summaryrefslogtreecommitdiffabout
authorLars Hjemli <hjemli@gmail.com>2008-12-01 20:50:19 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2008-12-01 20:50:19 (UTC)
commitb9053a4ff04fef90d1b9ab3f813ae3fcee63a8c3 (patch) (unidiff)
treefb20e92f6e27a1148c525e8137399f845aec5a43
parent4b4f8d1256669bf9838e17f83a070de0ec09a699 (diff)
downloadcgit-b9053a4ff04fef90d1b9ab3f813ae3fcee63a8c3.zip
cgit-b9053a4ff04fef90d1b9ab3f813ae3fcee63a8c3.tar.gz
cgit-b9053a4ff04fef90d1b9ab3f813ae3fcee63a8c3.tar.bz2
ui-shared: exploit snapshot dwimmery in cgit_print_snapshot_links
Since we know that ui-snapshot.c is able to extract the revision from the filename, there's no longer necessary to specify the revision with a 'id' querystring argument. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--ui-shared.c3
1 files changed, 1 insertions, 2 deletions
diff --git a/ui-shared.c b/ui-shared.c
index 224e5f3..c4a506e 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -518,197 +518,196 @@ int print_archive_ref(const char *refname, const unsigned char *sha1,
518 struct object *obj; 518 struct object *obj;
519 char buf[256], *url; 519 char buf[256], *url;
520 unsigned char fileid[20]; 520 unsigned char fileid[20];
521 int *header = (int *)cb_data; 521 int *header = (int *)cb_data;
522 522
523 if (prefixcmp(refname, "refs/archives")) 523 if (prefixcmp(refname, "refs/archives"))
524 return 0; 524 return 0;
525 strncpy(buf, refname+14, sizeof(buf)); 525 strncpy(buf, refname+14, sizeof(buf));
526 obj = parse_object(sha1); 526 obj = parse_object(sha1);
527 if (!obj) 527 if (!obj)
528 return 1; 528 return 1;
529 if (obj->type == OBJ_TAG) { 529 if (obj->type == OBJ_TAG) {
530 tag = lookup_tag(sha1); 530 tag = lookup_tag(sha1);
531 if (!tag || parse_tag(tag) || !(info = cgit_parse_tag(tag))) 531 if (!tag || parse_tag(tag) || !(info = cgit_parse_tag(tag)))
532 return 0; 532 return 0;
533 hashcpy(fileid, tag->tagged->sha1); 533 hashcpy(fileid, tag->tagged->sha1);
534 } else if (obj->type != OBJ_BLOB) { 534 } else if (obj->type != OBJ_BLOB) {
535 return 0; 535 return 0;
536 } else { 536 } else {
537 hashcpy(fileid, sha1); 537 hashcpy(fileid, sha1);
538 } 538 }
539 if (!*header) { 539 if (!*header) {
540 html("<h1>download</h1>\n"); 540 html("<h1>download</h1>\n");
541 *header = 1; 541 *header = 1;
542 } 542 }
543 url = cgit_pageurl(ctx.qry.repo, "blob", 543 url = cgit_pageurl(ctx.qry.repo, "blob",
544 fmt("id=%s&amp;path=%s", sha1_to_hex(fileid), 544 fmt("id=%s&amp;path=%s", sha1_to_hex(fileid),
545 buf)); 545 buf));
546 html_link_open(url, NULL, "menu"); 546 html_link_open(url, NULL, "menu");
547 html_txt(strlpart(buf, 20)); 547 html_txt(strlpart(buf, 20));
548 html_link_close(); 548 html_link_close();
549 return 0; 549 return 0;
550} 550}
551 551
552void add_hidden_formfields(int incl_head, int incl_search, char *page) 552void add_hidden_formfields(int incl_head, int incl_search, char *page)
553{ 553{
554 char *url; 554 char *url;
555 555
556 if (!ctx.cfg.virtual_root) { 556 if (!ctx.cfg.virtual_root) {
557 url = fmt("%s/%s", ctx.qry.repo, page); 557 url = fmt("%s/%s", ctx.qry.repo, page);
558 if (ctx.qry.path) 558 if (ctx.qry.path)
