X-Git-Url: https://git.ladys.computer/Gitweb/blobdiff_plain/29761c90a30bea280f2b7c231992305eb15e0c0fdfd0a7094476dde13aad4933..05682ac42e8d64f8c9532da9ba9621d781b611ed56f72ffbcc02ac5178020f0e:/gitweb.cgi diff --git a/gitweb.cgi b/gitweb.cgi index 64d90da..c4d85af 100755 --- a/gitweb.cgi +++ b/gitweb.cgi @@ -2,48 +2,72 @@ # gitweb - simple web interface to track changes in git repositories # -# (C) 2005, Kay Sievers -# (C) 2005, Christian Gierke +# (C) 2005-2006, Kay Sievers +# (C) 2005, Christian Gierke # -# This program is licensed under the GPL v2, or a later version +# This program is licensed under the GPLv2 use strict; use warnings; use CGI qw(:standard :escapeHTML -nosticky); use CGI::Util qw(unescape); use CGI::Carp qw(fatalsToBrowser); +use Encode; use Fcntl ':mode'; +binmode STDOUT, ':utf8'; -my $cgi = new CGI; -my $version = "240"; -my $my_url = $cgi->url(); -my $my_uri = $cgi->url(-absolute => 1); -my $rss_link = ""; +our $cgi = new CGI; +our $version = "267"; +our $my_url = $cgi->url(); +our $my_uri = $cgi->url(-absolute => 1); +our $rss_link = ""; + +# core git executable to use +# this can just be "git" if your webserver has a sensible PATH +our $GIT = "/usr/bin/git"; # absolute fs-path which will be prepended to the project path -my $projectroot = "/pub/scm"; -$projectroot = "/home/kay/public_html/pub/scm"; +#our $projectroot = "/pub/scm"; +our $projectroot = "/home/kay/public_html/pub/scm"; -# location of the git-core binaries -my $gitbin = "/usr/bin"; +# version of the core git binary +our $git_version = qx($GIT --version) =~ m/git version (.*)$/ ? $1 : "unknown"; # location for temporary files needed for diffs -my $git_temp = "/tmp/gitweb"; +our $git_temp = "/tmp/gitweb"; +if (! -d $git_temp) { + mkdir($git_temp, 0700) || die_error("Couldn't mkdir $git_temp"); +} # target of the home link on top of all pages -my $home_link = $my_uri; +our $home_link = $my_uri; + +# name of your site or organization to appear in page titles +# replace this with something more descriptive for clearer bookmarks +our $site_name = $ENV{'SERVER_NAME'} || "Untitled"; # html text to include at home page -my $home_text = "indextext.html"; +our $home_text = "indextext.html"; + +# URI of default stylesheet +our $stylesheet = "gitweb.css"; # source of projects list -#my $projects_list = $projectroot; -my $projects_list = "index/index.aux"; +#our $projects_list = $projectroot; +our $projects_list = "index/index.aux"; + +# default blob_plain mimetype and default charset for text/plain blob +our $default_blob_plain_mimetype = 'text/plain'; +our $default_text_plain_charset = undef; + +# file to use for guessing MIME types before trying /etc/mime.types +# (relative to the current git repository) +our $mimetypes_file = undef; # input validation and dispatch -my $action = $cgi->param('a'); +our $action = $cgi->param('a'); if (defined $action) { - if ($action =~ m/[^0-9a-zA-Z\.\-_]+/) { + if ($action =~ m/[^0-9a-zA-Z\.\-_]/) { undef $action; die_error(undef, "Invalid action parameter."); } @@ -56,23 +80,20 @@ if (defined $action) { } } -my $order = $cgi->param('o'); +our $order = $cgi->param('o'); if (defined $order) { - if ($order =~ m/[^a-zA-Z0-9_]/) { + if ($order =~ m/[^0-9a-zA-Z_]/) { undef $order; die_error(undef, "Invalid order parameter."); } } -my $project = $cgi->param('p'); +our $project = ($cgi->param('p') || $ENV{'PATH_INFO'}); if (defined $project) { - if ($project =~ m/(^|\/)(|\.|\.\.)($|\/)/) { - undef $project; - die_error(undef, "Non-canonical project parameter."); - } - if ($project =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~]/) { - undef $project; - die_error(undef, "Invalid character in project parameter."); + $project =~ s|^/||; $project =~ s|/$||; + $project = validate_input($project); + if (!defined($project)) { + die_error(undef, "Invalid project parameter."); } if (!(-d "$projectroot/$project")) { undef $project; @@ -82,69 +103,55 @@ if (defined $project) { undef $project; die_error(undef, "No such project."); } - $rss_link = ""; + $rss_link = ""; $ENV{'GIT_DIR'} = "$projectroot/$project"; } else { git_project_list(); exit; } -my $file_name = $cgi->param('f'); +our $file_name = $cgi->param('f'); if (defined $file_name) { - if ($file_name =~ m/(^|\/)(|\.|\.\.)($|\/)/) { - undef $file_name; - die_error(undef, "Non-canonical file parameter."); - } - if ($file_name =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) { - undef $file_name; - die_error(undef, "Invalid character in file parameter."); + $file_name = validate_input($file_name); + if (!defined($file_name)) { + die_error(undef, "Invalid file parameter."); } } -my $hash = $cgi->param('h'); +our $hash = $cgi->param('h'); if (defined $hash) { - if (!($hash =~ m/^[0-9a-fA-F]{40}$/)) { - if ($hash =~ m/(^|\/)(|\.|\.\.)($|\/)/) { - undef $hash; - die_error(undef, "Non-canonical hash parameter."); - } - if ($hash =~ m/[^a-zA-Z0-9_\.\/\-\+\#\~\:\!]/) { - undef $hash; - die_error(undef, "Invalid character in hash parameter."); - } - # replace branch-name with hash - my $branchlist = git_read_refs("refs/heads"); - foreach my $entry (@$branchlist) { - my %branch = %$entry; - if ($branch{'name'} eq $hash) { - $hash = $branch{'id'}; - last; - } - } + $hash = validate_input($hash); + if (!defined($hash)) { + die_error(undef, "Invalid hash parameter."); } } -my $hash_parent = $cgi->param('hp'); -if (defined $hash_parent && !($hash_parent =~ m/^[0-9a-fA-F]{40}$/)) { - undef $hash_parent; - die_error(undef, "Invalid hash_parent parameter."); +our $hash_parent = $cgi->param('hp'); +if (defined $hash_parent) { + $hash_parent = validate_input($hash_parent); + if (!defined($hash_parent)) { + die_error(undef, "Invalid hash parent parameter."); + } } -my $hash_base = $cgi->param('hb'); -if (defined $hash_base && !($hash_base =~ m/^[0-9a-fA-F]{40}$/)) { - undef $hash_base; - die_error(undef, "Invalid parent hash parameter."); +our $hash_base = $cgi->param('hb'); +if (defined $hash_base) { + $hash_base = validate_input($hash_base); + if (!defined($hash_base)) { + die_error(undef, "Invalid hash base parameter."); + } } -my $page = $cgi->param('pg'); +our $page = $cgi->param('pg'); if (defined $page) { - if ($page =~ m/^[^0-9]+$/) { + if ($page =~ m/[^0-9]$/) { undef $page; die_error(undef, "Invalid page parameter."); } } -my $searchtext = $cgi->param('s'); +our $searchtext = $cgi->param('s'); if (defined $searchtext) { if ($searchtext =~ m/[^a-zA-Z0-9_\.\/\-\+\:\@ ]/) { undef $searchtext; @@ -153,11 +160,26 @@ if (defined $searchtext) { $searchtext = quotemeta $searchtext; } +sub validate_input { + my $input = shift; + + if ($input =~ m/^[0-9a-fA-F]{40}$/) { + return $input; + } + if ($input =~ m/(^|\/)(|\.|\.\.)($|\/)/) { + return undef; + } + if ($input =~ m/[^a-zA-Z0-9_\x80-\xff\ \t\.\/\-\+\#\~\%]/) { + return undef; + } + return $input; +} + if (!defined $action || $action eq "summary") { git_summary(); exit; -} elsif ($action eq "branches") { - git_branches(); +} elsif ($action eq "heads") { + git_heads(); exit; } elsif ($action eq "tags") { git_tags(); @@ -204,96 +226,106 @@ if (!defined $action || $action eq "summary") { } elsif ($action eq "tag") { git_tag(); exit; +} elsif ($action eq "blame") { + git_blame(); + exit; } else { undef $action; die_error(undef, "Unknown action."); exit; } +# quote unsafe chars, but keep the slash, even when it's not +# correct, but quoted slashes look too horrible in bookmarks +sub esc_param { + my $str = shift; + $str =~ s/([^A-Za-z0-9\-_.~();\/;?:@&=])/sprintf("%%%02X", ord($1))/eg; + $str =~ s/\+/%2B/g; + $str =~ s/ /\+/g; + return $str; +} + +# replace invalid utf8 character with SUBSTITUTION sequence +sub esc_html { + my $str = shift; + $str = decode("utf8", $str, Encode::FB_DEFAULT); + $str = escapeHTML($str); + return $str; +} + +# git may return quoted and escaped filenames +sub unquote { + my $str = shift; + if ($str =~ m/^"(.*)"$/) { + $str = $1; + $str =~ s/\\([0-7]{1,3})/chr(oct($1))/eg; + } + return $str; +} + +# CSS class for given age value (in seconds) +sub age_class { + my $age = shift; + + if ($age < 60*60*2) { + return "age0"; + } elsif ($age < 60*60*24*2) { + return "age1"; + } else { + return "age2"; + } +} + sub git_header_html { my $status = shift || "200 OK"; + my $expires = shift; - my $title = "git"; + my $title = "$site_name git"; if (defined $project) { $title .= " - $project"; if (defined $action) { $title .= "/$action"; + if (defined $file_name) { + $title .= " - $file_name"; + if ($action eq "tree" && $file_name !~ m|/$|) { + $title .= "/"; + } + } } } - print $cgi->header(-type=>'text/html', -charset => 'utf-8', -status=> $status); + my $content_type; + # require explicit support from the UA if we are to send the page as + # 'application/xhtml+xml', otherwise send it as plain old 'text/html'. + # we have to do this because MSIE sometimes globs '*/*', pretending to + # support xhtml+xml but choking when it gets what it asked for. + if ($cgi->http('HTTP_ACCEPT') =~ m/(,|;|\s|^)application\/xhtml\+xml(,|;|\s|$)/ && $cgi->Accept('application/xhtml+xml') != 0) { + $content_type = 'application/xhtml+xml'; + } else { + $content_type = 'text/html'; + } + print $cgi->header(-type=>$content_type, -charset => 'utf-8', -status=> $status, -expires => $expires); print < - + + - + $title + $rss_link - EOF print "
