       print "</table>\n\n";
+       }
+
+       # footer
+       print "</tbody>\n".
+             "</table>\n"; # class="blame"
+       print "</div>\n";   # class="blame_body"
         close $fd
         close $fd
-               or print "Reading blob failed.\n";
-       print "</div>";
+               or print "Reading blob failed\n";
+
         git_footer_html();
  }
  
         git_footer_html();
  }
  
+sub git_blame {
+       git_blame_common();
+}
+
+sub git_blame_incremental {
+       git_blame_common('incremental');
+}
+
+sub git_blame_data {
+       git_blame_common('data');
+}
+
  sub git_tags {
         my $head = git_get_head_hash($project);
         git_header_html();
  sub git_tags {
         my $head = git_get_head_hash($project);
         git_header_html();
-       git_print_page_nav('','', $head,undef,$head);
+       git_print_page_nav('','', $head,undef,$head,format_ref_views('tags'));
         git_print_header_div('summary', $project);
  
         my @tagslist = git_get_tags_list();
         git_print_header_div('summary', $project);
  
         my @tagslist = git_get_tags_list();
@@ -4364,7 +6044,7 @@ sub git_tags {
  sub git_heads {
         my $head = git_get_head_hash($project);
         git_header_html();
  sub git_heads {
         my $head = git_get_head_hash($project);
         git_header_html();
-       git_print_page_nav('','', $head,undef,$head);
+       git_print_page_nav('','', $head,undef,$head,format_ref_views('heads'));
         git_print_header_div('summary', $project);
  
         my @headslist = git_get_heads_list();
         git_print_header_div('summary', $project);
  
         my @headslist = git_get_heads_list();
@@ -4374,29 +6054,63 @@ sub git_heads {
         git_footer_html();
  }
  
         git_footer_html();
  }
  
+# used both for single remote view and for list of all the remotes
+sub git_remotes {
+       gitweb_check_feature('remote_heads')
+               or die_error(403, "Remote heads view is disabled");
+
+       my $head = git_get_head_hash($project);
+       my $remote = $input_params{'hash'};
+
+       my $remotedata = git_get_remotes_list($remote);
+       die_error(500, "Unable to get remote information") unless defined $remotedata;
+
+       unless (%$remotedata) {
+               die_error(404, defined $remote ?
+                       "Remote $remote not found" :
+                       "No remotes found");
+       }
+
+       git_header_html(undef, undef, -action_extra => $remote);
+       git_print_page_nav('', '',  $head, undef, $head,
+               format_ref_views($remote ? '' : 'remotes'));
+
+       fill_remote_heads($remotedata);
+       if (defined $remote) {
+               git_print_header_div('remotes', "$remote remote for $project");
+               git_remote_block($remote, $remotedata->{$remote}, undef, $head);
+       } else {
+               git_print_header_div('summary', "$project remotes");
+               git_remotes_body($remotedata, undef, $head);
+       }
+
+       git_footer_html();
+}
+
  sub git_blob_plain {
  sub git_blob_plain {
+       my $type = shift;
         my $expires;
  
         if (!defined $hash) {
                 if (defined $file_name) {
                         my $base = $hash_base || git_get_head_hash($project);
                         $hash = git_get_hash_by_path($base, $file_name, "blob")
         my $expires;
  
         if (!defined $hash) {
                 if (defined $file_name) {
                         my $base = $hash_base || git_get_head_hash($project);
                         $hash = git_get_hash_by_path($base, $file_name, "blob")
-                               or die_error(undef, "Error lookup file");
+                               or die_error(404, "Cannot find file");
                 } else {
                 } else {
-                       die_error(undef, "No file name defined");
+                       die_error(400, "No file name defined");
                 }
         } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
                 # blobs defined by non-textual hash id's can be cached
                 $expires = "+1d";
         }
  
                 }
         } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
                 # blobs defined by non-textual hash id's can be cached
                 $expires = "+1d";
         }
  
-       my $type = shift;
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
-               or die_error(undef, "Couldn't cat $file_name, $hash");
+               or die_error(500, "Open git-cat-file blob '$hash' failed");
  
  
-       $type ||= blob_mimetype($fd, $file_name);
+       # content-type (can include charset)
+       $type = blob_contenttype($fd, $file_name, $type);
  
  
-       # save as filename, even when no $file_name is given
+       # "save as" filename, even when no $file_name is given
         my $save_as = "$hash";
         if (defined $file_name) {
                 $save_as = $file_name;
         my $save_as = "$hash";
         if (defined $file_name) {
                 $save_as = $file_name;
@@ -4404,15 +6118,25 @@ sub git_blob_plain {
                 $save_as .= '.txt';
         }
  
                 $save_as .= '.txt';
         }
  
+       # With XSS prevention on, blobs of all types except a few known safe
+       # ones are served with "Content-Disposition: attachment" to make sure
+       # they don't run in our security domain.  For certain image types,
+       # blob view writes an <img> tag referring to blob_plain view, and we
+       # want to be sure not to break that by serving the image as an
+       # attachment (though Firefox 3 doesn't seem to care).
+       my $sandbox = $prevent_xss &&
+               $type !~ m!^(?:text/plain|image/(?:gif|png|jpeg))(?:[ ;]|$)!;
+
         print $cgi->header(
         print $cgi->header(
-               -type => "$type",
-               -expires=>$expires,
-               -content_disposition => 'inline; filename="' . "$save_as" . '"');
-       undef $/;
+               -type => $type,
+               -expires => $expires,
+               -content_disposition =>
+                       ($sandbox ? 'attachment' : 'inline')
+                       . '; filename="' . $save_as . '"');
+       local $/ = undef;
         binmode STDOUT, ':raw';
         print <$fd>;
         binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi
         binmode STDOUT, ':raw';
         print <$fd>;
         binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi
-       $/ = "\n";
         close $fd;
  }
  
         close $fd;
  }
  
@@ -4423,19 +6147,20 @@ sub git_blob {
                 if (defined $file_name) {
                         my $base = $hash_base || git_get_head_hash($project);
                         $hash = git_get_hash_by_path($base, $file_name, "blob")
                 if (defined $file_name) {
                         my $base = $hash_base || git_get_head_hash($project);
                         $hash = git_get_hash_by_path($base, $file_name, "blob")
-                               or die_error(undef, "Error lookup file");
+                               or die_error(404, "Cannot find file");
                 } else {
                 } else {
-                       die_error(undef, "No file name defined");
+                       die_error(400, "No file name defined");
                 }
         } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
                 # blobs defined by non-textual hash id's can be cached
                 $expires = "+1d";
         }
  
                 }
         } elsif ($hash =~ m/^[0-9a-fA-F]{40}$/) {
                 # blobs defined by non-textual hash id's can be cached
                 $expires = "+1d";
         }
  
-       my ($have_blame) = gitweb_check_feature('blame');
+       my $have_blame = gitweb_check_feature('blame');
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
         open my $fd, "-|", git_cmd(), "cat-file", "blob", $hash
-               or die_error(undef, "Couldn't cat $file_name, $hash");
+               or die_error(500, "Couldn't cat $file_name, $hash");
         my $mimetype = blob_mimetype($fd, $file_name);
         my $mimetype = blob_mimetype($fd, $file_name);
+       # use 'blob_plain' (aka 'raw') view for files that cannot be displayed
         if ($mimetype !~ m!^(?:text/|image/(?:gif|png|jpeg)$)! && -B $fd) {
                 close $fd;
                 return git_blob_plain($mimetype);
         if ($mimetype !~ m!^(?:text/|image/(?:gif|png|jpeg)$)! && -B $fd) {
                 close $fd;
                 return git_blob_plain($mimetype);
@@ -4443,6 +6168,11 @@ sub git_blob {
         # we can have blame only for text/* mimetype
         $have_blame &&= ($mimetype =~ m!^text/!);
  