559 url = fmt("%s/%s", url, ctx.qry.path); 559 url = fmt("%s/%s", url, ctx.qry.path);
560 html_hidden("url", url); 560 html_hidden("url", url);
561 } 561 }
562 562
563 if (incl_head && ctx.qry.head && ctx.repo->defbranch && 563 if (incl_head && ctx.qry.head && ctx.repo->defbranch &&
564 strcmp(ctx.qry.head, ctx.repo->defbranch)) 564 strcmp(ctx.qry.head, ctx.repo->defbranch))
565 html_hidden("h", ctx.qry.head); 565 html_hidden("h", ctx.qry.head);
566 566
567 if (ctx.qry.sha1) 567 if (ctx.qry.sha1)
568 html_hidden("id", ctx.qry.sha1); 568 html_hidden("id", ctx.qry.sha1);
569 if (ctx.qry.sha2) 569 if (ctx.qry.sha2)
570 html_hidden("id2", ctx.qry.sha2); 570 html_hidden("id2", ctx.qry.sha2);
571 571
572 if (incl_search) { 572 if (incl_search) {
573 if (ctx.qry.grep) 573 if (ctx.qry.grep)
574 html_hidden("qt", ctx.qry.grep); 574 html_hidden("qt", ctx.qry.grep);
575 if (ctx.qry.search) 575 if (ctx.qry.search)
576 html_hidden("q", ctx.qry.search); 576 html_hidden("q", ctx.qry.search);
577 } 577 }
578} 578}
579 579
580char *hc(struct cgit_cmd *cmd, const char *page) 580char *hc(struct cgit_cmd *cmd, const char *page)
581{ 581{
582 return (strcmp(cmd->name, page) ? NULL : "active"); 582 return (strcmp(cmd->name, page) ? NULL : "active");
583} 583}
584 584
585void cgit_print_pageheader(struct cgit_context *ctx) 585void cgit_print_pageheader(struct cgit_context *ctx)
586{ 586{
587 struct cgit_cmd *cmd = cgit_get_cmd(ctx); 587 struct cgit_cmd *cmd = cgit_get_cmd(ctx);
588 588
589 html("<table id='header'>\n"); 589 html("<table id='header'>\n");
590 html("<tr>\n"); 590 html("<tr>\n");
591 html("<td class='logo' rowspan='2'><a href='"); 591 html("<td class='logo' rowspan='2'><a href='");
592 if (ctx->cfg.logo_link) 592 if (ctx->cfg.logo_link)
593 html_attr(ctx->cfg.logo_link); 593 html_attr(ctx->cfg.logo_link);
594 else 594 else
595 html_attr(cgit_rooturl()); 595 html_attr(cgit_rooturl());
596 html("'><img src='"); 596 html("'><img src='");
597 html_attr(ctx->cfg.logo); 597 html_attr(ctx->cfg.logo);
598 html("' alt='cgit logo'/></a></td>\n"); 598 html("' alt='cgit logo'/></a></td>\n");
599 599
600 html("<td class='main'>"); 600 html("<td class='main'>");
601 if (ctx->repo) { 601 if (ctx->repo) {
602 cgit_index_link("index", NULL, NULL, NULL, 0); 602 cgit_index_link("index", NULL, NULL, NULL, 0);
603 html(" : "); 603 html(" : ");
604 cgit_summary_link(ctx->repo->name, ctx->repo->name, NULL, NULL); 604 cgit_summary_link(ctx->repo->name, ctx->repo->name, NULL, NULL);
605 html("</td><td class='form'>"); 605 html("</td><td class='form'>");
606 html("<form method='get' action=''>\n"); 606 html("<form method='get' action=''>\n");
607 add_hidden_formfields(0, 1, ctx->qry.page); 607 add_hidden_formfields(0, 1, ctx->qry.page);
608 html("<select name='h' onchange='this.form.submit();'>\n"); 608 html("<select name='h' onchange='this.form.submit();'>\n");
609 for_each_branch_ref(print_branch_option, ctx->qry.head); 609 for_each_branch_ref(print_branch_option, ctx->qry.head);
610 html("</select> "); 610 html("</select> ");
611 html("<input type='submit' name='' value='switch'/>"); 611 html("<input type='submit' name='' value='switch'/>");
612 html("</form>"); 612 html("</form>");