\n" . "" . - "\"git\"" . + "\"git\"" . "\n"; - print $cgi->a({-href => $home_link}, "projects") . " / "; + print $cgi->a({-href => esc_param($home_link)}, "projects") . " / "; if (defined $project) { - print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, escapeHTML($project)); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, esc_html($project)); if (defined $action) { print " / $action"; } @@ -301,11 +333,21 @@ EOF if (!defined $searchtext) { $searchtext = ""; } + my $search_hash; + if (defined $hash_base) { + $search_hash = $hash_base; + } elsif (defined $hash) { + $search_hash = $hash; + } else { + $search_hash = "HEAD"; + } $cgi->param("a", "search"); - print $cgi->startform(-method => "get", -action => "$my_uri") . + $cgi->param("h", $search_hash); + print $cgi->startform(-method => "get", -action => $my_uri) . "
\n" . $cgi->hidden(-name => "p") . "\n" . $cgi->hidden(-name => "a") . "\n" . + $cgi->hidden(-name => "h") . "\n" . $cgi->textfield(-name => "s", -value => $searchtext) . "\n" . "
" . $cgi->end_form() . "\n"; @@ -318,11 +360,11 @@ sub git_footer_html { if (defined $project) { my $descr = git_read_description($project); if (defined $descr) { - print "
" . escapeHTML($descr) . "
\n"; + print "
" . esc_html($descr) . "
\n"; } - print $cgi->a({-href => "$my_uri?p=$project;a=rss", -class => "rss_logo"}, "RSS") . "\n"; + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=rss"), -class => "rss_logo"}, "RSS") . "\n"; } else { - print $cgi->a({-href => "$my_uri?a=opml", -class => "rss_logo"}, "OPML") . "\n"; + print $cgi->a({-href => "$my_uri?" . esc_param("a=opml"), -class => "rss_logo"}, "OPML") . "\n"; } print "
\n" . "\n" . @@ -331,7 +373,7 @@ sub git_footer_html { sub die_error { my $status = shift || "403 Forbidden"; - my $error = shift || "Malformed query, file missing or permission denied"; + my $error = shift || "Malformed query, file missing or permission denied"; git_header_html($status); print "
\n" . @@ -346,13 +388,31 @@ sub die_error { sub git_get_type { my $hash = shift; - open my $fd, "-|", "$gitbin/git-cat-file -t $hash" or return; + open my $fd, "-|", "$GIT cat-file -t $hash" or return; my $type = <$fd>; close $fd or return; chomp $type; return $type; } +sub git_read_head { + my $project = shift; + my $oENV = $ENV{'GIT_DIR'}; + my $retval = undef; + $ENV{'GIT_DIR'} = "$projectroot/$project"; + if (open my $fd, "-|", $GIT, "rev-parse", "--verify", "HEAD") { + my $head = <$fd>; + close $fd; + if (defined $head && $head =~ /^([0-9a-fA-F]{40})$/) { + $retval = $1; + } + } + if (defined $oENV) { + $ENV{'GIT_DIR'} = $oENV; + } + return $retval; +} + sub git_read_hash { my $path = shift; @@ -380,7 +440,7 @@ sub git_read_tag { my %tag; my @comment; - open my $fd, "-|", "$gitbin/git-cat-file tag $tag_id" or return; + open my $fd, "-|", "$GIT cat-file tag $tag_id" or return; $tag{'id'} = $tag_id; while (my $line = <$fd>) { chomp $line; @@ -447,21 +507,28 @@ sub git_read_commit { my @commit_lines; my %co; - my @parents; if (defined $commit_text) { @commit_lines = @$commit_text; } else { - open my $fd, "-|", "$gitbin/git-cat-file commit $commit_id" or return; - @commit_lines = map { chomp; $_ } <$fd>; + $/ = "\0"; + open my $fd, "-|", "$GIT rev-list --header --parents --max-count=1 $commit_id" or return; + @commit_lines = split '\n', <$fd>; close $fd or return; + $/ = "\n"; + pop @commit_lines; } + my $header = shift @commit_lines; + if (!($header =~ m/^[0-9a-fA-F]{40}/)) { + return; + } + ($co{'id'}, my @parents) = split ' ', $header; + $co{'parents'} = \@parents; + $co{'parent'} = $parents[0]; while (my $line = shift @commit_lines) { last if $line eq "\n"; if ($line =~ m/^tree ([0-9a-fA-F]{40})$/) { $co{'tree'} = $1; - } elsif ($line =~ m/^parent ([0-9a-fA-F]{40})$/) { - push @parents, $1; } elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) { $co{'author'} = $1; $co{'author_epoch'} = $2; @@ -480,15 +547,13 @@ sub git_read_commit { } } if (!defined $co{'tree'}) { - return undef + return; }; - $co{'id'} = $commit_id; - $co{'parents'} = \@parents; - $co{'parent'} = $parents[0]; - $co{'comment'} = \@commit_lines; + foreach my $title (@commit_lines) { + $title =~ s/^ //; if ($title ne "") { - $co{'title'} = chop_str($title, 80); + $co{'title'} = chop_str($title, 80, 5); # remove leading stuff of merges to make the interesting part visible if (length($title) > 50) { $title =~ s/^Automatic //; @@ -506,10 +571,15 @@ sub git_read_commit { $title =~ s/\/pub\/scm//; } } - $co{'title_short'} = chop_str($title, 50); + $co{'title_short'} = chop_str($title, 50, 5); last; } } + # remove added spaces + foreach my $line (@commit_lines) { + $line =~ s/^ //; + } + $co{'comment'} = \@commit_lines; my $age = time - $co{'committer_epoch'}; $co{'age'} = $age; @@ -540,7 +610,7 @@ sub git_diff_print { if (defined $from) { $from_tmp = "$git_temp/gitweb_" . $$ . "_from"; open my $fd2, "> $from_tmp"; - open my $fd, "-|", "$gitbin/git-cat-file blob $from"; + open my $fd, "-|", "$GIT cat-file blob $from"; my @file = <$fd>; print $fd2 @file; close $fd2; @@ -551,14 +621,14 @@ sub git_diff_print { if (defined $to) { $to_tmp = "$git_temp/gitweb_" . $$ . "_to"; open my $fd2, "> $to_tmp"; - open my $fd, "-|", "$gitbin/git-cat-file blob $to"; + open my $fd, "-|", "$GIT cat-file blob $to"; my @file = <$fd>; print $fd2 @file; close $fd2; close $fd; } - open my $fd, "-|", "/usr/bin/diff -u -p -L $from_name -L $to_name $from_tmp $to_tmp"; + open my $fd, "-|", "/usr/bin/diff -u -p -L \'$from_name\' -L \'$to_name\' $from_tmp $to_tmp"; if ($format eq "plain") { undef $/; print <$fd>; @@ -567,13 +637,13 @@ sub git_diff_print { while (my $line = <$fd>) { chomp($line); my $char = substr($line, 0, 1); - my $color = ""; + my $diff_class = ""; if ($char eq '+') { - $color = " style=\"color:#008800;\""; + $diff_class = " add"; } elsif ($char eq "-") { - $color = " style=\"color:#cc0000;\""; + $diff_class = " rem"; } elsif ($char eq "@") { - $color = " style=\"color:#990099;\""; + $diff_class = " chunk_header"; } elsif ($char eq "\\") { # skip errors next; @@ -584,7 +654,7 @@ sub git_diff_print { $line =~ s/\t/$spaces/; } } - print "
" . escapeHTML($line) . "
\n"; + print "
" . esc_html($line) . "
\n"; } } close $fd; @@ -621,12 +691,15 @@ sub chop_str { my $len = shift; my $add_len = shift || 10; - $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,$add_len})/; - my $chopped = $1; - if ($chopped ne $str) { - $chopped .= " ..."; + # allow only $len chars, but don't cut a word if it would fit in $add_len + # if it doesn't fit, cut it if it's still longer than the dots we would add + $str =~ m/^(.{0,$len}[^ \/\-_:\.@]{0,$add_len})(.*)/; + my $body = $1; + my $tail = $2; + if (length($tail) > 4) { + $tail = " ..."; } - return $chopped; + return "$body$tail"; } sub file_type { @@ -646,12 +719,12 @@ sub file_type { sub format_log_line_html { my $line = shift; - $line = escapeHTML($line); + $line = esc_html($line); $line =~ s/ / /g; if ($line =~ m/([0-9a-fA-F]{40})/) { my $hash_text = $1; if (git_get_type($hash_text) eq "commit") { - my $link = $cgi->a({-class => "text", -href => "$my_uri?p=$project;a=commit;h=$hash_text"}, $hash_text); + my $link = $cgi->a({-class => "text", -href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_text")}, $hash_text); $line =~ s/$hash_text/$link/; } } @@ -685,6 +758,7 @@ sub date_str { # git-logo (cached in browser for one day) sub git_logo { + binmode STDOUT, ':raw'; print $cgi->header(-type => 'image/png', -expires => '+1d'); # cat git-logo.png | hexdump -e '16/1 " %02x" "\n"' | sed 's/ /\\x/g' print "\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52" . @@ -712,7 +786,7 @@ sub get_file_owner { } my $owner = $gcos; $owner =~ s/[,;].*$//; - return $owner; + return decode("utf8", $owner, Encode::FB_DEFAULT); } sub git_read_projects { @@ -748,7 +822,7 @@ sub git_read_projects { if (-e "$projectroot/$path/HEAD") { my $pr = { path => $path, - owner => $owner, + owner => decode("utf8", $owner, Encode::FB_DEFAULT), }; push @list, $pr } @@ -759,6 +833,25 @@ sub git_read_projects { return @list; } +sub git_get_project_config { + my $key = shift; + + return unless ($key); + $key =~ s/^gitweb\.//; + return if ($key =~ m/\W/); + + my $val = qx($GIT repo-config --get gitweb.$key); + return ($val); +} + +sub git_get_project_config_bool { + my $val = git_get_project_config (@_); + if ($val and $val =~ m/true|yes|on/) { + return (1); + } + return; # implicit false +} + sub git_project_list { my @list = git_read_projects(); my @projects; @@ -766,7 +859,7 @@ sub git_project_list { die_error(undef, "No project found."); } foreach my $pr (@list) { - my $head = git_read_hash("$pr->{'path'}/HEAD"); + my $head = git_read_head($pr->{'path'}); if (!defined $head) { next; } @@ -793,31 +886,31 @@ sub git_project_list { close $fd; print "
