X-Git-Url: https://git.ladys.computer/Gitweb/blobdiff_plain/770213e5c94c82dd69cfa50652abefee9ec04318e7de0effc0696b22eb62117c..72e42412e078baff114a435fe10cb7e7f535979079bd416edcc1968397ee3d16:/gitweb.perl diff --git a/gitweb.perl b/gitweb.perl index 6b7245c..b47a42f 100755 --- a/gitweb.perl +++ b/gitweb.perl @@ -742,7 +742,7 @@ sub evaluate_gitweb_config { $GITWEB_CONFIG_SYSTEM = "" if ($GITWEB_CONFIG_SYSTEM eq $GITWEB_CONFIG_COMMON); # Common system-wide settings for convenience. - # Those settings can be ovverriden by GITWEB_CONFIG or GITWEB_CONFIG_SYSTEM. + # Those settings can be overridden by GITWEB_CONFIG or GITWEB_CONFIG_SYSTEM. read_config_file($GITWEB_CONFIG_COMMON); # Use first config file that exists. This means use the per-instance @@ -1292,9 +1292,23 @@ our $is_last_request = sub { 1 }; our ($pre_dispatch_hook, $post_dispatch_hook, $pre_listen_hook); our $CGI = 'CGI'; our $cgi; +our $FCGI_Stream_PRINT_raw = \&FCGI::Stream::PRINT; sub configure_as_fcgi { require CGI::Fast; our $CGI = 'CGI::Fast'; + # FCGI is not Unicode aware hence the UTF-8 encoding must be done manually. + # However no encoding must be done within git_blob_plain() and git_snapshot() + # which must still output in raw binary mode. + no warnings 'redefine'; + my $enc = Encode::find_encoding('UTF-8'); + *FCGI::Stream::PRINT = sub { + my @OUTPUT = @_; + for (my $i = 1; $i < @_; $i++) { + $OUTPUT[$i] = $enc->encode($_[$i], Encode::FB_CROAK|Encode::LEAVE_SRC); + } + @_ = @OUTPUT; + goto $FCGI_Stream_PRINT_raw; + }; my $request_number = 0; # let each child service 100 requests @@ -1658,15 +1672,15 @@ sub quot_cec { my $cntrl = shift; my %opts = @_; my %es = ( # character escape codes, aka escape sequences - "\t" => '\t', # tab (HT) - "\n" => '\n', # line feed (LF) - "\r" => '\r', # carrige return (CR) - "\f" => '\f', # form feed (FF) - "\b" => '\b', # backspace (BS) - "\a" => '\a', # alarm (bell) (BEL) - "\e" => '\e', # escape (ESC) - "\013" => '\v', # vertical tab (VT) - "\000" => '\0', # nul character (NUL) + "\t" => '\t', # tab (HT) + "\n" => '\n', # line feed (LF) + "\r" => '\r', # carriage return (CR) + "\f" => '\f', # form feed (FF) + "\b" => '\b', # backspace (BS) + "\a" => '\a', # alarm (bell) (BEL) + "\e" => '\e', # escape (ESC) + "\013" => '\v', # vertical tab (VT) + "\000" => '\0', # nul character (NUL) ); my $chr = ( (exists $es{$cntrl}) ? $es{$cntrl} @@ -4049,7 +4063,7 @@ sub print_feed_meta { $href_params{'extra_options'} = undef; $href_params{'action'} = $type; - $link_attr{'-href'} = href(%href_params); + $link_attr{'-href'} = esc_attr(href(%href_params)); print "\n"; $href_params{'extra_options'} = '--no-merges'; - $link_attr{'-href'} = href(%href_params); + $link_attr{'-href'} = esc_attr(href(%href_params)); $link_attr{'-title'} .= ' (no merges)'; print "'."\n", - esc_attr($site_name), href(project=>undef, action=>"project_index")); + esc_attr($site_name), + esc_attr(href(project=>undef, action=>"project_index"))); printf(''."