=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 1.1.1.31 retrieving revision 1.1.1.34 diff -u -p -r1.1.1.31 -r1.1.1.34 --- cvsweb/cvsweb.cgi 2002/05/22 08:16:25 1.1.1.31 +++ cvsweb/cvsweb.cgi 2002/09/26 22:09:02 1.1.1.34 @@ -3,14 +3,15 @@ # cvsweb - a CGI interface to CVS trees. # # Written in their spare time by -# Bill Fenner (original work) -# extended by Henner Zeller , -# Henrik Nordstrom -# Ken Coar -# Dick Balaska -# Akinori MUSHA -# Jens-Uwe Mager -# Ville Skyttä (html cleanup) +# Bill Fenner (original work) +# extended by Henner Zeller , +# Henrik Nordstrom +# Ken Coar +# Dick Balaska +# Akinori MUSHA +# Jens-Uwe Mager +# Ville Skyttä +# Vassilii Khachaturov # # Based on: # * Bill Fenners cvsweb.cgi revision 1.28 available from: @@ -18,9 +19,9 @@ # # Copyright (c) 1996-1998 Bill Fenner # (c) 1998-1999 Henner Zeller -# (c) 1999 Henrik Nordstrom -# (c) 2000-2002 Akinori MUSHA -# All rights reserved. +# (c) 1999 Henrik Nordstrom +# (c) 2000-2002 Akinori MUSHA +# (c) 2002 Ville Skyttä‹# All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions @@ -43,9 +44,10 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.104 2002/05/22 08:10:18 knu Exp $ +# FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119 2002/07/23 13:58:32 scop Exp # $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ # $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ +# $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.85 2002/07/23 16:27:04 scop Exp $ # ### @@ -92,7 +94,7 @@ use vars qw ( $use_moddate $has_zlib $gzip_open $allow_tar @tar_options @gzip_options @zip_options @cvs_options $LOG_FILESEPARATOR $LOG_REVSEPARATOR - $tmpdir $HTML_DOCTYPE + $tmpdir $HTML_DOCTYPE $HTML_META ); sub printDiffSelect($); @@ -147,7 +149,7 @@ sub forbidden_module($); ##### Start of Configuration Area ######## delete $ENV{PATH}; -$cvsweb_revision = '2.0.3'; +$cvsweb_revision = '2.0.5'; use File::Basename (); @@ -185,7 +187,7 @@ $cvstreedefault = $body_tag = $body_tag_for_src = $log $extern_window_width = $extern_window_height = $edit_option_form = $show_subdir_lastmod = $show_log_in_markup = $v = $navigationHeaderColor = $tableBorderColor = $markupLogColor = $tabstop = $use_moddate = $moddate = - $gzip_open = $HTML_DOCTYPE = undef; + $gzip_open = $HTML_DOCTYPE = $HTML_META = undef; $tmpdir = defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/var/tmp"; $LOG_FILESEPARATOR = q/^={77}$/; @@ -233,9 +235,28 @@ $LOG_REVSEPARATOR = q/^-{28}$/; }, ); +$cgi_style::hsty_base = 'http://www.FreeBSD.org'; +$_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.85 2002/07/23 16:27:04 scop Exp $; +@_ = split; +$cgi_style::hsty_date = "@_[3,4]"; + +# warningproof +0 if $cgi_style::hsty_base ne $cgi_style::hsty_date; + +package cgi_style; +require "$main::mydir/cgi-style.pl"; +package main; + $HTML_DOCTYPE = ''; +$HTML_META = < + + + +EOM + ##### End of configuration variables ##### use Time::Local (); @@ -335,7 +356,8 @@ $input{only_with_tag} = $input{only_on_branch} # Prevent cross-site scripting foreach (@unsafevars) { - if (defined($input{$_}) && $input{$_} =~ /[^\w\-.]/) { + # Colons are needed in diffs between tags. + if (defined($input{$_}) && $input{$_} =~ /[^\w\-.:]/) { fatal("500 Internal Error", 'Malformed query (%s=%s)', $_, $input{$_}); @@ -630,14 +652,14 @@ if (-d $fullname) { print $short_instruction; } - my $descriptions; - if (($use_descriptions) && open(DESC, "<$cvsroot/CVSROOT/descriptions")) + if ($use_descriptions && open(DESC, "<$cvsroot/CVSROOT/descriptions")) { while () { chomp; my ($dir, $description) = /(\S+)\s+(.*)/; $descriptions{$dir} = $description; } + close(DESC); } print "