\n"; } - print "\n" . + print "
\n" . "\n"; if (!defined($order) || (defined($order) && ($order eq "project"))) { @projects = sort {$a->{'path'} cmp $b->{'path'}} @projects; print "\n"; } else { - print "\n"; + print "\n"; } if (defined($order) && ($order eq "descr")) { @projects = sort {$a->{'descr'} cmp $b->{'descr'}} @projects; print "\n"; } else { - print "\n"; + print "\n"; } if (defined($order) && ($order eq "owner")) { @projects = sort {$a->{'owner'} cmp $b->{'owner'}} @projects; print "\n"; } else { - print "\n"; + print "\n"; } if (defined($order) && ($order eq "age")) { @projects = sort {$a->{'commit'}{'age'} <=> $b->{'commit'}{'age'}} @projects; print "\n"; } else { - print "\n"; + print "\n"; } print "\n" . "\n"; @@ -829,22 +922,14 @@ sub git_project_list { print "\n"; } $alternate ^= 1; - print "\n" . + print "\n" . "\n" . "\n"; - my $colored_age; - if ($pr->{'commit'}{'age'} < 60*60*2) { - $colored_age = "$pr->{'commit'}{'age_string'}"; - } elsif ($pr->{'commit'}{'age'} < 60*60*24*2) { - $colored_age = "$pr->{'commit'}{'age_string'}"; - } else { - $colored_age = "$pr->{'commit'}{'age_string'}"; - } - print "\n" . + print "\n" . "\n" . "\n"; } @@ -852,6 +937,26 @@ sub git_project_list { git_footer_html(); } +sub read_info_ref { + my $type = shift || ""; + my %refs; + # 5dc01c595e6c6ec9ccda4f6f69c131c0dd945f8c refs/tags/v2.6.11 + # c39ae07f393806ccf406ef966e9a15afc43cc36a refs/tags/v2.6.11^{} + open my $fd, "$projectroot/$project/info/refs" or return; + while (my $line = <$fd>) { + chomp($line); + if ($line =~ m/^([0-9a-fA-F]{40})\t.*$type\/([^\^]+)/) { + if (defined $refs{$1}) { + $refs{$1} .= " / $2"; + } else { + $refs{$1} = $2; + } + } + } + close $fd or return; + return \%refs; +} + sub git_read_refs { my $ref_dir = shift; my @reflist; @@ -917,7 +1022,7 @@ sub git_read_refs { sub git_summary { my $descr = git_read_description($project) || "none"; - my $head = git_read_hash("$project/HEAD"); + my $head = git_read_head($project); my %co = git_read_commit($head); my %cd = date_str($co{'committer_epoch'}, $co{'committer_tz'}); @@ -930,7 +1035,7 @@ sub git_summary { $pr = unescape($pr); $ow = unescape($ow); if ($pr eq $project) { - $owner = $ow; + $owner = decode("utf8", $ow, Encode::FB_DEFAULT); last; } } @@ -940,27 +1045,28 @@ sub git_summary { $owner = get_file_owner("$projectroot/$project"); } + my $refs = read_info_ref(); git_header_html(); print "
\n" . "summary". - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree"}, "tree") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree")}, "tree") . "

\n" . "
\n"; print "
 
\n"; print "
Project" . $cgi->a({-class => "header", -href => "$my_uri?o=project"}, "Project") . "" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=project")}, "Project") . "Description" . $cgi->a({-class => "header", -href => "$my_uri?o=descr"}, "Description") . "" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=descr")}, "Description") . "Owner" . $cgi->a({-class => "header", -href => "$my_uri?o=owner"}, "Owner") . "" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=owner")}, "Owner") . "Last Change" . $cgi->a({-class => "header", -href => "$my_uri?o=age"}, "Last Change") . "" . $cgi->a({-class => "header", -href => "$my_uri?" . esc_param("o=age")}, "Last Change") . "
" . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary", -class => "list"}, escapeHTML($pr->{'path'})) . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary"), -class => "list"}, esc_html($pr->{'path'})) . "$pr->{'descr'}" . chop_str($pr->{'owner'}, 15) . "$colored_age{'commit'}{'age'}) . "\">" . $pr->{'commit'}{'age_string'} . "" . - $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$pr->{'path'};a=log"}, "log") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$pr->{'path'};a=log")}, "log") . "
\n" . - "\n" . + "\n" . "\n" . "\n" . "
description" . escapeHTML($descr) . "
description" . esc_html($descr) . "
owner$owner
last change$cd{'rfc2822'}
\n"; - open my $fd, "-|", "$gitbin/git-rev-list --max-count=17 " . git_read_hash("$project/HEAD") or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT rev-list --max-count=17 " . git_read_head($project) or die_error(undef, "Open failed."); my (@revlist) = map { chomp; $_ } <$fd>; close $fd; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog", -class => "title"}, "shortlog") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog"), -class => "title"}, "shortlog") . "
\n"; my $i = 16; print "\n"; @@ -975,19 +1081,28 @@ sub git_summary { } $alternate ^= 1; if ($i-- > 0) { + my $ref = ""; + if (defined $refs->{$commit}) { + $ref = " " . esc_html($refs->{$commit}) . ""; + } print "\n" . - "\n" . - "\n" . + "\n" . + "\n" . "\n" . ""; } else { - print "\n" . + print "\n" . ""; last; } @@ -997,7 +1112,7 @@ sub git_summary { my $taglist = git_read_refs("refs/tags"); if (defined @$taglist) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=tags", -class => "title"}, "tags") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags"), -class => "title"}, "tags") . "
\n"; my $i = 16; print "
$co{'age_string'}" . escapeHTML(chop_str($co{'author_name'}, 10)) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, - "" . escapeHTML($co{'title_short'}) . "") . - "" . esc_html(chop_str($co{'author_name'}, 10)) . ""; + if (length($co{'title_short'}) < length($co{'title'})) { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, + "" . esc_html($co{'title_short'}) . "$ref"); + } else { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"}, + "" . esc_html($co{'title'}) . "$ref"); + } + print "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "
" . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "...") . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "...") . "
\n"; @@ -1018,27 +1133,27 @@ sub git_summary { if ($i-- > 0) { print "\n" . "\n" . "\n" . "\n" . ""; } else { - print "\n" . + print "\n" . ""; last; } @@ -1046,15 +1161,15 @@ sub git_summary { print ""; } - my $branchlist = git_read_refs("refs/heads"); - if (defined @$branchlist) { + my $headlist = git_read_refs("refs/heads"); + if (defined @$headlist) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=branches", -class => "title"}, "branches") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads"), -class => "title"}, "heads") . "
\n"; my $i = 16; print "
$tag{'age'}" . - $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"}, - "" . escapeHTML($tag{'name'}) . "") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, + "" . esc_html($tag{'name'}) . "") . ""; if (defined($comment)) { - print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment); + print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment); } print ""; if ($tag{'type'} eq "tag") { - print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | "; + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; } - print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'}); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); if ($tag{'reftype'} eq "commit") { - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log"); + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log"); } print "
" . $cgi->a({-href => "$my_uri?p=$project;a=tags"}, "...") . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tags")}, "...") . "
