===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 1.1.1.13
retrieving revision 1.1.1.27
diff -u -p -r1.1.1.13 -r1.1.1.27
--- cvsweb/cvsweb.cgi 2000/12/07 12:45:50 1.1.1.13
+++ cvsweb/cvsweb.cgi 2001/07/06 09:54:57 1.1.1.27
@@ -1,4 +1,4 @@
-#!/usr/bin/perl5 -ws
+#!/usr/bin/perl -wT
#
# cvsweb - a CGI interface to CVS trees.
#
@@ -18,7 +18,7 @@
# Copyright (c) 1996-1998 Bill Fenner
# (c) 1998-1999 Henner Zeller
# (c) 1999 Henrik Nordstrom
-# (c) 2000 Akinori MUSHA
+# (c) 2000-2001 Akinori MUSHA
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
@@ -42,21 +42,25 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $zId: cvsweb.cgi,v 1.104 2000/11/01 22:05:12 hnordstrom Exp $
-# $kId: cvsweb.cgi,v 1.41 2000/12/06 18:19:12 knu Exp $
+# $zId: cvsweb.cgi,v 1.110 2001/06/29 09:29:36 hnordstrom Exp $
+# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.78 2001/07/06 09:49:01 knu Exp $
#
###
+require 5.000;
+
use strict;
use vars qw (
- $config $allow_version_select $verbose
- %CVSROOT %CVSROOTdescr %MIRRORS %DEFAULTVALUE %ICONS %MTYPES
+ $cvsweb_revision
+ $mydir $uname $config $allow_version_select $verbose
+ @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr
+ %MIRRORS %DEFAULTVALUE %ICONS %MTYPES
@DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS
%alltags @tabcolors %fileinfo %tags @branchnames %nameprinted
%symrev %revsym @allrevisions %date %author @revdisplayorder
@revisions %state %difflines %log %branchpoint @revorder
- $prcgi @prcategories $prcategories $mancgi
+ $prcgi @prcategories $re_prcategories $prkeyword $re_prkeyword $mancgi
$checkoutMagic $doCheckout $scriptname $scriptwhere
$where $pathinfo $Browser $nofilelinks $maycompress @stickyvars
%funcline_regexp $is_mod_perl
@@ -64,7 +68,8 @@ use vars qw (
%input $query $barequery $sortby $bydate $byrev $byauthor
$bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot
$mimetype $charset $defaultTextPlain $defaultViewable
- $allow_compress $GZIPBIN $backicon $diricon $fileicon
+ $command_path %CMD $allow_compress
+ $backicon $diricon $fileicon
$fullname $newname $cvstreedefault
$body_tag $body_tag_for_src $logo $defaulttitle $address
$long_intro $short_instruction $shortLogLen
@@ -75,11 +80,12 @@ use vars qw (
$difffontsize $inputTextSize $mime_types $allow_annotate
$allow_markup $use_java_script $open_extern_window
$extern_window_width $extern_window_height $edit_option_form
- $show_subdir_lastmod $show_log_in_markup $v
+ $show_subdir_lastmod $show_log_in_markup $preformat_in_markup $v
$navigationHeaderColor $tableBorderColor $markupLogColor
$tabstop $state $annTable $sel $curbranch @HideModules
$module $use_descriptions %descriptions @mytz $dwhere $moddate
$use_moddate $has_zlib $gzip_open
+ $allow_tar @tar_options @gzip_options @zip_options @cvs_options
$LOG_FILESEPARATOR $LOG_REVSEPARATOR
);
@@ -95,6 +101,7 @@ sub revcmp($$);
sub fatal($$);
sub redirect($);
sub safeglob($);
+sub search_path($);
sub getMimeTypeFromSuffix($);
sub head($;$);
sub scan_directives(@);
@@ -122,6 +129,7 @@ sub toggleQuery($$);
sub urlencode($);
sub htmlquote($);
sub htmlunquote($);