         # we can have blame only for text/* mimetype
         $have_blame &&= ($mimetype =~ m!^text/!);
  
+       my $highlight = gitweb_check_feature('highlight');
+       my $syntax = guess_file_syntax($highlight, $mimetype, $file_name);
+       $fd = run_highlighter($fd, $highlight, $syntax)
+               if $syntax;
+
         git_header_html(undef, $expires);
         my $formats_nav = '';
         if (defined $hash_base && (my %co = parse_commit($hash_base))) {
         git_header_html(undef, $expires);
         my $formats_nav = '';
         if (defined $hash_base && (my %co = parse_commit($hash_base))) {
@@ -4473,14 +6203,14 @@ sub git_blob {
         } else {
                 print "<div class=\"page_nav\">\n" .
                       "<br/><br/></div>\n" .
         } else {
                 print "<div class=\"page_nav\">\n" .
                       "<br/><br/></div>\n" .
-                     "<div class=\"title\">$hash</div>\n";
+                     "<div class=\"title\">".esc_html($hash)."</div>\n";
         }
         git_print_page_path($file_name, "blob", $hash_base);
         print "<div class=\"page_body\">\n";
         if ($mimetype =~ m!^image/!) {
         }
         git_print_page_path($file_name, "blob", $hash_base);
         print "<div class=\"page_body\">\n";
         if ($mimetype =~ m!^image/!) {
-               print qq!<img type="$mimetype"!;
+               print qq!<img type="!.esc_attr($mimetype).qq!"!;
                 if ($file_name) {
                 if ($file_name) {
-                       print qq! alt="$file_name" title="$file_name"!;
+                       print qq! alt="!.esc_attr($file_name).qq!" title="!.esc_attr($file_name).qq!"!;
                 }
                 print qq! src="! .
                       href(action=>"blob_plain", hash=>$hash,
                 }
                 print qq! src="! .
                       href(action=>"blob_plain", hash=>$hash,
@@ -4492,8 +6222,8 @@ sub git_blob {
                         chomp $line;
                         $nr++;
                         $line = untabify($line);
                         chomp $line;
                         $nr++;
                         $line = untabify($line);
-                       printf "<div class=\"pre\"><a id=\"l%i\" href=\"#l%i\" class=\"linenr\">%4i</a> %s</div>\n",
-                              $nr, $nr, $nr, esc_html($line, -nbsp=>1);
+                       printf qq!<div class="pre"><a id="l%i" href="%s#l%i" class="linenr">%4i</a> %s</div>\n!,
+                              $nr, href(-replay => 1), $nr, $nr, $syntax ? $line : esc_html($line, -nbsp=>1);
                 }
         }
         close $fd
                 }
         }
         close $fd
@@ -4513,18 +6243,26 @@ sub git_tree {
                         $hash = $hash_base;
                 }
         }
                         $hash = $hash_base;
                 }
         }
-       $/ = "\0";
-       open my $fd, "-|", git_cmd(), "ls-tree", '-z', $hash
-               or die_error(undef, "Open git-ls-tree failed");
-       my @entries = map { chomp; $_ } <$fd>;
-       close $fd or die_error(undef, "Reading tree failed");
-       $/ = "\n";
+       die_error(404, "No such tree") unless defined($hash);
+
+       my $show_sizes = gitweb_check_feature('show-sizes');
+       my $have_blame = gitweb_check_feature('blame');
+
+       my @entries = ();
+       {
+               local $/ = "\0";
+               open my $fd, "-|", git_cmd(), "ls-tree", '-z',
+                       ($show_sizes ? '-l' : ()), @extra_options, $hash
+                       or die_error(500, "Open git-ls-tree failed");
+               @entries = map { chomp; $_ } <$fd>;
+               close $fd
+                       or die_error(404, "Reading tree failed");
+       }
  
         my $refs = git_get_references();
         my $ref = format_ref_marker($refs, $hash_base);
         git_header_html();
         my $basedir = '';
  
         my $refs = git_get_references();
         my $ref = format_ref_marker($refs, $hash_base);
         git_header_html();
         my $basedir = '';
-       my ($have_blame) = gitweb_check_feature('blame');
         if (defined $hash_base && (my %co = parse_commit($hash_base))) {
                 my @views_nav = ();
                 if (defined $file_name) {
         if (defined $hash_base && (my %co = parse_commit($hash_base))) {
                 my @views_nav = ();
                 if (defined $file_name) {
@@ -4540,21 +6278,22 @@ sub git_tree {
                         # FIXME: Should be available when we have no hash base as well.
                         push @views_nav, $snapshot_links;
                 }
                         # FIXME: Should be available when we have no hash base as well.
                         push @views_nav, $snapshot_links;
                 }
-               git_print_page_nav('tree','', $hash_base, undef, undef, join(' | ', @views_nav));
+               git_print_page_nav('tree','', $hash_base, undef, undef,
+                                  join(' | ', @views_nav));
                 git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash_base);
         } else {
                 undef $hash_base;
                 print "<div class=\"page_nav\">\n";
                 print "<br/><br/></div>\n";
                 git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash_base);
         } else {
                 undef $hash_base;
                 print "<div class=\"page_nav\">\n";
                 print "<br/><br/></div>\n";
-               print "<div class=\"title\">$hash</div>\n";
+               print "<div class=\"title\">".esc_html($hash)."</div>\n";
         }
         if (defined $file_name) {
                 $basedir = $file_name;
                 if ($basedir ne '' && substr($basedir, -1) ne '/') {
                         $basedir .= '/';
                 }
         }
         if (defined $file_name) {
                 $basedir = $file_name;
                 if ($basedir ne '' && substr($basedir, -1) ne '/') {
                         $basedir .= '/';
                 }
+               git_print_page_path($file_name, 'tree', $hash_base);
         }
         }
-       git_print_page_path($file_name, 'tree', $hash_base);
         print "<div class=\"page_body\">\n";
         print "<table class=\"tree\">\n";
         my $alternate = 1;
         print "<div class=\"page_body\">\n";
         print "<table class=\"tree\">\n";
         my $alternate = 1;
@@ -4573,8 +6312,10 @@ sub git_tree {
                 undef $up unless $up;
                 # based on git_print_tree_entry
                 print '<td class="mode">' . mode_str('040000') . "</td>\n";
                 undef $up unless $up;
                 # based on git_print_tree_entry
                 print '<td class="mode">' . mode_str('040000') . "</td>\n";
+               print '<td class="size">&nbsp;</td>'."\n" if $show_sizes;
                 print '<td class="list">';
                 print '<td class="list">';
-               print $cgi->a({-href => href(action=>"tree", hash_base=>$hash_base,
+               print $cgi->a({-href => href(action=>"tree",
+                                            hash_base=>$hash_base,
                                              file_name=>$up)},
                               "..");
                 print "</td>\n";
                                              file_name=>$up)},
                               "..");
                 print "</td>\n";
@@ -4583,7 +6324,7 @@ sub git_tree {
                 print "</tr>\n";
         }
         foreach my $line (@entries) {
                 print "</tr>\n";
         }
         foreach my $line (@entries) {
-               my %t = parse_ls_tree_line($line, -z => 1);
+               my %t = parse_ls_tree_line($line, -z => 1, -l => $show_sizes);
  
                 if ($alternate) {
                         print "<tr class=\"dark\">\n";
  
                 if ($alternate) {
                         print "<tr class=\"dark\">\n";
@@ -4601,123 +6342,174 @@ sub git_tree {
         git_footer_html();
  }
  
