cgit/cgit.c, branch v1.0

ui-shared: add homepage to tabs

2016-02-22T17:40:13Z

Signed-off-by: Jason A. Donenfeld

ui-plain: add enable-html-serving flag

2016-01-14T14:42:56Z

Unrestricts plain/ to contents likely to be executed by browser.

ui-blob: Do not accept mimetype from user

2016-01-14T13:31:13Z

filter: avoid integer overflow in authenticate_post

2015-11-24T10:31:43Z

ctx.env.content_length is an unsigned int, coming from the CONTENT_LENGTH environment variable, which is parsed by strtoul. The HTTP/1.1 spec says that "any Content-Length greater than or equal to zero is a valid value." By storing this into an int, we potentially overflow it, resulting in the following bounding check failing, leading to a buffer overflow. Reported-by: Erik Cabetas Signed-off-by: Jason A. Donenfeld

cgit.c: remove useless null check

2015-10-09T08:54:19Z

Everywhere else in this function we do not check whether the value is null and parse_configfile() never passes a null value to this callback. Coverity-id: 13846 Signed-off-by: John Keeping

cmd: no need for pre function hook now

2015-08-14T13:54:32Z

Signed-off-by: Jason A. Donenfeld

cmd: remove "want_layout" field

2015-08-14T13:46:51Z

No commands use this any more. Signed-off-by: John Keeping

cgit: use cgit_print_error_page() where appropriate

2015-08-14T13:46:51Z

These are more-or-less one-to-one translations but in the final hunk we gain an HTTP error code where we used to send "200 OK", which is an improvement. Signed-off-by: John Keeping

log: allow users to follow a file

2015-08-12T14:57:46Z

Teach the "log" UI to behave in the same way as "git log --follow", when given a suitable instruction by the user. The default behaviour remains to show the log without following renames, but the follow behaviour can be activated by following a link in the page header. Follow is not the default because outputting merges in follow mode is tricky ("git log --follow" will not show merges). We also disable the graph in follow mode because the commit graph is not simplified so we end up with frequent gaps in the graph and many lines that do not connect with any commits we're actually showing. We also teach the "diff" and "commit" UIs to respect the follow flag on URLs, causing the single-file version of these UIs to detect renames. This feature is needed only for commits that rename the path we're interested in. For commits before the file has been renamed (i.e. that appear later in the log list) we change the file path in the links from the log to point to the old name; this means that links to commits always limit by the path known to that commit. If we didn't do this we would need to walk down the log diff'ing every commit whenever we want to show a commit. The drawback is that the "Log" link in the top bar of such a page links to the log limited by the old name, so it will only show pre-rename commits. I consider this a reasonable trade-off since the "Back" button still works and the log matches the path displayed in the top bar. Since following renames requires running diff on every commit we consider, I've added a knob to the configuration file to globally enable/disable this feature. Note that we may consider a large number of commits the revision walking machinery no longer performs any path limitation so we have to examine every commit until we find a page full of commits that affect the target path or something related to it. Suggested-by: René Neumann Signed-off-by: John Keeping

about: always ensure page has a trailing slash

2015-08-12T13:03:32Z

Otherwise we can't easily embed links to other /about/ pages. Signed-off-by: Jason A. Donenfeld