aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeLines
* makefile: bump versionv0.10Gravatar Jason A. Donenfeld2014-01-18-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* mailmap: source before lighttpdGravatar Jason A. Donenfeld2014-01-18-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: do not allow negative minutesGravatar Jason A. Donenfeld2014-01-17-0/+2
| | | | | | | Do to timestamp differences, sometimes cgit would should "-0 min", which doesn't make any sense. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: document tweakables in lua scriptGravatar Jason A. Donenfeld2014-01-17-0/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* repolist: make owner clickable to searchGravatar Jason A. Donenfeld2014-01-17-0/+6
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* ui-shared: move about tab all the way to the leftGravatar Jason A. Donenfeld2014-01-17-4/+4
| | | | | | | | There were no objections (at the time of committing this): http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: don't forget to reap the auth filterGravatar Jason A. Donenfeld2014-01-17-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgit.c: free tmp variableGravatar Jason A. Donenfeld2014-01-17-0/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* Switch to exclusively using global ctxGravatar Lukas Fleischer2014-01-17-442/+437
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* auth: have cgit calculate login addressGravatar Jason A. Donenfeld2014-01-17-10/+16
| | | | | | | This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: lua string comparisons are time invariantGravatar Jason A. Donenfeld2014-01-17-2/+2
| | | | | | By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* authentication: use hidden form instead of refererGravatar Jason A. Donenfeld2014-01-16-94/+131
| | | | | | | This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: add basic authentication filter frameworkGravatar Jason A. Donenfeld2014-01-16-16/+387
| | | | | | | | | | | | | | | | This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* t0111: Additions and fixesGravatar Lukas Fleischer2014-01-16-10/+10
| | | | | | | | | * Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* parsing.c: Remove leading space from committerGravatar Lukas Fleischer2014-01-16-1/+1
| | | | | | | | This did not really break anything in the past since spaces are ignored when rendering HTML. Remove the preceding space anyway to prevent from potential future problems. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* Add .mailmapGravatar Lukas Fleischer2014-01-16-0/+10
| | | | Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* t0111: Add basic tests for Lua filtersGravatar Lukas Fleischer2014-01-15-36/+63
| | | | | | | | | | | | | | | * Validate the email filter by manipulating stdin. Additional checks for all the arguments can be added in a later patch. * Add the exec prefix to all informational messages. * Rename the filter repository to filter-exec. The Git repository itself is not renamed since it can be shared amongst all filter types. * In the filter checks, check whether all arguments are passed properly instead of validating the buffer/stdin only. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* email-gravatar: fix html syntax issuesGravatar Christian Hesse2014-01-15-2/+2
| | | | | an attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
* email-gravatar: do not scale icons upGravatar Jason A. Donenfeld2014-01-15-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: allow returning exit code from filterGravatar Jason A. Donenfeld2014-01-15-6/+12
| | | | | | | Filters can now indicate a status back to cgit by means of the exit code for exec, or the return value from close for Lua. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* tests/: Add t0111-filter.shGravatar Lukas Fleischer2014-01-14-0/+57
| | | | | | This adds basic tests for all types of exec filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* email-gravatar: fix html syntax issuesGravatar Christian Hesse2014-01-14-2/+2
| | | | | | * make ampersand a html entity * add required alt attribute * add required img end tag
* email-gravatar.py: fix UTF-8Gravatar Christian Hesse2014-01-14-0/+4
|
* email-gravatar.lua: fix for lua 5.2Gravatar Christian Hesse2014-01-14-1/+1
|
* makefile: only display lua message onceGravatar Jason A. Donenfeld2014-01-14-8/+7
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* README: document lua makefile flagsGravatar Jason A. Donenfeld2014-01-14-0/+16
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* cgitrc.5.txt: Fix documentation of the snapshot maskGravatar Lukas Fleischer2014-01-14-6/+7
| | | | | | | | Mention that the snapshot setting only specifies the formats that links are generated for and not the set of formats that are accessible via HTTP. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
* makefile: auto-detect presence of various Lua, bsdGravatar Jason A. Donenfeld2014-01-14-10/+37
| | | | | | | | | | | | We favor LuaJIT over Lua. We disable Lua if neither can be found. We error out if a particular Lua is specified via LUA_IMPLEMENTATION=JIT or LUA_IMPLEMENTATION=VANILLA, but cannot be found. We print a status message depending on what happens. Also, we do not link against libdl on the BSDs, since they include it as part of libc. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: style tweaksGravatar Jason A. Donenfeld2014-01-14-11/+11
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add page source to email filterGravatar Jason A. Donenfeld2014-01-14-15/+21
| | | | | | | | Since the email filter is called from lots of places, the script might benefit from knowing the origin. That way it can modify its contents and/or size depending. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add gravatar scriptsGravatar Jason A. Donenfeld2014-01-14-0/+58
| | | | | | | The lua one is hugely faster than the python one, but both are included for comparison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add support for email filterGravatar Jason A. Donenfeld2014-01-14-2/+47
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: return on null filter from open and closeGravatar Jason A. Donenfeld2014-01-14-22/+14
| | | | | | | | So that we don't have to include the if(filter) open_filter(filter) block everywhere, we introduce the guard in the function itself. This should simplify quite a bit of code. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add lua supportGravatar Jason A. Donenfeld2014-01-14-3/+235
