gitweb: add "e-mail privacy" feature to redact e-mail addresses

Gitweb extracts content from the Git log and makes it accessible
over HTTP. As a result, e-mail addresses found in commits are
exposed to web crawlers and they may not respect robots.txt.
This can result in unsolicited messages.

Introduce an 'email-privacy' feature which redacts e-mail addresses
from the generated HTML content. Specifically, obscure addresses
retrieved from the the author/committer and comment sections of the
Git log. The feature is off by default.

This feature does not prevent someone from downloading the
unredacted commit log, e.g., by cloning the repository, and
extracting information from it. It aims to hinder the low-
effort, bulk collection of e-mail addresses by web crawlers.

Signed-off-by: Georgios Kontaxis <redacted>
Acked-by: Eric Wong <redacted>
Acked-by: Ævar Arnfjörð Bjarmason <redacted>
Signed-off-by: Junio C Hamano <redacted>

diff --git a/gitweb.perl b/gitweb.perl
index b47a42f6693f150f19b272bf7583f9333e68b2c610144b3b82ae0f5a306f3e11..2ff0d7a554a381bbe9821a20f33d092f65a48a97677cfd35d55c84befa7537c0 100755 (executable)
--- a/gitweb.perl
+++ b/gitweb.perl
@@ -570,6 +570,15 @@ our %feature = (
                'sub' => \&feature_extra_branch_refs,
                'override' => 0,
                'default' => []},
+
+       # Redact e-mail addresses.
+
+       # To enable system wide have in $GITWEB_CONFIG
+       # $feature{'email-privacy'}{'default'} = [1];
+       'email-privacy' => {
+               'sub' => sub { feature_bool('email-privacy', @_) },
+               'override' => 1,
+               'default' => [0]},
 );
 
 sub gitweb_get_feature {
@@ -3450,6 +3459,13 @@ sub parse_date {
        return %date;
 }
 
+sub hide_mailaddrs_if_private {
+       my $line = shift;
+       return $line unless gitweb_check_feature('email-privacy');
+       $line =~ s/<[^@>]+@[^>]+>/<redacted>/g;
+       return $line;
+}
+
 sub parse_tag {
        my $tag_id = shift;
        my %tag;
@@ -3466,7 +3482,7 @@ sub parse_tag {
                } elsif ($line =~ m/^tag (.+)$/) {
                        $tag{'name'} = $1;
                } elsif ($line =~ m/^tagger (.*) ([0-9]+) (.*)$/) {
-                       $tag{'author'} = $1;
+                       $tag{'author'} = hide_mailaddrs_if_private($1);
                        $tag{'author_epoch'} = $2;
                        $tag{'author_tz'} = $3;
                        if ($tag{'author'} =~ m/^([^<]+) <([^>]*)>/) {
@@ -3514,7 +3530,7 @@ sub parse_commit_text {
                } elsif ((!defined $withparents) && ($line =~ m/^parent ($oid_regex)$/)) {
                        push @parents, $1;
                } elsif ($line =~ m/^author (.*) ([0-9]+) (.*)$/) {
-                       $co{'author'} = to_utf8($1);
+                       $co{'author'} = hide_mailaddrs_if_private(to_utf8($1));
                        $co{'author_epoch'} = $2;
                        $co{'author_tz'} = $3;
                        if ($co{'author'} =~ m/^([^<]+) <([^>]*)>/) {
@@ -3524,7 +3540,7 @@ sub parse_commit_text {
                                $co{'author_name'} = $co{'author'};
                        }
                } elsif ($line =~ m/^committer (.*) ([0-9]+) (.*)$/) {
-                       $co{'committer'} = to_utf8($1);
+                       $co{'committer'} = hide_mailaddrs_if_private(to_utf8($1));
                        $co{'committer_epoch'} = $2;
                        $co{'committer_tz'} = $3;
                        if ($co{'committer'} =~ m/^([^<]+) <([^>]*)>/) {
@@ -3569,9 +3585,10 @@ sub parse_commit_text {
        if (! defined $co{'title'} || $co{'title'} eq "") {
                $co{'title'} = $co{'title_short'} = '(no commit message)';
        }
-       # remove added spaces
+       # remove added spaces, redact e-mail addresses if applicable.
        foreach my $line (@commit_lines) {
                $line =~ s/^    //;
+               $line = hide_mailaddrs_if_private($line);
        }
        $co{'comment'} = \@commit_lines;
 
@@ -7490,7 +7507,8 @@ sub git_log_generic {
                                 -accesskey => "n", -title => "Alt-n"}, "next");
        }
        my $patch_max = gitweb_get_feature('patches');
-       if ($patch_max && !defined $file_name) {
+       if ($patch_max && !defined $file_name &&
+               !gitweb_check_feature('email-privacy')) {
                if ($patch_max < 0 || @commitlist <= $patch_max) {
                        $paging_nav .= " &sdot; " .
                                $cgi->a({-href => href(action=>"patches", -replay=>1)},
@@ -7551,7 +7569,8 @@ sub git_commit {
                        } @$parents ) .
                        ')';
        }
-       if (gitweb_check_feature('patches') && @$parents <= 1) {
+       if (gitweb_check_feature('patches') && @$parents <= 1 &&
+               !gitweb_check_feature('email-privacy')) {
                $formats_nav .= " | " .
                        $cgi->a({-href => href(action=>"patch", -replay=>1)},
                                "patch");
@@ -7864,7 +7883,8 @@ sub git_commitdiff {
                $formats_nav =
                        $cgi->a({-href => href(action=>"commitdiff_plain", -replay=>1)},
                                "raw");
-               if ($patch_max && @{$co{'parents'}} <= 1) {
+               if ($patch_max && @{$co{'parents'}} <= 1 &&
+                       !gitweb_check_feature('email-privacy')) {
                        $formats_nav .= " | " .
                                $cgi->a({-href => href(action=>"patch", -replay=>1)},
                                        "patch");