about summary refs log tree commit diff
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2013-05-26 15:20:02 +0200
committerJason A. Donenfeld <Jason@zx2c4.com>2013-05-26 16:30:03 +0200
commitdcbc0438b2543a733858d62170f3110a89edbed6 (patch)
treebdacfe4546c88bf6b03860ea69a0cad885fa6af4
parentui-summary: Disallow directory traversal (diff)
downloadcgit-pink-dcbc0438b2543a733858d62170f3110a89edbed6.tar.gz
cgit-pink-dcbc0438b2543a733858d62170f3110a89edbed6.zip
readme: use string_list instead of space deliminations
Now this is possible in cgitrc -

readme=:README.md
readme=:readme.md
readme=:README.mkd
readme=:readme.mkd
readme=:README.rst
readme=:readme.rst
readme=:README.html
readme=:readme.html
readme=:README.htm
readme=:readme.htm
readme=:README.txt
readme=:readme.txt
readme=:README
readme=:readme
readme=:INSTALL.txt
readme=:install.txt
readme=:INSTALL
readme=:install

Suggested-by: John Keeping <john@keeping.me.uk>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
-rw-r--r--cgit.c92
-rw-r--r--cgit.h4
-rw-r--r--cgitrc.5.txt5
-rw-r--r--cmd.c3
-rw-r--r--scan-tree.c8
-rw-r--r--ui-blob.c61
-rw-r--r--ui-blob.h6
-rw-r--r--ui-shared.c2
-rw-r--r--ui-summary.c100
-rw-r--r--ui-summary.h1
10 files changed, 160 insertions, 122 deletions
diff --git a/cgit.c b/cgit.c
index f738b83..f0a9acf 100644
--- a/cgit.c
+++ b/cgit.c
@@ -1,7 +1,7 @@
 /* cgit.c: cgi for the git scm
  *
  * Copyright (C) 2006 Lars Hjemli
- * Copyright (C) 2010, 2012 Jason A. Donenfeld <Jason@zx2c4.com>
+ * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -101,13 +101,15 @@ static void repo_config(struct cgit_repo *repo, const char *name, const char *va
 	else if (!strcmp(name, "module-link"))
 		repo->module_link= xstrdup(value);
 	else if (!prefixcmp(name, "module-link.")) {
-		item = string_list_append(&repo->submodules, name + 12);
+		item = string_list_append(&repo->submodules, xstrdup(name + 12));
 		item->util = xstrdup(value);
 	} else if (!strcmp(name, "section"))
 		repo->section = xstrdup(value);
-	else if (!strcmp(name, "readme") && value != NULL)
-		repo->readme = xstrdup(value);
-	else if (!strcmp(name, "logo") && value != NULL)
+	else if (!strcmp(name, "readme") && value != NULL) {
+		if (repo->readme.items == ctx.cfg.readme.items)
+			memset(&repo->readme, 0, sizeof(repo->readme));
+		string_list_append(&repo->readme, xstrdup(value));
+	} else if (!strcmp(name, "logo") && value != NULL)
 		repo->logo = xstrdup(value);
 	else if (!strcmp(name, "logo-link") && value != NULL)
 		repo->logo_link = xstrdup(value);
@@ -131,8 +133,8 @@ static void config_cb(const char *name, const char *value)
 		ctx.repo->path = trim_end(value, '/');
 	else if (ctx.repo && !prefixcmp(name, "repo."))
 		repo_config(ctx.repo, name + 5, value);
-	else if (!strcmp(name, "readme"))
-		ctx.cfg.readme = xstrdup(value);
+	else if (!strcmp(name, "readme") && value != NULL)
+		string_list_append(&ctx.cfg.readme, xstrdup(value));
 	else if (!strcmp(name, "root-title"))
 		ctx.cfg.root_title = xstrdup(value);
 	else if (!strcmp(name, "root-desc"))
@@ -470,37 +472,76 @@ static char *guess_defbranch(void)
 		return "master";
 	return xstrdup(ref + 11);
 }
+/* The caller must free filename and ref after calling this. */
+static inline void parse_readme(const char *readme, char **filename, char **ref, struct cgit_repo *repo)
+{
+	const char *colon;
+
+	*filename = NULL;
+	*ref = NULL;
+
+	if (!readme || !readme[0])
+		return;
 