+sub hrefquote($);
sub http_header(;$);
sub html_header($);
sub html_footer();
@@ -129,16 +137,26 @@ sub link_tags($);
sub forbidden_module($);
##### Start of Configuration Area ########
-use Cwd;
+delete $ENV{PATH};
+$cvsweb_revision = '1.110' . '.' . (split(/ /,
+ q$Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.78 2001/07/06 09:49:01 knu Exp $
+))[2];
+
+use File::Basename;
+
+($mydir) = (dirname($0) =~ /(.*)/); # untaint
+
# == EDIT this ==
# Locations to search for user configuration, in order:
for (
- $ENV{CVSWEB_CONFIG},
- '/usr/local/etc/cvsweb.conf',
- getcwd() . '/cvsweb.conf'
+ "$mydir/cvsweb.conf",
+ '/usr/local/etc/cvsweb/cvsweb.conf'
) {
- $config = $_ if defined($_) && -r $_;
+ if (defined($_) && -r $_) {
+ $config = $_;
+ last;
+ }
}
# == Configuration defaults ==
@@ -150,8 +168,9 @@ $allow_version_select = 1;
######## Configuration variables #########
# These are defined to allow checking with perl -cw
-%CVSROOT = %MIRRORS = %DEFAULTVALUE = %ICONS = %MTYPES =
-%tags = %alltags = @tabcolors = ();
+@CVSrepositories = @CVSROOT = %CVSROOT =
+%MIRRORS = %DEFAULTVALUE = %ICONS = %MTYPES =
+%tags = %alltags = @tabcolors = %fileinfo = ();
$cvstreedefault = $body_tag = $body_tag_for_src =
$logo = $defaulttitle = $address =
$long_intro = $short_instruction = $shortLogLen =
@@ -228,23 +247,29 @@ $verbose = $v;
$checkoutMagic = "~checkout~";
$pathinfo = defined($ENV{PATH_INFO}) ? $ENV{PATH_INFO} : '';
$where = $pathinfo;
-$doCheckout = ($where =~ /^\/$checkoutMagic/);
-$where =~ s|^/($checkoutMagic)?||;
-$where =~ s|/+$||;
+$doCheckout = ($where =~ m|^/$checkoutMagic/|);
+$where =~ s|^/$checkoutMagic/|/|;
+$where =~ s|^/||;
$scriptname = defined($ENV{SCRIPT_NAME}) ? $ENV{SCRIPT_NAME} : '';
-$scriptname =~ s|^/?|/|;
-$scriptname =~ s|/+$||;
-$scriptwhere = $scriptname;
-if ($where) {
- $scriptwhere .= '/' . urlencode($where);
+$scriptname =~ s|^/*|/|;
+
+# Let's workaround thttpd's stupidity..
+if ($scriptname =~ m|/$|) {
+ $pathinfo .= '/';
+ my $re = quotemeta $pathinfo;
+ $scriptname =~ s/$re$//;
}
+$scriptwhere = $scriptname;
+$scriptwhere .= '/' . urlencode($where);
+$where = '/' if ($where eq '');
+
$is_mod_perl = defined($ENV{MOD_PERL});
# in lynx, it it very annoying to have two links
# per file, so disable the link at the icon
# in this case:
-$Browser = $ENV{HTTP_USER_AGENT};
+$Browser = $ENV{HTTP_USER_AGENT} || '';
$is_links = ($Browser =~ m`^Links `);
$is_lynx = ($Browser =~ m`^Lynx/`i);
$is_w3m = ($Browser =~ m`^w3m/`i);
@@ -277,16 +302,14 @@ $maycompress = (((defined($ENV{HTTP_ACCEPT_ENCODING})
@stickyvars = qw(cvsroot hideattic sortby logsort f only_with_tag);
if (-f $config) {
- do $config
+ require $config
|| &fatal("500 Internal Error",
sprintf('Error in loading configuration file: %s
%s
',
$config, &htmlify($@)));
} else {
&fatal("500 Internal Error",
'Configuration not found. Set the variable $config
'
- . 'in cvsweb.cgi, or the environment variable '
- . 'CVSWEB_CONFIG
, to your cvsweb.conf '
- . 'configuration file first.');
+ . 'in cvsweb.cgi to your cvsweb.conf configuration file first.');
}
undef %input;