613 } else 613 } else
614 html_txt(ctx->cfg.root_title); 614 html_txt(ctx->cfg.root_title);
615 html("</td></tr>\n"); 615 html("</td></tr>\n");
616 616
617 html("<tr><td class='sub'>"); 617 html("<tr><td class='sub'>");
618 if (ctx->repo) { 618 if (ctx->repo) {
619 html_txt(ctx->repo->desc); 619 html_txt(ctx->repo->desc);
620 html("</td><td class='sub right'>"); 620 html("</td><td class='sub right'>");
621 html_txt(ctx->repo->owner); 621 html_txt(ctx->repo->owner);
622 } else { 622 } else {
623 if (ctx->cfg.root_desc) 623 if (ctx->cfg.root_desc)
624 html_txt(ctx->cfg.root_desc); 624 html_txt(ctx->cfg.root_desc);
625 else if (ctx->cfg.index_info) 625 else if (ctx->cfg.index_info)
626 html_include(ctx->cfg.index_info); 626 html_include(ctx->cfg.index_info);
627 } 627 }
628 html("</td></tr></table>\n"); 628 html("</td></tr></table>\n");
629 629
630 html("<table class='tabs'><tr><td>\n"); 630 html("<table class='tabs'><tr><td>\n");
631 if (ctx->repo) { 631 if (ctx->repo) {
632 cgit_summary_link("summary", NULL, hc(cmd, "summary"), 632 cgit_summary_link("summary", NULL, hc(cmd, "summary"),
633 ctx->qry.head); 633 ctx->qry.head);
634 cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head, 634 cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head,
635 ctx->qry.sha1, NULL); 635 ctx->qry.sha1, NULL);
636 cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head, 636 cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head,
637 NULL, NULL, 0, NULL, NULL); 637 NULL, NULL, 0, NULL, NULL);
638 cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head, 638 cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head,
639 ctx->qry.sha1, NULL); 639 ctx->qry.sha1, NULL);
640 cgit_commit_link("commit", NULL, hc(cmd, "commit"), 640 cgit_commit_link("commit", NULL, hc(cmd, "commit"),
641 ctx->qry.head, ctx->qry.sha1); 641 ctx->qry.head, ctx->qry.sha1);
642 cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head, 642 cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head,
643 ctx->qry.sha1, ctx->qry.sha2, NULL); 643 ctx->qry.sha1, ctx->qry.sha2, NULL);
644 if (ctx->repo->readme) 644 if (ctx->repo->readme)
645 reporevlink("about", "about", NULL, 645 reporevlink("about", "about", NULL,
646 hc(cmd, "about"), ctx->qry.head, NULL, 646 hc(cmd, "about"), ctx->qry.head, NULL,
647 NULL); 647 NULL);
648 html("</td><td class='form'>"); 648 html("</td><td class='form'>");
649 html("<form class='right' method='get' action='"); 649 html("<form class='right' method='get' action='");
650 if (ctx->cfg.virtual_root) 650 if (ctx->cfg.virtual_root)
651 html_url_path(cgit_fileurl(ctx->qry.repo, "log", 651 html_url_path(cgit_fileurl(ctx->qry.repo, "log",
652 ctx->qry.path, NULL)); 652 ctx->qry.path, NULL));
653 html("'>\n"); 653 html("'>\n");
654 add_hidden_formfields(1, 0, "log"); 654 add_hidden_formfields(1, 0, "log");
655 html("<select name='qt'>\n"); 655 html("<select name='qt'>\n");
656 html_option("grep", "log msg", ctx->qry.grep); 656 html_option("grep", "log msg", ctx->qry.grep);
657 html_option("author", "author", ctx->qry.grep); 657 html_option("author", "author", ctx->qry.grep);