\n"; my $alternate = 0; - foreach my $entry (@$branchlist) { + foreach my $entry (@$headlist) { my %tag = %$entry; if ($alternate) { print "\n"; @@ -1065,16 +1180,16 @@ sub git_summary { if ($i-- > 0) { print "\n" . "\n" . "\n" . ""; } else { - print "\n" . + print "\n" . ""; last; } @@ -1085,31 +1200,31 @@ sub git_summary { } sub git_tag { - my $head = git_read_hash("$project/HEAD"); + my $head = git_read_head($project); git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "
\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "
\n" . "
\n" . "
\n"; my %tag = git_read_tag($hash); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($tag{'name'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($tag{'name'})) . "\n" . "
\n"; print "
\n" . "
$tag{'age'}" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"}, - "" . escapeHTML($tag{'name'}) . "") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, + "" . esc_html($tag{'name'}) . "") . "" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") . "
" . $cgi->a({-href => "$my_uri?p=$project;a=branches"}, "...") . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=heads")}, "...") . "
\n" . "\n" . "\n" . - "\n" . - "\n" . + "\n" . + "\n" . "\n"; if (defined($tag{'author'})) { my %ad = date_str($tag{'epoch'}, $tag{'tz'}); - print "\n"; + print "\n"; print "\n"; } print "
object" . $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'object'}) . "" . $cgi->a({-href => "$my_uri?p=$project;a=$tag{'type'};h=$tag{'object'}"}, $tag{'type'}) . "" . $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'object'}) . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'type'};h=$tag{'object'}")}, $tag{'type'}) . "
author" . escapeHTML($tag{'author'}) . "
author" . esc_html($tag{'author'}) . "
" . $ad{'rfc2822'} . sprintf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}) . "
\n\n" . @@ -1117,27 +1232,126 @@ sub git_tag { print "
"; my $comment = $tag{'comment'}; foreach my $line (@$comment) { - print escapeHTML($line) . "
\n"; + print esc_html($line) . "
\n"; } print "
\n"; git_footer_html(); } +sub git_blame { + my $fd; + die_error('403 Permission denied', "Permission denied.") if (!git_get_project_config_bool ('blame')); + die_error('404 Not Found', "What file will it be, master?") if (!$file_name); + $hash_base ||= git_read_head($project); + die_error(undef, "Reading commit failed.") unless ($hash_base); + my %co = git_read_commit($hash_base) + or die_error(undef, "Reading commit failed."); + if (!defined $hash) { + $hash = git_get_hash_by_path($hash_base, $file_name, "blob") + or die_error(undef, "Error lookup file."); + } + open ($fd, "-|", $GIT, "annotate", '-l', '-t', '-r', $file_name, $hash_base) + or die_error(undef, "Open failed."); + git_header_html(); + print "
\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "
\n"; + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, "blob") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blame;f=$file_name")}, "head") . "
\n"; + print "
\n". + "
" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . + "
\n"; + print "
" . esc_html($file_name) . "
\n"; + print "
\n"; + print < + + Commit + Age + Author + Line + Data + +HTML + my @line_class = (qw(light dark)); + my $line_class_len = scalar (@line_class); + my $line_class_num = $#line_class; + while (my $line = <$fd>) { + my $long_rev; + my $short_rev; + my $author; + my $time; + my $lineno; + my $data; + my $age; + my $age_str; + my $age_class; + + chomp $line; + $line_class_num = ($line_class_num + 1) % $line_class_len; + + if ($line =~ m/^([0-9a-fA-F]{40})\t\(\s*([^\t]+)\t(\d+) \+\d\d\d\d\t(\d+)\)(.*)$/) { + $long_rev = $1; + $author = $2; + $time = $3; + $lineno = $4; + $data = $5; + } else { + print qq( Unable to parse: $line\n); + next; + } + $short_rev = substr ($long_rev, 0, 8); + $age = time () - $time; + $age_str = age_string ($age); + $age_str =~ s/ / /g; + $age_class = age_class($age); + $author = esc_html ($author); + $author =~ s/ / /g; + # escape tabs + while ((my $pos = index($data, "\t")) != -1) { + if (my $count = (8 - ($pos % 8))) { + my $spaces = ' ' x $count; + $data =~ s/\t/$spaces/; + } + } + $data = esc_html ($data); + + print < + $short_rev.. + $age_str + $author + $lineno + $data + +HTML + } # while (my $line = <$fd>) + print "\n\n"; + close $fd or print "Reading blob failed.\n"; + print "
"; + git_footer_html(); +} + sub git_tags { - my $head = git_read_hash("$project/HEAD"); + my $head = git_read_head($project); git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "
\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "
\n" . "
\n" . "
\n"; my $taglist = git_read_refs("refs/tags"); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") . "
\n"; print "\n"; my $alternate = 0; @@ -1157,22 +1371,22 @@ sub git_tags { $alternate ^= 1; print "\n" . "\n" . "\n" . "\n" . ""; @@ -1182,21 +1396,21 @@ sub git_tags { git_footer_html(); } -sub git_branches { - my $head = git_read_hash("$project/HEAD"); +sub git_heads { + my $head = git_read_head($project); git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$head"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$head"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;hb=$head"}, "tree") . "
\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$head")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$head")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;hb=$head")}, "tree") . "
\n" . "
\n" . "
\n"; my $taglist = git_read_refs("refs/heads"); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") . "
\n"; print "
$tag{'age'}" . - $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}", -class => "list"}, - "" . escapeHTML($tag{'name'}) . "") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}"), -class => "list"}, + "" . esc_html($tag{'name'}) . "") . ""; if (defined($comment)) { - print $cgi->a({-class => "list", -href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, $comment); + print $cgi->a({-class => "list", -href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, $comment); } print ""; if ($tag{'type'} eq "tag") { - print $cgi->a({-href => "$my_uri?p=$project;a=tag;h=$tag{'id'}"}, "tag") . " | "; + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tag;h=$tag{'id'}")}, "tag") . " | "; } - print $cgi->a({-href => "$my_uri?p=$project;a=$tag{'reftype'};h=$tag{'refid'}"}, $tag{'reftype'}); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=$tag{'reftype'};h=$tag{'refid'}")}, $tag{'reftype'}); if ($tag{'reftype'} eq "commit") { - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'refid'}"}, "log"); + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'refid'}")}, "log"); } print "
\n"; my $alternate = 0; @@ -1211,11 +1425,11 @@ sub git_branches { $alternate ^= 1; print "\n" . "\n" . "\n" . ""; } @@ -1231,7 +1445,7 @@ sub git_get_hash_by_path { my $tree = $base; my @parts = split '/', $path; while (my $part = shift @parts) { - open my $fd, "-|", "$gitbin/git-ls-tree $tree" or die_error(undef, "Open git-ls-tree failed."); + open my $fd, "-|", "$GIT ls-tree $tree" or die_error(undef, "Open git-ls-tree failed."); my (@entries) = map { chomp; $_ } <$fd>; close $fd or return undef; foreach my $line (@entries) { @@ -1240,7 +1454,7 @@ sub git_get_hash_by_path { my $t_mode = $1; my $t_type = $2; my $t_hash = $3; - my $t_name = $4; + my $t_name = validate_input(unquote($4)); if ($t_name eq $part) { if (!(@parts)) { return $t_hash; @@ -1254,26 +1468,124 @@ sub git_get_hash_by_path { } } +sub mimetype_guess_file { + my $filename = shift; + my $mimemap = shift; + -r $mimemap or return undef; + + my %mimemap; + open(MIME, $mimemap) or return undef; + while () { + my ($mime, $exts) = split(/\t+/); + my @exts = split(/\s+/, $exts); + foreach my $ext (@exts) { + $mimemap{$ext} = $mime; + } + } + close(MIME); + + $filename =~ /\.(.*?)$/; + return $mimemap{$1}; +} + +sub mimetype_guess { + my $filename = shift; + my $mime; + $filename =~ /\./ or return undef; + + if ($mimetypes_file) { + my $file = $mimetypes_file; + #$file =~ m#^/# or $file = "$projectroot/$path/$file"; + $mime = mimetype_guess_file($filename, $file); + } + $mime ||= mimetype_guess_file($filename, '/etc/mime.types'); + return $mime; +} + +sub git_blob_plain_mimetype { + my $fd = shift; + my $filename = shift; + + if ($filename) { + my $mime = mimetype_guess($filename); + $mime and return $mime; + } + + # just in case + return $default_blob_plain_mimetype unless $fd; + + if (-T $fd) { + return 'text/plain' . + ($default_text_plain_charset ? '; charset='.