@@ -294,6 +317,7 @@ $query = $ENV{QUERY_STRING};
if (defined($query) && $query ne '') {
foreach (split(/&/, $query)) {
+ y/+/ /;
s/%(..)/sprintf("%c", hex($1))/ge; # unquote %-quoted
if (/(\S+)=(.*)/) {
$input{$1} = $2 if ($2 ne "");
@@ -352,6 +376,10 @@ else {
}
undef @barequery;
+if (defined($input{path})) {
+ redirect("$scriptname/$input{path}$query");
+}
+
# get actual parameters
$sortby = $input{"sortby"};
$bydate = 0;
@@ -379,7 +407,22 @@ $defaultDiffType = $input{'f'};
$logsort = $input{'logsort'};
+my @tmp = @CVSrepositories;
+my @pair;
+while (@pair = splice(@tmp, 0, 2)) {
+ my($key, $val) = @pair;
+ my($descr, $cvsroot) = @$val;
+
+ next if !-d $cvsroot;
+
+ $CVSROOTdescr{$key} = $descr;
+ $CVSROOT{$key} = $cvsroot;
+ push @CVSROOT, $key;
+}
+undef @tmp;
+undef @pair;
+
## Default CVS-Tree
if (!defined($CVSROOT{$cvstreedefault})) {
&fatal("500 Internal Error",
@@ -404,7 +447,7 @@ foreach $k (keys %ICONS) {
my ($itxt,$ipath,$iwidth,$iheight) = @{$ICONS{$k}};
if ($ipath) {
${"${k}icon"} = sprintf('',
- htmlquote($ipath), htmlquote($itxt), $iwidth, $iheight)
+ hrefquote($ipath), htmlquote($itxt), $iwidth, $iheight)
}
else {
${"${k}icon"} = $itxt;
@@ -416,49 +459,45 @@ my $config_cvstree = "$config-$cvstree";
# Do some special configuration for cvstrees
if (-f $config_cvstree) {
- do $config_cvstree
+ require $config_cvstree
|| &fatal("500 Internal Error",
sprintf('Error in loading configuration file: %s
%s
',
$config_cvstree, &htmlify($@)));
}
undef $config_cvstree;
-$prcategories = '(?:' . join('|', @prcategories) . ')';
+$re_prcategories = '(?:' . join('|', @prcategories) . ')' if @prcategories;
+$re_prkeyword = quotemeta($prkeyword) if defined($prkeyword);
$prcgi .= '%s' if defined($prcgi) && $prcgi !~ /%s/;
-$fullname = $cvsroot . '/' . $where;
+$fullname = "$cvsroot/$where";
$mimetype = &getMimeTypeFromSuffix ($fullname);
$defaultTextPlain = ($mimetype eq "text/plain");
$defaultViewable = $allow_markup && viewable($mimetype);
-# search for GZIP if compression allowed
-# We've to find out if the GZIP-binary exists .. otherwise
-# ge get an Internal Server Error if we try to pipe the
-# output through the nonexistent gzip ..
-# any more elegant ways to prevent this are welcome!
-if ($allow_compress && $maycompress && !$has_zlib) {
- foreach (split(/:/, $ENV{PATH})) {
- if (-x "$_/gzip") {
- $GZIPBIN = "$_/gzip";
- last;
- }
- }
+my $rewrite = 0;
+
+if ($pathinfo =~ m|//|) {
+ $pathinfo =~ y|/|/|s;
+ $rewrite = 1;
}
-if (-d $fullname) {
- #
- # ensure, that directories always end with (exactly) one '/'
- # to allow relative URL's. If they're not, make a redirect.
- ##
- if (!($pathinfo =~ m|/$|) || ($pathinfo =~ m |/{2,}$|)) {
- redirect ($scriptwhere . '/' . $query);
- }
- else {
- $where .= '/';
- $scriptwhere .= '/';
- }
+if (-d $fullname && $pathinfo !~ m|/$|) {
+ $pathinfo .= '/';
+ $rewrite = 1;
}
+if (!-d $fullname && $pathinfo =~ m|/$|) {
+ chop $pathinfo;
+ $rewrite = 1;
+}
+
+if ($rewrite) {
+ redirect($scriptname . urlencode($pathinfo) . $query);
+}
+
+undef $rewrite;
+
if (!-d $cvsroot) {
&fatal("500 Internal Error",'$CVSROOT not found!