         git_footer_html();
  }
  
-sub git_snapshot {
-       my @supported_fmts = gitweb_check_feature('snapshot');
-       @supported_fmts = filter_snapshot_fmts(@supported_fmts);
+sub snapshot_name {
+       my ($project, $hash) = @_;
+
+       # path/to/project.git  -> project
+       # path/to/project/.git -> project
+       my $name = to_utf8($project);
+       $name =~ s,([^/])/*\.git$,$1,;
+       $name = basename($name);
+       # sanitize name
+       $name =~ s/[[:cntrl:]]/?/g;
+
+       my $ver = $hash;
+       if ($hash =~ /^[0-9a-fA-F]+$/) {
+               # shorten SHA-1 hash
+               my $full_hash = git_get_full_hash($project, $hash);
+               if ($full_hash =~ /^$hash/ && length($hash) > 7) {
+                       $ver = git_get_short_hash($project, $hash);
+               }
+       } elsif ($hash =~ m!^refs/tags/(.*)$!) {
+               # tags don't need shortened SHA-1 hash
+               $ver = $1;
+       } else {
+               # branches and other need shortened SHA-1 hash
+               if ($hash =~ m!^refs/(?:heads|remotes)/(.*)$!) {
+                       $ver = $1;
+               }
+               $ver .= '-' . git_get_short_hash($project, $hash);
+       }
+       # in case of hierarchical branch names
+       $ver =~ s!/!.!g;
  
  
-       my $format = $cgi->param('sf');
-       if (!@supported_fmts) {
-               die_error('403 Permission denied', "Permission denied");
+       # name = project-version_string
+       $name = "$name-$ver";
+
+       return wantarray ? ($name, $name) : $name;
+}
+
+sub git_snapshot {
+       my $format = $input_params{'snapshot_format'};
+       if (!@snapshot_fmts) {
+               die_error(403, "Snapshots not allowed");
         }
         # default to first supported snapshot format
         }
         # default to first supported snapshot format
-       $format ||= $supported_fmts[0];
+       $format ||= $snapshot_fmts[0];
         if ($format !~ m/^[a-z0-9]+$/) {
         if ($format !~ m/^[a-z0-9]+$/) {
-               die_error(undef, "Invalid snapshot format parameter");
+               die_error(400, "Invalid snapshot format parameter");
         } elsif (!exists($known_snapshot_formats{$format})) {
         } elsif (!exists($known_snapshot_formats{$format})) {
-               die_error(undef, "Unknown snapshot format");
-       } elsif (!grep($_ eq $format, @supported_fmts)) {
-               die_error(undef, "Unsupported snapshot format");
-       }
-
-       if (!defined $hash) {
-               $hash = git_get_head_hash($project);
-       }
-
-       my $git_command = git_cmd_str();
-       my $name = $project;
-       $name =~ s,([^/])/*\.git$,$1,;
-       $name = basename($name);
-       my $filename = to_utf8($name);
-       $name =~ s/\047/\047\\\047\047/g;
-       my $cmd;
-       $filename .= "-$hash$known_snapshot_formats{$format}{'suffix'}";
-       $cmd = "$git_command archive " .
-               "--format=$known_snapshot_formats{$format}{'format'} " .
-               "--prefix=\'$name\'/ $hash";
+               die_error(400, "Unknown snapshot format");
+       } elsif ($known_snapshot_formats{$format}{'disabled'}) {
+               die_error(403, "Snapshot format not allowed");
+       } elsif (!grep($_ eq $format, @snapshot_fmts)) {
+               die_error(403, "Unsupported snapshot format");
+       }
+
+       my $type = git_get_type("$hash^{}");
+       if (!$type) {
+               die_error(404, 'Object does not exist');
+       }  elsif ($type eq 'blob') {
+               die_error(400, 'Object is not a tree-ish');
+       }
+
+       my ($name, $prefix) = snapshot_name($project, $hash);
+       my $filename = "$name$known_snapshot_formats{$format}{'suffix'}";
+       my $cmd = quote_command(
+               git_cmd(), 'archive',
+               "--format=$known_snapshot_formats{$format}{'format'}",
+               "--prefix=$prefix/", $hash);
         if (exists $known_snapshot_formats{$format}{'compressor'}) {
         if (exists $known_snapshot_formats{$format}{'compressor'}) {
-               $cmd .= ' | ' . join ' ', @{$known_snapshot_formats{$format}{'compressor'}};
+               $cmd .= ' | ' . quote_command(@{$known_snapshot_formats{$format}{'compressor'}});
         }
  
         }
  
+       $filename =~ s/(["\\])/\\$1/g;
         print $cgi->header(
                 -type => $known_snapshot_formats{$format}{'type'},
         print $cgi->header(
                 -type => $known_snapshot_formats{$format}{'type'},
-               -content_disposition => 'inline; filename="' . "$filename" . '"',
+               -content_disposition => 'inline; filename="' . $filename . '"',
                 -status => '200 OK');
  
         open my $fd, "-|", $cmd
                 -status => '200 OK');
  
         open my $fd, "-|", $cmd
-               or die_error(undef, "Execute git-archive failed");
+               or die_error(500, "Execute git-archive failed");
         binmode STDOUT, ':raw';
         print <$fd>;
         binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi
         close $fd;
  }
  
         binmode STDOUT, ':raw';
         print <$fd>;
         binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi
         close $fd;
  }
  
-sub git_log {
+sub git_log_generic {
+       my ($fmt_name, $body_subr, $base, $parent, $file_name, $file_hash) = @_;
+
         my $head = git_get_head_hash($project);
         my $head = git_get_head_hash($project);
-       if (!defined $hash) {
-               $hash = $head;
+       if (!defined $base) {
+               $base = $head;
         }
         if (!defined $page) {
                 $page = 0;
         }
         my $refs = git_get_references();
  
         }
         if (!defined $page) {
                 $page = 0;
         }
         my $refs = git_get_references();
  
-       my @commitlist = parse_commits($hash, 101, (100 * $page));
-
-       my $paging_nav = format_paging_nav('log', $hash, $head, $page, $#commitlist >= 100);
+       my $commit_hash = $base;
+       if (defined $parent) {
+               $commit_hash = "$parent..$base";
+       }
+       my @commitlist =
+               parse_commits($commit_hash, 101, (100 * $page),
+                             defined $file_name ? ($file_name, "--full-history") : ());
  
  
-       git_header_html();
-       git_print_page_nav('log','', $hash,undef,undef, $paging_nav);
+       my $ftype;
+       if (!defined $file_hash && defined $file_name) {
+               # some commits could have deleted file in question,
+               # and not have it in tree, but one of them has to have it
+               for (my $i = 0; $i < @commitlist; $i++) {
+                       $file_hash = git_get_hash_by_path($commitlist[$i]{'id'}, $file_name);
+                       last if defined $file_hash;
+               }
+       }
+       if (defined $file_hash) {
+               $ftype = git_get_type($file_hash);
+       }
+       if (defined $file_name && !defined $ftype) {
+               die_error(500, "Unknown type of object");
+       }
+       my %co;
+       if (defined $file_name) {
+               %co = parse_commit($base)
+                       or die_error(404, "Unknown commit object");
+       }
  
  
-       if (!@commitlist) {
-               my %co = parse_commit($hash);
  