$default_text_plain_charset : ''); + } elsif (! $filename) { + return 'application/octet-stream'; + } elsif ($filename =~ m/\.png$/i) { + return 'image/png'; + } elsif ($filename =~ m/\.gif$/i) { + return 'image/gif'; + } elsif ($filename =~ m/\.jpe?g$/i) { + return 'image/jpeg'; + } else { + return 'application/octet-stream'; + } +} + +sub git_blob_plain { + my $type = shift; + open my $fd, "-|", "$GIT cat-file blob $hash" or die_error("Couldn't cat $file_name, $hash"); + + $type ||= git_blob_plain_mimetype($fd, $file_name); + + # save as filename, even when no $file_name is given + my $save_as = "$hash"; + if (defined $file_name) { + $save_as = $file_name; + } elsif ($type =~ m/^text\//) { + $save_as .= '.txt'; + } + + print $cgi->header(-type => "$type", '-content-disposition' => "inline; filename=\"$save_as\""); + undef $/; + binmode STDOUT, ':raw'; + print <$fd>; + binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi + $/ = "\n"; + close $fd; +} + sub git_blob { if (!defined $hash && defined $file_name) { - my $base = $hash_base || git_read_hash("$project/HEAD"); - $hash = git_get_hash_by_path($base, $file_name, "blob"); + my $base = $hash_base || git_read_head($project); + $hash = git_get_hash_by_path($base, $file_name, "blob") || die_error(undef, "Error lookup file."); + } + my $have_blame = git_get_project_config_bool ('blame'); + open my $fd, "-|", "$GIT cat-file blob $hash" or die_error(undef, "Open failed."); + my $mimetype = git_blob_plain_mimetype($fd, $file_name); + if ($mimetype !~ m/^text\//) { + close $fd; + return git_blob_plain($mimetype); } - open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or die_error(undef, "Open failed."); - my $base = $file_name || ""; git_header_html(); if (defined $hash_base && (my %co = git_read_commit($hash_base))) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") . "
\n"; - print $cgi->a({-href => "$my_uri?p=$project;a=blob_plain;h=$hash"}, "plain") . "
\n" . - "
\n"; - print "
" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "
\n"; + if (defined $file_name) { + if ($have_blame) { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blame;h=$hash;hb=$hash_base;f=$file_name")}, "blame") . " | "; + } + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash;f=$file_name")}, "plain") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=HEAD;f=$file_name")}, "head") . "
\n"; + } else { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$hash")}, "plain") . "
\n"; + } + print "
\n". + "
" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "
\n"; } else { print "
\n" . @@ -1281,7 +1593,7 @@ sub git_blob { "
$hash
\n"; } if (defined $file_name) { - print "
$file_name
\n"; + print "
" . esc_html($file_name) . "
\n"; } print "
\n"; my $nr; @@ -1294,54 +1606,51 @@ sub git_blob { $line =~ s/\t/$spaces/; } } - printf "
%4i %s
\n", $nr, $nr, $nr, escapeHTML($line); + printf "
%4i %s
\n", $nr, $nr, $nr, esc_html($line); } close $fd or print "Reading blob failed.\n"; print "
"; git_footer_html(); } -sub git_blob_plain { - print $cgi->header(-type => "text/plain", -charset => 'utf-8'); - open my $fd, "-|", "$gitbin/git-cat-file blob $hash" or return; - undef $/; - print <$fd>; - $/ = "\n"; - close $fd; -} - sub git_tree { if (!defined $hash) { - $hash = git_read_hash("$project/HEAD"); + $hash = git_read_head($project); if (defined $file_name) { - my $base = $hash_base || git_read_hash("$project/HEAD"); + my $base = $hash_base || $hash; $hash = git_get_hash_by_path($base, $file_name, "tree"); } if (!defined $hash_base) { - $hash_base = git_read_hash("$project/HEAD"); + $hash_base = $hash; } } - open my $fd, "-|", "$gitbin/git-ls-tree $hash" or die_error(undef, "Open git-ls-tree failed."); - my (@entries) = map { chomp; $_ } <$fd>; + $/ = "\0"; + open my $fd, "-|", "$GIT ls-tree -z $hash" or die_error(undef, "Open git-ls-tree failed."); + chomp (my (@entries) = <$fd>); close $fd or die_error(undef, "Reading tree failed."); + $/ = "\n"; + my $refs = read_info_ref(); + my $ref = ""; + if (defined $refs->{$hash_base}) { + $ref = " " . esc_html($refs->{$hash_base}) . ""; + } git_header_html(); my $base_key = ""; - my $file_key = ""; my $base = ""; if (defined $hash_base && (my %co = git_read_commit($hash_base))) { $base_key = ";hb=$hash_base"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash_base"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash_base"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash_base")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash_base")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . " | tree" . "

\n" . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" . "
\n"; } else { print "
\n"; @@ -1349,8 +1658,8 @@ sub git_tree { print "
$hash
\n"; } if (defined $file_name) { - $base = "$file_name/"; - print "
/$file_name
\n"; + $base = esc_html("$file_name/"); + print "
/" . esc_html($file_name) . "
\n"; } else { print "
/
\n"; } @@ -1363,29 +1672,31 @@ sub git_tree { my $t_mode = $1; my $t_type = $2; my $t_hash = $3; - my $t_name = $4; - $file_key = ";f=$base$t_name"; + my $t_name = validate_input($4); if ($alternate) { print "
\n"; } else { print "\n"; } $alternate ^= 1; - print "\n"; + print "\n"; if ($t_type eq "blob") { print "\n" . "\n"; } elsif ($t_type eq "tree") { print "\n" . "\n"; } print "\n"; @@ -1397,7 +1708,7 @@ sub git_tree { sub git_rss { # http://www.notestips.com/80256B3A007F2692/1/NAMO5P9UPQ - open my $fd, "-|", "$gitbin/git-rev-list --max-count=150 " . git_read_hash("$project/HEAD") or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT rev-list --max-count=150 " . git_read_head($project) or die_error(undef, "Open failed."); my (@revlist) = map { chomp; $_ } <$fd>; close $fd or die_error(undef, "Reading rev-list failed."); print $cgi->header(-type => 'text/xml', -charset => 'utf-8'); @@ -1405,7 +1716,7 @@ sub git_rss { "\n"; print "\n"; print "$project\n". - "" . escapeHTML("$my_url?p=$project;a=summary") . "\n". + "" . esc_html("$my_url?p=$project;a=summary") . "\n". "$project log\n". "en\n"; @@ -1417,20 +1728,23 @@ sub git_rss { last; } my %cd = date_str($co{'committer_epoch'}); - open $fd, "-|", "$gitbin/git-diff-tree -r $co{'parent'} $co{'id'}" or next; + open $fd, "-|", "$GIT diff-tree -r $co{'parent'} $co{'id'}" or next; my @difftree = map { chomp; $_ } <$fd>; close $fd or next; print "\n" . "" . - sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . escapeHTML($co{'title'}) . + sprintf("%d %s %02d:%02d", $cd{'mday'}, $cd{'month'}, $cd{'hour'}, $cd{'minute'}) . " - " . esc_html($co{'title'}) . "\n" . + "" . esc_html($co{'author'}) . "\n" . "$cd{'rfc2822'}\n" . - "" . escapeHTML("$my_url?p=$project;a=commit;h=$commit") . "\n" . - "" . escapeHTML($co{'title'}) . "\n" . + "" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "\n" . + "" . esc_html("$my_url?p=$project;a=commit;h=$commit") . "\n" . + "" . esc_html($co{'title'}) . "\n" . "" . "\n"; } print "
\n"; @@ -1438,7 +1752,8 @@ sub git_rss { if (!($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)([0-9]{0,3})\t(.*)$/)) { next; } - my $file = $7; + my $file = validate_input(unquote($7)); + $file = decode("utf8", $file, Encode::FB_DEFAULT); print "$file
\n"; } print "]]>\n" . @@ -1455,14 +1770,14 @@ sub git_opml { print "\n". "\n". "". - " Git OPML Export\n". + " $site_name Git OPML Export\n". "\n". "\n". "\n"; foreach my $pr (@list) { my %proj = %$pr; - my $head = git_read_hash("$proj{'path'}/HEAD"); + my $head = git_read_head($proj{'path'}); if (!defined $head) { next; } @@ -1472,9 +1787,9 @@ sub git_opml { next; } - my $path = escapeHTML(chop_str($proj{'path'}, 25, 5)); - my $rss = "$my_url?p=$proj{'path'};a=rss"; - my $html = "$my_url?p=$proj{'path'};a=summary"; + my $path = esc_html(chop_str($proj{'path'}, 25, 5)); + my $rss = "$my_url?p=$proj{'path'};a=rss"; + my $html = "$my_url?p=$proj{'path'};a=summary"; print "\n"; } print "\n". @@ -1483,41 +1798,42 @@ sub git_opml { } sub git_log { - my $head = git_read_hash("$project/HEAD"); + my $head = git_read_head($project); if (!defined $hash) { $hash = $head; } if (!defined $page) { $page = 0; } + my $refs = read_info_ref(); git_header_html(); print "
\n"; - print $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") . + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") . " | log" . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "
\n"; + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "
\n"; my $limit = sprintf("--max-count=%i", (100 * ($page+1))); - open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT rev-list $limit $hash" or die_error(undef, "Open failed."); my (@revlist) = map { chomp; $_ } <$fd>; close $fd; if ($hash ne $head || $page) { - print $cgi->a({-href => "$my_uri?p=$project;a=log"}, "HEAD"); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "HEAD"); } else { print "HEAD"; } if ($page > 0) { print " ⋅ " . - $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); } else { print " ⋅ prev"; } if ($#revlist >= (100 * ($page+1)-1)) { print " ⋅ " . - $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); } else { print " ⋅ next"; } @@ -1525,27 +1841,31 @@ sub git_log { "
\n"; if (!@revlist) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") . "
\n"; my %co = git_read_commit($hash); print "
Last change $co{'age_string'}.

\n"; } for (my $i = ($page * 100); $i <= $#revlist; $i++) { my $commit = $revlist[$i]; + my $ref = ""; + if (defined $refs->{$commit}) { + $ref = " " . esc_html($refs->{$commit}) . ""; + } my %co = git_read_commit($commit); next if !%co; my %ad = date_str($co{'author_epoch'}); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "title"}, - "$co{'age_string'}" . escapeHTML($co{'title'})) . "\n" . - "
\n"; + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "title"}, + "$co{'age_string'}" . esc_html($co{'title'}) . $ref) . "\n"; + print "\n"; print "
\n" . "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "
\n" . "
\n" . - "" . escapeHTML($co{'author_name'}) . " [$ad{'rfc2822'}]
\n" . + "" . esc_html($co{'author_name'}) . " [$ad{'rfc2822'}]
\n" . "
\n" . "
\n"; my $comment = $co{'comment'}; @@ -1587,64 +1907,75 @@ sub git_commit { $root = " --root"; $parent = ""; } - open my $fd, "-|", "$gitbin/git-diff-tree -r -M $root $parent $hash" or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT diff-tree -r -M $root $parent $hash" or die_error(undef, "Open failed."); @difftree = map { chomp; $_ } <$fd>; close $fd or die_error(undef, "Reading diff-tree failed."); - git_header_html(); + + # non-textual hash id's can be cached + my $expires; + if ($hash =~ m/^[0-9a-fA-F]{40}$/) { + $expires = "+1d"; + } + my $refs = read_info_ref(); + my $ref = ""; + if (defined $refs->{$co{'id'}}) { + $ref = " " . esc_html($refs->{$co{'id'}}) . ""; + } + git_header_html(undef, $expires); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") . " | commit"; if (defined $co{'parent'}) { - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff"); + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff"); } - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "\n" . + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "\n" . "

\n"; if (defined $co{'parent'}) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" . "
\n"; } else { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "
\n"; } print "
\n" . "
$tag{'age'}" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}", -class => "list"}, "" . escapeHTML($tag{'name'}) . "") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}"), -class => "list"}, "" . esc_html($tag{'name'}) . "") . "" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$tag{'name'}"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$tag{'name'}"}, "log") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$tag{'name'}")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$tag{'name'}")}, "log") . "
" . mode_str($t_mode) . "" . mode_str($t_mode) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key, -class => "list"}, $t_name) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name"), -class => "list"}, esc_html($t_name)) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$t_hash" . $base_key . $file_key}, "blob") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash_base" . $file_key}, "history") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$t_hash$base_key;f=$base$t_name")}, "blob") . +# " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blame;h=$t_hash$base_key;f=$base$t_name")}, "blame") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash_base;f=$base$t_name")}, "history") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob_plain;h=$t_hash;f=$base$t_name")}, "raw") . "" . - $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, $t_name) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, esc_html($t_name)) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$t_hash" . $base_key . $file_key}, "tree") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$t_hash$base_key;f=$base$t_name")}, "tree") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash_base;f=$base$t_name")}, "history") . "
\n"; - print "\n". + print "\n". "" . "" . "\n"; - print "\n"; + print "\n"; print "\n"; - print "\n"; + print "\n"; print "" . "" . - "" . - "" . "\n"; - my $parents = $co{'parents'}; + my $parents = $co{'parents'}; foreach my $par (@$parents) { print "" . "" . - "" . + "" . "" . "\n"; } - print "
author" . escapeHTML($co{'author'}) . "
author" . esc_html($co{'author'}) . "
$ad{'rfc2822'}"; if ($ad{'hour_local'} < 6) { - printf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}); + printf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}); } else { printf(" (%02d:%02d %s)", $ad{'hour_local'}, $ad{'minute_local'}, $ad{'tz_local'}); } print "
committer" . escapeHTML($co{'committer'}) . "
committer" . esc_html($co{'committer'}) . "
$cd{'rfc2822'}" . sprintf(" (%02d:%02d %s)", $cd{'hour_local'}, $cd{'minute_local'}, $cd{'tz_local'}) . "
commit$hash
commit$co{'id'}
tree" . - $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash", class => "list"}, $co{'tree'}) . + "" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash"), class => "list"}, $co{'tree'}) . "" . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . + "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "
parent" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par", class => "list"}, $par) . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par"), class => "list"}, $par) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$par"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash;hp=$par"}, "commitdiff") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$par")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash;hp=$par")}, "commitdiff") . "
". + print "". "\n"; print "
\n"; my $comment = $co{'comment'}; @@ -1662,7 +1993,7 @@ sub git_commit { } if ($line =~ m/^ *(signed[ \-]off[ \-]by[ :]|acked[ \-]by[ :]|cc[ :])/i) { $signed = 1; - print "" . escapeHTML($line) . "
\n"; + print "" . esc_html($line) . "
\n"; } else { $signed = 0; print format_log_line_html($line) . "
\n"; @@ -1674,7 +2005,7 @@ sub git_commit { print(($#difftree + 1) . " files changed:\n"); } print "
\n"; - print "\n"; + print "
\n"; my $alternate = 0; foreach my $line (@difftree) { # ':100644 100644 03b218260e99b78c6df0ed378e59ed9205ccc96d 3b93d5e7cc7f7dd4ebed13a5cc1a4ad976fc94d8 M ls-files.c' @@ -1688,7 +2019,7 @@ sub git_commit { my $to_id = $4; my $status = $5; my $similarity = $6; - my $file = $7; + my $file = validate_input(unquote($7)); if ($alternate) { print "\n"; } else { @@ -1701,21 +2032,21 @@ sub git_commit { $mode_chng = sprintf(" with mode: %04o", (oct $to_mode) & 0777); } print "\n" . - "\n" . - "\n"; + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "\n" . + "\n" . + "\n"; } elsif ($status eq "D") { print "\n" . - "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)) . "\n" . + "\n" . "\n" } elsif ($status eq "M" || $status eq "T") { my $mode_chnge = ""; if ($from_mode != $to_mode) { - $mode_chnge = " [changed"; + $mode_chnge = " [changed"; if (((oct $from_mode) & S_IFMT) != ((oct $to_mode) & S_IFMT)) { $mode_chnge .= " from " . file_type($from_mode) . " to " . file_type($to_mode); } @@ -1730,18 +2061,18 @@ sub git_commit { } print "\n" . "\n" . "\n"; } elsif ($status eq "R") { my ($from_file, $to_file) = split "\t", $file; @@ -1750,14 +2081,14 @@ sub git_commit { $mode_chng = sprintf(", mode: %04o", (oct $to_mode) & 0777); } print "\n" . - "\n" . + "\n" . "\n"; } @@ -1772,17 +2103,17 @@ sub git_blobdiff { git_header_html(); if (defined $hash_base && (my %co = git_read_commit($hash_base))) { print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash_base"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash_base"}, "tree") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash_base")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash_base")}, "tree") . "
\n"; - print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent"}, "plain") . + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash_base", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash_base"), -class => "title"}, esc_html($co{'title'})) . "\n" . "
\n"; } else { print "
