Commit graph

838 commits

Author SHA1 Message Date
Jason Yundt
0e1a85ca75 gitweb: switch to an XHTML5 DOCTYPE
According to the HTML Standard FAQ:

	“What is the DOCTYPE for modern HTML documents?

	In text/html documents:

		<!DOCTYPE html>

	In documents delivered with an XML media type: no DOCTYPE is required
	and its use is generally unnecessary. However, you may use one if you
	want (see the following question). Note that the above is well-formed
	XML.”

	Source: [1]

Gitweb uses an XHTML 1.0 DOCTYPE:

	<!DOCTYPE html PUBLIC
	"-//W3C//DTD XHTML 1.0 Strict//EN"
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

While that DOCTYPE is still valid [2], it has several disadvantages:

1. It’s misleading. If an XML parser uses the DTD at the given link,
   then the entities &nbsp; and &sdot; won’t get declared. Instead, the
   parser has to use a DTD from the HTML Standard that has nothing to do
   with XHTML 1.0 [2].
2. It’s obsolete. XHTML 1.0 was last revised in 2002 and was superseded in
   2018 [3].
3. It’s unreliable. Gitweb uses &nbsp; and &sdot; but lets an external file
   define them. “[…U]using entity references for characters in XML documents
   is unsafe if they are defined in an external file (except for &lt;, &gt;,
   &amp;, &quot;, and &apos;).” [4]

[1]: <https://github.com/whatwg/html/blob/main/FAQ.md#what-is-the-doctype-for-modern-html-documents>
[2]: <https://html.spec.whatwg.org/multipage/xhtml.html#parsing-xhtml-documents>
[3]: <https://www.w3.org/TR/xhtml1/#xhtml>
[4]: <https://html.spec.whatwg.org/multipage/xhtml.html#writing-xhtml-documents>

Signed-off-by: Jason Yundt <jason@jasonyundt.email>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-06-02 11:51:15 -07:00
Jason Yundt
a262585d81 gitweb: remove invalid http-equiv="content-type"
Before this change, gitweb would generate pages which included:

	<meta http-equiv="content-type" content="application/xhtml+xml; charset=utf-8"/>

When a meta's http-equiv equals "content-type", the http-equiv is said
to be in the "Encoding declaration state". According to the HTML
Standard,

	The Encoding declaration state may be used in HTML documents,
	but elements with an http-equiv attribute in that state must not
	be used in XML documents.

	Source: <https://html.spec.whatwg.org/multipage/semantics.html#attr-meta-http-equiv-content-type>

This change removes that meta element since gitweb always generates XML
documents.

Signed-off-by: Jason Yundt <jason@jasonyundt.email>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2022-03-08 10:10:16 -08:00
Junio C Hamano
9762646ee4 Merge branch 'gh/gitweb-branch-sort'
Tie-break branches that point at the same object in the list of
branches on GitWeb to show the one pointed at by HEAD early.

* gh/gitweb-branch-sort:
  gitweb: use HEAD as secondary sort key in git_get_heads_list()
2021-09-10 11:46:32 -07:00
Greg Hurrell
a45e390ad6 gitweb: use HEAD as secondary sort key in git_get_heads_list()
The "heads" section on the gitweb summary page shows heads in
`-committerdate` order (ie. the most recently-modified ones at the
top), tie-breaking equal-dated refs using the implicit `refname` sort
fallback. This recency-based ordering appears in multiple places in the
UI, such as the project listing, the tags list, and even the
shortlog and log views.

Given two equal-dated refs, however, sorting the `HEAD` ref before
the non-`HEAD` ref provides more useful signal than merely sorting by
refname. For example, say we had "master" and "trunk" both pointing at
the same commit but "trunk" was `HEAD`, sorting "trunk" first helps
communicate its special status as the default branch that you'll check
out if you clone the repo.