  
-               git_print_header_div('summary', $project);
-               print "<div class=\"page_body\"> Last change $co{'age_string'}.<br/><br/></div>\n";
+       my $paging_nav = format_paging_nav($fmt_name, $page, $#commitlist >= 100);
+       my $next_link = '';
+       if ($#commitlist >= 100) {
+               $next_link =
+                       $cgi->a({-href => href(-replay=>1, page=>$page+1),
+                                -accesskey => "n", -title => "Alt-n"}, "next");
         }
         }
-       my $to = ($#commitlist >= 99) ? (99) : ($#commitlist);
-       for (my $i = 0; $i <= $to; $i++) {
-               my %co = %{$commitlist[$i]};
-               next if !%co;
-               my $commit = $co{'id'};
-               my $ref = format_ref_marker($refs, $commit);
-               my %ad = parse_date($co{'author_epoch'});
-               git_print_header_div('commit',
-                              "<span class=\"age\">$co{'age_string'}</span>" .
-                              esc_html($co{'title'}) . $ref,
-                              $commit);
-               print "<div class=\"title_text\">\n" .
-                     "<div class=\"log_link\">\n" .
-                     $cgi->a({-href => href(action=>"commit", hash=>$commit)}, "commit") .
-                     " | " .
-                     $cgi->a({-href => href(action=>"commitdiff", hash=>$commit)}, "commitdiff") .
-                     " | " .
-                     $cgi->a({-href => href(action=>"tree", hash=>$commit, hash_base=>$commit)}, "tree") .
-                     "<br/>\n" .
-                     "</div>\n" .
-                     "<i>" . esc_html($co{'author_name'}) .  " [$ad{'rfc2822'}]</i><br/>\n" .
-                     "</div>\n";
-
-               print "<div class=\"log_body\">\n";
-               git_print_log($co{'comment'}, -final_empty_line=> 1);
-               print "</div>\n";
+       my $patch_max = gitweb_get_feature('patches');
+       if ($patch_max && !defined $file_name) {
+               if ($patch_max < 0 || @commitlist <= $patch_max) {
+                       $paging_nav .= " &sdot; " .
+                               $cgi->a({-href => href(action=>"patches", -replay=>1)},
+                                       "patches");
+               }
         }
         }
-       if ($#commitlist >= 100) {
-               print "<div class=\"page_nav\">\n";
-               print $cgi->a({-href => href(-replay=>1, page=>$page+1),
-                              -accesskey => "n", -title => "Alt-n"}, "next");
-               print "</div>\n";
+
+       git_header_html();
+       git_print_page_nav($fmt_name,'', $hash,$hash,$hash, $paging_nav);
+       if (defined $file_name) {
+               git_print_header_div('commit', esc_html($co{'title'}), $base);
+       } else {
+               git_print_header_div('summary', $project)
         }
         }
+       git_print_page_path($file_name, $ftype, $hash_base)
+               if (defined $file_name);
+
+       $body_subr->(\@commitlist, 0, 99, $refs, $next_link,
+                    $file_name, $file_hash, $ftype);
+
         git_footer_html();
  }
  
         git_footer_html();
  }
  
+sub git_log {
+       git_log_generic('log', \&git_log_body,
+                       $hash, $hash_parent);
+}
+
  sub git_commit {
         $hash ||= $hash_base || "HEAD";
  sub git_commit {
         $hash ||= $hash_base || "HEAD";
-       my %co = parse_commit($hash);
-       if (!%co) {
-               die_error(undef, "Unknown commit object");
-       }
-       my %ad = parse_date($co{'author_epoch'}, $co{'author_tz'});
-       my %cd = parse_date($co{'committer_epoch'}, $co{'committer_tz'});
+       my %co = parse_commit($hash)
+           or die_error(404, "Unknown commit object");
  
         my $parent  = $co{'parent'};
         my $parents = $co{'parents'}; # listref
  
         my $parent  = $co{'parent'};
         my $parents = $co{'parents'}; # listref
@@ -4746,6 +6538,11 @@ sub git_commit {
                         } @$parents ) .
                         ')';
         }
                         } @$parents ) .
                         ')';
         }
+       if (gitweb_check_feature('patches') && @$parents <= 1) {
+               $formats_nav .= " | " .
+                       $cgi->a({-href => href(action=>"patch", -replay=>1)},
+                               "patch");
+       }
  
         if (!defined $parent) {
                 $parent = "--root";
  
         if (!defined $parent) {
                 $parent = "--root";
@@ -4755,9 +6552,9 @@ sub git_commit {
                 @diff_opts,
                 (@$parents <= 1 ? $parent : '-c'),
                 $hash, "--"
                 @diff_opts,
                 (@$parents <= 1 ? $parent : '-c'),
                 $hash, "--"
-               or die_error(undef, "Open git-diff-tree failed");
+               or die_error(500, "Open git-diff-tree failed");
         @difftree = map { chomp; $_ } <$fd>;
         @difftree = map { chomp; $_ } <$fd>;
-       close $fd or die_error(undef, "Reading git-diff-tree failed");
+       close $fd or die_error(404, "Reading git-diff-tree failed");
  
         # non-textual hash id's can be cached
         my $expires;
  
         # non-textual hash id's can be cached
         my $expires;
@@ -4779,22 +6576,7 @@ sub git_commit {
         }
         print "<div class=\"title_text\">\n" .
               "<table class=\"object_header\">\n";
         }
         print "<div class=\"title_text\">\n" .
               "<table class=\"object_header\">\n";
-       print "<tr><td>author</td><td>" . esc_html($co{'author'}) . "</td></tr>\n".
-             "<tr>" .
-             "<td></td><td> $ad{'rfc2822'}";
-       if ($ad{'hour_local'} < 6) {
-               printf(" (<span class=\"atnight\">%02d:%02d</span> %s)",
-                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
-       } else {
-               printf(" (%02d:%02d %s)",
-                      $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'});
-       }
-       print "</td>" .
-             "</tr>\n";
-       print "<tr><td>committer</td><td>" . esc_html($co{'committer'}) . "</td></tr>\n";
-       print "<tr><td></td><td> $cd{'rfc2822'}" .
-             sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) .
-             "</td></tr>\n";
+       git_print_authorship_rows(\%co);
         print "<tr><td>commit</td><td class=\"sha1\">$co{'id'}</td></tr>\n";
         print "<tr>" .
               "<td>tree</td>" .
         print "<tr><td>commit</td><td class=\"sha1\">$co{'id'}</td></tr>\n";
         print "<tr>" .
               "<td>tree</td>" .
@@ -4848,35 +6630,35 @@ sub git_object {
         if ($hash || ($hash_base && !defined $file_name)) {
                 my $object_id = $hash || $hash_base;
  
         if ($hash || ($hash_base && !defined $file_name)) {
                 my $object_id = $hash || $hash_base;
  
-               my $git_command = git_cmd_str();
-               open my $fd, "-|", "$git_command cat-file -t $object_id 2>/dev/null"
-                       or die_error('404 Not Found', "Object does not exist");
+               open my $fd, "-|", quote_command(
+                       git_cmd(), 'cat-file', '-t', $object_id) . ' 2> /dev/null'
+                       or die_error(404, "Object does not exist");
                 $type = <$fd>;
                 chomp $type;
                 close $fd
                 $type = <$fd>;
                 chomp $type;
                 close $fd
-                       or die_error('404 Not Found', "Object does not exist");
+                       or die_error(404, "Object does not exist");
  
         # - hash_base and file_name
         } elsif ($hash_base && defined $file_name) {
                 $file_name =~ s,/+$,,;
  
                 system(git_cmd(), "cat-file", '-e', $hash_base) == 0
  
         # - hash_base and file_name
         } elsif ($hash_base && defined $file_name) {
                 $file_name =~ s,/+$,,;
  
                 system(git_cmd(), "cat-file", '-e', $hash_base) == 0
-                       or die_error('404 Not Found', "Base object does not exist");
+                       or die_error(404, "Base object does not exist");
  
                 # here errors should not hapen
                 open my $fd, "-|", git_cmd(), "ls-tree", $hash_base, "--", $file_name
  
                 # here errors should not hapen
                 open my $fd, "-|", git_cmd(), "ls-tree", $hash_base, "--", $file_name
-                       or die_error(undef, "Open git-ls-tree failed");
+                       or die_error(500, "Open git-ls-tree failed");
                 my $line = <$fd>;
                 close $fd;
  
