cgit-70, branch v0.9.0.1 a fork of cgit with a Gopher interface CGIT 0.9.0.1 2011-06-13T12:37:04+00:00 Lars Hjemli hjemli@gmail.com 2011-06-13T12:37:04+00:00 978275222307f6a23dba5b093189f162a7ec2351 Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
ui-plain.c: fix html and links generated by print_dir() and print_dir_entry() 2011-06-12T21:21:30+00:00 Lars Hjemli hjemli@gmail.com 2011-06-12T20:49:35+00:00 7f88d20823ad9d375900657334bc27793860f6ee This patch fixes the following issues: * the base argument usually isn't zero-terminated, so printing base without considering baselen will usually generate random garbage * when the current url represents a directory but doesn't end in a slash, relative urls would be incorrect * using unescaped paths allows XSS Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
This patch fixes the following issues:
* the base argument usually isn't zero-terminated, so printing base
  without considering baselen will usually generate random garbage
* when the current url represents a directory but doesn't end in a slash,
  relative urls would be incorrect
* using unescaped paths allows XSS

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
scan-tree.c: avoid memory leak 2011-06-06T19:10:31+00:00 Jamie Couture jamie.couture@gmail.com 2011-06-03T23:21:01+00:00 2a8f553163d642e60092ced20631e1020581273b No references are kept to the memory pointed to by the 'rel' variable, so it should be free()'d before returning from add_repo(). Signed-off-by: Jamie Couture <jamie.couture@gmail.com> Signed-off-by: Lars Hjemli <larsh@hjemli.net> 
No references are kept to the memory pointed to by the 'rel' variable, so
it should be free()'d before returning from add_repo().

Signed-off-by: Jamie Couture <jamie.couture@gmail.com>
Signed-off-by: Lars Hjemli <larsh@hjemli.net>
ui-log.c: do not link from age column 2011-06-02T10:30:26+00:00 Lars Hjemli hjemli@gmail.com 2011-06-02T10:30:26+00:00 d885158f6ac29e04bd14dd132331c7e3a93e7490 The link url wasn't properly escaped, and since the link was identical to the one used on the commit message it didn't serve any special purpose. Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
The link url wasn't properly escaped, and since the link was identical
to the one used on the commit message it didn't serve any special purpose.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
ui-snapshot.c: remove debug cruft 2011-06-02T10:26:41+00:00 Lars Hjemli hjemli@gmail.com 2011-06-02T10:26:41+00:00 2aabeaf834a47c2fd64e045a28cd2e5b90658939 Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Properly escape ampersands inside HTML attributes 2011-05-30T21:55:19+00:00 Lukas Fleischer cgit@cryptocrack.de 2011-05-24T18:38:40+00:00 69382320d96232ee8c73e664797da61e733c2427 Ampersands ("&") appearing inside HTML attributes need to be translated to "&amp;". Otherwise, invalid XHTML will be generated at various places, such as at tree views containing links to submodules. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
Ampersands ("&") appearing inside HTML attributes need to be translated
to "&amp;". Otherwise, invalid XHTML will be generated at various
places, such as at tree views containing links to submodules.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
fix virtual-root if script-name is "" 2011-05-23T21:20:59+00:00 Mark Lodato lodatom@gmail.com 2011-05-13T23:59:07+00:00 ec79265f2053e6dc20e0ec486719f5954d2be83d In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set from script-name using trim_end(). However, if script-name was the empty string (""), which happens when cgit is used to serve the root path on a domain (/), trim_end() returns NULL and cgit acts like virtual-root is not available. Now, set virtual-root to "" in this case, which fixes this bug. Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
In d0cb841 (Avoid trailing slash in virtual-root), virtual-root was set
from script-name using trim_end().  However, if script-name was the
empty string (""), which happens when cgit is used to serve the root
path on a domain (/), trim_end() returns NULL and cgit acts like
virtual-root is not available.  Now, set virtual-root to "" in this
case, which fixes this bug.

Signed-off-by: Lars Hjemli <hjemli@gmail.com>
ui-repolist.c: do not return random/stale data from read_agefile 2011-05-23T21:17:10+00:00 Lars Hjemli hjemli@gmail.com 2011-05-23T21:10:37+00:00 c8ea73caabcb16ffb74baa70d35650027ed772c4 When git/date.c:parse_date() cannot parse its input it returns -1. But read_agefile() checks if the result is different from zero, essentialy returning random data from the date buffer when parsing fails. This patch fixes the issue by verifying that the result from parse_date() is positive. Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
When git/date.c:parse_date() cannot parse its input it returns -1. But
read_agefile() checks if the result is different from zero, essentialy
returning random data from the date buffer when parsing fails. This
patch fixes the issue by verifying that the result from parse_date()
is positive.

Noticed-by: Julius Plenz <plenz@cis.fu-berlin.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Avoid null pointer dereference in cgit_print_diff(). 2011-05-23T20:58:35+00:00 Lukas Fleischer cgit@cryptocrack.de 2011-04-05T08:38:53+00:00 9afc883297b0d0943e9b358d2299950f33e8e5ed When calling cgit_print_diff() with a bad new_rev and a NULL old_rev, checking for new_rev's parent commit will result in a null pointer dereference. Returning on an invalid commit before dereferencing fixes this. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
When calling cgit_print_diff() with a bad new_rev and a NULL old_rev,
checking for new_rev's parent commit will result in a null pointer
dereference. Returning on an invalid commit before dereferencing fixes
this. Spotted with clang-analyzer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Avoid null pointer dereference in reencode(). 2011-05-23T20:58:35+00:00 Lukas Fleischer cgit@cryptocrack.de 2011-04-05T08:35:43+00:00 a0bf375a1a9b74056a913f3687c6f5b42ad4acf6 Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with clang-analyzer. Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de> Signed-off-by: Lars Hjemli <hjemli@gmail.com> 
Returning "*txt" if "txt" is a null pointer is a bad thing. Spotted with
clang-analyzer.

Signed-off-by: Lukas Fleischer <cgit@cryptocrack.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>