about summary refs log tree commit diff
path: root/ui-clone.c
AgeCommit message (Collapse)Author
2018-08-03clone: fix directory traversalJason A. Donenfeld
This was introduced in the initial version of this code, way back when in 2008. $ curl http://127.0.0.1/cgit/repo/objects/?path=../../../../../../../../../etc/passwd root:x:0:0:root:/root:/bin/sh ... Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Reported-by: Jann Horn <jannh@google.com>
2018-06-27git: update to v2.18.0Christian Hesse
Update to git version v2.18.0. Required changes follow upstream commits: * Convert find_unique_abbrev* to struct object_id (aab9583f7b5ea5463eb3f653a0b4ecac7539dc94) * sha1_file: convert read_sha1_file to struct object_id (b4f5aca40e6f77cbabcbf4ff003c3cf30a1830c8) * sha1_file: convert sha1_object_info* to object_id (abef9020e3df87c441c9a3a95f592fce5fa49bb9) * object-store: move packed_git and packed_git_mru to object store (a80d72db2a73174b3f22142eb2014b33696fd795) * treewide: rename tree to maybe_tree (891435d55da80ca3654b19834481205be6bdfe33) The changed data types required some of our own functions to be converted to struct object_id: ls_item print_dir print_dir_entry print_object single_tree_cb walk_tree write_tree_link And finally we use new upstream functions that were added for struct object_id: hashcpy -> oidcpy sha1_to_hex -> oid_to_hex Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2017-12-06git: update to v2.15.1Christian Hesse
Update to git version v2.15.1: With commit 0abe14f6 prepare_packed_git() moved to packfile.[ch]. Signed-off-by: Christian Hesse <mail@eworm.de> Reviewed-by: John Keeping <john@keeping.me.uk>
2017-08-10git: update to v2.14Jeff Smith
Numerous changes were made to git functions to use an object_id structure rather than sending sha1 hashes as raw unsigned character arrays. The functions that affect cgit are: parse_object, lookup_commit_reference, lookup_tag, lookup_tree, parse_tree_indirect, diff_root_tree_sha1, diff_tree_sha1, and format_display_notes. Commit b2141fc (config: don't include config.h by default) made it necessary to that config.h be explicitly included when needed. Commit 07a3d41 (grep: remove regflags from the public grep_opt API) removed one way of specifying the ignore-case grep option. Signed-off-by: Jeff Smith <whydoubt@gmail.com>
2016-01-13git: update to v2.7.0Christian Hesse
Update to git version v2.7.0. * Upstream commit ed1c9977cb1b63e4270ad8bdf967a2d02580aa08 (Remove get_object_hash.) changed API: Convert all instances of get_object_hash to use an appropriate reference to the hash member of the oid member of struct object. This provides no functional change, as it is essentially a macro substitution. Signed-off-by: Christian Hesse <mail@eworm.de>
2015-08-14clone: use cgit_print_error_page() instead of html_status()John Keeping
This provides a formatted error response rather than a simple HTTP error. Signed-off-by: John Keeping <john@keeping.me.uk>
2015-08-12git: update to v2.5.0Christian Hesse
Update to git version v2.5.0. * Upstream commit 5455ee0573a22bb793a7083d593ae1ace909cd4c (Merge branch 'bc/object-id') changed API: for_each_ref() callback functions were taught to name the objects not with "unsigned char sha1[20]" but with "struct object_id". * Upstream commit dcf692625ac569fefbe52269061230f4fde10e47 (path.c: make get_pathname() call sites return const char *) Signed-off-by: Christian Hesse <mail@eworm.de>
2015-02-09ui-clone.c: Fix off-by-one error in pack pathJason A. Donenfeld
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
2015-02-09ui-clone.c: Fix path checkLukas Fleischer
The starts_with() check was broken in two ways: For one thing, the parameters were passed in the wrong order, for another thing, starts_with() returns 1 if the string starts with the prefix (not 0). Note that this bug existed since commit 02a545e (Add support for cloning over http, 2008-08-06) but only pops in in corner cases. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2015-01-15Return proper HTTP response when accessing info/Lukas Fleischer
Currently, when a user directly accesses the info command of a repository, we exit cgit without printing anything to stdout, bringing up error messages like "502 Bad Gateway" or "An error occurred while reading CGI reply (no response received)". Instead of bailing out, at least print the HTTP headers, including a reasonable error message. Reported-by: Janus Troelsen Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-06-28git: update for git 2.0Christian Hesse
prefixcmp() and suffixcmp() have been remove, functionality is now provided by starts_with() and ends_with(). Retrurn values have been changed, so instead of just renaming we have to fix logic. Everything else looks just fine.
2014-01-17Switch to exclusively using global ctxLukas Fleischer
Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_print_http_headers() * cgit_print_docstart() * cgit_print_pageheader() Remove context parameter from all commands Drop the context parameter from the following functions (and all static helpers used by them) and use the global context instead: * cgit_get_cmd() * All cgit command functions. * cgit_clone_info() * cgit_clone_objects() * cgit_clone_head() * cgit_print_plain() * cgit_show_stats() In initialization routines, use the global context variable instead of passing a pointer around locally. Remove callback data parameter for cache slots This is no longer needed since the context is always read from the global context variable. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
2014-01-08Update copyright informationLukas Fleischer
* Name "cgit Development Team" as copyright holder to avoid listing every single developer. * Update copyright ranges. Signed-off-by: Lukas Fleischer <cgit@crytocrack.de>
2013-04-08Always #include corresponding .h in .c filesJohn Keeping
While doing this, remove declarations from header files where the corresponding definition is declared "static" in order to avoid build errors. Also re-order existing headers in ui-*.c so that the file-specific header always comes immediately after "cgit.h", helping with future consistency. Signed-off-by: John Keeping <john@keeping.me.uk>
2013-02-01Support unannotated tags in git-clone.Jason A. Donenfeld
Matthew McClintock reported that older unannotated tags were not correctly being cloned and did not appear in info/refs. Further investigation revealed some dubious prefix comparison code for determining whether or not to write refs in info/refs. After comparing it with git's own http-backend.c, it appears upstream does not use this prefix logic. OTOH, I don't know what the reasoning was when the prefix logic was introduced. It appears to me to just be buggy, though it's possible there are other reasons, and we'll have to revisit this commit. But for now, Works For Me. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Matthew McClintock <msm@freescale.com> Reported-by: Matthew McClintock <msm@freescale.com>
2008-08-06Supply status description to html_status()Lars Hjemli
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
2008-08-06Add support for cloning over httpLars Hjemli
This patch implements basic support for cloning over http, based on the work on git-http-backend by Shawn O. Pearce. Signed-off-by: Lars Hjemli <hjemli@gmail.com>