===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 4.5
retrieving revision 4.14
diff -u -p -r4.5 -r4.14
--- cvsweb/cvsweb.cgi 2019/11/09 09:24:13 4.5
+++ cvsweb/cvsweb.cgi 2019/11/11 12:46:23 4.14
@@ -1,5 +1,5 @@
#!/usr/bin/perl
-# $Id: cvsweb.cgi,v 4.5 2019/11/09 09:24:13 schwarze Exp $
+# $Id: cvsweb.cgi,v 4.14 2019/11/11 12:46:23 schwarze Exp $
# $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon
#
# cvsweb - a CGI interface to CVS trees.
@@ -86,6 +86,7 @@ use vars qw (
$allow_enscript @enscript_options %enscript_types
);
+require Compress::Zlib;
use Cwd qw(abs_path);
use File::Path qw(rmtree);
use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir
@@ -102,7 +103,6 @@ use constant CVSWEBMARKUP => qr{^text/(x-cvsweb|vnd\.v
use constant LOG_FILESEPR => qr/^={77}$/o;
use constant LOG_REVSEPR => qr/^-{28}$/o;
-use constant HAS_ZLIB => eval { require Compress::Zlib; };
use constant HAS_EDIFF => eval { require String::Ediff; };
# -----------------------------------------------------------------------------
@@ -113,7 +113,7 @@ use constant HAS_EDIFF => eval { require String::Ed
BEGIN
{
- $VERSION = '3.0.6';
+ $VERSION = '3.1';
$HTML_DOCTYPE =
'General options
EOF
- for my $v qw(hidecvsroot hidenonreadable) {
+ for my $v (qw(hidecvsroot hidenonreadable)) {
printf(qq{\n},
$v, $input{$v} || 0);
}
@@ -1540,7 +1549,7 @@ sub htmlify($;$)
}{
my($text, $name, $section) = ($1, $2, defined($3) ? $3 : $4);
($name =~ /[A-Za-z]/ && $name !~ /\.(:|$)/)
- ? &link($text, sprintf($mancgi, $section, uri_escape($name)))
+ ? &link($text, sprintf($mancgi, uri_escape($name), $section))
: $text;
}egx;
} $_;
@@ -4194,6 +4203,7 @@ sub htmlquote($)
# Special Characters; RFC 1866
s/&/&/g;
s/\"/"/g;
+ s/%22/"/g;
s/</g;
s/>/>/g;
return $_;
@@ -4233,12 +4243,10 @@ sub http_header(;$$)
push(@headers, 'Last-Modified: ' . scalar gmtime($moddate) . ' GMT')
if $moddate;
push(@headers, 'Content-Type: ' . $content_type);
+ push(@headers, "Content-Security-Policy: default-src 'none'; " .
+ "img-src 'self'; style-src 'unsafe-inline'");
if ($allow_compress && $maycompress) {
- if (HAS_ZLIB
- || (defined($CMD{gzip}) && open(GZIP, "| $CMD{gzip} -1 -c")))
- {
-
push(@headers, 'Content-Encoding: gzip');
push(@headers, 'Vary: Accept-Encoding'); # RFC 2616, 14.44
print join("\r\n", @headers) . "\r\n\r\n";
@@ -4246,18 +4254,9 @@ sub http_header(;$$)
$| = 1;
$| = 0; # Flush header output.
- tie(*GZIP, __PACKAGE__, \*STDOUT) if HAS_ZLIB;
+ tie(*GZIP, __PACKAGE__, \*STDOUT);
select(GZIP);
$gzip_open = 1;
-
- } else {
-
- print join("\r\n", @headers) . "\r\n\r\n";
- printf
- 'Unable to find gzip binary in the $command_path (%s
) to compress output
',
- htmlquote(join(':', @command_path));
- }
-
} else {
print join("\r\n", @headers) . "\r\n\r\n";
}
@@ -4425,7 +4424,7 @@ sub TIEHANDLE
crc => 0,
len => 0,
};
- my ($header) = pack("c10",
+ my ($header) = pack("C10",
MAGIC1, MAGIC2, Compress::Zlib::Z_DEFLATED(),
0, 0, 0, 0, 0, 0, OSCODE);
print {$o->{handle}} $header;