ui-shared: don't print path crumbs without a repo - cgit-pink - web frontend for git

about summary refs log tree commit diff

path: root/filters/html-converters/rst2html

diff options

author	John Keeping <john@keeping.me.uk>	2017-02-19 12:27:48 +0000
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2017-08-10 16:05:07 +0200
commit	1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0 (patch)
tree	37faf12c4a5d56ec24a886bb82956d206a6f3a57 /filters/html-converters/rst2html
parent	ui-atom: properly escape delimiter in page link (diff)
download	cgit-pink-1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0.tar.gz cgit-pink-1b4ef6783a71962f8b5da3a23f2830f0f0f55ea0.zip

ui-shared: don't print path crumbs without a repo

cgit_print_path_crumbs() can call repolink() which assumes that ctx.repo
is non-null.  Currently we don't have any commands that set want_vpath
without also setting want_repo so it shouldn't be possible to fail this
test, but the check in cgit.c is in the wrong order so it is possible to
specify a query string like "?p=log&path=foo/bar" to end up here without
a valid repository.

This was found by American fuzzy lop [0].

[0] http://lcamtuf.coredump.cx/afl/

Signed-off-by: John Keeping <john@keeping.me.uk>

Diffstat (limited to 'filters/html-converters/rst2html')

0 files changed, 0 insertions, 0 deletions

9&follow=1'>git: update to v2.24.0Christian Hesse Update to git version v2.24.0. Never use get_cached_commit_buffer() directly, use repo_get_commit_buffer() instead. The latter calls the former anyway. This fixes segmentation fault when commit-graph is enabled and get_cached_commit_buffer() does not return the expected result. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-10-25git: update to v2.23.0Christian Hesse Update to git version v2.23.0. No changes required. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-10-25git: update to v2.22.0Christian Hesse Update to git version v2.22.0. Upstream commit bce9db6d ("trace2: use system/global config for default trace2 settings") caused a regression. We have to unset HOME and XDG_CONFIG_HOME before early loading of config from trace2 code kicks in. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-06-25ui-tree: allow per repository override for enable-blameChristian Hesse The blame operation can cause high cost in terms of CPU load for huge repositories. Let's add a per repository override for enable-blame. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-06-05tests: successfully validate rc versionsChristian Hesse For testing versions the version string differs for git tag (v2.22.0-rc3) and tarball file name (2.22.0.rc3). Let's fix validation for testing versions. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-06-05git: update to v2.21.0Christian Hesse Update to git version v2.21.0. Required changes follow upstream commits: * 6a7895fd8a3bd409f2b71ffc355d5142172cc2a0 (commit: prepare free_commit_buffer and release_commit_memory for any repo) * e092073d643b17c82d72cf692fbfaea9c9796f11 (tree.c: make read_tree*() take 'struct repository *') Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk> 2019-06-05ui-ssdiff: ban strncat()Christian Hesse Git version v2.21.0 marks strncat() as banned (commit ace5707a803eda0f1dde3d776dc3729d3bc7759a), so replace it. Signed-off-by: Christian Hesse <mail@eworm.de> 2019-06-05global: make 'char *path' const where possibleChristian Hesse Signed-off-by: Christian Hesse <mail@eworm.de> 2019-05-20ui-shared: restrict to 15 levelsJason A. Donenfeld Perhaps a more ideal version of this would be to not print breadcrumbs at all for paths that don't exist in the given repo at the given oid. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Fydor Wire Snark <wsnark@tuta.io> 2019-02-23ui-diff,ui-tag: don't use htmlf with non-formatted stringsChris Mayo Signed-off-by: Chris Mayo <aklhfex@gmail.com> 2019-02-23ui-ssdiff: resolve HTML5 validation errorsChris Mayo - Remove ids from anchor elements. They were unusable because they were duplicated between files and versions of files. - Always close span, with html(). - Fix missing / on closing tr element in cgit_ssdiff_header_end(). Signed-off-by: Chris Mayo <aklhfex@gmail.com> 2019-01-03filters: migrate from luacrypto to luaosslJason A. Donenfeld luaossl has no upstream anymore and doesn't support OpenSSL 1.1, whereas luaossl is quite active. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2019-01-02ui-shared: fix broken sizeof in title setting and rewriteJason A. Donenfeld The old algorithm was totally incorrect. While we're at it, use « instead of \, since it makes more sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-12-09git: update to v2.20.0Christian Hesse Update to git version v2.20.0. Required changes follow upstream commits: * 00436bf1b1c2a8fe6cf5d2c2457d419d683042f4 (archive: initialize archivers earlier) * 611e42a5980a3a9f8bb3b1b49c1abde63c7a191e (xdiff: provide a separate emit callback for hunks) Signed-off-by: Christian Hesse <mail@eworm.de> 2018-11-25ui-blame: set repo for sbJason A. Donenfeld Otherwise recent git complains and crashes with: "BUG: blame.c:1787: repo is NULL". Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-11-25auth-filter: pass url with query string attachedJason A. Donenfeld Otherwise redirections come out wrong. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-11-21git: use xz compressed archive for downloadChristian Hesse Upstream will stop providing gz compressed source tarballs [0], so stop using them. [0] https://lists.zx2c4.com/pipermail/cgit/2018-November/004254.html Signed-off-by: Christian Hesse <mail@eworm.de> 2018-10-12git: update to v2.19.1Christian Hesse Update to git version v2.19.1. Required changes follow upstream commits: * commit: add repository argument to get_cached_commit_buffer (3ce85f7e5a41116145179f0fae2ce6d86558d099) * commit: add repository argument to lookup_commit_reference (2122f6754c93be8f02bfb5704ed96c88fc9837a8) * object: add repository argument to parse_object (109cd76dd3467bd05f8d2145b857006649741d5c) * tag: add repository argument to deref_tag (a74093da5ed601a09fa158e5ba6f6f14c1142a3e) * tag: add repository argument to lookup_tag (ce71efb713f97f476a2d2ab541a0c73f684a5db3) * tree: add repository argument to lookup_tree (f86bcc7b2ce6cad68ba1a48a528e380c6126705e) * archive.c: avoid access to the_index (b612ee202a48f129f81f8f6a5af6cf71d1a9caef) * for_each_*_object: move declarations to object-store.h (0889aae1cd18c1804ba01c1a4229e516dfb9fe9b) Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-ssdiff: ban strcat()Christian Hesse Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-ssdiff: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-shared: ban strcat()Christian Hesse Git upstream bans strcat() with commit: banned.h: mark strcat() as banned 1b11b64b815db62f93a04242e4aed5687a448748 To avoid compiler warnings from gcc 8.1.x we get the hard way. Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-patch: ban sprintf()Christian Hesse Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11ui-log: ban strcpy()Christian Hesse Git upstream bans strcpy() with commit: automatically ban strcpy() c8af66ab8ad7cd78557f0f9f5ef6a52fd46ee6dd Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban sprintf()Christian Hesse Git upstream bans sprintf() with commit: banned.h: mark sprintf() as banned cc8fdaee1eeaf05d8dd55ff11f111b815f673c58 Signed-off-by: Christian Hesse <mail@eworm.de> 2018-09-11parsing: ban strncpy()Christian Hesse Git upstream bans strncpy() with commit: banned.h: mark strncpy() as banned e488b7aba743d23b830d239dcc33d9ca0745a9ad Signed-off-by: Christian Hesse <mail@eworm.de> 2018-08-28filters: generate anchor links from markdownChristian Hesse This makes the markdown filter generate anchor links for headings. Signed-off-by: Christian Hesse <mail@eworm.de> Tested-by: jean-christophe manciot <actionmystique@gmail.com> 2018-08-03Bump version.Jason A. Donenfeld Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2018-08-03clone: fix directory traversalJason A. Donenfeld This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com> 2018-08-03config: record repo.snapshot-prefix in the per-repo configKonstantin Ryabitsevghlight'> 2015-08-12ui-log: fix double countingJohn Keeping This crept in while rebasing the previous commit onto an updated upstream. Signed-off-by: John Keeping <john@keeping.me.uk> 2015-08-12log: allow users to follow a fileJohn Keeping Teach the "log" UI to behave in the same way as "git log --follow", when given a suitable instruction by the user. The default behaviour remains to show the log without following renames, but the follow behaviour can be activated by following a link in the page header. Follow is not the default because outputting merges in follow mode is tricky ("git log --follow" will not show merges). We also disable the graph in follow mode because the commit graph is not simplified so we end up with frequent gaps in the graph and many lines that do not connect with any commits we're actually showing. We also teach the "diff" and "commit" UIs to respect the follow flag on URLs, causing the single-file version of these UIs to detect renames. This feature is needed only for commits that rename the path we're interested in. For commits before the file has been renamed (i.e. that appear later in the log list) we change the file path in the links from the log to point to the old name; this means that links to commits always limit by the path known to that commit. If we didn't do this we would need to walk down the log diff'ing every commit whenever we want to show a commit. The drawback is that the "Log" link in the top bar of such a page links to the log limited by the old name, so it will only show pre-rename commits. I consider this a reasonable trade-off since the "Back" button still works and the log matches the path displayed in the top bar. Since following renames requires running diff on every commit we consider, I've added a knob to the configuration file to globally enable/disable this feature. Note that we may consider a large number of commits the revision walking machinery no longer performs any path limitation so we have to examine every commit until we find a page full of commits that affect the target path or something related to it. Suggested-by: René Neumann <necoro@necoro.eu> Signed-off-by: John Keeping <john@keeping.me.uk> 2015-08-12shared: make cgit_diff_tree_cb publicJohn Keeping This will allow us to use this nice wrapper function elsewhere, avoiding dealing with the diff queue when we only need to inspect a filepair. Signed-off-by: John Keeping <john@keeping.me.uk> 2015-08-12t0110: Chain together using &&Jason A. Donenfeld 2015-08-12about: always ensure page has a trailing slashJason A. Donenfeld Otherwise we can't easily embed links to other /about/ pages. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> 2015-08-12filters: apply HTML escapingLazaros Koromilas http://www.w3.org/International/questions/qa-escapes#use 2015-08-12git: update to v2.5.0Christian Hesse Update to git version v2.5.0. * Upstream commit 5455ee0573a22bb793a7083d593ae1ace909cd4c (Merge branch 'bc/object-id') changed API: for_each_ref() callback functions were taught to name the objects not with "unsigned char sha1[20]" but with "struct object_id". * Upstream commit dcf692625ac569fefbe52269061230f4fde10e47 (path.c: make get_pathname() call sites return const char *) Signed-off-by: Christian Hesse <mail@eworm.de> 2015-08-12Fix processing of repo.hide and repo.ignoreDaniel Reichelt