summaryrefslogtreecommitdiffabout
authorLars Hjemli <hjemli@gmail.com>2008-10-05 17:25:47 (UTC)
committer Lars Hjemli <hjemli@gmail.com>2008-10-05 17:25:47 (UTC)
commit2e884f3162771880a2a5260713d6b7d1aa25bc6f (patch) (side-by-side diff)
tree6d7193cc2ce766ac3d350ba3f2ea20e546ec5344
parentb7f33786ef4b155a11b0324f84bbde5d7fc9c998 (diff)
downloadcgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.zip
cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.gz
cgit-2e884f3162771880a2a5260713d6b7d1aa25bc6f.tar.bz2
ui-shared: use html_url_path() to get properly escaped url in form action
When a repo uses an url with e.g. '#' or '?' characters this needs to be properly escaped when used as action in a form tag. Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--ui-shared.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/ui-shared.c b/ui-shared.c
index f858ab6..1e12529 100644
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -460,256 +460,256 @@ void cgit_print_http_headers(struct cgit_context *ctx)
}
void cgit_print_docstart(struct cgit_context *ctx)
{
char *host = cgit_hosturl();
html(cgit_doctype);
html("<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>\n");
html("<head>\n");
html("<title>");
html_txt(ctx->page.title);
html("</title>\n");
htmlf("<meta name='generator' content='cgit %s'/>\n", cgit_version);
if (ctx->cfg.robots && *ctx->cfg.robots)
htmlf("<meta name='robots' content='%s'/>\n", ctx->cfg.robots);
html("<link rel='stylesheet' type='text/css' href='");
html_attr(ctx->cfg.css);
html("'/>\n");
if (ctx->cfg.favicon) {
html("<link rel='shortcut icon' href='");
html_attr(ctx->cfg.favicon);
html("'/>\n");
}
if (host && ctx->repo) {
html("<link rel='alternate' title='Atom feed' href='http://");
html_attr(cgit_hosturl());
html_attr(cgit_fileurl(ctx->repo->url, "atom", ctx->qry.path,
fmt("h=%s", ctx->qry.head)));
html("' type='application/atom+xml'/>");
}
html("</head>\n");
html("<body>\n");
}
void cgit_print_docend()
{
html("</div>");
if (ctx.cfg.footer)
html_include(ctx.cfg.footer);
else {
htmlf("<div class='footer'>generated by cgit %s at ",
cgit_version);
cgit_print_date(time(NULL), FMT_LONGDATE, ctx.cfg.local_time);
html("</div>\n");
}
html("</body>\n</html>\n");
}
int print_branch_option(const char *refname, const unsigned char *sha1,
int flags, void *cb_data)
{
char *name = (char *)refname;
html_option(name, name, ctx.qry.head);
return 0;
}
int print_archive_ref(const char *refname, const unsigned char *sha1,
int flags, void *cb_data)
{
struct tag *tag;
struct taginfo *info;
struct object *obj;
char buf[256], *url;
unsigned char fileid[20];
int *header = (int *)cb_data;
if (prefixcmp(refname, "refs/archives"))
return 0;
strncpy(buf, refname+14, sizeof(buf));
obj = parse_object(sha1);
if (!obj)
return 1;
if (obj->type == OBJ_TAG) {
tag = lookup_tag(sha1);
if (!tag || parse_tag(tag) || !(info = cgit_parse_tag(tag)))
return 0;
hashcpy(fileid, tag->tagged->sha1);
} else if (obj->type != OBJ_BLOB) {
return 0;
} else {
hashcpy(fileid, sha1);
}
if (!*header) {
html("<h1>download</h1>\n");
*header = 1;
}
url = cgit_pageurl(ctx.qry.repo, "blob",
fmt("id=%s&amp;path=%s", sha1_to_hex(fileid),
buf));
html_link_open(url, NULL, "menu");
html_txt(strlpart(buf, 20));
html_link_close();
return 0;
}
void add_hidden_formfields(int incl_head, int incl_search, char *page)
{
char *url;
if (!ctx.cfg.virtual_root) {
url = fmt("%s/%s", ctx.qry.repo, page);
if (ctx.qry.path)
url = fmt("%s/%s", url, ctx.qry.path);
html_hidden("url", url);
}
if (incl_head && ctx.qry.head && ctx.repo->defbranch &&
strcmp(ctx.qry.head, ctx.repo->defbranch))
html_hidden("h", ctx.qry.head);
if (ctx.qry.sha1)
html_hidden("id", ctx.qry.sha1);
if (ctx.qry.sha2)
html_hidden("id2", ctx.qry.sha2);
if (incl_search) {
if (ctx.qry.grep)
html_hidden("qt", ctx.qry.grep);
if (ctx.qry.search)