                 #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
                 unless ($line && $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t/) {
                 my $line = <$fd>;
                 close $fd;
  
                 #'100644 blob 0fa3f3a66fb6a137f6ec2c19351ed4d807070ffa  panic.c'
                 unless ($line && $line =~ m/^([0-9]+) (.+) ([0-9a-fA-F]{40})\t/) {
-                       die_error('404 Not Found', "File or directory for given base does not exist");
+                       die_error(404, "File or directory for given base does not exist");
                 }
                 $type = $2;
                 $hash = $3;
         } else {
                 }
                 $type = $2;
                 $hash = $3;
         } else {
-               die_error('404 Not Found', "Not enough information to find object");
+               die_error(400, "Not enough information to find object");
         }
  
         print $cgi->redirect(-uri => href(action=>$type, -full=>1,
         }
  
         print $cgi->redirect(-uri => href(action=>$type, -full=>1,
@@ -4901,12 +6683,12 @@ sub git_blobdiff {
                         open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                                 $hash_parent_base, $hash_base,
                                 "--", (defined $file_parent ? $file_parent : ()), $file_name
                         open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                                 $hash_parent_base, $hash_base,
                                 "--", (defined $file_parent ? $file_parent : ()), $file_name
-                               or die_error(undef, "Open git-diff-tree failed");
+                               or die_error(500, "Open git-diff-tree failed");
                         @difftree = map { chomp; $_ } <$fd>;
                         close $fd
                         @difftree = map { chomp; $_ } <$fd>;
                         close $fd
-                               or die_error(undef, "Reading git-diff-tree failed");
+                               or die_error(404, "Reading git-diff-tree failed");
                         @difftree
                         @difftree
-                               or die_error('404 Not Found', "Blob diff not found");
+                               or die_error(404, "Blob diff not found");
  
                 } elsif (defined $hash &&
                          $hash =~ /[0-9a-fA-F]{40}/) {
  
                 } elsif (defined $hash &&
                          $hash =~ /[0-9a-fA-F]{40}/) {
@@ -4915,23 +6697,23 @@ sub git_blobdiff {
                         # read filtered raw output
                         open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                                 $hash_parent_base, $hash_base, "--"
                         # read filtered raw output
                         open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                                 $hash_parent_base, $hash_base, "--"
-                               or die_error(undef, "Open git-diff-tree failed");
+                               or die_error(500, "Open git-diff-tree failed");
                         @difftree =
                                 # ':100644 100644 03b21826... 3b93d5e7... M     ls-files.c'
                                 # $hash == to_id
                                 grep { /^:[0-7]{6} [0-7]{6} [0-9a-fA-F]{40} $hash/ }
                                 map { chomp; $_ } <$fd>;
                         close $fd
                         @difftree =
                                 # ':100644 100644 03b21826... 3b93d5e7... M     ls-files.c'
                                 # $hash == to_id
                                 grep { /^:[0-7]{6} [0-7]{6} [0-9a-fA-F]{40} $hash/ }
                                 map { chomp; $_ } <$fd>;
                         close $fd
-                               or die_error(undef, "Reading git-diff-tree failed");
+                               or die_error(404, "Reading git-diff-tree failed");
                         @difftree
                         @difftree
-                               or die_error('404 Not Found', "Blob diff not found");
+                               or die_error(404, "Blob diff not found");
  
                 } else {
  
                 } else {
-                       die_error('404 Not Found', "Missing one of the blob diff parameters");
+                       die_error(400, "Missing one of the blob diff parameters");
                 }
  
                 if (@difftree > 1) {
                 }
  
                 if (@difftree > 1) {
-                       die_error('404 Not Found', "Ambiguous blob diff specification");
+                       die_error(400, "Ambiguous blob diff specification");
                 }
  
                 %diffinfo = parse_difftree_raw_line($difftree[0]);
                 }
  
                 %diffinfo = parse_difftree_raw_line($difftree[0]);
@@ -4952,46 +6734,12 @@ sub git_blobdiff {
                         '-p', ($format eq 'html' ? "--full-index" : ()),
                         $hash_parent_base, $hash_base,
                         "--", (defined $file_parent ? $file_parent : ()), $file_name
                         '-p', ($format eq 'html' ? "--full-index" : ()),
                         $hash_parent_base, $hash_base,
                         "--", (defined $file_parent ? $file_parent : ()), $file_name
-                       or die_error(undef, "Open git-diff-tree failed");
+                       or die_error(500, "Open git-diff-tree failed");
         }
  
         }
  
-       # old/legacy style URI
-       if (!%diffinfo && # if new style URI failed
-           defined $hash && defined $hash_parent) {
-               # fake git-diff-tree raw output
-               $diffinfo{'from_mode'} = $diffinfo{'to_mode'} = "blob";
-               $diffinfo{'from_id'} = $hash_parent;
-               $diffinfo{'to_id'}   = $hash;
-               if (defined $file_name) {
-                       if (defined $file_parent) {
-                               $diffinfo{'status'} = '2';
-                               $diffinfo{'from_file'} = $file_parent;
-                               $diffinfo{'to_file'}   = $file_name;
-                       } else { # assume not renamed
-                               $diffinfo{'status'} = '1';
-                               $diffinfo{'from_file'} = $file_name;
-                               $diffinfo{'to_file'}   = $file_name;
-                       }
-               } else { # no filename given
-                       $diffinfo{'status'} = '2';
-                       $diffinfo{'from_file'} = $hash_parent;
-                       $diffinfo{'to_file'}   = $hash;
-               }
-
-               # non-textual hash id's can be cached
-               if ($hash =~ m/^[0-9a-fA-F]{40}$/ &&
-                   $hash_parent =~ m/^[0-9a-fA-F]{40}$/) {
-                       $expires = '+1d';
-               }
-
-               # open patch output
-               open $fd, "-|", git_cmd(), "diff", @diff_opts,
-                       '-p', ($format eq 'html' ? "--full-index" : ()),
-                       $hash_parent, $hash, "--"
-                       or die_error(undef, "Open git-diff failed");
-       } else  {
+       # old/legacy style URI -- not generated anymore since 1.4.3.
+       if (!%diffinfo) {
                 die_error('404 Not Found', "Missing one of the blob diff parameters")
                 die_error('404 Not Found', "Missing one of the blob diff parameters")
-                       unless %diffinfo;
         }
  
         # header
         }
  
         # header
@@ -5005,7 +6753,7 @@ sub git_blobdiff {
                         git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
                 } else {
                         print "<div class=\"page_nav\"><br/>$formats_nav<br/></div>\n";
                         git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
                 } else {
                         print "<div class=\"page_nav\"><br/>$formats_nav<br/></div>\n";
-                       print "<div class=\"title\">$hash vs $hash_parent</div>\n";
+                       print "<div class=\"title\">".esc_html("$hash vs $hash_parent")."</div>\n";
                 }
                 if (defined $file_name) {
                         git_print_page_path($file_name, "blob", $hash_base);
                 }
                 if (defined $file_name) {
                         git_print_page_path($file_name, "blob", $hash_base);
@@ -5023,7 +6771,7 @@ sub git_blobdiff {
                 print "X-Git-Url: " . $cgi->self_url() . "\n\n";
  
         } else {
                 print "X-Git-Url: " . $cgi->self_url() . "\n\n";
  
         } else {
-               die_error(undef, "Unknown blobdiff format");
+               die_error(400, "Unknown blobdiff format");
         }
  
         # patch
         }
  
         # patch
@@ -5056,13 +6804,18 @@ sub git_blobdiff_plain {
  }
  
  sub git_commitdiff {
  }
  
  sub git_commitdiff {
-       my $format = shift || 'html';
-       $hash ||= $hash_base || "HEAD";
-       my %co = parse_commit($hash);
-       if (!%co) {
-               die_error(undef, "Unknown commit object");
+       my %params = @_;
+       my $format = $params{-format} || 'html';
+
+       my ($patch_max) = gitweb_get_feature('patches');
+       if ($format eq 'patch') {
+               die_error(403, "Patch view not allowed") unless $patch_max;
         }
  
