===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 1.1.1.18
retrieving revision 1.1.1.19
diff -u -p -r1.1.1.18 -r1.1.1.19
--- cvsweb/cvsweb.cgi 2001/01/01 23:55:44 1.1.1.18
+++ cvsweb/cvsweb.cgi 2001/01/02 12:41:38 1.1.1.19
@@ -1,4 +1,4 @@
-#!/usr/bin/perl5 -ws
+#!/usr/bin/perl -wT
#
# cvsweb - a CGI interface to CVS trees.
#
@@ -43,10 +43,12 @@
# SUCH DAMAGE.
#
# $zId: cvsweb.cgi,v 1.104 2000/11/01 22:05:12 hnordstrom Exp $
-# $kId: cvsweb.cgi,v 1.54 2001/01/01 23:15:02 knu Exp $
+# $kId: cvsweb.cgi,v 1.55 2001/01/02 12:23:20 knu Exp $
#
###
+require 5.000;
+
use strict;
use vars qw (
@@ -130,16 +132,18 @@ sub link_tags($);
sub forbidden_module($);
##### Start of Configuration Area ########
-use Cwd;
+use File::Basename;
# == EDIT this ==
# Locations to search for user configuration, in order:
for (
- $ENV{CVSWEB_CONFIG},
- '/usr/local/etc/cvsweb.conf',
- getcwd() . '/cvsweb.conf'
+ (dirname $0) . '/cvsweb.conf',
+ '/usr/local/etc/cvsweb.conf'
) {
- $config = $_ if defined($_) && -r $_;
+ if (defined($_) && -r $_) {
+ ($config) = /(.*)/; # untaint
+ last;
+ }
}
# == Configuration defaults ==
@@ -482,11 +486,11 @@ if ($module && &forbidden_module($module)) {
if ($input{tarball}) {
&fatal("403 Forbidden", "Downloading tarballs is prohibited.")
unless $allow_tar;
- $where =~ s,/[^/]*$,,;
- $where =~ s,^/,,;
- my($basedir) = ($where =~ m,([^/]+)$,);
+ my($module) = ($where =~ m,^/?(.*),); # untaint
+ $module =~ s,/[^/]*$,,;
+ my($basedir) = ($module =~ m,([^/]+)$,);
- if ($basedir eq '' || $where eq '') {
+ if ($basedir eq '' || $module eq '') {
&fatal("500 Internal Error", "You cannot download the top level directory.");
}
@@ -497,34 +501,24 @@ if ($input{tarball}) {
my $fatal = '';
- do {
- chdir $tmpdir
- or $fatal = "500 Internal Error", "Unable to cd to temporary directory: $!"
- && last;
-
+ while (1) {
my $tag = (exists $input{only_with_tag} && length $input{only_with_tag})
? $input{only_with_tag} : "HEAD";
- system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, $where
- and $fatal = "500 Internal Error","cvs co failure: $!: $where"
+ system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, "-d", "$tmpdir/$basedir", $module
+ and $fatal = "500 Internal Error","cvs co failure: $!: $module"
&& last;
- chdir "$where/.."
- or $fatal = "500 Internal Error","Cannot find expected directory in checkout"
- && last;
-
$| = 1; # Essential to get the buffering right.
print "Content-type: application/x-gzip\r\n\r\n";
- system "tar", "-zcf", "-", $basedir, @tar_options
+ system "tar", @tar_options, "-zcf", "-", "-C", $tmpdir, $basedir
and $fatal = "500 Internal Error","tar zc failure: $!: $basedir"
&& last;
- chdir $tmpdir
- or $fatal = "500 Internal Error","Unable to cd to temporary directory: $!"
- && last;
- } while (0);
+ last;
+ }
system "rm", "-rf", $tmpdir if -d $tmpdir;
@@ -1372,8 +1366,8 @@ sub doAnnotate($$) {
# the public domain.
# we could abandon the use of rlog, rcsdiff and co using
# the cvsserver in a similiar way one day (..after rewrite)
- $pid = open2($reader, $writer, "cvs @cvs_options -l server") || fatal ("500 Internal Error",
- "Fatal Error - unable to open cvs for annotation");
+ $pid = open2($reader, $writer, "cvs", @cvs_options, "server")
+ || fatal ("500 Internal Error", "Fatal Error - unable to open cvs for annotation");
# OK, first send the request to the server. A simplified example is:
# Root /home/kingdon/zwork/cvsroot
@@ -2721,7 +2715,7 @@ sub navigateHeader($$$$$) {
print qq``;
print "\n\n";
print qq`\n`;
- print '';
+ print '';
print "\n$path$filename - $title - $rev\n";
print "$body_tag_for_src\n";
print "";
@@ -3115,7 +3109,7 @@ sub http_header(;$) {
sub html_header($) {
my ($title) = @_;
- my $version = '$zRevision: 1.104 $ $kRevision: 1.54 $'; #'
+ my $version = '$zRevision: 1.104 $ $kRevision: 1.55 $'; #'
http_header("text/html");
print <