cgit/ui-repolist.c, branch master A hyperfast web frontend for git repositories written in C. http://git.cetero.st/cgit/atom/ui-repolist.c?h=master 2026-05-04T16:28:27Z cgit: truncate all config values at the newline 2026-05-04T16:28:27Z Jason A. Donenfeld Jason@zx2c4.com 2026-05-04T16:13:13Z urn:sha1:ed05b1054df10a2fbc68000cfdd429daec03a456 These would be largely invalid anyway (save, I suppose, for Linux file paths that technically can contain new lines). The actual problem is that these get printed back out into cached -- and trusted -- cgitrc files, and if the fields have newlines, the git-config way of less trusted users configuring repos on a shared system can be abused to inject newlines, which then can be used to smuggle global options (including filters, which execute code) into the cached cgitrc. So now, only ever duplicate up to the newline, when dealing with these inputs. Reported-by: Adrian Denkiewicz <adrian@doyensec.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> ui-repolist,ui-shared: remove redundant title on repo anchors 2022-12-19T15:13:24Z Chris Mayo aklhfex@gmail.com 2019-03-15T20:17:05Z urn:sha1:afffc3e772a7b0c9d729f330ef2c9900c4343b63 The title attribute was being set to the same value as the anchor element text. Signed-off-by: Chris Mayo <aklhfex@gmail.com> Reviewed-by: Eric Wong <e@80x24.org> Reviewed-by: Petr Vorel <petr.vorel@gmail.com> Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> ui-repolist: do not return unsigned (negative) value 2019-11-22T12:35:50Z Christian Hesse mail@eworm.de 2019-11-22T10:09:50Z urn:sha1:583aa5d80eb01075c0f3f35df37b9144a0c9651e The function read_agefile() returns time_t, which is a signed datatime. We should not return unsigned (negative) value here. Reported-by: Johannes Stezenbach <js@linuxtv.org> Signed-off-by: Christian Hesse <mail@eworm.de> global: make 'char *path' const where possible 2019-06-05T13:37:49Z Christian Hesse mail@eworm.de 2019-01-02T16:25:01Z urn:sha1:ccba7eb9d0c43ffe99178ab6632dc3794f887309 Signed-off-by: Christian Hesse <mail@eworm.de> global: remove functionality we deprecated for cgit v1.0 2018-06-27T16:13:03Z Christian Hesse mail@eworm.de 2018-06-18T09:48:43Z urn:sha1:54d37dc154f5308459df0a90c81dabd0245b6c17 The man page states these were deprecated for v1.0. We are past v1.1, so remove the functionality. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk> html: html_ntxt with no ellipsis 2017-10-03T18:19:34Z Jeff Smith whydoubt@gmail.com 2017-10-02T04:39:05Z urn:sha1:70787254b270b1505aa8427813f64131be5df86c For implementing a ui-blame page, there is need for a function that outputs a selection from a block of text, transformed for HTML output, but with no further modifications or additions. Signed-off-by: Jeff Smith <whydoubt@gmail.com> Reviewed-by: John Keeping <john@keeping.me.uk> Remove unused variable from sort_section() 2017-04-05T04:38:39Z Lukas Fleischer lfleischer@lfos.de 2017-04-05T04:38:27Z urn:sha1:7ebdb30fdf91d1f63b4fb07e54b089136de5507b Signed-off-by: Lukas Fleischer <lfleischer@lfos.de> ui-repolist: properly sort by age 2017-03-30T11:19:54Z Jason A. Donenfeld Jason@zx2c4.com 2017-03-30T11:19:50Z urn:sha1:87c47488d02fcace4da0d468cd9ddd1651b7949e When empty repos exist, comparing them against an existing repo with a good mtime might, with particular qsort implementations, not sort correctly, because of this brokenness: if (get_repo_modtime(r1, &t) && get_repo_modtime(r2, &t)) However, sorting by the age column works as expected, so anyway, to tidy things up, we simply reuse that function. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> css: highlight even table rows and skip empty rows 2016-11-23T04:20:42Z Christian Hesse mail@eworm.de 2016-07-06T20:42:36Z urn:sha1:81509a228c7428abeb56ecacb45ccd8dc8fc6209 This is stolen from kernel.org css [0]. [0] https://git.kernel.org/cgit-korg-0.10.1.css ui-repolist: fix memory leak 2016-10-12T12:13:10Z Christian Hesse mail@eworm.de 2016-10-10T18:17:51Z urn:sha1:7fea585e252ee7a584e4b2d679009518bab48ebe