\n"; @@ -924,6 +946,12 @@ if (-d $fullname) { } $dirrow++; } elsif (s/,v$//) { + + # Skip forbidden files now so we'll give no hint + # about their existence. This should probably have + # been done earlier, but it's straightforward here. + next if forbidden_file("$fullname/$_"); + $fileurl = ($attic ? "Attic/" : "") . urlencode($_); $url = './' . $fileurl . $query; my $rev = ''; @@ -1002,8 +1030,9 @@ if (-d $fullname) { || $input{$var} ne $DEFAULTVALUE{$var}) && $input{$var} ne "" && $var ne "only_with_tag"); } - print "

Show only files with tag:\n"; - print ""; print "\n"; @@ -1015,10 +1044,11 @@ if (-d $fullname) { ">$tag\n"; } print "\n"; - print " Module path or alias:\n"; - printf "\n", + print " \n"; + printf "\n", htmlquote($where); - print "

\n"; + print "

\n"; print "\n"; } @@ -1056,7 +1086,9 @@ if (-d $fullname) { print "
\n"; print "\n\n"; print "\n\n"; - print "\n\n\n"; - print "\n\n"; - print "\n\n\n"; - print "\n\n"; + ">\n\n"; print "\n\n\n
Preferences
Sort files by
"; + print "\nSort log by: "; + print ""; printLogSortSelect(0); print "
Diff format: "; + print "
"; printDiffSelect(0); print "
"; - print ""; + print ""; print "
\n
\n\n"; } html_footer(); @@ -1089,6 +1124,13 @@ if (-d $fullname) { # View Files ############################### elsif (-f $fullname . ',v') { + + if (forbidden_file($fullname)) { + fatal('403 Forbidden', + 'Access forbidden. This file is mentioned in @ForbiddenFiles'); + return; + } + if (defined($input{'rev'}) || $doCheckout) { &doCheckout($fullname, $input{'rev'}); gzipclose(); @@ -1184,7 +1226,7 @@ sub printDiffSelect($) { my ($use_java_script) = @_; my $f = $input{'f'}; - print '\n"; @@ -1236,6 +1278,11 @@ sub findLastModifiedSubdirs(@) { $filename = "$dirname/$filename"; my ($file) = "$fullname/$filename"; next if ($filename !~ /,v$/ || !-f $file); + + # Skip forbidden files. + (my $f = $file) =~ s/,v$//; + next if forbidden_file($f); + $filename =~ s/,v$//; my $modtime = -M $file; @@ -1572,12 +1619,6 @@ sub doAnnotate($$) { $ENV{QUERY_STRING}); } - if (&forbidden_file($fullname)) { - fatal("403 Forbidden", - 'Access forbidden. This file is mentioned in @ForbiddenFiles'); - return; - } - ($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; ($filename = $where) =~ s/^.*\///; @@ -1762,12 +1803,6 @@ sub doCheckout($$) { $ENV{QUERY_STRING}); } - if (&forbidden_file($fullname)) { - fatal("403 Forbidden", - 'Access forbidden. This file is mentioned in @ForbiddenFiles'); - return; - } - # get mimetype if (defined($input{"content-type"}) && ($input{"content-type"} =~ /\S\/\S/)) @@ -2763,7 +2798,6 @@ sub printLog($;$) { printDiffLinks($input{'r1'}, $url); } - print '
' if $diff; } print "\n

\n
\n";
 	print &htmlify($log{$_}, $allow_log_extra);
@@ -2825,41 +2859,47 @@ sub doLog($) {
 		    || $input{$_} ne $DEFAULTVALUE{$_}) && $input{$_} ne ""));
 	}
 	print "\n\n";
-	print "\n";
+	    "\n";
 	print "\n\n";
-	print "\n\n\n";
-	print "\n";
+	    "\n";
+	print "\n";
 	print "\n
Diffs between \n";
-	print "";
+	print "\n";
+	print "\n";
 	$diffrev = $revdisplayorder[$#revdisplayorder];
 	$diffrev = $input{"r1"} if (defined($input{"r1"}));
 	print
-	    "
and \n";
-	print "
";
+	print "\n";
+	print "\n";
 	$diffrev = $revdisplayorder[0];
 	$diffrev = $input{"r2"} if (defined($input{"r2"}));
 	print
-	    "
\n";
 	print "\n";
 	print "
\n";
 	print "
\n";
 	print "\n";
-	print "\n\n";
+	print "\n\n";
 	print "\n\n\n";
 
 	if (@branchnames) {
-		print "\n\n";
+		print "\n\n";
 		print "\n";
-	print "\n\n";
-	print "\n";
+	print "\n";
 	print "\n
Preferred Diff type:
";
+	print "";
 	printDiffSelect($use_java_script);
 	print "
View only Branch:
";
+		print "";
 		print "\n";
-		print "";
 	print "\n";
-	print "Sort log by:";
+	print "";
 	printLogSortSelect($use_java_script);
 	print "
\n";
 	print "
\n";
 	html_footer();
@@ -3146,12 +3186,8 @@ sub navigateHeader($$$$$) {
 $HTML_DOCTYPE
 