658 html_option("committer", "committer", ctx->qry.grep); 658 html_option("committer", "committer", ctx->qry.grep);
659 html("</select>\n"); 659 html("</select>\n");
660 html("<input class='txt' type='text' size='10' name='q' value='"); 660 html("<input class='txt' type='text' size='10' name='q' value='");
661 html_attr(ctx->qry.search); 661 html_attr(ctx->qry.search);
662 html("'/>\n"); 662 html("'/>\n");
663 html("<input type='submit' value='search'/>\n"); 663 html("<input type='submit' value='search'/>\n");
664 html("</form>\n"); 664 html("</form>\n");
665 } else { 665 } else {
666 site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0); 666 site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0);
667 if (ctx->cfg.root_readme) 667 if (ctx->cfg.root_readme)
668 site_link("about", "about", NULL, hc(cmd, "about"), 668 site_link("about", "about", NULL, hc(cmd, "about"),
669 NULL, 0); 669 NULL, 0);
670 html("</td><td class='form'>"); 670 html("</td><td class='form'>");
671 html("<form method='get' action='"); 671 html("<form method='get' action='");
672 html_attr(cgit_rooturl()); 672 html_attr(cgit_rooturl());
673 html("'>\n"); 673 html("'>\n");
674 html("<input type='text' name='q' size='10' value='"); 674 html("<input type='text' name='q' size='10' value='");
675 html_attr(ctx->qry.search); 675 html_attr(ctx->qry.search);
676 html("'/>\n"); 676 html("'/>\n");
677 html("<input type='submit' value='search'/>\n"); 677 html("<input type='submit' value='search'/>\n");
678 html("</form>"); 678 html("</form>");
679 } 679 }
680 html("</td></tr></table>\n"); 680 html("</td></tr></table>\n");
681 html("<div class='content'>"); 681 html("<div class='content'>");
682} 682}
683 683
684void cgit_print_filemode(unsigned short mode) 684void cgit_print_filemode(unsigned short mode)
685{ 685{
686 if (S_ISDIR(mode)) 686 if (S_ISDIR(mode))
687 html("d"); 687 html("d");
688 else if (S_ISLNK(mode)) 688 else if (S_ISLNK(mode))
689 html("l"); 689 html("l");
690 else if (S_ISGITLINK(mode)) 690 else if (S_ISGITLINK(mode))
691 html("m"); 691 html("m");
692 else 692 else
693 html("-"); 693 html("-");
694 html_fileperm(mode >> 6); 694 html_fileperm(mode >> 6);
695 html_fileperm(mode >> 3); 695 html_fileperm(mode >> 3);
696 html_fileperm(mode); 696 html_fileperm(mode);
697} 697}
698 698
699void cgit_print_snapshot_links(const char *repo, const char *head, 699void cgit_print_snapshot_links(const char *repo, const char *head,
700 const char *hex, int snapshots) 700 const char *hex, int snapshots)
701{ 701{
702 const struct cgit_snapshot_format* f; 702 const struct cgit_snapshot_format* f;
703 char *filename; 703 char *filename;
704 704
705 for (f = cgit_snapshot_formats; f->suffix; f++) { 705 for (f = cgit_snapshot_formats; f->suffix; f++) {
706 if (!(snapshots & f->bit)) 706 if (!(snapshots & f->bit))
707 continue; 707 continue;
708 filename = fmt("%s-%s%s", cgit_repobasename(repo), hex, 708 filename = fmt("%s-%s%s", cgit_repobasename(repo), hex,
709 f->suffix); 709 f->suffix);
710 cgit_snapshot_link(filename, NULL, NULL, (char *)head, 710 cgit_snapshot_link(filename, NULL, NULL, NULL, NULL, filename);
711 (char *)hex, filename);
712 html("<br/>"); 711 html("<br/>");
713 } 712 }
714} 713}