version 1.1.1.32, 2002/07/07 04:31:41 |
version 1.1.1.33, 2002/07/23 16:15:22 |
|
|
# cvsweb - a CGI interface to CVS trees. |
# cvsweb - a CGI interface to CVS trees. |
# |
# |
# Written in their spare time by |
# Written in their spare time by |
# Bill Fenner <fenner@FreeBSD.org> (original work) |
# Bill Fenner <fenner@FreeBSD.org> (original work) |
# extended by Henner Zeller <zeller@think.de>, |
# extended by Henner Zeller <zeller@think.de>, |
# Henrik Nordstrom <hno@hem.passagen.se> |
# Henrik Nordstrom <hno@hem.passagen.se> |
# Ken Coar <coar@Apache.Org> |
# Ken Coar <coar@Apache.Org> |
# Dick Balaska <dick@buckosoft.com> |
# Dick Balaska <dick@buckosoft.com> |
# Akinori MUSHA <knu@FreeBSD.org> |
# Akinori MUSHA <knu@FreeBSD.org> |
# Jens-Uwe Mager <jum@helios.de> |
# Jens-Uwe Mager <jum@helios.de> |
# Ville Skyttä <scop@FreeBSD.org> |
# Ville Skyttä <scop@FreeBSD.org> |
|
# Vassilii Khachaturov <vassilii@tarunz.org> |
# |
# |
# Based on: |
# Based on: |
# * Bill Fenners cvsweb.cgi revision 1.28 available from: |
# * Bill Fenners cvsweb.cgi revision 1.28 available from: |
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
# SUCH DAMAGE. |
# SUCH DAMAGE. |
# |
# |
# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.112 2002/07/06 18:15:19 scop Exp $ |
# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119 2002/07/23 13:58:32 scop Exp $ |
# $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ |
# $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ |
# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ |
# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ |
# |
# |
Line 148 sub forbidden_module($); |
|
Line 149 sub forbidden_module($); |
|
##### Start of Configuration Area ######## |
##### Start of Configuration Area ######## |
delete $ENV{PATH}; |
delete $ENV{PATH}; |
|
|
$cvsweb_revision = '2.0.4'; |
$cvsweb_revision = '2.0.5'; |
|
|
use File::Basename (); |
use File::Basename (); |
|
|
Line 343 $input{only_with_tag} = $input{only_on_branch} |
|
Line 344 $input{only_with_tag} = $input{only_on_branch} |
|
|
|
# Prevent cross-site scripting |
# Prevent cross-site scripting |
foreach (@unsafevars) { |
foreach (@unsafevars) { |
if (defined($input{$_}) && $input{$_} =~ /[^\w\-.]/) { |
# Colons are needed in diffs between tags. |
|
if (defined($input{$_}) && $input{$_} =~ /[^\w\-.:]/) { |
fatal("500 Internal Error", |
fatal("500 Internal Error", |
'Malformed query (%s=%s)', |
'Malformed query (%s=%s)', |
$_, $input{$_}); |
$_, $input{$_}); |
Line 932 if (-d $fullname) { |
|
Line 934 if (-d $fullname) { |
|
} |
} |
$dirrow++; |
$dirrow++; |
} elsif (s/,v$//) { |
} elsif (s/,v$//) { |
|
|
|
# Skip forbidden files now so we'll give no hint |
|
# about their existence. This should probably have |
|
# been done earlier, but it's straightforward here. |
|
next if forbidden_file("$fullname/$_"); |
|
|
$fileurl = ($attic ? "Attic/" : "") . urlencode($_); |
$fileurl = ($attic ? "Attic/" : "") . urlencode($_); |
$url = './' . $fileurl . $query; |
$url = './' . $fileurl . $query; |
my $rev = ''; |
my $rev = ''; |
Line 1104 if (-d $fullname) { |
|
Line 1112 if (-d $fullname) { |
|
# View Files |
# View Files |
############################### |
############################### |
elsif (-f $fullname . ',v') { |
elsif (-f $fullname . ',v') { |
|
|
|
if (forbidden_file($fullname)) { |
|
fatal('403 Forbidden', |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
if (defined($input{'rev'}) || $doCheckout) { |
if (defined($input{'rev'}) || $doCheckout) { |
&doCheckout($fullname, $input{'rev'}); |
&doCheckout($fullname, $input{'rev'}); |
gzipclose(); |
gzipclose(); |
Line 1251 sub findLastModifiedSubdirs(@) { |
|
Line 1266 sub findLastModifiedSubdirs(@) { |
|
$filename = "$dirname/$filename"; |
$filename = "$dirname/$filename"; |
my ($file) = "$fullname/$filename"; |
my ($file) = "$fullname/$filename"; |
next if ($filename !~ /,v$/ || !-f $file); |
next if ($filename !~ /,v$/ || !-f $file); |
|
|
|
# Skip forbidden files. |
|
(my $f = $file) =~ s/,v$//; |
|
next if forbidden_file($f); |
|
|
$filename =~ s/,v$//; |
$filename =~ s/,v$//; |
my $modtime = -M $file; |
my $modtime = -M $file; |
|
|
Line 1587 sub doAnnotate($$) { |
|
Line 1607 sub doAnnotate($$) { |
|
$ENV{QUERY_STRING}); |
$ENV{QUERY_STRING}); |
} |
} |
|
|
if (&forbidden_file($fullname)) { |
|
fatal("403 Forbidden", |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
|