+	/* Check if the readme is tracked in the git repo. */
+	colon = strchr(readme, ':');
+	if (colon && strlen(colon) > 1) {
+		/* If it starts with a colon, we want to use
+		 * the default branch */
+		if (colon == readme && repo->defbranch)
+			*ref = xstrdup(repo->defbranch);
+		else
+			*ref = xstrndup(readme, colon - readme);
+		readme = colon + 1;
+	}
+
+	/* Prepend repo path to relative readme path unless tracked. */
+	if (!(*ref) && readme[0] != '/')
+		*filename = fmtalloc("%s/%s", repo->path, readme);
+	else
+		*filename = xstrdup(readme);
+}
 static void choose_readme(struct cgit_repo *repo)
 {
-	char *entry, *filename, *ref;
+	int found;
+	char *filename, *ref;
+	struct string_list_item *entry;
 
-	/* If there's no space, we skip the possibly expensive
-	 * selection process. */
-	if (!repo->readme || !strchr(repo->readme, ' '))
+	if (!repo->readme.nr)
 		return;
 
-	for (entry = strtok(repo->readme, " "); entry; entry = strtok(NULL, " ")) {
-		cgit_parse_readme(entry, NULL, &filename, &ref, repo);
-		if (!(*filename)) {
+	found = 0;
+	for_each_string_list_item(entry, &repo->readme) {
+		parse_readme(entry->string, &filename, &ref, repo);
+		if (!filename) {
 			free(filename);
 			free(ref);
 			continue;
 		}
-		if (*ref && cgit_ref_path_exists(filename, ref)) {
-			free(filename);
-			free(ref);
+		/* If there's only one item, we skip the possibly expensive
+		 * selection process. */
+		if (repo->readme.nr == 1) {
+			found = 1;
 			break;
 		}
-		if (!access(filename, R_OK)) {
-			free(filename);
-			free(ref);
+		if (ref) {
+			if (cgit_ref_path_exists(filename, ref, 1)) {
+				found = 1;
+				break;
+			}
+		}
+		else if (!access(filename, R_OK)) {
+			found = 1;
 			break;
 		}
 		free(filename);
 		free(ref);
 	}
-	repo->readme = entry;
+	repo->readme.strdup_strings = 1;
+	string_list_clear(&repo->readme, 0);
+	repo->readme.strdup_strings = 0;
+	if (found)
+		string_list_append(&repo->readme, filename)->util = ref;
 }
 
 static int prepare_repo_cmd(struct cgit_context *ctx)
@@ -660,6 +701,7 @@ static char *get_first_line(char *txt)
 
 static void print_repo(FILE *f, struct cgit_repo *repo)
 {
+	struct string_list_item *item;
 	fprintf(f, "repo.url=%s\n", repo->url);
 	fprintf(f, "repo.name=%s\n", repo->name);
 	fprintf(f, "repo.path=%s\n", repo->path);
@@ -670,8 +712,12 @@ static void print_repo(FILE *f, struct cgit_repo *repo)
 		fprintf(f, "repo.desc=%s\n", tmp);
 		free(tmp);
 	}
-	if (repo->readme)
-		fprintf(f, "repo.readme=%s\n", repo->readme);
+	for_each_string_list_item(item, &repo->readme) {
+		if (item->util)
+			fprintf(f, "repo.readme=%s:%s\n", (char *)item->util, item->string);
+		else
+			fprintf(f, "repo.readme=%s\n", item->string);
+	}
 	if (repo->defbranch)
 		fprintf(f, "repo.defbranch=%s\n", repo->defbranch);
 	if (repo->module_link)
diff --git a/cgit.h b/cgit.h
index 850b792..f28cf30 100644
--- a/cgit.h
+++ b/cgit.h
@@ -73,7 +73,7 @@ struct cgit_repo {
 	char *owner;
 	char *defbranch;
 	char *module_link;
-	char *readme;
+	struct string_list readme;
 	char *section;
 	char *clone_url;
 	char *logo;
@@ -183,7 +183,7 @@ struct cgit_config {
 	char *mimetype_file;
 	char *module_link;
 	char *project_list;
-	char *readme;
+	struct string_list readme;
 	char *robots;
 	char *root_title;
 	char *root_desc;
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 12a843b..6437ef4 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -290,8 +290,9 @@ project-list::
 
 readme::
 	Text which will be used as default value for "repo.readme". Multiple
-	files may be specified, separated by a space, and cgit will use the
-	first found file in this list. Default value: none.
+	config keys may be specified, and cgit will use the first found file
+	in this list. This is useful in conjunction with scan-path. Default
+	value: none. See also: scan-path, repo.readme.
 