html_hidden("q", ctx.qry.search);
}
}
char *hc(struct cgit_cmd *cmd, const char *page)
{
return (strcmp(cmd->name, page) ? NULL : "active");
}
void cgit_print_pageheader(struct cgit_context *ctx)
{
struct cgit_cmd *cmd = cgit_get_cmd(ctx);
html("<table id='header'>\n");
html("<tr>\n");
html("<td class='logo' rowspan='2'><a href='");
if (ctx->cfg.logo_link)
html_attr(ctx->cfg.logo_link);
else
html_attr(cgit_rooturl());
html("'><img src='");
html_attr(ctx->cfg.logo);
html("' alt='cgit logo'/></a></td>\n");
html("<td class='main'>");
if (ctx->repo) {
cgit_index_link("index", NULL, NULL, NULL, 0);
html(" : ");
cgit_summary_link(ctx->repo->name, ctx->repo->name, NULL, NULL);
html("</td><td class='form'>");
html("<form method='get' action=''>\n");
add_hidden_formfields(0, 1, ctx->qry.page);
html("<select name='h' onchange='this.form.submit();'>\n");
for_each_branch_ref(print_branch_option, ctx->qry.head);
html("</select> ");
html("<input type='submit' name='' value='switch'/>");
html("</form>");
} else
html_txt(ctx->cfg.root_title);
html("</td></tr>\n");
html("<tr><td class='sub'>");
if (ctx->repo) {
html_txt(ctx->repo->desc);
html("</td><td class='sub right'>");
html_txt(ctx->repo->owner);
} else {
if (ctx->cfg.root_desc)
html_txt(ctx->cfg.root_desc);
else if (ctx->cfg.index_info)
html_include(ctx->cfg.index_info);
}
html("</td></tr></table>\n");
html("<table class='tabs'><tr><td>\n");
if (ctx->repo) {
cgit_summary_link("summary", NULL, NULL, ctx->qry.head);
cgit_refs_link("refs", NULL, hc(cmd, "refs"), ctx->qry.head,
ctx->qry.sha1, NULL);
cgit_log_link("log", NULL, hc(cmd, "log"), ctx->qry.head,
NULL, NULL, 0, NULL, NULL);
cgit_tree_link("tree", NULL, hc(cmd, "tree"), ctx->qry.head,
ctx->qry.sha1, NULL);
cgit_commit_link("commit", NULL, hc(cmd, "commit"),
ctx->qry.head, ctx->qry.sha1);
cgit_diff_link("diff", NULL, hc(cmd, "diff"), ctx->qry.head,
ctx->qry.sha1, ctx->qry.sha2, NULL);
if (ctx->repo->readme)
reporevlink("about", "about", NULL,
hc(cmd, "about"), ctx->qry.head, NULL,
NULL);
html("</td><td class='form'>");
html("<form class='right' method='get' action='");
if (ctx->cfg.virtual_root)
- html_attr(cgit_fileurl(ctx->qry.repo, "log",
- ctx->qry.path, NULL));
+ html_url_path(cgit_fileurl(ctx->qry.repo, "log",
+ ctx->qry.path, NULL));
html("'>\n");
add_hidden_formfields(1, 0, "log");
html("<select name='qt'>\n");
html_option("grep", "log msg", ctx->qry.grep);
html_option("author", "author", ctx->qry.grep);
html_option("committer", "committer", ctx->qry.grep);
html("</select>\n");
html("<input class='txt' type='text' size='10' name='q' value='");
html_attr(ctx->qry.search);
html("'/>\n");
html("<input type='submit' value='search'/>\n");
html("</form>\n");
} else {
site_link(NULL, "index", NULL, hc(cmd, "repolist"), NULL, 0);
if (ctx->cfg.root_readme)
site_link("about", "about", NULL, hc(cmd, "about"),
NULL, 0);
html("</td><td class='form'>");
html("<form method='get' action='");
html_attr(cgit_rooturl());
html("'>\n");
html("<input type='text' name='q' size='10' value='");
html_attr(ctx->qry.search);
html("'/>\n");
html("<input type='submit' value='search'/>\n");
html("</form>");
}
html("</td></tr></table>\n");
html("<div class='content'>");
}
void cgit_print_filemode(unsigned short mode)
{
if (S_ISDIR(mode))
html("d");
else if (S_ISLNK(mode))
html("l");
else if (S_ISGITLINK(mode))
html("m");
else
html("-");
html_fileperm(mode >> 6);
html_fileperm(mode >> 3);
html_fileperm(mode);
}
void cgit_print_snapshot_links(const char *repo, const char *head,
const char *hex, int snapshots)
{
const struct cgit_snapshot_format* f;
char *filename;
for (f = cgit_snapshot_formats; f->suffix; f++) {
if (!(snapshots & f->bit))
continue;
filename = fmt("%s-%s%s", cgit_repobasename(repo), hex,
f->suffix);
cgit_snapshot_link(filename, NULL, NULL, (char *)head,
(char *)hex, filename);
html("<br/>");
}
}