 
-
-
-
-
 $path$filename - $title - $rev$css
-
+$HTML_META
 $body_tag_for_src
 

 

@@ -3281,8 +3317,8 @@ sub chooseCVSRoot() {
 		# isn't gray and the form elements are not placed
 		# within a table ...
 		print "\n\n";
-		print "\n";
-		print "\n";
+		print "\n\n
CVS Root:\n\n\n";
-	print "";
+	print " \n";
+	print "\n";
+	print "";
 
 	if (2 <= @CVSROOT) {
 		print "
";
@@ -3314,24 +3351,24 @@ sub chooseCVSRoot() {
 }
 
 sub chooseMirror() {
-	my ($mirror, $moremirrors);
-	$moremirrors = 0;
 
 	# This code comes from the original BSD-cvsweb
 	# and may not be useful for your site; If you don't
-	# set %MIRRORS this won't show up, anyway
-	#
-	# Should perhaps exlude the current site somehow..
-	if (keys %MIRRORS) {
-		print "\nThis cvsweb is mirrored in:\n";
+	# set %MIRRORS this won't show up, anyway.
+	scalar(%MIRRORS) or return;
 
-		foreach $mirror (keys %MIRRORS) {
-			print ", " if ($moremirrors);
-			print &link(htmlquote($mirror), $MIRRORS{$mirror});
-			$moremirrors = 1;
-		}
-		print "
\n";
+	# Should perhaps exclude the current site somehow...
+	print "\n
\nThis CVSweb is mirrored in\n";
+
+	my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}),
+		      sort keys %MIRRORS);
+	my $tmp = pop(@tmp);
+
+	if (scalar(@tmp)) {
+	    print join(', ', @tmp), ' and ';
 	}
+
+	print "$tmp.\n
\n";
 }
 
 sub fileSortCmp() {
@@ -3359,10 +3396,14 @@ sub fileSortCmp() {
 
 	if ($comp == 0) {
 
-		# Directories first, then sorted on name if no other sort critera
-		# available.
-		my $ad = ((-d "$fullname/$a") ? "D" : "F");
-		my $bd = ((-d "$fullname/$b") ? "D" : "F");
+		# Directories first, then files under version control,
+		# then other, "rogue" files.
+		# Sort by filename if no other criteria available.
+
+		my $ad = ((-d "$fullname/$a") ? 'D'
+		    : (defined($fileinfo{$af}) ? 'F' : 'R'));
+		my $bd = ((-d "$fullname/$b") ? 'D'
+		    : (defined($fileinfo{$bf}) ? 'F' : 'R'));
 		($c = $a) =~ s|.*/||;
 		($d = $b) =~ s|.*/||;
 		$comp = ("$ad$c" cmp "$bd$d");
@@ -3422,7 +3463,7 @@ sub download_link($$$;$) {
 		# currently, the best way is to comment out the size parameters
 		# ($extern_window...) in cvsweb.conf.
 		if ($use_java_script) {
-			my @attr = qw(resizeable scrollbars);
+			my @attr = qw(resizable scrollbars);
 
 			push @attr, qw(status toolbar)
 			    if (defined($mimetype) && $mimetype eq "text/html");
@@ -3439,7 +3480,7 @@ sub download_link($$$;$) {
 			# the same window *twice*.
 			printf
 			    q` onclick="window.open('%s','cvs_checkout','%s');return false"`,
-			    hrefquote($fullurl), join (',', @attr);
+			    hrefquote("$fullurl$barequery"), join (',', @attr);
 		}
 	}
 	print ">$textlink";
@@ -3590,23 +3631,21 @@ sub http_header(;$) {
 sub html_header($) {
 	my ($title) = @_;
 	http_header("text/html");
+
+	(my $header = &cgi_style::html_header) =~ s,\A.*\n,,s;
+
 	print <
 
-
-
-
 $title
-
-
-$body_tag
-$logo 
$title

+$HTML_META
+$header
 EOH
 }
 
 sub html_footer() {
-	print "
\n
$address
\n\n\n";
+	return &cgi_style::html_footer;
 }
 
 sub link_tags($) {