The server on which the CVS tree lives is probably down. Please try again in a few minutes.');
}
@@ -471,10 +510,63 @@ $module = $1;
if ($module && &forbidden_module($module)) {
&fatal("403 Forbidden", "Access to $where forbidden.");
}
+
+#
+# Handle tarball downloads before any headers are output.
+#
+if ($input{tarball}) {
+ &fatal("403 Forbidden", "Downloading tarballs is prohibited.")
+ unless $allow_tar;
+ my($module) = ($where =~ m,^/?(.*),); # untaint
+ $module =~ s,/([^/]*)$,,;
+ my($ext) = ($1 =~ /(\.tar\.gz|\.zip)$/);
+ my($basedir) = ($module =~ m,([^/]+)$,);
+
+ if ($basedir eq '' || $module eq '') {
+ &fatal("500 Internal Error", "You cannot download the top level directory.");
+ }
+
+ my $tmpdir = "/tmp/.cvsweb.$$." . int(time);
+
+ mkdir($tmpdir, 0700)
+ or &fatal("500 Internal Error", "Unable to make temporary directory: $!");
+
+ my @fatal;
+
+ my $tag = (exists $input{only_with_tag} && length $input{only_with_tag})
+ ? $input{only_with_tag} : "HEAD";
+
+ if (system $CMD{cvs}, @cvs_options, '-Qd', $cvsroot, 'export', '-r', $tag, '-d', "$tmpdir/$basedir", $module) {
+ @fatal = ("500 Internal Error", "cvs co failure: $!: $module");
+ } else {
+ $| = 1; # Essential to get the buffering right.
+
+ if ($ext eq '.tar.gz') {
+ print "Content-type: application/x-gzip\r\n\r\n";
+
+ system "$CMD{tar} @tar_options -cf - -C $tmpdir $basedir | $CMD{gzip} @gzip_options -c"
+ and @fatal = ("500 Internal Error", "tar zc failure: $!: $basedir");
+ } elsif ($ext eq '.zip' && $CMD{zip}) {
+ print "Content-type: application/zip\r\n\r\n";
+
+ system "cd $tmpdir && $CMD{zip} @zip_options -r - $basedir"
+ and @fatal = ("500 Internal Error", "zip failure: $!: $basedir");
+ } else {
+ @fatal = ("500 Internal Error", "unsupported file type");
+ }
+ }
+
+ system $CMD{rm}, '-rf', $tmpdir if -d $tmpdir;
+
+ &fatal(@fatal) if @fatal;
+
+ exit;
+}
+
##############################
# View a directory
###############################
-elsif (-d $fullname) {
+if (-d $fullname) {
my $dh = do {local(*DH);};
opendir($dh, $fullname) || &fatal("404 Not Found","$where: $!");
my @dir = readdir($dh);
@@ -649,7 +741,8 @@ elsif (-d $fullname) {
if ($_ eq '..' || -d "$fullname/$_") {
next if ($_ eq '..' && $where eq '/');
- my ($rev,$date,$log,$author,$filename) = @{$fileinfo{$_}}
+ my ($rev,$date,$log,$author,$filename);
+ ($rev,$date,$log,$author,$filename) = @{$fileinfo{$_}}
if (defined($fileinfo{$_}));
printf '
', $tabcolors[$dirrow % 2] if $dirtable;
if ($_ eq '..') {
@@ -660,10 +753,10 @@ elsif (-d $fullname) {
else {
print &link($backicon, $url);
}
- print " ", &link("Previous Directory", $url);
+ print " ", &link("Parent Directory", $url);
}
else {
- $url = urlencode($_) . "/$query";
+ $url = './' . urlencode($_) . "/$query";
print "";
if ($nofilelinks) {
print $diricon;
@@ -726,7 +819,7 @@ elsif (-d $fullname) {
}
elsif (s/,v$//) {
$fileurl = ($attic ? "Attic/" : "") . urlencode($_);
- $url = $fileurl . $query;
+ $url = './' . $fileurl . $query;
my $rev = '';
my $date = '';
my $log = '';
@@ -809,9 +902,33 @@ elsif (-d $fullname) {
">$tag\n";
}
print "\n";
+ print " Module path or alias:\n";
+ printf "\n", htmlquote($where);
print "\n";
print "\n";
}
+
+ if ($allow_tar) {
+ my($basefile) = ($where =~ m,(?:.*/)?([^/]+),);
+
+ if (defined($basefile) && $basefile ne '') {
+ print " \n",
+ "Download this directory in ";
+ # Mangle the filename so browsers show a reasonable
+ # filename to download.