         }
  
+       $hash ||= $hash_base || "HEAD";
+       my %co = parse_commit($hash)
+           or die_error(404, "Unknown commit object");
+
         # choose format for commitdiff for merge
         if (! defined $hash_parent && @{$co{'parents'}} > 1) {
                 $hash_parent = '--cc';
         # choose format for commitdiff for merge
         if (! defined $hash_parent && @{$co{'parents'}} > 1) {
                 $hash_parent = '--cc';
@@ -5073,6 +6826,11 @@ sub git_commitdiff {
                 $formats_nav =
                         $cgi->a({-href => href(action=>"commitdiff_plain", -replay=>1)},
                                 "raw");
                 $formats_nav =
                         $cgi->a({-href => href(action=>"commitdiff_plain", -replay=>1)},
                                 "raw");
+               if ($patch_max && @{$co{'parents'}} <= 1) {
+                       $formats_nav .= " | " .
+                               $cgi->a({-href => href(action=>"patch", -replay=>1)},
+                                       "patch");
+               }
  
                 if (defined $hash_parent &&
                     $hash_parent ne '-c' && $hash_parent ne '--cc') {
  
                 if (defined $hash_parent &&
                     $hash_parent ne '-c' && $hash_parent ne '--cc') {
@@ -5143,7 +6901,7 @@ sub git_commitdiff {
                 open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                         "--no-commit-id", "--patch-with-raw", "--full-index",
                         $hash_parent_param, $hash, "--"
                 open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                         "--no-commit-id", "--patch-with-raw", "--full-index",
                         $hash_parent_param, $hash, "--"
-                       or die_error(undef, "Open git-diff-tree failed");
+                       or die_error(500, "Open git-diff-tree failed");
  
                 while (my $line = <$fd>) {
                         chomp $line;
  
                 while (my $line = <$fd>) {
                         chomp $line;
@@ -5155,10 +6913,34 @@ sub git_commitdiff {
         } elsif ($format eq 'plain') {
                 open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                         '-p', $hash_parent_param, $hash, "--"
         } elsif ($format eq 'plain') {
                 open $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
                         '-p', $hash_parent_param, $hash, "--"
-                       or die_error(undef, "Open git-diff-tree failed");
-
+                       or die_error(500, "Open git-diff-tree failed");
+       } elsif ($format eq 'patch') {
+               # For commit ranges, we limit the output to the number of
+               # patches specified in the 'patches' feature.
+               # For single commits, we limit the output to a single patch,
+               # diverging from the git-format-patch default.
+               my @commit_spec = ();
+               if ($hash_parent) {
+                       if ($patch_max > 0) {
+                               push @commit_spec, "-$patch_max";
+                       }
+                       push @commit_spec, '-n', "$hash_parent..$hash";
+               } else {
+                       if ($params{-single}) {
+                               push @commit_spec, '-1';
+                       } else {
+                               if ($patch_max > 0) {
+                                       push @commit_spec, "-$patch_max";
+                               }
+                               push @commit_spec, "-n";
+                       }
+                       push @commit_spec, '--root', $hash;
+               }
+               open $fd, "-|", git_cmd(), "format-patch", @diff_opts,
+                       '--encoding=utf8', '--stdout', @commit_spec
+                       or die_error(500, "Open git-format-patch failed");
         } else {
         } else {
-               die_error(undef, "Unknown commitdiff format");
+               die_error(400, "Unknown commitdiff format");
         }
  
         # non-textual hash id's can be cached
         }
  
         # non-textual hash id's can be cached
@@ -5175,7 +6957,11 @@ sub git_commitdiff {
                 git_header_html(undef, $expires);
                 git_print_page_nav('commitdiff','', $hash,$co{'tree'},$hash, $formats_nav);
                 git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash);
                 git_header_html(undef, $expires);
                 git_print_page_nav('commitdiff','', $hash,$co{'tree'},$hash, $formats_nav);
                 git_print_header_div('commit', esc_html($co{'title'}) . $ref, $hash);
-               git_print_authorship(\%co);
+               print "<div class=\"title_text\">\n" .
+                     "<table class=\"object_header\">\n";
+               git_print_authorship_rows(\%co);
+               print "</table>".
+                     "</div>\n";
                 print "<div class=\"page_body\">\n";
                 if (@{$co{'comment'}} > 1) {
                         print "<div class=\"log\">\n";
                 print "<div class=\"page_body\">\n";
                 if (@{$co{'comment'}} > 1) {
                         print "<div class=\"log\">\n";
@@ -5205,6 +6991,14 @@ sub git_commitdiff {
                         print to_utf8($line) . "\n";
                 }
                 print "---\n\n";
                         print to_utf8($line) . "\n";
                 }
                 print "---\n\n";
+       } elsif ($format eq 'patch') {
+               my $filename = basename($project) . "-$hash.patch";
+
+               print $cgi->header(
+                       -type => 'text/plain',
+                       -charset => 'utf-8',
+                       -expires => $expires,
+                       -content_disposition => 'inline; filename="' . "$filename" . '"');
         }
  
         # write patch
         }
  
         # write patch
@@ -5226,98 +7020,44 @@ sub git_commitdiff {
                 print <$fd>;
                 close $fd
                         or print "Reading git-diff-tree failed\n";
                 print <$fd>;
                 close $fd
                         or print "Reading git-diff-tree failed\n";
+       } elsif ($format eq 'patch') {
+               local $/ = undef;
+               print <$fd>;
+               close $fd
+                       or print "Reading git-format-patch failed\n";
         }
  }
  
  sub git_commitdiff_plain {
         }
  }
  
  sub git_commitdiff_plain {
-       git_commitdiff('plain');
+       git_commitdiff(-format => 'plain');
  }
  
  }
  
-sub git_history {
-       if (!defined $hash_base) {
-               $hash_base = git_get_head_hash($project);
-       }
-       if (!defined $page) {
-               $page = 0;
-       }
-       my $ftype;
-       my %co = parse_commit($hash_base);
-       if (!%co) {
-               die_error(undef, "Unknown commit object");
-       }
-
-       my $refs = git_get_references();
-       my $limit = sprintf("--max-count=%i", (100 * ($page+1)));
-
-       my @commitlist = parse_commits($hash_base, 101, (100 * $page),
-                                      $file_name, "--full-history");
-       if (!@commitlist) {
-               die_error('404 Not Found', "No such file or directory on given branch");
-       }
-
-       if (!defined $hash && defined $file_name) {
-               # some commits could have deleted file in question,
-               # and not have it in tree, but one of them has to have it
-               for (my $i = 0; $i <= @commitlist; $i++) {
-                       $hash = git_get_hash_by_path($commitlist[$i]{'id'}, $file_name);
-                       last if defined $hash;
-               }
-       }
-       if (defined $hash) {
-               $ftype = git_get_type($hash);
-       }
-       if (!defined $ftype) {
-               die_error(undef, "Unknown type of object");
-       }
-
-       my $paging_nav = '';
-       if ($page > 0) {
-               $paging_nav .=
-                       $cgi->a({-href => href(action=>"history", hash=>$hash, hash_base=>$hash_base,
-                                              file_name=>$file_name)},
-                               "first");
-               $paging_nav .= " &sdot; " .
-                       $cgi->a({-href => href(-replay=>1, page=>$page-1),
-                                -accesskey => "p", -title => "Alt-p"}, "prev");
-       } else {
-               $paging_nav .= "first";
-               $paging_nav .= " &sdot; prev";
-       }
-       my $next_link = '';
-       if ($#commitlist >= 100) {
-               $next_link =
-                       $cgi->a({-href => href(-replay=>1, page=>$page+1),
-                                -accesskey => "n", -title => "Alt-n"}, "next");
-               $paging_nav .= " &sdot; $next_link";
-       } else {
-               $paging_nav .= " &sdot; next";
-       }
-
-       git_header_html();
-       git_print_page_nav('history','', $hash_base,$co{'tree'},$hash_base, $paging_nav);
-       git_print_header_div('commit', esc_html($co{'title'}), $hash_base);
-       git_print_page_path($file_name, $ftype, $hash_base);
+# format-patch-style patches
+sub git_patch {
+       git_commitdiff(-format => 'patch', -single => 1);
+}
  