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: basic write hooking infrastructureGravatar Jason A. Donenfeld2014-01-14-23/+67
| | | | | | | | | | | | | | | | | Filters can now call hook_write and unhook_write if they want to redirect writing to stdout to a different function. This saves us from potential file descriptor pipes and other less efficient mechanisms. We do this instead of replacing the call in html_raw because some places stdlib's printf functions are used (ui-patch or within git itself), which has its own internal buffering, which makes it difficult to interlace our function calls. So, we dlsym libc's write and then override it in the link stage. While we're at it, we move considerations of argument count into the generic new filter handler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: allow for cleanup hook for filter typesGravatar Jason A. Donenfeld2014-01-14-27/+66
| | | | | | | | | | | | At some point, we're going to want to do lazy deallocation of filters. For example, if we implement lua, we'll want to load the lua runtime once for each filter, even if that filter is called many times. Similarly, for persistent exec filters, we'll want to load it once, despite many open_filter and close_filter calls, and only reap the child process at the end of the cgit process. For this reason, we add here a cleanup function that is called at the end of cgit's main(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: introduce "filter type" prefixGravatar John Keeping2014-01-14-2/+40
| | | | | | | | This allows different filter implementations to be specified in the configuration file. Currently only "exec" is supported, but it may now be specified either with or without the "exec:" prefix. Signed-off-by: John Keeping <john@keeping.me.uk>
* filter: add interface layerGravatar John Keeping2014-01-14-22/+63
| | | | | | | | | | | | | | Change the existing cgit_{open,close,fprintf}_filter functions to delegate to filter-specific implementations accessed via function pointers on the cgit_filter object. We treat the "exec" filter type slightly specially here by putting its structure definition in the header file and providing an "init" function to set up the function pointers. This is required so that the ui-snapshot.c code that applies a compression filter can continue to use the filter interface to do so. Signed-off-by: John Keeping <john@keeping.me.uk>
* filter: add fprintf_filter functionGravatar John Keeping2014-01-14-3/+9
| | | | | | | | This stops the code in cgit.c::print_repo needing to inspect the cgit_filter structure, meaning that we can abstract out different filter types that will have different fields that need to be printed. Signed-off-by: John Keeping <john@keeping.me.uk>
* authors: specify maintainersGravatar Jason A. Donenfeld2014-01-14-6/+13
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filters: Improved syntax-highlighting.pyGravatar Stefan Tatschner2014-01-14-19/+33
| | | | | | | | | | | | | | | | - Switched back to python2 according to a problem in pygments with python3. With the next release of pygments this problem should be fixed. Issue see here: https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3 - Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures that even destroyed files do not cause any errors in the filter. - Improved language guessing: -> At first use guess_lexer_for_filename for a better detection of the used programming languages (even mixed cases will be detected, e.g. php + html). -> If nothing was found look if there is a shebang and use guess_lexer. -> As default/fallback choose TextLexer. Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
* tests: add CGIT_TEST_OPTS variable to MakefileGravatar John Keeping2014-01-13-1/+1
| | | | | | | | | This allows running the entire test suite with a set of command-line options. For example: make test CGIT_TEST_OPTS=--valgrind Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-repolist: HTML-escape cgit_rooturl() responseGravatar John Keeping2014-01-13-1/+3
| | | | | | | This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-shared: URL-escape script_nameGravatar John Keeping2014-01-13-2/+2
| | | | | | | | As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-refs: escape HTML chars in author and tagger namesGravatar John Keeping2014-01-13-2/+2
| | | | | | | Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well. Signed-off-by: John Keeping <john@keeping.me.uk>
* filter: pass extra arguments via cgit_open_filterGravatar John Keeping2014-01-13-30/+38
| | | | | | | | | This avoids poking into the filter data structure at various points in the code. We rely on the fact that the number of arguments is fixed based on the filter type (set in cgit_new_filter) and that the call sites all know which filter type they're using. Signed-off-by: John Keeping <john@keeping.me.uk>
* ui-snapshot: set unused cgit_filter fields to zeroGravatar John Keeping2014-01-13-4/+4
| | | | | | | | | By switching the assignment of fields in the cgit_filter structure to use designated initializers, the compiler will initialize all other fields to their default value. This will be needed when we add the extra_args field in the next patch. Signed-off-by: John Keeping <john@keeping.me.uk>
* html: remove redundant htmlfd variableGravatar John Keeping2014-01-13-3/+1
| | | | | | | This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
* tests: add Valgrind supportGravatar John Keeping2014-01-13-1/+48
| | | | | | | Now running tests with the "--valgrind" option will run cgit under Valgrind instead of all Git commands. Signed-off-by: John Keeping <john@keeping.me.uk>
* cache: don't leave cache_slot fields uninitializedGravatar John Keeping2014-01-13-1/+1
| | | | | | | | | | | | | | | | | | | | | | Valgrind says: ==18344== Conditional jump or move depends on uninitialised value(s) ==18344== at 0x406C83: open_slot (cache.c:63) ==18344== by 0x407478: cache_ls (cache.c:403) ==18344== by 0x404C9A: process_request (cgit.c:639) ==18344== by 0x406BD2: fill_slot (cache.c:190) ==18344== by 0x4071A0: cache_process (cache.c:284) ==18344== by 0x404461: main (cgit.c:952) ==18344== Uninitialised value was created by a stack allocation ==18344== at 0x40738B: cache_ls (cache.c:375) This is caused by the keylen field being used to calculate whether or not a slot is matched. We never then check the value of this and the length of data read depends on the key length read from the file so this isn't dangerous, but it's nice to avoid branching based on uninitialized data. Signed-off-by: John Keeping <john@keeping.me.uk>