 remove-suffix::
 	If set to "1" and scan-path is enabled, if any repositories are found
diff --git a/cmd.c b/cmd.c
index 198bf2f..abe8e46 100644
--- a/cmd.c
+++ b/cmd.c
@@ -1,6 +1,7 @@
 /* cmd.c: the cgit command dispatcher
  *
  * Copyright (C) 2008 Lars Hjemli
+ * Copyright (C) 2013 Jason A. Donenfeld <Jason@zx2c4.com>.
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -46,7 +47,7 @@ static void about_fn(struct cgit_context *ctx)
 
 static void blob_fn(struct cgit_context *ctx)
 {
-	cgit_print_blob(ctx->qry.sha1, ctx->qry.path, ctx->qry.head);
+	cgit_print_blob(ctx->qry.sha1, ctx->qry.path, ctx->qry.head, 0);
 }
 
 static void commit_fn(struct cgit_context *ctx)
diff --git a/scan-tree.c b/scan-tree.c
index a1ec8fb..2684b44 100644
--- a/scan-tree.c
+++ b/scan-tree.c
@@ -1,7 +1,7 @@
 /* scan-tree.c
  * 
  * Copyright (C) 2008-2009 Lars Hjemli
- * Copyright (C) 2010, 2012 Jason A. Donenfeld <Jason@zx2c4.com>
+ * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -147,12 +147,6 @@ static void add_repo(const char *base, struct strbuf *path, repo_config_fn fn)
 		strbuf_setlen(path, pathlen);
 	}
 
-	if (!repo->readme) {
-		strbuf_addstr(path, "README.html");
-		if (!stat(path->buf, &st))
-			repo->readme = "README.html";
-		strbuf_setlen(path, pathlen);
-	}
 	if (ctx.cfg.section_from_path) {
 		n  = ctx.cfg.section_from_path;
 		if (n > 0) {
diff --git a/ui-blob.c b/ui-blob.c
index b4be139..eb14a75 100644
--- a/ui-blob.c
+++ b/ui-blob.c
@@ -1,7 +1,7 @@
 /* ui-blob.c: show blob content
  *
  * Copyright (C) 2008 Lars Hjemli
- * Copyright (C) 2010 Jason A. Donenfeld <Jason@zx2c4.com>
+ * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -15,7 +15,8 @@
 struct walk_tree_context {
 	const char *match_path;
 	unsigned char *matched_sha1;
-	int found_path;
+	int found_path:1;
+	int file_only:1;
 };
 
 static int walk_tree(const unsigned char *sha1, const char *base, int baselen,
@@ -23,6 +24,8 @@ static int walk_tree(const unsigned char *sha1, const char *base, int baselen,
 {
 	struct walk_tree_context *walk_tree_ctx = cbdata;
 
+	if (walk_tree_ctx->file_only && !S_ISREG(mode))
+		return READ_TREE_RECURSIVE;
 	if (strncmp(base, walk_tree_ctx->match_path, baselen)
 		|| strcmp(walk_tree_ctx->match_path + baselen, pathname))
 		return READ_TREE_RECURSIVE;
@@ -31,33 +34,34 @@ static int walk_tree(const unsigned char *sha1, const char *base, int baselen,
 	return 0;
 }
 
-int cgit_ref_path_exists(const char *path, const char *ref)
+int cgit_ref_path_exists(const char *path, const char *ref, int file_only)
 {
-        unsigned char sha1[20];
-        unsigned long size;
-        struct pathspec_item path_items = {
-                .match = path,
-                .len = strlen(path)
-        };
-        struct pathspec paths = {
-                .nr = 1,
-                .items = &path_items
-        };
-        struct walk_tree_context walk_tree_ctx = {
-                .match_path = path,
-                .matched_sha1 = sha1,
-                .found_path = 0
-        };
+	unsigned char sha1[20];
+	unsigned long size;
+	struct pathspec_item path_items = {
+		.match = path,
+		.len = strlen(path)
+	};
+	struct pathspec paths = {
+		.nr = 1,
+		.items = &path_items
+	};
+	struct walk_tree_context walk_tree_ctx = {
+		.match_path = path,
+		.matched_sha1 = sha1,
+		.found_path = 0,
+		.file_only = file_only
+	};
 
