=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 4.27 retrieving revision 4.38 diff -u -p -r4.27 -r4.38 --- cvsweb/cvsweb.cgi 2019/11/26 12:09:02 4.27 +++ cvsweb/cvsweb.cgi 2019/11/29 19:30:16 4.38 @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: cvsweb.cgi,v 4.27 2019/11/26 12:09:02 schwarze Exp $ +# $Id: cvsweb.cgi,v 4.38 2019/11/29 19:30:16 schwarze Exp $ # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon # # cvsweb - a CGI interface to CVS trees. @@ -56,9 +56,8 @@ use filetest qw(access); use vars qw ( $VERSION $CheckoutMagic $MimeTypes $DEBUG $config $allow_version_select - @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr - %DEFAULTVALUE %ICONS %MTYPES - %DIFF_COMMANDS @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS + @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr %DEFAULTVALUE %MTYPES + @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS %alltags %fileinfo %tags @branchnames %nameprinted %symrev %revsym @allrevisions %date %author @revdisplayorder @revisions %state %difflines %log %branchpoint @revorder $keywordsubstitution @@ -67,19 +66,17 @@ use vars qw ( $is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased %input $query $barequery $sortby $bydate $byrev $byauthor $bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot - $charset $output_filter - @command_path %CMD $allow_compress $backicon $diricon $fileicon - $fullname $logo $defaulttitle $address $binfileicon - $long_intro $short_instruction $shortLogLen $show_author - $tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst - $inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos + %CMD $allow_compress $backicon $diricon $fileicon + $fullname $logo $defaulttitle $address $binfileicon $iconsdir + $shortLogLen $show_author $hr_breakable $hr_ignwhite $hr_ignkeysubst + $mime_types $allow_annotate $allow_markup $allow_mailtos $allow_log_extra $allow_dir_extra $allow_source_extra $edit_option_form $show_subdir_lastmod $show_log_in_markup $preformat_in_markup $tabstop $state $annTable $sel @ForbiddenFiles $use_descriptions %descriptions $dwhere $use_moddate $gzip_open $file_list_len - $allow_tar @tar_options @gzip_options @cvs_options + $allow_tar @tar_options @cvs_options @annotate_options @rcsdiff_options $HTML_DOCTYPE $HTML_META $cssurl $CSS ); @@ -89,7 +86,7 @@ use Cwd qw(abs_path); use File::Path qw(rmtree); use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir tmpdir updir); -use File::Temp qw(tempdir tempfile); +use File::Temp qw(tempdir); use IPC::Run qw(); use Time::Local qw(timegm); use URI::Escape qw(uri_escape uri_unescape); @@ -129,6 +126,8 @@ EOM $MimeTypes = undef if $@; $CheckoutMagic = '~checkout~'; + $CMD{$_} = "/usr/bin/$_" for (qw(cvs rcsdiff rlog)); + $CMD{tar} = "/bin/tar"; } # ----------------------------------------------------------------------------- @@ -150,7 +149,6 @@ sub search_path($); sub getMimeType($;$); sub head($;$); sub scan_directives(@); -sub openOutputFilter(); sub doAnnotate($$); sub doCheckout($$$); sub cvswebMarkup($$$$$$;$); @@ -183,24 +181,27 @@ sub link_tags($); sub forbidden($); sub startproc(@); sub runproc(@); -sub checkout_to_temp($$$); # Get rid of unsafe environment vars. Don't do this in the BEGIN block # (think mod_perl)... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); +# Helps to achieve read only access to the repositories +# with cvs >= 1.12.1 and doesn't hurt other versions. +$ENV{CVSREADONLYFS} = 1; + # Location of the configuration file inside the web server chroot: $config = '/conf/cvsweb/cvsweb.conf'; ######## Configuration parameters ######### -@CVSrepositories = @CVSROOT = %CVSROOT = %DEFAULTVALUE = %ICONS = - %MTYPES = %tags = %alltags = %fileinfo = %DIFF_COMMANDS = (); +@CVSrepositories = @CVSROOT = %CVSROOT = %DEFAULTVALUE = + %MTYPES = %tags = %alltags = %fileinfo = (); $logo = $defaulttitle = - $address = $long_intro = $short_instruction = $shortLogLen = $show_author = - $tablepadding = $hr_breakable = $showfunc = $hr_ignwhite = - $hr_ignkeysubst = $inputTextSize = $mime_types = $allow_annotate = + $address = $shortLogLen = $show_author = + $hr_breakable = $hr_ignwhite = + $hr_ignkeysubst = $mime_types = $allow_annotate = $allow_markup = $allow_compress = $edit_option_form = $show_subdir_lastmod = $show_log_in_markup = $preformat_in_markup = $tabstop = $use_moddate = $gzip_open = $DEBUG = @@ -567,17 +568,20 @@ if ($input{cvsroot} && $CVSROOT{$input{cvsroot}}) { $cvsroot = $CVSROOT{$cvstree}; -# create icons out of description -foreach my $k (keys %ICONS) { - my ($itxt, $ipath, $iwidth, $iheight) = @{$ICONS{$k}}; - no strict 'refs'; - if ($ipath) { - ${"${k}icon"} = - sprintf('', - htmlquote($ipath), htmlquote($itxt), $iwidth, $iheight); - } else { - ${"${k}icon"} = $itxt; - } +if ($iconsdir) { + $backicon = ''; + $diricon = ''; + $fileicon = ''; + $binfileicon = ''; +} else { + $backicon = 'back'; + $diricon = 'dir'; + $fileicon = 'file'; + $binfileicon = 'binfile'; } my $config_cvstree = "$config-$cvstree"; @@ -644,12 +648,8 @@ if ($input{tarball}) { 'You cannot download the top level directory.'); } - my $istar = $ext eq '.tar.gz' || $ext eq '.tgz'; - if ($istar) { - fatal('500 Internal Error', 'tar command not found.') unless $CMD{tar}; - fatal('500 Internal Error', 'gzip command not found.') unless $CMD{gzip}; - } else { - fatal('500 Internal Error', 'Unsupported archive type.'); + unless ($ext eq '.tar.gz' || $ext eq '.tgz') { + fatal('404 Not Found', 'Unsupported archive type.'); } my $tmpexportdir; @@ -681,24 +681,13 @@ if ($input{tarball}) { ('500 Internal Error', 'Export failure (exit status %s), output:
%s', $errcode, $err || $export_err); - } else { - $| = 1; # Essential to get the buffering right. local (*TAR_OUT); - - my (@cmd, $ctype); - if ($istar) { - my @tar = ($CMD{tar}, @tar_options, '-cf', '-', $basedir); - my @gzip = ($CMD{gzip}, @gzip_options, '-c'); - push(@cmd, \@tar, '|', \@gzip); - $ctype = 'application/x-gzip'; - } - push(@cmd, '>pipe', \*TAR_OUT); - - my ($h, $err) = startproc(@cmd); + my ($h, $err) = startproc($CMD{tar}, @tar_options, '-czf', '-', + $basedir, '>pipe', \*TAR_OUT); if ($h) { - print "Content-Type: $ctype\r\n\r\n"; + print "Content-Type: application/x-gzip\r\n\r\n"; local $/ = undef; print
%s
" in ' .
- '%%DIFF_COMMANDS
.',
- $diffcmd->{name});
- }
-
- (my $cvsname = $where) =~ s/\.diff$//;
-
- # Create two temporary files with the two revisions
- my $temp_fn1 = checkout_to_temp($cvsroot, $cvsname, $rev1);
- my $temp_fn2 = checkout_to_temp($cvsroot, $cvsname, $rev2);
-
- # Execute chosen diff binary.
- local (*DIFF_OUT);
- my @cmd = ($diffcmd->{cmd});
- push(@cmd, @{$diffcmd->{args}}) if $diffcmd->{args};
- push(@cmd, $temp_fn1, $temp_fn2);
- my ($h, $err) = startproc(\@cmd, \"", '>pipe', \*DIFF_OUT);
- if (!$h) {
- unlink($temp_fn1);
- unlink($temp_fn2);
- fatal('500 Internal Error',
- 'Diff failure (exit status %s), output: %s', - $? >> 8 || -1, $err); - } - - http_header($diffcmd->{type} || 'text/plain'); - local $/ = undef; - print
@command_path
in your configuration file correctly? (Currently: "%s
")',
- htmlquote(join(', ', @files)), join(':', @command_path));
+ 'Failed to spawn rlog on "%s"',
+ htmlquote(join(', ', @files)));
}
-
return @unreadable;
}
@@ -2449,7 +2351,6 @@ sub readLog($;$)
my $fh = do { local (*FH); };
if (!open($fh, "-|")) { # child
- openOutputFilter();
$revision = defined($revision) ? "-r$revision" : '';
if ($revision =~ /\./) {
# Normal revision, not a branch/tag name.
@@ -2675,13 +2576,6 @@ sub getDiffLinks($$$)
&link(htmlquote(lc($DIFFTYPES{$difftype}{descr})), "$url;f=$f"));
}
}
- if (my $extdiffs = $DIFF_COMMANDS{lc($mimetype)}) {
- for my $i (0 .. scalar(@$extdiffs)-1) {
- my $extdiff = $extdiffs->[$i];
- push(@links, &link(htmlquote($extdiff->{name}), "$url;f=ext$i"))
- if ($extdiff->{cmd} && $extdiff->{name});
- }
- }
return @links;
}
@@ -2957,8 +2851,8 @@ EOF
my $diffrev = defined($input{r1}) ?
$input{r1} : $revdisplayorder[$#revdisplayorder];
- printf(<%s', - $? >> 8 || -1, $err); - } - - return $temp_fn; } #