Add `-HEAD` as a secondary sort key to the `git for-each-ref` call
in `git_get_heads_list()` to provide the desired behavior. The most
recently committed refs will appear first, but `HEAD`-ness will be used
as a tie-breaker. Note that `refname` is the implicit fallback sort key,
which means that two same-dated non-`HEAD` refs will continue to be
sorted in lexicographical order, as they are today.

Signed-off-by: Greg Hurrell <greg@hurrell.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-06-10 09:49:20 +09:00
Georgios Kontaxis
0996dd3d6d gitweb: add "e-mail privacy" feature to redact e-mail addresses
Gitweb extracts content from the Git log and makes it accessible
over HTTP. As a result, e-mail addresses found in commits are
exposed to web crawlers and they may not respect robots.txt.
This can result in unsolicited messages.

Introduce an 'email-privacy' feature which redacts e-mail addresses
from the generated HTML content. Specifically, obscure addresses
retrieved from the the author/committer and comment sections of the
Git log. The feature is off by default.

This feature does not prevent someone from downloading the
unredacted commit log, e.g., by cloning the repository, and
extracting information from it. It aims to hinder the low-
effort, bulk collection of e-mail addresses by web crawlers.

Signed-off-by: Georgios Kontaxis <geko1702+commits@99rst.org>
Acked-by: Eric Wong <e@80x24.org>
Acked-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2021-04-08 15:54:26 -07:00
Junio C Hamano
49349e9883 Merge branch 'eb/gitweb-more-trailers'
Gitweb updates.

* eb/gitweb-more-trailers:
  gitweb: Recognize *-to and Closes/Fixes trailers
2020-05-01 13:39:56 -07:00
Emma Brooks
4d9378bfad gitweb: Recognize *-to and Closes/Fixes trailers
Commit trailers like "Thanks-to:", "Fixes:", and "Closes:" are fairly
common, but gitweb didn't highlight them like other trailers.

Signed-off-by: Emma Brooks <me@pluvano.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-04-24 22:19:04 -07:00
Julien Moutinho
2ecfcdecc6 gitweb: fix UTF-8 encoding when using CGI::Fast
FCGI streams are implemented using the older stream API: TIEHANDLE,
therefore applying PerlIO layers using binmode() has no effect to them.
The solution in this patch is to redefine the FCGI::Stream::PRINT function
to use UTF-8 as output encoding, except within git_blob_plain() and git_snapshot()
which must still output in raw binary mode.

This problem and solution were previously reported back in 2012:
- http://git.661346.n2.nabble.com/Gitweb-running-as-FCGI-does-not-print-its-output-in-UTF-8-td7573415.html
- http://stackoverflow.com/questions/5005104

Signed-off-by: Julien Moutinho <julm+git@sourcephile.fr>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-03-29 09:06:51 -07:00
Junio C Hamano
c5dc20638b Merge branch 'do/gitweb-typofix-in-comments'
Typofix.

* do/gitweb-typofix-in-comments:
  gitweb: fix a couple spelling errors in comments
2020-01-08 12:44:11 -08:00
Denis Ovsienko
4e2c4c0d4f gitweb: fix a couple spelling errors in comments
Signed-off-by: Denis Ovsienko <denis@ovsienko.info>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2020-01-04 15:09:33 -08:00
Junio C Hamano
6c630f237e Merge branch 'jk/gitweb-anti-xss'
Some codepaths in "gitweb" that forgot to escape URLs generated
based on end-user input have been corrected.

* jk/gitweb-anti-xss:
  gitweb: escape URLs generated by href()
  t/gitweb-lib.sh: set $REQUEST_URI
  t/gitweb-lib.sh: drop confusing quotes
  t9502: pass along all arguments in xss helper
2019-12-01 09:04:41 -08:00
Jeff King
a376e37b2c gitweb: escape URLs generated by href()
There's a cross-site scripting problem in gitweb, where it will print
URLs generated by its href() helper without further quoting. This allows
an attacker to point a victim to a specially crafted gitweb URL and
inject arbitrary HTML into the resulting page (which the victim sees as
coming from gitweb).