  
-       git_history_body(\@commitlist, 0, 99,
-                        $refs, $hash_base, $ftype, $next_link);
+sub git_patches {
+       git_commitdiff(-format => 'patch');
+}
  
  
-       git_footer_html();
+sub git_history {
+       git_log_generic('history', \&git_history_body,
+                       $hash_base, $hash_parent_base,
+                       $file_name, $hash);
  }
  
  sub git_search {
  }
  
  sub git_search {
-       my ($have_search) = gitweb_check_feature('search');
-       if (!$have_search) {
-               die_error('403 Permission denied', "Permission denied");
-       }
+       gitweb_check_feature('search') or die_error(403, "Search is disabled");
         if (!defined $searchtext) {
         if (!defined $searchtext) {
-               die_error(undef, "Text field empty");
+               die_error(400, "Text field is empty");
         }
         if (!defined $hash) {
                 $hash = git_get_head_hash($project);
         }
         my %co = parse_commit($hash);
         if (!%co) {
         }
         if (!defined $hash) {
                 $hash = git_get_head_hash($project);
         }
         my %co = parse_commit($hash);
         if (!%co) {
-               die_error(undef, "Unknown commit object");
+               die_error(404, "Unknown commit object");
         }
         if (!defined $page) {
                 $page = 0;
         }
         if (!defined $page) {
                 $page = 0;
@@ -5327,16 +7067,12 @@ sub git_search {
         if ($searchtype eq 'pickaxe') {
                 # pickaxe may take all resources of your box and run for several minutes
                 # with every query - so decide by yourself how public you make this feature
         if ($searchtype eq 'pickaxe') {
                 # pickaxe may take all resources of your box and run for several minutes
                 # with every query - so decide by yourself how public you make this feature
-               my ($have_pickaxe) = gitweb_check_feature('pickaxe');
-               if (!$have_pickaxe) {
-                       die_error('403 Permission denied', "Permission denied");
-               }
+               gitweb_check_feature('pickaxe')
+                   or die_error(403, "Pickaxe is disabled");
         }
         if ($searchtype eq 'grep') {
         }
         if ($searchtype eq 'grep') {
-               my ($have_grep) = gitweb_check_feature('grep');
-               if (!$have_grep) {
-                       die_error('403 Permission denied', "Permission denied");
-               }
+               gitweb_check_feature('grep')[0]
+                   or die_error(403, "Grep is disabled");
         }
  
         git_header_html();
         }
  
         git_header_html();
@@ -5379,12 +7115,13 @@ sub git_search {
                         $paging_nav .= " &sdot; next";
                 }
  
                         $paging_nav .= " &sdot; next";
                 }
  
-               if ($#commitlist >= 100) {
-               }
-
                 git_print_page_nav('','', $hash,$co{'tree'},$hash, $paging_nav);
                 git_print_header_div('commit', esc_html($co{'title'}), $hash);
                 git_print_page_nav('','', $hash,$co{'tree'},$hash, $paging_nav);
                 git_print_header_div('commit', esc_html($co{'title'}), $hash);
-               git_search_grep_body(\@commitlist, 0, 99, $next_link);
+               if ($page == 0 && !@commitlist) {
+                       print "<p>No match.</p>\n";
+               } else {
+                       git_search_grep_body(\@commitlist, 0, 99, $next_link);
+               }
         }
  
         if ($searchtype eq 'pickaxe') {
         }
  
         if ($searchtype eq 'pickaxe') {
@@ -5393,7 +7130,7 @@ sub git_search {
  
                 print "<table class=\"pickaxe search\">\n";
                 my $alternate = 1;
  
                 print "<table class=\"pickaxe search\">\n";
                 my $alternate = 1;
-               $/ = "\n";
+               local $/ = "\n";
                 open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts,
                         '--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext",
                         ($search_use_regexp ? '--pickaxe-regex' : ());
                 open my $fd, '-|', git_cmd(), '--no-pager', 'log', @diff_opts,
                         '--pretty=format:%H', '--no-abbrev', '--raw', "-S$searchtext",
                         ($search_use_regexp ? '--pickaxe-regex' : ());
@@ -5463,7 +7200,7 @@ sub git_search {
                 print "<table class=\"grep_search\">\n";
                 my $alternate = 1;
                 my $matches = 0;
                 print "<table class=\"grep_search\">\n";
                 my $alternate = 1;
                 my $matches = 0;
-               $/ = "\n";
+               local $/ = "\n";
                 open my $fd, "-|", git_cmd(), 'grep', '-n',
                         $search_use_regexp ? ('-E', '-i') : '-F',
                         $searchtext, $co{'tree'};
                 open my $fd, "-|", git_cmd(), 'grep', '-n',
                         $search_use_regexp ? ('-E', '-i') : '-F',
                         $searchtext, $co{'tree'};
@@ -5540,7 +7277,7 @@ insensitive).</p>
  <dt><b>commit</b></dt>
  <dd>The commit messages and authorship information will be scanned for the given pattern.</dd>
  EOT
  <dt><b>commit</b></dt>
  <dd>The commit messages and authorship information will be scanned for the given pattern.</dd>
  EOT
-       my ($have_grep) = gitweb_check_feature('grep');
+       my $have_grep = gitweb_check_feature('grep');
         if ($have_grep) {
                 print <<EOT;
  <dt><b>grep</b></dt>
         if ($have_grep) {
                 print <<EOT;
  <dt><b>grep</b></dt>
@@ -5557,7 +7294,7 @@ EOT
  <dt><b>committer</b></dt>
  <dd>Name and e-mail of the committer and date of commit will be scanned for the given pattern.</dd>
  EOT
  <dt><b>committer</b></dt>
  <dd>Name and e-mail of the committer and date of commit will be scanned for the given pattern.</dd>
  EOT
-       my ($have_pickaxe) = gitweb_check_feature('pickaxe');
+       my $have_pickaxe = gitweb_check_feature('pickaxe');
         if ($have_pickaxe) {
                 print <<EOT;
  <dt><b>pickaxe</b></dt>
         if ($have_pickaxe) {
                 print <<EOT;
  <dt><b>pickaxe</b></dt>
@@ -5572,32 +7309,8 @@ EOT
  }
  
  sub git_shortlog {
  }
  
  sub git_shortlog {
-       my $head = git_get_head_hash($project);
-       if (!defined $hash) {
-               $hash = $head;
-       }
-       if (!defined $page) {
-               $page = 0;
-       }
-       my $refs = git_get_references();
-
-       my @commitlist = parse_commits($hash, 101, (100 * $page));
-
-       my $paging_nav = format_paging_nav('shortlog', $hash, $head, $page, $#commitlist >= 100);
-       my $next_link = '';
-       if ($#commitlist >= 100) {
-               $next_link =
-                       $cgi->a({-href => href(-replay=>1, page=>$page+1),
-                                -accesskey => "n", -title => "Alt-n"}, "next");
-       }
-
-       git_header_html();
-       git_print_page_nav('shortlog','', $hash,$hash,$hash, $paging_nav);
-       git_print_header_div('summary', $project);
-
-       git_shortlog_body(\@commitlist, 0, 99, $refs, $next_link);
-
-       git_footer_html();
+       git_log_generic('shortlog', \&git_shortlog_body,
+                       $hash, $hash_parent);
  }
  