\n" . @@ -1790,13 +2121,13 @@ sub git_blobdiff { "
$hash vs $hash_parent
\n"; } if (defined $file_name) { - print "
/$file_name
\n"; + print "
/" . esc_html($file_name) . "
\n"; } print "
\n" . "
blob:" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name"}, $hash_parent) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash_parent;hb=$hash_base;f=$file_name")}, $hash_parent) . " -> blob:" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name"}, $hash) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$hash;hb=$hash_base;f=$file_name")}, $hash) . "
\n"; git_diff_print($hash_parent, $file_name || $hash_parent, $hash, $file_name || $hash); print "
"; @@ -1818,22 +2149,32 @@ sub git_commitdiff { if (!defined $hash_parent) { $hash_parent = $co{'parent'}; } - open my $fd, "-|", "$gitbin/git-diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed."); my (@difftree) = map { chomp; $_ } <$fd>; close $fd or die_error(undef, "Reading diff-tree failed."); - git_header_html(); + # non-textual hash id's can be cached + my $expires; + if ($hash =~ m/^[0-9a-fA-F]{40}$/) { + $expires = "+1d"; + } + my $refs = read_info_ref(); + my $ref = ""; + if (defined $refs->{$co{'id'}}) { + $ref = " " . esc_html($refs->{$co{'id'}}) . ""; + } + git_header_html(undef, $expires); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") . " | commitdiff" . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . "
\n"; - print $cgi->a({-href => "$my_uri?p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent"}, "plain") . "\n" . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "
\n"; + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff_plain;h=$hash;hp=$hash_parent")}, "plain") . "\n" . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'}) . $ref) . "\n" . "
\n"; print "
\n"; my $comment = $co{'comment'}; @@ -1869,23 +2210,23 @@ sub git_commitdiff { my $from_id = $3; my $to_id = $4; my $status = $5; - my $file = $6; + my $file = validate_input(unquote($6)); if ($status eq "A") { print "
" . file_type($to_mode) . ":" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id) . "(new)" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id) . "(new)" . "
\n"; git_diff_print(undef, "/dev/null", $to_id, "b/$file"); } elsif ($status eq "D") { print "
" . file_type($from_mode) . ":" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) . "(deleted)" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . "(deleted)" . "
\n"; git_diff_print($from_id, "a/$file", undef, "/dev/null"); } elsif ($status eq "M") { if ($from_id ne $to_id) { print "
" . - file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, $from_id) . + file_type($from_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, $from_id) . " -> " . - file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, $to_id); + file_type($to_mode) . ":" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, $to_id); print "
\n"; git_diff_print($from_id, "a/$file", $to_id, "b/$file"); } @@ -1898,31 +2239,26 @@ sub git_commitdiff { sub git_commitdiff_plain { mkdir($git_temp, 0700); - open my $fd, "-|", "$gitbin/git-diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT diff-tree -r $hash_parent $hash" or die_error(undef, "Open failed."); my (@difftree) = map { chomp; $_ } <$fd>; close $fd or die_error(undef, "Reading diff-tree failed."); # try to figure out the next tag after this commit my $tagname; - my %taghash; - my $tags = git_read_refs("refs/tags"); - foreach my $entry (@$tags) { - my %tag = %$entry; - $taghash{$tag{'refid'}} = $tag{'name'}; - } - open $fd, "-|", "$gitbin/git-rev-list HEAD"; - while (my $commit = <$fd>) { - chomp $commit; - if ($taghash{$commit}) { - $tagname = $taghash{$commit}; + my $refs = read_info_ref("tags"); + open $fd, "-|", "$GIT rev-list HEAD"; + chomp (my (@commits) = <$fd>); + close $fd; + foreach my $commit (@commits) { + if (defined $refs->{$commit}) { + $tagname = $refs->{$commit} } if ($commit eq $hash) { last; } } - close $fd; - print $cgi->header(-type => "text/plain", -charset => 'utf-8'); + print $cgi->header(-type => "text/plain", -charset => 'utf-8', '-content-disposition' => "inline; filename=\"git-$hash.patch\""); my %co = git_read_commit($hash); my %ad = date_str($co{'author_epoch'}, $co{'author_tz'}); my $comment = $co{'comment'}; @@ -1936,7 +2272,7 @@ sub git_commitdiff_plain { "\n"; foreach my $line (@$comment) {; - print " $line\n"; + print "$line\n"; } print "---\n\n"; @@ -1958,41 +2294,43 @@ sub git_commitdiff_plain { sub git_history { if (!defined $hash) { - $hash = git_read_hash("$project/HEAD"); + $hash = git_read_head($project); } my %co = git_read_commit($hash); if (!%co) { die_error(undef, "Unknown commit object."); } + my $refs = read_info_ref(); git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "

\n" . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "
\n"; - print "
/$file_name
\n"; + print "
/" . esc_html($file_name) . "
\n"; - open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin $file_name"; - my $commit; + open my $fd, "-|", + "$GIT rev-list --full-history $hash -- \'$file_name\'"; print "
" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hp=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "[new " . file_type($to_mode) . "$mode_chng]" . $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob") . "[new " . file_type($to_mode) . "$mode_chng]" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob") . "" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)) . "[deleted " . file_type($from_mode). "][deleted " . file_type($from_mode). "]" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$file"}, "blob") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$file")}, "blob") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") . ""; if ($to_id ne $from_id) { - print $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)); } else { - print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file", -class => "list"}, escapeHTML($file)); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file"), -class => "list"}, esc_html($file)); } print "$mode_chnge"; - print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$file"}, "blob"); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$file")}, "blob"); if ($to_id ne $from_id) { - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file"}, "diff"); + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$file")}, "diff"); } - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=history;h=$hash;f=$file"}, "history") . "\n"; + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=history;h=$hash;f=$file")}, "history") . "\n"; print "" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file", -class => "list"}, escapeHTML($to_file)) . "[moved from " . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file", -class => "list"}, escapeHTML($from_file)) . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"), -class => "list"}, esc_html($to_file)) . "[moved from " . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$from_id;hb=$hash;f=$from_file"), -class => "list"}, esc_html($from_file)) . " with " . (int $similarity) . "% similarity$mode_chng]" . - $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file"}, "blob"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$to_id;hb=$hash;f=$to_file")}, "blob"); if ($to_id ne $from_id) { - print " | " . $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file"}, "diff"); + print " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$to_id;hp=$from_id;hb=$hash;f=$to_file")}, "diff"); } print "
\n"; my $alternate = 0; while (my $line = <$fd>) { if ($line =~ m/^([0-9a-fA-F]{40})/){ - $commit = $1; - next; - } - if ($line =~ m/^:([0-7]{6}) ([0-7]{6}) ([0-9a-fA-F]{40}) ([0-9a-fA-F]{40}) (.)\t(.*)$/ && (defined $commit)) { + my $commit = $1; my %co = git_read_commit($commit); if (!%co) { next; } + my $ref = ""; + if (defined $refs->{$commit}) { + $ref = " " . esc_html($refs->{$commit}) . ""; + } if ($alternate) { print "\n"; } else { @@ -2000,22 +2338,22 @@ sub git_history { } $alternate ^= 1; print "\n" . - "\n" . - "\n" . + "\n" . + "\n" . "\n" . "\n"; - undef $commit; } } print "