The base of the URL comes from evaluate_uri(), which pulls the value of
$REQUEST_URI via the CGI module. It tries to strip off $PATH_INFO, but
fails to do so in some cases (including ones that contain special
characters, like "+"). Most of the uses of the URL end up being passed
to "$cgi->a(-href = href())", which will get quoted properly by the CGI
module. But in a few places, we output them ourselves as part of
manually-generated HTML, and whatever was in the original URL will
appear unquoted in the output.

Given that all of the nearby variables placed into this manual HTML
_are_ quoted, it seems like the authors assumed that these URLs would
not need quoting. So it's possible that the bug is actually in
evaluate_uri(), which should be doing a more careful job of stripping
$PATH_INFO. There's some discussion in a comment in that function, as
well as the commit message in 81d3fe9f48 (gitweb: fix wrong base URL
when non-root DirectoryIndex, 2009-02-15). But I'm not sure I understand
it.

Regardless, it's a good idea to quote these values at the point of
insertion into the HTML output:

  1. Even if there is a bug in evaluate_uri(), this would give us
     belt-and-suspenders protection.

  2. evaluate_uri() is only handling the base. Some generated URLs will
     also mention arbitrary refs or filenames in the repositories, and
     these should be quoted anyway.

  3. It should never _hurt_ to quote (and that's what all of the
     $cgi->a() calls are doing already).

So there may be further work here, but this patch at least prevents the
XSS vulnerability, and shouldn't make anything worse.

The test here covers the calls in print_feed_meta(), but I manually
audited every call to href() to see how its output was used, and quoted
appropriately. Most of them are esc_attr(), as they're used in tag
attributes, but I used esc_html() when the URLs were printed bare. The
distinction is largely academic, as one is implemented as a wrapper for
the other.

Reported-by: NAKAYAMA DAISUKE <nakyamad@icloud.com>
Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-11-18 10:46:56 +09:00
Elijah Newren
15beaaa3d1 Fix spelling errors in code comments
Reported-by: Jens Schleusener <Jens.Schleusener@fossies.org>
Signed-off-by: Elijah Newren <newren@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-11-10 16:00:54 +09:00
brian m. carlson
cfb049119c gitweb: make hash size independent
Gitweb has several hard-coded 40 values throughout it to check for
values that are passed in or acquired from Git.  To simplify the code,
introduce a regex variable that matches either exactly 40 or exactly 64
hex characters, and use this variable anywhere we would have previously
hard-coded a 40 in a regex.

Add some helper functions which allow us to write tighter regexes that
match exactly the number of hex characters we're expecting.

Similarly, switch the code that looks for deleted diffinfo information
to look for either 40 or 64 zeros, and update one piece of code to use
this function.  Finally, when formatting a log line, allow an
abbreviated describe output to contain up to 64 characters.

Helped-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: brian m. carlson <sandals@crustytoothpaste.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2019-04-01 11:57:39 +09:00
Ævar Arnfjörð Bjarmason
7d5b30e09f gitweb: hard-depend on the Digest::MD5 5.8 module
Since my d48b284183 ("perl: bump the required Perl version to 5.8 from
5.6.[21]", 2010-09-24), we've depended on 5.8, so there's no reason to
conditionally require Digest::MD5 anymore. It was released with perl
v5.7.3[1]

The initial introduction of the dependency in
e9fdd74e53 ("gitweb: (gr)avatar support", 2009-06-30) says as much,
this also undoes part of the later 2e9c8789b7 ("gitweb: Mention
optional Perl modules in INSTALL", 2011-02-04) since gitweb will
always be run on at least 5.8, so there's no need to mention
Digest::MD5 as a required module in the documentation, let's instead
say that we require perl 5.8.

