summaryrefslogtreecommitdiffabout
authorLars Hjemli <hjemli@gmail.com>2008-10-05 11:13:33 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2008-10-05 11:13:33 (UTC)
commit20c895f6889a66d7cf43c67a7c22df6ef324ed5d (patch) (side-by-side diff)
tree4fc0c044fa0919cab562b371191add67114d07a9
parent204669ff4a4028a82cc48e9319632595ba3ff703 (diff)
parentb575115d9d93e45cdbcd5d066cc445d34639ae6a (diff)
downloadcgit-20c895f6889a66d7cf43c67a7c22df6ef324ed5d.zip
cgit-20c895f6889a66d7cf43c67a7c22df6ef324ed5d.tar.gz
cgit-20c895f6889a66d7cf43c67a7c22df6ef324ed5d.tar.bz2
Merge branch 'lh/escape-urls'
* lh/escape-urls: ui-shared.c: use html_url_arg() html.c: add html_url_arg
Diffstat (more/less context) (show whitespace changes)
-rw-r--r--html.c16
-rw-r--r--html.h1
-rwxr-xr-xtests/setup.sh13
-rwxr-xr-xtests/t0101-index.sh2
-rwxr-xr-xtests/t0104-tree.sh12
-rw-r--r--ui-shared.c20
6 files changed, 53 insertions, 11 deletions
diff --git a/html.c b/html.c
index 36e9a2f..167127f 100644
--- a/html.c
+++ b/html.c
@@ -127,8 +127,24 @@ void html_attr(char *txt)
if (t!=txt)
html(txt);
}
+void html_url_arg(char *txt)
+{
+ char *t = txt;
+ while(t && *t){
+ int c = *t;
+ if (c=='"' || c=='#' || c=='%' || c=='&' || c=='\'' || c=='+' || c=='?') {
+ write(htmlfd, txt, t - txt);
+ write(htmlfd, fmt("%%%2x", c), 3);
+ txt = t+1;
+ }
+ t++;
+ }
+ if (t!=txt)
+ html(txt);
+}
+
void html_hidden(char *name, char *value)
{
html("<input type='hidden' name='");
html_attr(name);
diff --git a/html.h b/html.h
index 3c32935..038cf60 100644
--- a/html.h
+++ b/html.h
@@ -9,8 +9,9 @@ extern void htmlf(const char *format,...);
extern void html_status(int code, const char *msg, int more_headers);
extern void html_txt(char *txt);
extern void html_ntxt(int len, char *txt);
extern void html_attr(char *txt);
+extern void html_url_arg(char *txt);
extern void html_hidden(char *name, char *value);
extern void html_option(char *value, char *text, char *selected_value);
extern void html_link_open(char *url, char *title, char *class);
extern void html_link_close(void);
diff --git a/tests/setup.sh b/tests/setup.sh
index e37306e..1457dd5 100755
--- a/tests/setup.sh
+++ b/tests/setup.sh
@@ -30,8 +30,15 @@ mkrepo() {
echo $n >file-$n
git add file-$n
git commit -m "commit $n"
done
+ if test "$3" = "testplus"
+ then
+ echo "hello" >a+b
+ git add a+b
+ git commit -m "add a+b"
+ git branch "1+2"
+ fi
cd $dir
}
setup_repos()
@@ -39,8 +46,9 @@ setup_repos()
rm -rf trash/cache
mkdir -p trash/cache
mkrepo trash/repos/foo 5 >/dev/null
mkrepo trash/repos/bar 50 >/dev/null
+ mkrepo trash/repos/foo+bar 10 testplus >/dev/null
cat >trash/cgitrc <<EOF
virtual-root=/
cache-root=$PWD/trash/cache
@@ -60,8 +68,12 @@ repo.path=$PWD/trash/repos/foo/.git
repo.url=bar
repo.path=$PWD/trash/repos/bar/.git
repo.desc=the bar repo
+
+repo.url=foo+bar
+repo.path=$PWD/trash/repos/foo+bar/.git
+repo.desc=the foo+bar repo
EOF
}
prepare_tests()
@@ -112,5 +124,4 @@ cgit_query()
cgit_url()
{
CGIT_CONFIG="$PWD/trash/cgitrc" QUERY_STRING="url=$1" "$PWD/../cgit"
}
-
diff --git a/tests/t0101-index.sh b/tests/t0101-index.sh
index 445af6a..07e39f9 100755
