summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2014-01-17auth: document tweakables in lua scriptJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17repolist: make owner clickable to searchJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17ui-shared: move about tab all the way to the leftJason A. Donenfeld
There were no objections (at the time of committing this): http://lists.zx2c4.com/pipermail/cgit/2013-May/001393.html http://lists.zx2c4.com/pipermail/cgit/2014-January/001904.html Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-17filter: don't forget to reap the auth filterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16cgit.c: free tmp variableJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16Switch to exclusively using global ctxLukas Fleischer
Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-16auth: have cgit calculate login addressJason A. Donenfeld
This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: lua string comparisons are time invariantJason A. Donenfeld
By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16authentication: use hidden form instead of refererJason A. Donenfeld
This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-16auth: add basic authentication filter frameworkJason A. Donenfeld
This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-15t0111: Additions and fixesLukas Fleischer
* Rename the capitalize-* filters to dump.* since they also dump the arguments. * Add full argument validation to the email filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15parsing.c: Remove leading space from committerLukas Fleischer
This did not really break anything in the past since spaces are ignored when rendering HTML. Remove the preceding space anyway to prevent from potential future problems. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15Add .mailmapLukas Fleischer
Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15t0111: Add basic tests for Lua filtersLukas Fleischer
* Validate the email filter by manipulating stdin. Additional checks for all the arguments can be added in a later patch. * Add the exec prefix to all informational messages. * Rename the filter repository to filter-exec. The Git repository itself is not renamed since it can be shared amongst all filter types. * In the filter checks, check whether all arguments are passed properly instead of validating the buffer/stdin only. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-15email-gravatar: fix html syntax issuesChristian Hesse
an attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
2014-01-14email-gravatar: do not scale icons upJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: allow returning exit code from filterJason A. Donenfeld
Filters can now indicate a status back to cgit by means of the exit code for exec, or the return value from close for Lua. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14tests/: Add t0111-filter.shLukas Fleischer
This adds basic tests for all types of exec filters. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14email-gravatar: fix html syntax issuesChristian Hesse
* make ampersand a html entity * add required alt attribute * add required img end tag
2014-01-14email-gravatar.py: fix UTF-8Christian Hesse
2014-01-14email-gravatar.lua: fix for lua 5.2Christian Hesse
2014-01-14makefile: only display lua message onceJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14README: document lua makefile flagsJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14cgitrc.5.txt: Fix documentation of the snapshot maskLukas Fleischer
Mention that the snapshot setting only specifies the formats that links are generated for and not the set of formats that are accessible via HTTP. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-14makefile: auto-detect presence of various Lua, bsdJason A. Donenfeld
We favor LuaJIT over Lua. We disable Lua if neither can be found. We error out if a particular Lua is specified via LUA_IMPLEMENTATION=JIT or LUA_IMPLEMENTATION=VANILLA, but cannot be found. We print a status message depending on what happens. Also, we do not link against libdl on the BSDs, since they include it as part of libc. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: style tweaksJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add page source to email filterJason A. Donenfeld
Since the email filter is called from lots of places, the script might benefit from knowing the origin. That way it can modify its contents and/or size depending. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add gravatar scriptsJason A. Donenfeld
The lua one is hugely faster than the python one, but both are included for comparison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add support for email filterJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: return on null filter from open and closeJason A. Donenfeld
So that we don't have to include the if(filter) open_filter(filter) block everywhere, we introduce the guard in the function itself. This should simplify quite a bit of code. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: add lua supportJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: basic write hooking infrastructureJason A. Donenfeld
Filters can now call hook_write and unhook_write if they want to redirect writing to stdout to a different function. This saves us from potential file descriptor pipes and other less efficient mechanisms. We do this instead of replacing the call in html_raw because some places stdlib's printf functions are used (ui-patch or within git itself), which has its own internal buffering, which makes it difficult to interlace our function calls. So, we dlsym libc's write and then override it in the link stage. While we're at it, we move considerations of argument count into the generic new filter handler. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: allow for cleanup hook for filter typesJason A. Donenfeld