+ print &link("tarball",
+ "./$basefile.tar.gz$query".
+ ($query ? "&" : "?")."tarball=1");
+ if ($CMD{zip}) {
+ print " or ",
+ &link("zip archive",
+ "./$basefile.zip$query".
+ ($query ? "&" : "?")."tarball=1");
+ }
+ print " ";
+ }
+ }
+
my $formwhere = $scriptwhere;
$formwhere =~ s|Attic/?$|| if ($input{'hideattic'});
@@ -895,7 +1012,7 @@ elsif (-d $fullname) {
# The file has been removed and is in the Attic.
# Send a redirect pointing to the file in the Attic.
(my $newplace = $scriptwhere) =~ s|/([^/]+)$|/Attic/$1|;
- &redirect($newplace);
+ redirect("$newplace$query");
exit;
}
elsif (0 && (my @files = &safeglob($fullname . ",v"))) {
@@ -909,13 +1026,13 @@ elsif (-d $fullname) {
my $fh = do {local(*FH);};
my ($xtra, $module);
# Assume it's a module name with a potential path following it.
- $xtra = $& if (($module = $where) =~ s|/.*||);
+ $xtra = (($module = $where) =~ s|/.*||) ? $& : '';
# Is there an indexed version of modules?
- if (open($fh, "$cvsroot/CVSROOT/modules")) {
+ if (open($fh, "< $cvsroot/CVSROOT/modules")) {
while (<$fh>) {
if (/^(\S+)\s+(\S+)/o && $module eq $1
- && -d "${cvsroot}/$2" && $module ne $2) {
- &redirect($scriptname . '/' . $2 . $xtra);
+ && -d "$cvsroot/$2" && $module ne $2) {
+ redirect("$scriptname/$2$xtra$query");
}
}
}
@@ -1000,11 +1117,11 @@ sub findLastModifiedSubdirs(@) {
sub htmlify_sub(&$) {
(my $proc, local $_) = @_;
- local @_ = split(m`(]+>[^<]*)`i);
+ my @a = split(m`(]+>[^<]*)`i);
my $linked;
my $result = '';
- while (($_, $linked) = splice(@_, 0, 2)) {
+ while (($_, $linked) = splice(@a, 0, 2)) {
&$proc();
$result .= $_ if defined($_);
$result .= $linked if defined($linked);
@@ -1036,7 +1153,7 @@ sub htmlify($;$) {
if ($extra) {
# get PR #'s as link: "PR#nnnn" "PR: nnnn, ..." "PR nnnn, ..." "bin/nnnn"
- if (defined($prcgi)) {
+ if (defined($prcgi) && defined($re_prcategories) && defined($re_prkeyword)) {
my $prev;
do {
@@ -1044,7 +1161,7 @@ sub htmlify($;$) {
$_ = htmlify_sub {
s{
- (\bPR[:\#]?\s*
+ (\b$re_prkeyword[:\#]?\s*
(?:
\#?
\d+[,\s]\s*
@@ -1052,16 +1169,16 @@ sub htmlify($;$) {
\#?)