1. $ corelist Digest::MD5
   Data for 2015-02-14
   Digest::MD5 was first released with perl v5.7.3

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2018-03-05 10:52:27 -08:00
Junio C Hamano
9c958d6906 Merge branch 'gc/gitweb-filetest-acl'
"gitweb" checks if a directory is searchable with Perl's "-x"
operator, which can be enhanced by using "filetest 'access'"
pragma, which now we do.

* gc/gitweb-filetest-acl:
  gitweb: use filetest to allow ACLs
2017-11-06 14:24:30 +09:00
Guillaume Castagnino
411ddf9eca gitweb: use filetest to allow ACLs
In commit 46a1385 (gitweb: skip unreadable subdirectories, 2017-07-18)
we forgot to handle non-unix ACLs as well. Fix this.

Signed-off-by: Guillaume Castagnino <casta@xwing.info>
Reviewed-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-10-24 10:14:38 +09:00
Junio C Hamano
2adb614902 Merge branch 'js/gitweb-raw-blob-link-in-history'
"gitweb" shows a link to visit the 'raw' contents of blbos in the
history overview page.

* js/gitweb-raw-blob-link-in-history:
  gitweb: add 'raw' blob_plain link in history overview
2017-08-26 22:55:07 -07:00
Junio C Hamano
b9e56be086 Merge branch 'hb/gitweb-project-list' into maint
When a directory is not readable, "gitweb" fails to build the
project list.  Work this around by skipping such a directory.

It might end up hiding a problem under the rug and a better
solution might be to loudly complain to the administrator pointing
out the problematic directory, but this will at least make it
"work".

* hb/gitweb-project-list:
  gitweb: skip unreadable subdirectories
2017-08-23 14:33:44 -07:00
Job Snijders
9662897bed gitweb: add 'raw' blob_plain link in history overview
For people that work with very large plain text files it may be easier
if one can bypass viewing the htmlized blob and instead click directly
to the raw file (rather then click through 'blob' and then to 'raw').

Signed-off-by: Job Snijders <job@instituut.net>
Reviewed-by: Giuseppe Bilotta <giuseppe.bilotta@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-08-22 13:10:48 -07:00
Junio C Hamano
a6ca9ee9e0 Merge branch 'hb/gitweb-project-list'
When a directory is not readable, "gitweb" fails to build the
project list.  Work this around by skipping such a directory.

* hb/gitweb-project-list:
  gitweb: skip unreadable subdirectories
2017-08-11 13:27:01 -07:00
Hielke Christian Braun
46a13857fc gitweb: skip unreadable subdirectories
gitweb terminates and shows no project list, if it can not access a
sub-directory in the project root directory while looking for projects
to show.

Work it around by skipping unreadable directories.

Signed-off-by: Hielke Christian Braun <hcb@unco.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-07-18 12:10:17 -07:00
Ville Skyttä
6412757514 Spelling fixes
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-06-27 10:35:49 -07:00
Sven Strickroth
5e68729fd9 doc: use https links to Wikipedia to avoid http redirects
Signed-off-by: Sven Strickroth <email@cs-ware.de>
Reviewed-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2017-05-15 13:04:54 +09:00
Junio C Hamano
5b941872d6 Merge branch 'ab/gitweb-abbrev-links'
In addition to purely abbreviated commit object names, "gitweb"
learned to turn "git describe" output (e.g. v2.9.3-599-g2376d31787)
into clickable links in its output.

* ab/gitweb-abbrev-links:
  gitweb: link to "git describe"'d commits in log messages
  gitweb: link to 7-char+ SHA-1s, not only 8-char+
  gitweb: fix a typo in a comment
2016-10-26 13:14:46 -07:00
Ævar Arnfjörð Bjarmason
cf5c7253e0 gitweb: link to "git describe"'d commits in log messages
Change the log formatting function to know about "git describe" output
such as "v2.8.0-4-g867ad08", in addition to just plain "867ad08".