  ## ......................................................................
  }
  
  ## ......................................................................
@@ -5605,12 +7318,12 @@ sub git_shortlog {
  
  sub git_feed {
         my $format = shift || 'atom';
  
  sub git_feed {
         my $format = shift || 'atom';
-       my ($have_blame) = gitweb_check_feature('blame');
+       my $have_blame = gitweb_check_feature('blame');
  
         # Atom: http://www.atomenabled.org/developers/syndication/
         # RSS:  http://www.notestips.com/80256B3A007F2692/1/NAMO5P9UPQ
         if ($format ne 'rss' && $format ne 'atom') {
  
         # Atom: http://www.atomenabled.org/developers/syndication/
         # RSS:  http://www.notestips.com/80256B3A007F2692/1/NAMO5P9UPQ
         if ($format ne 'rss' && $format ne 'atom') {
-               die_error(undef, "Unknown web feed format");
+               die_error(400, "Unknown web feed format");
         }
  
         # log/feed of current (HEAD) branch, log of given branch, history of file/directory
         }
  
         # log/feed of current (HEAD) branch, log of given branch, history of file/directory
@@ -5627,7 +7340,25 @@ sub git_feed {
         }
         if (defined($commitlist[0])) {
                 %latest_commit = %{$commitlist[0]};
         }
         if (defined($commitlist[0])) {
                 %latest_commit = %{$commitlist[0]};
-               %latest_date   = parse_date($latest_commit{'author_epoch'});
+               my $latest_epoch = $latest_commit{'committer_epoch'};
+               %latest_date   = parse_date($latest_epoch, $latest_commit{'comitter_tz'});
+               my $if_modified = $cgi->http('IF_MODIFIED_SINCE');
+               if (defined $if_modified) {
+                       my $since;
+                       if (eval { require HTTP::Date; 1; }) {
+                               $since = HTTP::Date::str2time($if_modified);
+                       } elsif (eval { require Time::ParseDate; 1; }) {
+                               $since = Time::ParseDate::parsedate($if_modified, GMT => 1);
+                       }
+                       if (defined $since && $latest_epoch <= $since) {
+                               print $cgi->header(
+                                       -type => $content_type,
+                                       -charset => 'utf-8',
+                                       -last_modified => $latest_date{'rfc2822'},
+                                       -status => '304 Not Modified');
+                               return;
+                       }
+               }
                 print $cgi->header(
                         -type => $content_type,
                         -charset => 'utf-8',
                 print $cgi->header(
                         -type => $content_type,
                         -charset => 'utf-8',
@@ -5686,7 +7417,24 @@ XML
                 print "<title>$title</title>\n" .
                       "<link>$alt_url</link>\n" .
                       "<description>$descr</description>\n" .
                 print "<title>$title</title>\n" .
                       "<link>$alt_url</link>\n" .
                       "<description>$descr</description>\n" .
-                     "<language>en</language>\n";
+                     "<language>en</language>\n" .
+                     # project owner is responsible for 'editorial' content
+                     "<managingEditor>$owner</managingEditor>\n";
+               if (defined $logo || defined $favicon) {
+                       # prefer the logo to the favicon, since RSS
+                       # doesn't allow both
+                       my $img = esc_url($logo || $favicon);
+                       print "<image>\n" .
+                             "<url>$img</url>\n" .
+                             "<title>$title</title>\n" .
+                             "<link>$alt_url</link>\n" .
+                             "</image>\n";
+               }
+               if (%latest_date) {
+                       print "<pubDate>$latest_date{'rfc2822'}</pubDate>\n";
+                       print "<lastBuildDate>$latest_date{'rfc2822'}</lastBuildDate>\n";
+               }
+               print "<generator>gitweb v.$version/$git_version</generator>\n";
         } elsif ($format eq 'atom') {
                 print <<XML;
  <feed xmlns="http://www.w3.org/2005/Atom">
         } elsif ($format eq 'atom') {
                 print <<XML;
  <feed xmlns="http://www.w3.org/2005/Atom">
@@ -5703,7 +7451,7 @@ XML
                 if (defined $favicon) {
                         print "<icon>" . esc_url($favicon) . "</icon>\n";
                 }
                 if (defined $favicon) {
                         print "<icon>" . esc_url($favicon) . "</icon>\n";
                 }
-               if (defined $logo_url) {
+               if (defined $logo) {
                         # not twice as wide as tall: 72 x 27 pixels
                         print "<logo>" . esc_url($logo) . "</logo>\n";
                 }
                         # not twice as wide as tall: 72 x 27 pixels
                         print "<logo>" . esc_url($logo) . "</logo>\n";
                 }
@@ -5713,6 +7461,7 @@ XML
                 } else {
                         print "<updated>$latest_date{'iso-8601'}</updated>\n";
                 }
                 } else {
                         print "<updated>$latest_date{'iso-8601'}</updated>\n";
                 }
+               print "<generator version='$version/$git_version'>gitweb</generator>\n";
         }
  
         # contents
         }
  
         # contents
@@ -5723,7 +7472,7 @@ XML
                 if (($i >= 20) && ((time - $co{'author_epoch'}) > 48*60*60)) {
                         last;
                 }
                 if (($i >= 20) && ((time - $co{'author_epoch'}) > 48*60*60)) {
                         last;
                 }
-               my %cd = parse_date($co{'author_epoch'});
+               my %cd = parse_date($co{'author_epoch'}, $co{'author_tz'});
  
                 # get list of changed files
                 open my $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
  
                 # get list of changed files
                 open my $fd, "-|", git_cmd(), "diff-tree", '-r', @diff_opts,
@@ -5818,7 +7567,7 @@ XML
         # end of feed
         if ($format eq 'rss') {
                 print "</channel>\n</rss>\n";
         # end of feed
         if ($format eq 'rss') {
                 print "</channel>\n</rss>\n";
-       }       elsif ($format eq 'atom') {
+       } elsif ($format eq 'atom') {
                 print "</feed>\n";
         }
  }
                 print "</feed>\n";
         }
  }
@@ -5833,8 +7582,15 @@ sub git_atom {
  
  sub git_opml {
         my @list = git_get_projects_list();
  
  sub git_opml {
         my @list = git_get_projects_list();
+       if (!@list) {
+               die_error(404, "No projects found");
+       }
+
+       print $cgi->header(
+               -type => 'text/xml',
+               -charset => 'utf-8',
+               -content_disposition => 'inline; filename="opml.xml"');
  
  
-       print $cgi->header(-type => 'text/xml', -charset => 'utf-8');
         print <<XML;
  <?xml version="1.0" encoding="utf-8"?>
  <opml version="1.0">
         print <<XML;
  <?xml version="1.0" encoding="utf-8"?>
  <opml version="1.0">
@@ -5858,8 +7614,8 @@ XML
                 }
  
                 my $path = esc_html(chop_str($proj{'path'}, 25, 5));
                 }
  
                 my $path = esc_html(chop_str($proj{'path'}, 25, 5));
-               my $rss  = "$my_url?p=$proj{'path'};a=rss";
-               my $html = "$my_url?p=$proj{'path'};a=summary";
+               my $rss  = href('project' => $proj{'path'}, 'action' => 'rss', -full => 1);
+               my $html = href('project' => $proj{'path'}, 'action' => 'summary', -full => 1);
                 print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n";
         }
         print <<XML;
                 print "<outline type=\"rss\" text=\"$path\" title=\"$path\" xmlUrl=\"$rss\" htmlUrl=\"$html\"/>\n";
         }
         print <<XML;