\n", - esc_attr($site_name), href(project=>undef, action=>"opml")); + esc_attr($site_name), + esc_attr(href(project=>undef, action=>"opml"))); } } @@ -4288,8 +4304,8 @@ sub git_footer_html { if (defined $action && $action eq 'blame_incremental') { print qq!\n!; } else { my ($jstimezone, $tz_cookie, $datetime_class) = @@ -4626,7 +4642,7 @@ sub git_print_log { # print log my $skip_blank_line = 0; foreach my $line (@$log) { - if ($line =~ m/^\s*([A-Z][-A-Za-z]*-[Bb]y|C[Cc]): /) { + if ($line =~ m/^\s*([A-Z][-A-Za-z]*-([Bb]y|[Tt]o)|C[Cc]|(Clos|Fix)es): /) { if (! $opts{'-remove_signoff'}) { print "" . esc_html($line) . "
\n"; $skip_blank_line = 1; @@ -5284,7 +5300,7 @@ sub format_ctx_rem_add_lines { # + c # + d # - # Otherwise the highlightling would be confusing. + # Otherwise the highlighting would be confusing. if ($is_combined) { for (my $i = 0; $i < @$add; $i++) { my $prefix_rem = substr($rem->[$i], 0, $num_parents); @@ -7078,6 +7094,7 @@ sub git_blob_plain { ($sandbox ? 'attachment' : 'inline') . '; filename="' . $save_as . '"'); local $/ = undef; + local *FCGI::Stream::PRINT = $FCGI_Stream_PRINT_raw; binmode STDOUT, ':raw'; print <$fd>; binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi @@ -7156,8 +7173,8 @@ sub git_blob { print qq! alt="!.esc_attr($file_name).qq!" title="!.esc_attr($file_name).qq!"!; } print qq! src="! . - href(action=>"blob_plain", hash=>$hash, - hash_base=>$hash_base, file_name=>$file_name) . + esc_attr(href(action=>"blob_plain", hash=>$hash, + hash_base=>$hash_base, file_name=>$file_name)) . qq!" />\n!; } else { my $nr; @@ -7416,6 +7433,7 @@ sub git_snapshot { open my $fd, "-|", $cmd or die_error(500, "Execute git-archive failed"); + local *FCGI::Stream::PRINT = $FCGI_Stream_PRINT_raw; binmode STDOUT, ':raw'; print <$fd>; binmode STDOUT, ':utf8'; # as set at the beginning of gitweb.cgi @@ -8240,6 +8258,7 @@ sub git_feed { } else { $alt_url = href(-full=>1, action=>"summary"); } + $alt_url = esc_attr($alt_url); print qq!\n!; if ($format eq 'rss') { print <' . "\n" . '' . "\n" . - "" . href(-full=>1) . "\n" . + "" . esc_url(href(-full=>1)) . "\n" . # use project owner for feed author "$owner\n"; if (defined $favicon) { @@ -8323,7 +8342,7 @@ XML "" . esc_html($co{'author'}) . "\n" . "$cd{'rfc2822'}\n" . "$co_url\n" . - "$co_url\n" . + "" . esc_html($co_url) . "\n" . "" . esc_html($co{'title'}) . "\n" . "" . "\n" . "$cd{'iso-8601'}\n" . - "\n" . - "$co_url\n" . + "\n" . + "" . esc_html($co_url) . "\n" . "\n" . "
\n"; } @@ -8453,8 +8472,8 @@ XML } my $path = esc_html(chop_str($proj{'path'}, 25, 5)); - my $rss = href('project' => $proj{'path'}, 'action' => 'rss', -full => 1); - my $html = href('project' => $proj{'path'}, 'action' => 'summary', -full => 1); + my $rss = esc_attr(href('project' => $proj{'path'}, 'action' => 'rss', -full => 1)); + my $html = esc_attr(href('project' => $proj{'path'}, 'action' => 'summary', -full => 1)); print "\n"; } print <