diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2013-05-26 15:20:02 +0200 | 
|---|---|---|
| committer | Jason A. Donenfeld <Jason@zx2c4.com> | 2013-05-26 16:30:03 +0200 | 
| commit | dcbc0438b2543a733858d62170f3110a89edbed6 (patch) | |
| tree | bdacfe4546c88bf6b03860ea69a0cad885fa6af4 | |
| parent | ui-summary: Disallow directory traversal (diff) | |
| download | cgit-pink-dcbc0438b2543a733858d62170f3110a89edbed6.tar.gz cgit-pink-dcbc0438b2543a733858d62170f3110a89edbed6.zip | |
readme: use string_list instead of space deliminations
Now this is possible in cgitrc - readme=:README.md readme=:readme.md readme=:README.mkd readme=:readme.mkd readme=:README.rst readme=:readme.rst readme=:README.html readme=:readme.html readme=:README.htm readme=:readme.htm readme=:README.txt readme=:readme.txt readme=:README readme=:readme readme=:INSTALL.txt readme=:install.txt readme=:INSTALL readme=:install Suggested-by: John Keeping <john@keeping.me.uk> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Diffstat (limited to '')
| -rw-r--r-- | cgit.c | 92 | ||||
| -rw-r--r-- | cgit.h | 4 | ||||
| -rw-r--r-- | cgitrc.5.txt | 5 | ||||
| -rw-r--r-- | cmd.c | 3 | ||||
| -rw-r--r-- | scan-tree.c | 8 | ||||
| -rw-r--r-- | ui-blob.c | 61 | ||||
| -rw-r--r-- | ui-blob.h | 6 | ||||
| -rw-r--r-- | ui-shared.c | 2 | ||||
| -rw-r--r-- | ui-summary.c | 100 | ||||
| -rw-r--r-- | ui-summary.h | 1 | 
10 files changed, 160 insertions, 122 deletions
| diff --git a/cgit.c b/cgit.c index f738b83..f0a9acf 100644 --- a/cgit.c +++ b/cgit.c @@ -1,7 +1,7 @@ /* cgit.c: cgi for the git scm * * Copyright (C) 2006 Lars Hjemli - * Copyright (C) 2010, 2012 Jason A. Donenfeld <Jason@zx2c4.com> + * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com> * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -101,13 +101,15 @@ static void repo_config(struct cgit_repo *repo, const char *name, const char *va else if (!strcmp(name, "module-link")) repo->module_link= xstrdup(value); else if (!prefixcmp(name, "module-link.")) { - item = string_list_append(&repo->submodules, name + 12); + item = string_list_append(&repo->submodules, xstrdup(name + 12)); item->util = xstrdup(value); } else if (!strcmp(name, "section")) repo->section = xstrdup(value); - else if (!strcmp(name, "readme") && value != NULL) - repo->readme = xstrdup(value); - else if (!strcmp(name, "logo") && value != NULL) + else if (!strcmp(name, "readme") && value != NULL) { + if (repo->readme.items == ctx.cfg.readme.items) + memset(&repo->readme, 0, sizeof(repo->readme)); + string_list_append(&repo->readme, xstrdup(value)); + } else if (!strcmp(name, "logo") && value != NULL) repo->logo = xstrdup(value); else if (!strcmp(name, "logo-link") && value != NULL) repo->logo_link = xstrdup(value); @@ -131,8 +133,8 @@ static void config_cb(const char *name, const char *value) ctx.repo->path = trim_end(value, '/'); else if (ctx.repo && !prefixcmp(name, "repo.")) repo_config(ctx.repo, name + 5, value); - else if (!strcmp(name, "readme")) - ctx.cfg.readme = xstrdup(value); + else if (!strcmp(name, "readme") && value != NULL) + string_list_append(&ctx.cfg.readme, xstrdup(value)); else if (!strcmp(name, "root-title")) ctx.cfg.root_title = xstrdup(value); else if (!strcmp(name, "root-desc")) @@ -470,37 +472,76 @@ static char *guess_defbranch(void) return "master"; return xstrdup(ref + 11); } +/* The caller must free filename and ref after calling this. */ +static inline void parse_readme(const char *readme, char **filename, char **ref, struct cgit_repo *repo) +{ + const char *colon; + + *filename = NULL; + *ref = NULL; + + if (!readme || !readme[0]) + return; + /* Check if the readme is tracked in the git repo. */ + colon = strchr(readme, ':'); + if (colon && strlen(colon) > 1) { + /* If it starts with a colon, we want to use + * the default branch */ + if (colon == readme && repo->defbranch) + *ref = xstrdup(repo->defbranch); + else + *ref = xstrndup(readme, colon - readme); + readme = colon + 1; + } + + /* Prepend repo path to relative readme path unless tracked. */ + if (!(*ref) && readme[0] != '/') + *filename = fmtalloc("%s/%s", repo->path, readme); + else + *filename = xstrdup(readme); +} static void choose_readme(struct cgit_repo *repo) { - char *entry, *filename, *ref; + int found; + char *filename, *ref; + struct string_list_item *entry; - /* If there's no space, we skip the possibly expensive - * selection process. */ - if (!repo->readme || !strchr(repo->readme, ' ')) + if (!repo->readme.nr) return; - for (entry = strtok(repo->readme, " "); entry; entry = strtok(NULL, " ")) { - cgit_parse_readme(entry, NULL, &filename, &ref, repo); - if (!(*filename)) { + found = 0; + for_each_string_list_item(entry, &repo->readme) { + parse_readme(entry->string, &filename, &ref, repo); + if (!filename) { free(filename); free(ref); continue; } - if (*ref && cgit_ref_path_exists(filename, ref)) { - free(filename); - free(ref); + /* If there's only one item, we skip the possibly expensive + * selection process. */ + if (repo->readme.nr == 1) { + found = 1; break; } - if (!access(filename, R_OK)) { - free(filename); - free(ref); + if (ref) { + if (cgit_ref_path_exists(filename, ref, 1)) { + found = 1; + break; + } + } + else if (!access(filename, R_OK)) { + found = 1; break; } free(filename); free(ref); } - repo->readme = entry; + repo->readme.strdup_strings = 1; + string_list_clear(&repo->readme, 0); + repo->readme.strdup_strings = 0; + if (found) + string_list_append(&repo->readme, filename)->util = ref; } static int prepare_repo_cmd(struct cgit_context *ctx) @@ -660,6 +701,7 @@ static char *get_first_line(char *txt) static void print_repo(FILE *f, struct cgit_repo *repo) { + struct string_list_item *item; fprintf(f, "repo.url=%s\n", repo->url); fprintf(f, "repo.name=%s\n", repo->name); fprintf(f, "repo.path=%s\n", repo->path); @@ -670,8 +712,12 @@ static void print_repo(FILE *f, struct cgit_repo *repo) fprintf(f, "repo.desc=%s\n", tmp); free(tmp); } - if (repo->readme) - fprintf(f, "repo.readme=%s\n", repo->readme); + for_each_string_list_item(item, &repo->readme) { + if (item->util) + fprintf(f, "repo.readme=%s:%s\n", (char *)item->util, item->string); + else + fprintf(f, "repo.readme=%s\n", item->string); + } if (repo->defbranch) fprintf(f, "repo.defbranch=%s\n", repo->defbranch); if (repo->module_link) diff --git a/cgit.h b/cgit.h index 850b792..f28cf30 100644 --- a/cgit.h +++ b/cgit.h @@ -73,7 +73,7 @@ struct cgit_repo { char *owner; char *defbranch; char *module_link; - char *readme; + struct string_list readme; char *section; char *clone_url; char *logo; @@ -183,7 +183,7 @@ struct cgit_config { char *mimetype_file; char *module_link; char *project_list; - char *readme; + struct string_list readme; char *robots; char *root_title; char *root_desc; diff --git a/cgitrc.5.txt b/cgitrc.5.txt index 12a843b..6437ef4 100644 --- a/cgitrc.5.txt +++ b/cgitrc.5.txt @@ -290,8 +290,9 @@ project-list:: readme:: Text which will be used as default value