-        if (get_sha1(ref, sha1))
-                return 0;
-        if (sha1_object_info(sha1, &size) != OBJ_COMMIT) 
-                return 0;
-        read_tree_recursive(lookup_commit_reference(sha1)->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
-        return walk_tree_ctx.found_path;
+	if (get_sha1(ref, sha1))
+		return 0;
+	if (sha1_object_info(sha1, &size) != OBJ_COMMIT) 
+		return 0;
+	read_tree_recursive(lookup_commit_reference(sha1)->tree, "", 0, 0, &paths, walk_tree, &walk_tree_ctx);
+	return walk_tree_ctx.found_path;
 }
 
-int cgit_print_file(char *path, const char *head)
+int cgit_print_file(char *path, const char *head, int file_only)
 {
 	unsigned char sha1[20];
 	enum object_type type;
@@ -75,7 +79,8 @@ int cgit_print_file(char *path, const char *head)
 	struct walk_tree_context walk_tree_ctx = {
 		.match_path = path,
 		.matched_sha1 = sha1,
-		.found_path = 0
+		.found_path = 0,
+		.file_only = file_only
 	};
 
 	if (get_sha1(head, sha1))
@@ -98,7 +103,7 @@ int cgit_print_file(char *path, const char *head)
 	return 0;
 }
 
-void cgit_print_blob(const char *hex, char *path, const char *head)
+void cgit_print_blob(const char *hex, char *path, const char *head, int file_only)
 {
 	unsigned char sha1[20];
 	enum object_type type;
@@ -116,6 +121,8 @@ void cgit_print_blob(const char *hex, char *path, const char *head)
 	struct walk_tree_context walk_tree_ctx = {
 		.match_path = path,
 		.matched_sha1 = sha1,
+		.found_path = 0,
+		.file_only = file_only
 	};
 
 	if (hex) {
diff --git a/ui-blob.h b/ui-blob.h
index ce3649f..16847b2 100644
--- a/ui-blob.h
+++ b/ui-blob.h
@@ -1,8 +1,8 @@
 #ifndef UI_BLOB_H
 #define UI_BLOB_H
 
-extern int cgit_ref_path_exists(const char *path, const char *ref);
-extern int cgit_print_file(char *path, const char *head);
-extern void cgit_print_blob(const char *hex, char *path, const char *head);
+extern int cgit_ref_path_exists(const char *path, const char *ref, int file_only);
+extern int cgit_print_file(char *path, const char *head, int file_only);
+extern void cgit_print_blob(const char *hex, char *path, const char *head, int file_only);
 
 #endif /* UI_BLOB_H */
diff --git a/ui-shared.c b/ui-shared.c
index 519eef7..7ab2ab1 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -864,7 +864,7 @@ void cgit_print_pageheader(struct cgit_context *ctx)
 		if (ctx->repo->max_stats)
 			cgit_stats_link("stats", NULL, hc(ctx, "stats"),
 					ctx->qry.head, ctx->qry.vpath);
-		if (ctx->repo->readme)
+		if (ctx->repo->readme.nr)
 			reporevlink("about", "about", NULL,
 				    hc(ctx, "about"), ctx->qry.head, NULL,
 				    NULL);
diff --git a/ui-summary.c b/ui-summary.c
index 57206dd..d8500d6 100644
--- a/ui-summary.c
+++ b/ui-summary.c
@@ -1,7 +1,7 @@
 /* ui-summary.c: functions for generating repo summary page
  *
  * Copyright (C) 2006 Lars Hjemli
- * Copyright (C) 2010 Jason A. Donenfeld <Jason@zx2c4.com>
+ * Copyright (C) 2010-2013 Jason A. Donenfeld <Jason@zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -13,6 +13,7 @@
 #include "ui-log.h"
 #include "ui-refs.h"
 #include "ui-blob.h"
+#include <libgen.h>
 
 static void print_url(char *base, char *suffix)
 {
@@ -95,69 +96,57 @@ void cgit_print_summary()
 	html("</table>");
 }
 