($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; |
($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; |
($filename = $where) =~ s/^.*\///; |
($filename = $where) =~ s/^.*\///; |
|
|
Line 1777 sub doCheckout($$) { |
|
Line 1791 sub doCheckout($$) { |
|
$ENV{QUERY_STRING}); |
$ENV{QUERY_STRING}); |
} |
} |
|
|
if (&forbidden_file($fullname)) { |
|
fatal("403 Forbidden", |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
|
# get mimetype |
# get mimetype |
if (defined($input{"content-type"}) |
if (defined($input{"content-type"}) |
&& ($input{"content-type"} =~ /\S\/\S/)) |
&& ($input{"content-type"} =~ /\S\/\S/)) |
Line 3317 sub chooseCVSRoot() { |
|
Line 3325 sub chooseCVSRoot() { |
|
print "CVS Root: <b>[$cvstree]</b>"; |
print "CVS Root: <b>[$cvstree]</b>"; |
} |
} |
|
|
print " <label for=\"path\" accesskey=\"P\">Module path or alias:"; |
print " <label for=\"mpath\" accesskey=\"M\">Module path or alias:"; |
print "</label>\n"; |
print "</label>\n"; |
print "<input type=\"text\" id=\"path\" name=\"path\" value=\"\" size=\"15\">\n"; |
print "<input type=\"text\" id=\"mpath\" name=\"path\" value=\"\" size=\"15\">\n"; |
print "<input type=\"submit\" value=\"Go\" accesskey=\"G\">"; |
print "<input type=\"submit\" value=\"Go\" accesskey=\"O\">"; |
|
|
if (2 <= @CVSROOT) { |
if (2 <= @CVSROOT) { |
print "</td>\n</tr>\n</table>"; |
print "</td>\n</tr>\n</table>"; |
Line 3331 sub chooseCVSRoot() { |
|
Line 3339 sub chooseCVSRoot() { |
|
} |
} |
|
|
sub chooseMirror() { |
sub chooseMirror() { |
my ($mirror, $moremirrors); |
|
$moremirrors = 0; |
|
|
|
# This code comes from the original BSD-cvsweb |
# This code comes from the original BSD-cvsweb |
# and may not be useful for your site; If you don't |
# and may not be useful for your site; If you don't |
# set %MIRRORS this won't show up, anyway |
# set %MIRRORS this won't show up, anyway. |
# |
scalar(%MIRRORS) or return; |
# Should perhaps exlude the current site somehow.. |
|
if (keys %MIRRORS) { |
|
print "\nThis CVSweb is mirrored in:\n"; |
|
|
|
foreach $mirror (keys %MIRRORS) { |
# Should perhaps exclude the current site somehow... |
print ", " if ($moremirrors); |
print "\n<p>\nThis CVSweb is mirrored in\n"; |
print &link(htmlquote($mirror), $MIRRORS{$mirror}); |
|
$moremirrors = 1; |
my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}), |
} |
sort keys %MIRRORS); |
print "<p>\n"; |
my $tmp = pop(@tmp); |
|
|
|
if (scalar(@tmp)) { |
|
print join(', ', @tmp), ' and '; |
} |
} |
|
|
|
print "$tmp.\n</p>\n"; |
} |
} |
|
|
sub fileSortCmp() { |
sub fileSortCmp() { |
Line 3376 sub fileSortCmp() { |
|
Line 3384 sub fileSortCmp() { |
|
|
|
if ($comp == 0) { |
if ($comp == 0) { |
|
|
# Directories first, then sorted on name if no other sort critera |
# Directories first, then files under version control, |
# available. |
# then other, "rogue" files. |
my $ad = ((-d "$fullname/$a") ? "D" : "F"); |
# Sort by filename if no other criteria available. |
my $bd = ((-d "$fullname/$b") ? "D" : "F"); |
|
|
my $ad = ((-d "$fullname/$a") ? 'D' |
|
: (defined($fileinfo{$af}) ? 'F' : 'R')); |
|
my $bd = ((-d "$fullname/$b") ? 'D' |
|
: (defined($fileinfo{$bf}) ? 'F' : 'R')); |
($c = $a) =~ s|.*/||; |
($c = $a) =~ s|.*/||; |
($d = $b) =~ s|.*/||; |
($d = $b) =~ s|.*/||; |
$comp = ("$ad$c" cmp "$bd$d"); |
$comp = ("$ad$c" cmp "$bd$d"); |
Line 3439 sub download_link($$$;$) { |
|
Line 3451 sub download_link($$$;$) { |
|
# currently, the best way is to comment out the size parameters |
# currently, the best way is to comment out the size parameters |
# ($extern_window...) in cvsweb.conf. |
# ($extern_window...) in cvsweb.conf. |
if ($use_java_script) { |
if ($use_java_script) { |
my @attr = qw(resizeable scrollbars); |
my @attr = qw(resizable scrollbars); |
|
|
push @attr, qw(status toolbar) |
push @attr, qw(status toolbar) |
if (defined($mimetype) && $mimetype eq "text/html"); |
if (defined($mimetype) && $mimetype eq "text/html"); |
Line 3456 sub download_link($$$;$) { |
|
Line 3468 sub download_link($$$;$) { |
|
# the same window *twice*. |
# the same window *twice*. |
printf |
printf |
q` onclick="window.open('%s','cvs_checkout','%s');return false"`, |
q` onclick="window.open('%s','cvs_checkout','%s');return false"`, |
hrefquote($fullurl), join (',', @attr); |
hrefquote("$fullurl$barequery"), join (',', @attr); |
} |
} |
} |
} |
print "><b>$textlink</b></a>"; |
print "><b>$textlink</b></a>"; |