for "repo.readme". Multiple - files may be specified, separated by a space, and cgit will use the - first found file in this list. Default value: none. + config keys may be specified, and cgit will use the first found file + in this list. This is useful in conjunction with scan-path. Default + value: none. See also: scan-path, repo.readme. remove-suffix:: If set to "1" and scan-path is enabled, if any repositories are found diff --git a/cmd.c b/cmd.c index 198bf2f..abe8e46 100644 --- a/cmd.c +++ b/cmd.c @@ -1,6 +1,7 @@ /* cmd.c: the cgit command dispatcher * * Copyright (C) 2008 Lars Hjemli + * Copyright (C) 2013 Jason A. Donenfeld <Jason@zx2c4.com>. * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -46,7 +47,7 @@ static void about_fn(struct cgit_context *ctx) static void blob_fn(struct cgit_context *ctx) { - cgit_print_blob(ctx->qry.sha1, ctx->qry.path, ctx->qry.head); + cgit_print_blob(ctx->qry.sha1, ctx->qry.path, ctx->qry.head, 0); } static void commit_fn(struct cgit_context *ctx) diff --git a/scan-tree.c b/scan-tree.c index a1ec8fb..2684b44 100644 --- a/scan-tree.c +++ b/scan-tree.c @@ -1,7 +1,7 @@ /* scan-tree.c * * Copyright (C) 2008-2009 Lars Hjemli - * Copyright (C) 2010, 2012 Jason A. Donenfeld <Jason@zx2c4.com> + * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com> * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -147,12 +147,6 @@ static void add_repo(const char *base, struct strbuf *path, repo_config_fn fn) strbuf_setlen(path, pathlen); } - if (!repo->readme) { - strbuf_addstr(path, "README.html"); - if (!stat(path->buf, &st)) - repo->readme = "README.html"; - strbuf_setlen(path, pathlen); - } if (ctx.cfg.section_from_path) { n = ctx.cfg.section_from_path; if (n > 0) { diff --git a/ui-blob.c b/ui-blob.c index b4be139..eb14a75 100644 --- a/ui-blob.c +++ b/ui-blob.c @@ -1,7 +1,7 @@ /* ui-blob.c: show blob content * * Copyright (C) 2008 Lars Hjemli - * Copyright (C) 2010 Jason A. Donenfeld <Jason@zx2c4.com> + * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com> * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -15,7 +15,8 @@ struct walk_tree_context { const char *match_path; unsigned char *matched_sha1; - int found_path; + int found_path:1; + int file_only:1; }; static int walk_tree(const unsigned char *sha1, const char *base, int baselen, @@ -23,6 +24,8 @@ static int walk_tree(const unsigned char *sha1, const char *base, int baselen, { struct walk_tree_context *walk_tree_ctx = cbdata; + if (walk_tree_ctx->file_only && !S_ISREG(mode)) + return READ_TREE_RECURSIVE; if (strncmp(base, walk_tree_ctx->match_path, baselen) || strcmp(walk_tree_ctx->match_path + baselen, pathname)) return READ_TREE_RECURSIVE; @@ -31,33 +34,34 @@ static int walk_tree(const unsigned char *sha1, const char *base, int baselen, return 0; } -int cgit_ref_path_exists(const char *path, const char *ref) +int cgit_ref_path_exists(const char *path, const char *ref, int file_only) { - unsigned char sha1[20]; - unsigned long size; - struct pathspec_item path_items = { - .match = path, - .len = strlen(path) - }; - struct pathspec paths = { - .nr = 1, - .items = &path_items - }; - struct walk_tree_context walk_tree_ctx = { - .match_path = path, - .matched_sha1 = sha1, - .found_path = 0 - }; + unsigned char sha1[20]; + unsigned long size; + struct pathspec_item path_items = { + .match = path, + .len = strlen(path) + }; + struct pathspec paths = { + .nr = 1, + .items = &path_items + }; + struct walk_tree_context walk_tree_ctx = { + .match_path = path, + .matched_sha1 = sha1, + .found_path = 0, + .file_only = file_only + }; - if (get_sha1(ref, sha1)) - return 0; - if (sha1_object_info(sha1, &size) != OBJ_COMMIT) - return 0; - read_tree_recursive(lookup_commit_reference(sha1)->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx); - return walk_tree_ctx.found_path; + if (get_sha1(ref, sha1)) + return 0; + if (sha1_object_info(sha1, &size) != OBJ_COMMIT) + return 0; + read_tree_recursive(lookup_commit_reference(sha1)->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx); + return walk_tree_ctx.found_path; } -int cgit_print_file(char *path, const char *head) +int cgit_print_file(char *path, const char *head, int file_only) { unsigned char sha1[20]; enum object_type type; @@ -75,7 +79,8 @@ int cgit_print_file(char *path, const char *head) struct walk_tree_context walk_tree_ctx = { .match_path = path, .matched_sha1 = sha1, - .found_path = 0 + .found_path = 0, + .file_only = file_only }; if (get_sha1(head, sha1)) @@ -98,7 +103,7 @@ int cgit_print_file(char *path, const char *head) return 0; } -void cgit_print_blob(const char *hex, char *path, const char *head) +void cgit_print_blob(const char *hex, char *path, const char *head, int file_only) { unsigned char sha1[20]; enum object_type type; @@ -116,6 +121,8 @@ void cgit_print_blob(const char *hex, char *path, const char *head) struct walk_tree_context walk_tree_ctx = { .match_path = path, .matched_sha1 = sha1, + .found_path = 0, + .file_only = file_only }; if (hex) { diff --git a/ui-blob.h b/ui-blob.h index ce3649f..16847b2 100644 --- a/ui-blob.h +++ b/ui-blob.h @@ -1,8 +1,8 @@ #ifndef UI_BLOB_H #define UI_BLOB_H -extern int cgit_ref_path_exists(const char *path, const char *ref); -extern int cgit_print_file(char *path, const char *head); -extern void cgit_print_blob(const char *hex, char *path, const char *head); +extern int cgit_ref_path_exists(const char *path, const char *ref, int file_only); +extern int cgit_print_file(char *path, const char *head, int file_only); +extern void cgit_print_blob(const char *hex, char *path, const char *head, int file_only); #endif /* UI_BLOB_H */ diff --git a/ui-shared.c b/ui-shared.c index 519eef7..7ab2ab1 100644 --- a/ui-shared.c +++ b/ui-shared.c @@ -864,7 +864,7 @@ void cgit_print_pageheader(struct cgit_context *ctx) if (ctx->repo->max_stats) cgit_stats_link("stats", NULL, hc(ctx, "stats"), ctx->qry.head, ctx->qry.vpath); - if (ctx->repo->readme) + if (ctx->repo->readme.nr) reporevlink("about", "about", NULL, hc(ctx, "about"), ctx->qry.head, NULL, NULL); diff --git a/ui-summary.c b/ui-summary.c index 57206dd..d8500d6 100644 --- a/ui-summary.c +++ b/ui-summary.c @@ -1,7 +1,7 @@ /* ui-summary.c: functions for generating repo summary page * * Copyright (C) 2006 Lars Hjemli - * Copyright (C) 2010 Jason A. Donenfeld <Jason@zx2c4.com> + * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com> * * Licensed under GNU General Public License v2 * (see COPYING for full license text) @@ -13,6 +13,7 @@ #include "ui-log.h" #include "ui-refs.h" #include "ui-blob.h" +#include <libgen.h> static void print_url(char *base, char *suffix) { @@ -95,69 +96,57 @@ void cgit_print_summary() html("</table>"); } -/* The caller must free filename and ref after calling this. */ -void cgit_parse_readme(const char *readme, const char *path, char **filename, char **ref, struct cgit_repo *repo) +/* The caller must free the return value. */ +static char* append_readme_path(const char *filename, const char *ref, const char *path) { - const char *slash, *colon; - char *resolved_base, *resolved_full; - - *filename = NULL; - *ref = NULL; - - if (!readme || !