$co{'age_string_date'}" . escapeHTML(chop_str($co{'author_name'}, 15, 3)) . "" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "" . - escapeHTML(chop_str($co{'title'}, 50)) . "") . "" . esc_html(chop_str($co{'author_name'}, 15, 3)) . "" . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"}, "" . + esc_html(chop_str($co{'title'}, 50)) . "$ref") . "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=blob;hb=$commit;f=$file_name"}, "blob"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;hb=$commit;f=$file_name")}, "blob"); my $blob = git_get_hash_by_path($hash, $file_name); my $blob_parent = git_get_hash_by_path($commit, $file_name); if (defined $blob && defined $blob_parent && $blob ne $blob_parent) { print " | " . - $cgi->a({-href => "$my_uri?p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name"}, + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blobdiff;h=$blob;hp=$blob_parent;hb=$commit;f=$file_name")}, "diff to current"); } print "
\n"; @@ -2028,7 +2366,7 @@ sub git_search { die_error("", "Text field empty."); } if (!defined $hash) { - $hash = git_read_hash("$project/HEAD"); + $hash = git_read_head($project); } my %co = git_read_commit($hash); if (!%co) { @@ -2050,23 +2388,23 @@ sub git_search { } git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary;h=$hash"}, "summary") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "shortlog") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$hash"}, "tree") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary;h=$hash")}, "summary") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "shortlog") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$hash")}, "tree") . "

\n" . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash", -class => "title"}, escapeHTML($co{'title'})) . "\n" . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash"), -class => "title"}, esc_html($co{'title'})) . "\n" . "
\n"; print "\n"; my $alternate = 0; if ($commit_search) { $/ = "\0"; - open my $fd, "-|", "$gitbin/git-rev-list --header $hash"; + open my $fd, "-|", "$GIT rev-list --header --parents $hash" or next; while (my $commit_text = <$fd>) { if (!grep m/$searchtext/i, $commit_text) { next; @@ -2078,8 +2416,7 @@ sub git_search { next; } my @commit_lines = split "\n", $commit_text; - my $commit = shift @commit_lines; - my %co = git_read_commit($commit, \@commit_lines); + my %co = git_read_commit(undef, \@commit_lines); if (!%co) { next; } @@ -2090,25 +2427,25 @@ sub git_search { } $alternate ^= 1; print "\n" . - "\n" . + "\n" . "\n" . "\n" . "\n"; } @@ -2117,7 +2454,7 @@ sub git_search { if ($pickaxe_search) { $/ = "\n"; - open my $fd, "-|", "$gitbin/git-rev-list $hash | $gitbin/git-diff-tree -r --stdin -S$searchtext"; + open my $fd, "-|", "$GIT rev-list $hash | $GIT diff-tree -r --stdin -S\'$searchtext\'"; undef %co; my @files; while (my $line = <$fd>) { @@ -2143,20 +2480,20 @@ sub git_search { } $alternate ^= 1; print "\n" . - "\n" . + "\n" . "\n" . "\n" . "\n"; } @@ -2170,53 +2507,58 @@ sub git_search { } sub git_shortlog { - my $head = git_read_hash("$project/HEAD"); + my $head = git_read_head($project); if (!defined $hash) { $hash = $head; } if (!defined $page) { $page = 0; } + my $refs = read_info_ref(); git_header_html(); print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary"}, "summary") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary")}, "summary") . " | shortlog" . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=log;h=$hash"}, "log") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$hash"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$hash"}, "commitdiff") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$hash;hb=$hash"}, "tree") . "
\n"; + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=log;h=$hash")}, "log") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$hash")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$hash")}, "commitdiff") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$hash;hb=$hash")}, "tree") . "
\n"; my $limit = sprintf("--max-count=%i", (100 * ($page+1))); - open my $fd, "-|", "$gitbin/git-rev-list $limit $hash" or die_error(undef, "Open failed."); + open my $fd, "-|", "$GIT rev-list $limit $hash" or die_error(undef, "Open failed."); my (@revlist) = map { chomp; $_ } <$fd>; close $fd; if ($hash ne $head || $page) { - print $cgi->a({-href => "$my_uri?p=$project;a=shortlog"}, "HEAD"); + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog")}, "HEAD"); } else { print "HEAD"; } if ($page > 0) { print " ⋅ " . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page-1), -accesskey => "p", -title => "Alt-p"}, "prev"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page-1)), -accesskey => "p", -title => "Alt-p"}, "prev"); } else { print " ⋅ prev"; } if ($#revlist >= (100 * ($page+1)-1)) { print " ⋅ " . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -accesskey => "n", -title => "Alt-n"}, "next"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -accesskey => "n", -title => "Alt-n"}, "next"); } else { print " ⋅ next"; } print "
\n" . "
\n"; print "
\n" . - $cgi->a({-href => "$my_uri?p=$project;a=summary", -class => "title"}, " ") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=summary"), -class => "title"}, " ") . "
\n"; print "
$co{'age_string_date'}" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "" . escapeHTML(chop_str($co{'title'}, 50)) . "
"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "" . esc_html(chop_str($co{'title'}, 50)) . "
"); my $comment = $co{'comment'}; foreach my $line (@$comment) { if ($line =~ m/^(.*)($searchtext)(.*)$/i) { - my $lead = escapeHTML($1) || ""; + my $lead = esc_html($1) || ""; $lead = chop_str($lead, 30, 10); - my $match = escapeHTML($2) || ""; - my $trail = escapeHTML($3) || ""; + my $match = esc_html($2) || ""; + my $trail = esc_html($3) || ""; $trail = chop_str($trail, 30, 10); - my $text = "$lead$match$trail"; + my $text = "$lead$match$trail"; print chop_str($text, 80, 5) . "
\n"; } } print "		" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$commit"}, "tree"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); print "
$co{'age_string_date'}" . escapeHTML(chop_str($co{'author_name'}, 15, 5)) . "" . esc_html(chop_str($co{'author_name'}, 15, 5)) . "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}", -class => "list"}, "" . - escapeHTML(chop_str($co{'title'}, 50)) . "
"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}"), -class => "list"}, "" . + esc_html(chop_str($co{'title'}, 50)) . "
"); while (my $setref = shift @files) { my %set = %$setref; - print $cgi->a({-href => "$my_uri?p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}", class => "list"}, - "" . escapeHTML($set{'file'}) . "") . + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=blob;h=$set{'id'};hb=$co{'id'};f=$set{'file'}"), class => "list"}, + "" . esc_html($set{'file'}) . "") . "
\n"; } print "		" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$co{'id'}"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}"}, "tree"); + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$co{'id'}")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=tree;h=$co{'tree'};hb=$co{'id'}")}, "tree"); print "
\n"; my $alternate = 0; for (my $i = ($page * 100); $i <= $#revlist; $i++) { my $commit = $revlist[$i]; + my $ref = ""; + if (defined $refs->{$commit}) { + $ref = " " . esc_html($refs->{$commit}) . ""; + } my %co = git_read_commit($commit); my %ad = date_str($co{'author_epoch'}); if ($alternate) { @@ -2226,19 +2568,26 @@ sub git_shortlog { } $alternate ^= 1; print "\n" . - "\n" . - "\n" . + "\n" . + "\n" . "\n" . ""; } if ($#revlist >= (100 * ($page+1)-1)) { print "\n" . "\n" . "\n"; }
$co{'age_string_date'}" . escapeHTML(chop_str($co{'author_name'}, 10)) . "" . $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit", -class => "list"}, "" . - escapeHTML($co{'title_short'}) . "") . "" . esc_html(chop_str($co{'author_name'}, 10)) . ""; + if (length($co{'title_short'}) < length($co{'title'})) { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list", -title => "$co{'title'}"}, + "" . esc_html($co{'title_short'}) . "$ref"); + } else { + print $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit"), -class => "list"}, + "" . esc_html($co{'title_short'}) . "$ref"); + } + print "" . - $cgi->a({-href => "$my_uri?p=$project;a=commit;h=$commit"}, "commit") . - " | " . $cgi->a({-href => "$my_uri?p=$project;a=commitdiff;h=$commit"}, "commitdiff") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commit;h=$commit")}, "commit") . + " | " . $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=commitdiff;h=$commit")}, "commitdiff") . "
" . - $cgi->a({-href => "$my_uri?p=$project;a=shortlog;h=$hash;pg=" . ($page+1), -title => "Alt-n"}, "next") . + $cgi->a({-href => "$my_uri?" . esc_param("p=$project;a=shortlog;h=$hash;pg=" . ($page+1)), -title => "Alt-n"}, "next") . "