There are still many valid refnames that we don't link to
e.g. v2.10.0-rc1~2^2~1 is also a valid way to refer to
v2.8.0-4-g867ad08, but I'm not supporting that with this commit,
similarly it's trivially possible to create some refnames like
"æ/var-gf6727b0" or which won't be picked up by this regex.

There's surely room for improvement here, but I just wanted to address
the very common case of sticking "git describe" output into commit
messages without trying to link to all possible refnames, that's going
to be a rather futile exercise given that this is free text, and it
would be prohibitively expensive to look up whether the references in
question exist in our repository.

There was on-list discussion about how we could do better than this
patch. Junio suggested to update parse_commits() to call a new
"gitweb--helper" command which would pass each of the revision
candidates through "rev-parse --verify --quiet". That would cut down
on our false positives (e.g. we'll link to "deadbeef"), and also allow
us to be more aggressive in selecting candidate revisions.

That may be too expensive to work in practice, or it may
not. Investigating that would be a good follow-up to this patch.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-14 13:22:55 -07:00
Ævar Arnfjörð Bjarmason
8059966cc4 gitweb: link to 7-char+ SHA-1s, not only 8-char+
Change the minimum length of an abbreviated object identifier in the
commit message gitweb tries to turn into link from 8 hexchars to 7.

This arbitrary minimum length of 8 was introduced in bfe2191 ("gitweb:
SHA-1 in commit log message links to "object" view", 2006-12-10), but
the default abbreviation length is 7, and has been for a long time.

It's still possible to reference SHA-1s down to 4 characters in length,
see v1.7.4-1-gdce9648's MINIMUM_ABBREV, but I can't see how to make
git actually produce that, so I doubt anyone is putting that into log
messages in practice, but people definitely do put 7 character SHA-1s
into log messages.

I think it's fairly dubious to link to things matching [0-9a-fA-F]
here as opposed to just [0-9a-f], that dates back to the initial
version of gitweb from 161332a ("first working version",
2005-08-07). Git will accept all-caps SHA-1s, but didn't ever produce
them as far as I can tell.

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-14 13:22:51 -07:00
Ævar Arnfjörð Bjarmason
26547bfb2b gitweb: fix a typo in a comment
Change a typo'd MIME type in a comment. The Content-Type is
application/xhtml+xml, not application/xhtm+xml.

Fixes up code originally added in 53c4031 ("gitweb: Strip
non-printable characters from syntax highlighter output", 2011-09-16).

Signed-off-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-10-14 13:22:31 -07:00
Ian Kelling
779a206632 gitweb: use highlight's shebang detection
The "highlight" binary can, in some cases, determine the language type
by the means of file contents, for example the shebang in the first line
for some scripting languages.  Make use of this autodetection for files
which syntax is not known by gitweb.  In that case, pass the blob
contents to "highlight --force"; the parameter is needed to make it
always generate HTML output (which includes HTML-escaping).

Although we now run highlight on files which do not end up highlighted,
performance is virtually unaffected because when we call highlight, it
is used for escaping HTML.  In the case that highlight is used, gitweb
calls sanitize() instead of esc_html(), and the latter is significantly
slower (it does more, being roughly a superset of sanitize()).  Simple
benchmark comparing performance of 'blob' view of files without syntax
highlighting in gitweb before and after this change indicates ±1%
difference in request time for all file types.  Benchmark was performed
on local instance on Debian, using Apache/2.4.23 web server and CGI.

Document the feature and improve syntax highlight documentation, add
test to ensure gitweb doesn't crash when language detection is used.

Signed-off-by: Ian Kelling <ian@iankelling.org>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-25 16:39:11 -07:00
Ian Kelling
c151aa3b58 gitweb: remove unused guess_file_syntax() parameter
Signed-off-by: Ian Kelling <ian@iankelling.org>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-09-25 16:39:03 -07:00
Andreas Brauchli
77947bbe24 gitweb: escape link body in format_ref_marker
Fix a case where an html link can be generated from unescaped input
resulting in invalid strict xhtml or potentially injected code.