At some point, we're going to want to do lazy deallocation of filters. For example, if we implement lua, we'll want to load the lua runtime once for each filter, even if that filter is called many times. Similarly, for persistent exec filters, we'll want to load it once, despite many open_filter and close_filter calls, and only reap the child process at the end of the cgit process. For this reason, we add here a cleanup function that is called at the end of cgit's main(). Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-14filter: introduce "filter type" prefixJohn Keeping
This allows different filter implementations to be specified in the configuration file. Currently only "exec" is supported, but it may now be specified either with or without the "exec:" prefix. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14filter: add interface layerJohn Keeping
Change the existing cgit_{open,close,fprintf}_filter functions to delegate to filter-specific implementations accessed via function pointers on the cgit_filter object. We treat the "exec" filter type slightly specially here by putting its structure definition in the header file and providing an "init" function to set up the function pointers. This is required so that the ui-snapshot.c code that applies a compression filter can continue to use the filter interface to do so. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14filter: add fprintf_filter functionJohn Keeping
This stops the code in cgit.c::print_repo needing to inspect the cgit_filter structure, meaning that we can abstract out different filter types that will have different fields that need to be printed. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-14authors: specify maintainersJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-13filters: Improved syntax-highlighting.pyStefan Tatschner
- Switched back to python2 according to a problem in pygments with python3. With the next release of pygments this problem should be fixed. Issue see here: https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3 - Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures that even destroyed files do not cause any errors in the filter. - Improved language guessing: -> At first use guess_lexer_for_filename for a better detection of the used programming languages (even mixed cases will be detected, e.g. php + html). -> If nothing was found look if there is a shebang and use guess_lexer. -> As default/fallback choose TextLexer. Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
2014-01-12tests: add CGIT_TEST_OPTS variable to MakefileJohn Keeping
This allows running the entire test suite with a set of command-line options. For example: make test CGIT_TEST_OPTS=--valgrind Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-repolist: HTML-escape cgit_rooturl() responseJohn Keeping
This is for consistency with other callers. The value returned from cgit_rooturl is not guaranteed to be HTML-safe. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-shared: URL-escape script_nameJohn Keeping
As far as I know, there is no requirement that $SCRIPT_NAME contain only URL-safe characters, so we need to make sure that any special characters are escaped. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping
Everywhere else we use html_txt to escape any special characters in these variables. Do so here as well. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping
This avoids poking into the filter data structure at various points in the code. We rely on the fact that the number of arguments is fixed based on the filter type (set in cgit_new_filter) and that the call sites all know which filter type they're using. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping
By switching the assignment of fields in the cgit_filter structure to use designated initializers, the compiler will initialize all other fields to their default value. This will be needed when we add the extra_args field in the next patch. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12html: remove redundant htmlfd variableJohn Keeping
This is never changed from STDOUT_FILENO, so just use that value directly. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12tests: add Valgrind supportJohn Keeping
Now running tests with the "--valgrind" option will run cgit under Valgrind instead of all Git commands. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping
Valgrind says: ==18344== Conditional jump or move depends on uninitialised value(s) ==18344== at 0x406C83: open_slot (cache.c:63) ==18344== by 0x407478: cache_ls (cache.c:403) ==18344== by 0x404C9A: process_request (cgit.c:639) ==18344== by 0x406BD2: fill_slot (cache.c:190) ==18344== by 0x4071A0: cache_process (cache.c:284) ==18344== by 0x404461: main (cgit.c:952) ==18344== Uninitialised value was created by a stack allocation ==18344== at 0x40738B: cache_ls (cache.c:375) This is caused by the keylen field being used to calculate whether or not a slot is matched. We never then check the value of this and the length of data read depends on the key length read from the file so this isn't dangerous, but it's nice to avoid branching based on uninitialized data. Signed-off-by: John Keeping <john@keeping.me.uk>
2014-01-10filter: split filter functions into their own fileJason A. Donenfeld
A first step for more interesting things. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10filter: make exit status localJason A. Donenfeld
It's only used in one place, and not useful to have around since close_filter will die() if exit_status isn't what it expects, anyway. So this is best as just a local variable instead of as part of the struct. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2014-01-10parsing: fix header typoJason A. Donenfeld