--- a/tests/t0101-index.sh
+++ b/tests/t0101-index.sh
@@ -8,8 +8,10 @@ run_test 'generate index page' 'cgit_url "" >trash/tmp'
run_test 'find foo repo' 'grep -e "foo" trash/tmp'
run_test 'find foo description' 'grep -e "\[no description\]" trash/tmp'
run_test 'find bar repo' 'grep -e "bar" trash/tmp'
run_test 'find bar description' 'grep -e "the bar repo" trash/tmp'
+run_test 'find foo+bar repo' 'grep -e ">foo+bar<" trash/tmp'
+run_test 'verify foo+bar link' 'grep -e "/foo+bar/" trash/tmp'
run_test 'no tree-link' '! grep -e "foo/tree" trash/tmp'
run_test 'no log-link' '! grep -e "foo/log" trash/tmp'
tests_done
diff --git a/tests/t0104-tree.sh b/tests/t0104-tree.sh
index 2516c72..0d62cc8 100755
--- a/tests/t0104-tree.sh
+++ b/tests/t0104-tree.sh
@@ -17,5 +17,17 @@ run_test 'find line 1' '
run_test 'no line 2' '
grep -e "<a id=.n2. name=.n2. href=.#n2.>2</a>" trash/tmp
'
+run_test 'generate foo+bar/tree' 'cgit_url "foo%2bbar/tree" >trash/tmp'
+
+run_test 'verify a+b link' '
+ grep -e "/foo+bar/tree/a+b" trash/tmp
+'
+
+run_test 'generate foo+bar/tree?h=1+2' 'cgit_url "foo%2bbar/tree&h=1%2b2" >trash/tmp'
+
+run_test 'verify a+b?h=1+2 link' '
+ grep -e "/foo+bar/tree/a+b?h=1%2b2" trash/tmp
+'
+
tests_done
diff --git a/ui-shared.c b/ui-shared.c
index c23bc75..a2f636c 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -220,23 +220,23 @@ static char *repolink(char *title, char *class, char *page, char *head,
}
} else {
html(ctx.cfg.script_name);
html("?url=");
- html_attr(ctx.repo->url);
+ html_url_arg(ctx.repo->url);
if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
html("/");
if (page) {
- html(page);
+ html_url_arg(page);
html("/");
if (path)
- html_attr(path);
+ html_url_arg(path);
}
delim = "&amp;";
}
if (head && strcmp(head, ctx.repo->defbranch)) {
html(delim);
html("h=");
- html_attr(head);
+ html_url_arg(head);
delim = "&amp;";
}
return fmt("%s", delim);
}
@@ -249,9 +249,9 @@ static void reporevlink(char *page, char *name, char *title, char *class,
delim = repolink(title, class, page, head, path);
if (rev && strcmp(rev, ctx.qry.head)) {
html(delim);
html("id=");
- html_attr(rev);
+ html_url_arg(rev);
}
html("'>");
html_txt(name);
html("</a>");
@@ -277,19 +277,19 @@ void cgit_log_link(char *name, char *title, char *class, char *head,
delim = repolink(title, class, "log", head, path);
if (rev && strcmp(rev, ctx.qry.head)) {
html(delim);
html("id=");
- html_attr(rev);
+ html_url_arg(rev);
delim = "&";
}
if (grep && pattern) {
html(delim);
html("qt=");
- html_attr(grep);
+ html_url_arg(grep);
delim = "&";
html(delim);
html("q=");
- html_attr(pattern);
+ html_url_arg(pattern);
}
if (ofs > 0) {
html(delim);
html("ofs=");
@@ -332,15 +332,15 @@ void cgit_diff_link(char *name, char *title, char *class, char *head,
delim = repolink(title, class, "diff", head, path);
if (new_rev && strcmp(new_rev, ctx.qry.head)) {
html(delim);
html("id=");
- html_attr(new_rev);
+ html_url_arg(new_rev);
delim = "&amp;";
}
if (old_rev) {
html(delim);
html("id2=");
- html_attr(old_rev);
+ html_url_arg(old_rev);
}
html("'>");
html_txt(name);
html("</a>");