An overview of a repo with a tag "1.0.0&0.0.1" would previously result
in an unescaped ampersand in the link body.

Signed-off-by: Andreas Brauchli <a.brauchli@elementarea.net>
Acked-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-08-01 12:55:40 -07:00
Junio C Hamano
13af774e26 Merge branch 'sk/gitweb-highlight-encoding' into HEAD
Some multi-byte encoding can have a backslash byte as a later part
of one letter, which would confuse "highlight" filter used in
gitweb.

* sk/gitweb-highlight-encoding:
  gitweb: apply fallback encoding before highlight
2016-05-18 14:40:10 -07:00
Shin Kojima
029f37217c gitweb: apply fallback encoding before highlight
Some multi-byte character encodings (such as Shift_JIS and GBK) have
characters whose final bytes is an ASCII '\' (0x5c), and they
will be displayed as funny-characters even if $fallback_encoding is
correct.  This is because `highlight` command always expects UTF-8
encoded strings from STDIN.

    $ echo 'my $v = "申";' | highlight --syntax perl | w3m -T text/html -dump
    my $v = "申";

    $ echo 'my $v = "申";' | iconv -f UTF-8 -t Shift_JIS | highlight \
        --syntax perl | iconv -f Shift_JIS -t UTF-8 | w3m -T text/html -dump

    iconv: (stdin):9:135: cannot convert
    my $v = "

This patch prepare git blob objects to be encoded into UTF-8 before
highlighting in the manner of `to_utf8` subroutine.

Signed-off-by: Shin Kojima <shin@kojima.org>
Reviewed-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-05-03 11:32:31 -07:00
Øyvind A. Holm
a9eb90aab5 gitweb: squelch "uninitialized value" warning
git_object() chomps $type that is read from "cat-file -t", but
it does so before checking if $type is defined, resulting in
a Perl warning in the server error log:

  gitweb.cgi: Use of uninitialized value $type in scalar chomp at
  [...]/gitweb.cgi line 7579., referer: [...]

when trying to access a non-existing commit, for example:

  http://HOST/?p=PROJECT.git;a=commit;h=NON_EXISTING_COMMIT

Check the value in $type before chomping.  This will cause us to
call href with its action parameter set to undef when formulating
the URL to redirect to, but that is harmless, as the function treats
a parameter that set to undef as if it does not exist.

Signed-off-by: Øyvind A. Holm <sunny@sunbase.org>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2016-01-12 13:21:15 -08:00
Jeff King
13dbf46a39 gitweb: hack around CGI's list-context param() handling
As of CGI.pm's 4.08 release, the behavior to call
CGI::param() in a list context is deprecated (because it can
be potentially unsafe if called inside a hash constructor).
This causes gitweb to issue a warning for some of our code,
which in turn causes the tests to fail.

Our use is in fact _not_ one of the dangerous cases, as we
are intentionally using a list context. The recommended
route by 4.08 is to use the new CGI::multi_param() call to
make it explicit that we know what we are doing.
However, that function is only available in 4.08, which is
about a month old; we cannot rely on having it.

One option would be to set $CGI::LIST_CONTEXT_WARN globally,
which turns off the warning. However, that would eliminate
the protection these newer releases are trying to provide.
We want to annotate each site as OK using the new function.

So instead, let's check whether CGI provides the
multi_param() function, and if not, provide an
implementation that just wraps param(). That will work on
both old and new versions of CGI. Sadly, we cannot just
check defined(\&CGI::multi_param), because CGI uses the
autoload feature, which claims that all functions are
defined. Instead, we just do a version check.