(\d+)\b
}{
- $1 . &link($2, sprintf($prcgi, $2)) . $3
+ $1 . &link($2, sprintf($prcgi, $2))
}egix;
} $_;
} while ($_ ne $prev);
$_ = htmlify_sub {
s{
- (\b$prcategories/(\d+)\b)
+ (\b$re_prcategories/(\d+)\b)
}{
- &link($1, sprintf($prcgi, $2)) . $3
+ &link($1, sprintf($prcgi, $2))
}egox;
} $_;
}
@@ -1070,7 +1187,7 @@ sub htmlify($;$) {
if (defined($mancgi)) {
$_ = htmlify_sub {
s{
- (\b([a-zA-Z][\w_.]+)
+ (\b([a-zA-Z][\w.]+)
(?:
\( ([0-9n]) \)\B
|
@@ -1078,7 +1195,7 @@ sub htmlify($;$) {
)
)
}{
- &link($1, sprintf($mancgi, $3 ne '' ? $3 : $4, $2)) . $5
+ &link($1, sprintf($mancgi, defined($3) ? $3 : $4, $2))
}egx;
} $_;
}
@@ -1118,9 +1235,11 @@ sub spacedHtmlText($;$) {
}
sub link($$) {
- my($name, $where) = @_;
+ my($name, $url) = @_;
- sprintf '%s', htmlquote($where), $name;
+ $url =~ s/:/sprintf("%%%02x", ord($&))/eg if $url =~ /^[^a-z]/; # relative
+
+ sprintf '%s', hrefquote($url), $name;
}
sub revcmp($$) {
@@ -1197,11 +1316,23 @@ sub safeglob($) {
push(@results, "$dirname/" .$_);
}
}
+ closedir($dh);
}
@results;
}
+sub search_path($) {
+ my($command) = @_;
+ my $d;
+
+ for $d (split(/:/, $command_path)) {
+ return "$d/$command" if -x "$d/$command";
+ }
+
+ '';
+}
+
sub getMimeTypeFromSuffix($) {
my ($fullname) = @_;
my ($mimetype, $suffix);
@@ -1275,7 +1406,7 @@ sub doAnnotate($$) {
my $reader = do {local(*FH);};
my $writer = do {local(*FH);};
- # make sure the revisions a wellformed, for security
+ # make sure the revisions are wellformed, for security
# reasons ..
if ($rev =~ /[^\w.]/) {
&fatal("404 Not Found",
@@ -1294,8 +1425,8 @@ sub doAnnotate($$) {
# the public domain.
# we could abandon the use of rlog, rcsdiff and co using
# the cvsserver in a similiar way one day (..after rewrite)
- $pid = open2($reader, $writer, "cvs -Rl server") || fatal ("500 Internal Error",
- "Fatal Error - unable to open cvs for annotation");
+ $pid = open2($reader, $writer, $CMD{cvs}, @cvs_options, "server")
+ || fatal ("500 Internal Error", "Fatal Error - unable to open cvs for annotation");
# OK, first send the request to the server. A simplified example is:
# Root /home/kingdon/zwork/cvsroot
@@ -1486,8 +1617,8 @@ sub doCheckout($$) {
#
# Safely for a child process to read from.
if (! open($fh, "-|")) { # child
- open(STDERR, ">&STDOUT"); # Redirect stderr to stdout
- exec("cvs", "-Rld", $cvsroot, "co", "-p", $revopt, $where);
+ open(STDERR, ">&STDOUT"); # Redirect stderr to stdout
+ exec($CMD{cvs}, @cvs_options, '-d', $cvsroot, 'co', '-p', $revopt, $where);
}
if (eof($fh)) {
@@ -1502,6 +1633,7 @@ sub doCheckout($$) {
# Parse CVS header
my ($revision, $filename, $cvsheader);
+ $filename = "";
while(<$fh>) {
last if (/^\*\*\*\*/);
$revision = $1 if (/^VERS: (.*)$/);
@@ -1564,12 +1696,12 @@ sub cvswebMarkup($$$) {
my $url = download_url($fileurl, $revision, $mimetype);
print " ";
if ($mimetype =~ /^image/) {
- printf ' ', htmlquote("$url$barequery");
+ printf ' ', hrefquote("$url$barequery");
}
elsif ($mimetype =~ m%^application/pdf%) {
- printf ' |