(*readme)) - return; - - /* Check if the readme is tracked in the git repo. */ - colon = strchr(readme, ':'); - if (colon && strlen(colon) > 1) { - /* If it starts with a colon, we want to use - * the default branch */ - if (colon == readme && repo->defbranch) - *ref = xstrdup(repo->defbranch); - else - *ref = xstrndup(readme, colon - readme); - readme = colon + 1; - } - - /* Prepend repo path to relative readme path unless tracked. */ - if (!(*ref) && *readme != '/') - readme = fmtalloc("%s/%s", repo->path, readme); - + char *file, *base_dir, *full_path, *resolved_base = NULL, *resolved_full = NULL; /* If a subpath is specified for the about page, make it relative * to the directory containing the configured readme. */ - if (path) { - slash = strrchr(readme, '/'); - if (!slash) { - if (!colon) - return; - slash = colon; - } - *filename = xmalloc(slash - readme + 1 + strlen(path) + 1); - strncpy(*filename, readme, slash - readme + 1); - if (!(*ref)) - resolved_base = realpath(*filename, NULL); - strcpy(*filename + (slash - readme + 1), path); - if (!(*ref)) - resolved_full = realpath(*filename, NULL); - if (!(*ref) && (!resolved_base || !resolved_full || strstr(resolved_full, resolved_base) != resolved_full)) { - free(*filename); - *filename = NULL; - } - if (!(*ref)) { - free(resolved_base); - free(resolved_full); + + file = xstrdup(filename); + base_dir = dirname(file); + if (!strcmp(base_dir, ".") || !strcmp(base_dir, "..")) { + if (!ref) { + free(file); + return NULL; } + full_path = xstrdup(path); } else - *filename = xstrdup(readme); + full_path = fmtalloc("%s/%s", base_dir, path); + + if (!ref) { + resolved_base = realpath(base_dir, NULL); + resolved_full = realpath(full_path, NULL); + if (!resolved_base || !resolved_full || strncmp(resolved_base, resolved_full, strlen(resolved_base))) { + free(full_path); + full_path = NULL; + } + } + + free(file); + free(resolved_base); + free(resolved_full); + + return full_path; } void cgit_print_repo_readme(char *path) { char *filename, *ref; - cgit_parse_readme(ctx.repo->readme, path, &filename, &ref, ctx.repo); + int free_filename = 0; - if (!filename) + if (ctx.repo->readme.nr == 0) return; + + filename = ctx.repo->readme.items[0].string; + ref = ctx.repo->readme.items[0].util; + + if (path) { + free_filename = 1; + filename = append_readme_path(filename, ref, path); + if (!filename) + return; + } /* Print the calculated readme, either from the git repo or from the * filesystem, while applying the about-filter. @@ -168,14 +157,15 @@ void cgit_print_repo_readme(char *path) cgit_open_filter(ctx.repo->about_filter); } if (ref) - cgit_print_file(filename, ref); + cgit_print_file(filename, ref, 1); else html_include(filename); if (ctx.repo->about_filter) { cgit_close_filter(ctx.repo->about_filter); ctx.repo->about_filter->argv[1] = NULL; + free(ref); } html("</div>"); - free(filename); - free(ref); + if (free_filename) + free(filename); } diff --git a/ui-summary.h b/ui-summary.h index d6dc5ba..c01f560 100644 --- a/ui-summary.h +++ b/ui-summary.h @@ -1,7 +1,6 @@ #ifndef UI_SUMMARY_H #define UI_SUMMARY_H -extern void cgit_parse_readme(const char *readme, const char *path, char **filename, char **ref, struct cgit_repo *repo); extern void cgit_print_summary(); extern void cgit_print_repo_readme(char *path); |