Signed-off-by: Jeff King <peff@peff.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-11-18 11:23:10 -08:00
Roland Mas
4750f4b962 gitweb: use start_form, not startform that was removed in CGI.pm 4.04
CGI.pm 4.04 removed the startform method, which had previously been
deprecated in favour of start_form.  Changes file for CGI.pm says:

    4.04 2014-09-04
     [ REMOVED / DEPRECATIONS ]
	- startform and endform methods removed (previously deprecated,
	  you should be using the start_form and end_form methods)

Signed-off-by: Roland Mas <lolando@debian.org>
Reviewed-by: Jakub Narębski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-10-16 13:12:34 -07:00
Junio C Hamano
d59c12d7ad Merge branch 'jl/nor-or-nand-and'
Eradicate mistaken use of "nor" (that is, essentially "nor" used
not in "neither A nor B" ;-)) from in-code comments, command output
strings, and documentations.

* jl/nor-or-nand-and:
  code and test: fix misuses of "nor"
  comments: fix misuses of "nor"
  contrib: fix misuses of "nor"
  Documentation: fix misuses of "nor"
2014-04-08 12:00:28 -07:00
Justin Lebar
01689909eb comments: fix misuses of "nor"
Signed-off-by: Justin Lebar <jlebar@google.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-03-31 15:29:27 -07:00
Andrew Keller
46a7471f0e gitweb: Avoid overflowing page body frame with large images
When displaying a blob in gitweb, if it's an image, specify constraints for
maximum display width and height to prevent the image from overflowing the
frame of the enclosing page_body div.

This change assumes that it is more desirable to see the whole image without
scrolling (new behavior) than it is to see every pixel without zooming
(previous behavior).

Signed-off-by: Andrew Keller <andrew@kellerfarm.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2014-02-20 09:50:14 -08:00
Krzesimir Nowak
e374747f51 gitweb: Denote non-heads, non-remotes branches
Given two branches residing in refs/heads/master and refs/wip/feature
the list-of-branches view will present them in following way:
master
feature (wip)

When getting a snapshot of a 'feature' branch, the tarball is going to
have name like 'project-wip-feature-<short hash>.tgz'.

Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12 12:37:37 -08:00
Krzesimir Nowak
8d646a9bac gitweb: Add a feature for adding more branch refs
Allow extra-branch-refs feature to tell gitweb to show refs from
additional hierarchies in addition to branches in the list-of-branches
view.

Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12 12:37:37 -08:00
Krzesimir Nowak
23faf546ae gitweb: Return 1 on validation success instead of passed input
Users of validate_* passing "0" might get failures on correct name
because of coercion of "0" to false in code like:
die_error(500, "invalid ref") unless (check_ref_format ("0"));

Also, the validate_foo subs are renamed to is_valid_foo.

Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12 12:37:36 -08:00
Krzesimir Nowak
c0bc2265ef gitweb: Move check-ref-format code into separate function
This check will be used in more than one place later.

Signed-off-by: Krzesimir Nowak <krzesimir@endocode.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-12-12 12:37:36 -08:00
Junio C Hamano
e8717b67fe Merge branch 'ab/gitweb-author-initials'
* ab/gitweb-author-initials:
  gitweb: Fix the author initials in blame for non-ASCII names
2013-09-17 11:42:27 -07:00
Junio C Hamano
04e3274d6a Merge branch 'tf/gitweb-ss-tweak'
Tweak Gitweb CSS to layout some elements better.

* tf/gitweb-ss-tweak:
  gitweb: make search help link less ugly
  gitweb: omit the repository owner when it is unset
  gitweb: vertically centre contents of page footer
  gitweb: ensure OPML text fits inside its box
2013-09-11 15:00:54 -07:00
Ævar Arnfjörð Bjarmason
fd87004e51 gitweb: Fix the author initials in blame for non-ASCII names
Change the @author_initials feature Jakub added in
v1.6.4-rc2-14-ga36817b to match non-ASCII author initials as intended.

The regexp Jakub added was intended to match
non-ASCII (/\b([[:upper:]])\B/g). But in Perl this doesn't actually
match non-ASCII upper-case characters unless the string being matched
against has the UTF8 flag.