-/* The caller must free filename and ref after calling this. */
-void cgit_parse_readme(const char *readme, const char *path, char **filename, char **ref, struct cgit_repo *repo)
+/* The caller must free the return value. */
+static char* append_readme_path(const char *filename, const char *ref, const char *path)
 {
-	const char *slash, *colon;
-	char *resolved_base, *resolved_full;
-
-	*filename = NULL;
-	*ref = NULL;
-
-	if (!readme || !(*readme))
-		return;
-
-	/* Check if the readme is tracked in the git repo. */
-	colon = strchr(readme, ':');
-	if (colon && strlen(colon) > 1) {
-		/* If it starts with a colon, we want to use
-		 * the default branch */
-		if (colon == readme && repo->defbranch)
-			*ref = xstrdup(repo->defbranch);
-		else
-			*ref = xstrndup(readme, colon - readme);
-		readme = colon + 1;
-	}
-
-	/* Prepend repo path to relative readme path unless tracked. */
-	if (!(*ref) && *readme != '/')
-		readme = fmtalloc("%s/%s", repo->path, readme);
-
+	char *file, *base_dir, *full_path, *resolved_base = NULL, *resolved_full = NULL;
 	/* If a subpath is specified for the about page, make it relative
 	 * to the directory containing the configured readme. */
-	if (path) {
-		slash = strrchr(readme, '/');
-		if (!slash) {
-			if (!colon)
-				return;
-			slash = colon;
-		}
-		*filename = xmalloc(slash - readme + 1 + strlen(path) + 1);
-		strncpy(*filename, readme, slash - readme + 1);
-		if (!(*ref))
-			resolved_base = realpath(*filename, NULL);
-		strcpy(*filename + (slash - readme + 1), path);
-		if (!(*ref))
-			resolved_full = realpath(*filename, NULL);
-		if (!(*ref) && (!resolved_base || !resolved_full || strstr(resolved_full, resolved_base) != resolved_full)) {
-			free(*filename);
-			*filename = NULL;
-		}
-		if (!(*ref)) {
-			free(resolved_base);
-			free(resolved_full);
+
+	file = xstrdup(filename);
+	base_dir = dirname(file);
+	if (!strcmp(base_dir, ".") || !strcmp(base_dir, "..")) {
+		if (!ref) {
+			free(file);
+			return NULL;
 		}
+		full_path = xstrdup(path);
 	} else
-		*filename = xstrdup(readme);
+		full_path = fmtalloc("%s/%s", base_dir, path);
+	
+	if (!ref) {
+		resolved_base = realpath(base_dir, NULL);
+		resolved_full = realpath(full_path, NULL);
+		if (!resolved_base || !resolved_full || strncmp(resolved_base, resolved_full, strlen(resolved_base))) {
+			free(full_path);
+			full_path = NULL;
+		}
+	}
+
+	free(file);
+	free(resolved_base);
+	free(resolved_full);
+
+	return full_path;
 }
 
 void cgit_print_repo_readme(char *path)
 {
 	char *filename, *ref;
-	cgit_parse_readme(ctx.repo->readme, path, &filename, &ref, ctx.repo);
+	int free_filename = 0;
 
-	if (!filename)
+	if (ctx.repo->readme.nr == 0)
 		return;
+	
+	filename = ctx.repo->readme.items[0].string;
+	ref = ctx.repo->readme.items[0].util;
+
+	if (path) {
+		free_filename = 1;
+		filename = append_readme_path(filename, ref, path);
+		if (!filename)
+			return;
+	}
 
 	/* Print the calculated readme, either from the git repo or from the
 	 * filesystem, while applying the about-filter.
@@ -168,14 +157,15 @@ void cgit_print_repo_readme(char *path)
 		cgit_open_filter(ctx.repo->about_filter);
 	}
 	if (ref)
-		cgit_print_file(filename, ref);
+		cgit_print_file(filename, ref, 1);
 	else
 		html_include(filename);
 	if (ctx.repo->about_filter) {
 		cgit_close_filter(ctx.repo->about_filter);
 		ctx.repo->about_filter->argv[1] = NULL;
+	free(ref);
 	}
 	html("</div>");
-	free(filename);
-	free(ref);
+	if (free_filename)
+		free(filename);
 }
diff --git a/ui-summary.h b/ui-summary.h
index d6dc5ba..c01f560 100644
--- a/ui-summary.h
+++ b/ui-summary.h
@@ -1,7 +1,6 @@
 #ifndef UI_SUMMARY_H
 #define UI_SUMMARY_H
 
-extern void cgit_parse_readme(const char *readme, const char *path, char **filename, char **ref, struct cgit_repo *repo);
 extern void cgit_print_summary();
 extern void cgit_print_repo_readme(char *path);