So when we open a pipe to "git blame" we need to mark the file
descriptor we're opening as utf8 explicitly.

So as a result it abbreviates me to "AB" not "ÆAB", entirely because "Æ"
isn't /[[:upper:]]/ unless the string being matched against has the UTF8
flag.

Here's something that demonstrates the issue:

    #!/usr/bin/env perl
    use strict;
    use warnings;

    binmode STDOUT, ':utf8' if $ENV{UTF8};
    open my $fd, "-|", "git", "blame", "--incremental", "--", "Makefile" or die "Can't open: $!";
    binmode $fd, ":utf8" if $ENV{UTF8};
    while (my $line = <$fd>) {
    	next unless my ($author) = $line =~ /^author (.*)/;
    	my @author_initials = ($author =~ /\b([[:upper:]])\B/g);
    	printf "%s (%s)\n",  join("", @author_initials), $author;
    }

When that's run with and without UTF8 being true in the environment it
gives, on git.git:

    $ UTF8=0 perl author-initials.pl | sort | uniq -c |
    sort -nr | head -n 5
         99 JH (Junio C Hamano)
         35 JN (Jonathan Nieder)
         35 JK (Jeff King)
         20 JS (Johannes Schindelin)
         16 AB (Ævar Arnfjörð Bjarmason)
    $ UTF8=1 perl author-initials.pl | sort | uniq -c |
    sort -nr | head -n 5
         99 JH (Junio C Hamano)
         35 JN (Jonathan Nieder)
         35 JK (Jeff King)
         20 JS (Johannes Schindelin)
         16 ÆAB (Ævar Arnfjörð Bjarmason)

Acked-by: Jakub Narębski <jnareb@gmail.com>
Tested-by: Ævar Arnfjörð Bjarmason <avarab@gmail.com>
Tested-by: Simon Ruderich <simon@ruderich.org>

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-30 14:55:04 -07:00
Tony Finch
af52bd5f58 gitweb: make search help link less ugly
The search help link was a superscript question mark right next to
a drop-down menu, which looks misaligned and is a cramped and
awkward click target. Remove the superscript tags and add some
spacing to fix these nits. Add a title attribute to provide an
explanatory mouseover.

Signed-off-by: Tony Finch <dot@dotat.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-20 13:00:57 -07:00
Tony Finch
860ccc605d gitweb: omit the repository owner when it is unset
On the repository summary page, leave the owner line out if the
repo does not have an owner, rather than displaying a labelled empty
field. This does not affect the owner column in the projects list
page, which is present unless $omit_owner is true.

Signed-off-by: Tony Finch <dot@dotat.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-08-20 13:00:57 -07:00
Tony Finch
ad9c2e22ca gitweb: allow extra breadcrumbs to prefix the trail
There are often parent pages logically above the gitweb projects
list, e.g. home pages of the organization and department that host
the gitweb server. This change allows you to include links to those
pages in gitweb's breadcrumb trail.

Signed-off-by: Tony Finch <dot@dotat.at>
Reviewed-by: Jonathan Nieder <jrnieder@gmail.com>
Acked-by: Jakub Narebski <jnareb@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-07-04 21:52:15 -07:00
Charles McGarvey
ca7a5dcfd3 gitweb: fix problem causing erroneous project list
The bug is manifest when running gitweb in a persistent process (e.g.
FastCGI, PSGI), and it's easy to reproduce.  If a gitweb request
includes the searchtext parameter (i.e. s), subsequent requests using
the project_list action--which is the default action--and without
a searchtext parameter will be filtered by the searchtext value of the
first request.  This is because the value of the $search_regexp global
(the value of which is based on the searchtext parameter) is currently
being persisted between requests.

Instead, clear $search_regexp before dispatching each request.

Signed-off-by: Charles McGarvey <chazmcgarvey@brokenzipper.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2013-06-07 09:37:16 -07:00