version 1.1.1.32, 2002/07/07 04:31:41 |
version 1.1.1.34, 2002/09/26 22:09:02 |
|
|
# cvsweb - a CGI interface to CVS trees. |
# cvsweb - a CGI interface to CVS trees. |
# |
# |
# Written in their spare time by |
# Written in their spare time by |
# Bill Fenner <fenner@FreeBSD.org> (original work) |
# Bill Fenner <fenner@FreeBSD.org> (original work) |
# extended by Henner Zeller <zeller@think.de>, |
# extended by Henner Zeller <zeller@think.de>, |
# Henrik Nordstrom <hno@hem.passagen.se> |
# Henrik Nordstrom <hno@hem.passagen.se> |
# Ken Coar <coar@Apache.Org> |
# Ken Coar <coar@Apache.Org> |
# Dick Balaska <dick@buckosoft.com> |
# Dick Balaska <dick@buckosoft.com> |
# Akinori MUSHA <knu@FreeBSD.org> |
# Akinori MUSHA <knu@FreeBSD.org> |
# Jens-Uwe Mager <jum@helios.de> |
# Jens-Uwe Mager <jum@helios.de> |
# Ville Skyttä <scop@FreeBSD.org> |
# Ville Skyttä <scop@FreeBSD.org> |
|
# Vassilii Khachaturov <vassilii@tarunz.org> |
# |
# |
# Based on: |
# Based on: |
# * Bill Fenners cvsweb.cgi revision 1.28 available from: |
# * Bill Fenners cvsweb.cgi revision 1.28 available from: |
|
|
# (c) 1998-1999 Henner Zeller |
# (c) 1998-1999 Henner Zeller |
# (c) 1999 Henrik Nordstrom |
# (c) 1999 Henrik Nordstrom |
# (c) 2000-2002 Akinori MUSHA |
# (c) 2000-2002 Akinori MUSHA |
# (c) 2002 Ville Skyttä |
# (c) 2002 Ville Skyttä‹# All rights reserved. |
# All rights reserved. |
|
# |
# |
# Redistribution and use in source and binary forms, with or without |
# Redistribution and use in source and binary forms, with or without |
# modification, are permitted provided that the following conditions |
# modification, are permitted provided that the following conditions |
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF |
# SUCH DAMAGE. |
# SUCH DAMAGE. |
# |
# |
# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.112 2002/07/06 18:15:19 scop Exp $ |
# FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119 2002/07/23 13:58:32 scop Exp |
# $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ |
# $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ |
# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ |
# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ |
|
# $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.85 2002/07/23 16:27:04 scop Exp $ |
# |
# |
### |
### |
|
|
Line 148 sub forbidden_module($); |
|
Line 149 sub forbidden_module($); |
|
##### Start of Configuration Area ######## |
##### Start of Configuration Area ######## |
delete $ENV{PATH}; |
delete $ENV{PATH}; |
|
|
$cvsweb_revision = '2.0.4'; |
$cvsweb_revision = '2.0.5'; |
|
|
use File::Basename (); |
use File::Basename (); |
|
|
Line 234 $LOG_REVSEPARATOR = q/^-{28}$/; |
|
Line 235 $LOG_REVSEPARATOR = q/^-{28}$/; |
|
}, |
}, |
); |
); |
|
|
|
$cgi_style::hsty_base = 'http://www.FreeBSD.org'; |
|
$_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.85 2002/07/23 16:27:04 scop Exp $; |
|
@_ = split; |
|
$cgi_style::hsty_date = "@_[3,4]"; |
|
|
|
# warningproof |
|
0 if $cgi_style::hsty_base ne $cgi_style::hsty_date; |
|
|
|
package cgi_style; |
|
require "$main::mydir/cgi-style.pl"; |
|
package main; |
|
|
$HTML_DOCTYPE = |
$HTML_DOCTYPE = |
'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'; |
'<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">'; |
|
|
Line 343 $input{only_with_tag} = $input{only_on_branch} |
|
Line 356 $input{only_with_tag} = $input{only_on_branch} |
|
|
|
# Prevent cross-site scripting |
# Prevent cross-site scripting |
foreach (@unsafevars) { |
foreach (@unsafevars) { |
if (defined($input{$_}) && $input{$_} =~ /[^\w\-.]/) { |
# Colons are needed in diffs between tags. |
|
if (defined($input{$_}) && $input{$_} =~ /[^\w\-.:]/) { |
fatal("500 Internal Error", |
fatal("500 Internal Error", |
'Malformed query (%s=%s)', |
'Malformed query (%s=%s)', |
$_, $input{$_}); |
$_, $input{$_}); |
Line 932 if (-d $fullname) { |
|
Line 946 if (-d $fullname) { |
|
} |
} |
$dirrow++; |
$dirrow++; |
} elsif (s/,v$//) { |
} elsif (s/,v$//) { |
|
|
|
# Skip forbidden files now so we'll give no hint |
|
# about their existence. This should probably have |
|
# been done earlier, but it's straightforward here. |
|
next if forbidden_file("$fullname/$_"); |
|
|
$fileurl = ($attic ? "Attic/" : "") . urlencode($_); |
$fileurl = ($attic ? "Attic/" : "") . urlencode($_); |
$url = './' . $fileurl . $query; |
$url = './' . $fileurl . $query; |
my $rev = ''; |
my $rev = ''; |
Line 1104 if (-d $fullname) { |
|
Line 1124 if (-d $fullname) { |
|
# View Files |
# View Files |
############################### |
############################### |
elsif (-f $fullname . ',v') { |
elsif (-f $fullname . ',v') { |
|
|
|
if (forbidden_file($fullname)) { |
|
fatal('403 Forbidden', |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
if (defined($input{'rev'}) || $doCheckout) { |
if (defined($input{'rev'}) || $doCheckout) { |
&doCheckout($fullname, $input{'rev'}); |
&doCheckout($fullname, $input{'rev'}); |
gzipclose(); |
gzipclose(); |
Line 1251 sub findLastModifiedSubdirs(@) { |
|
Line 1278 sub findLastModifiedSubdirs(@) { |
|
$filename = "$dirname/$filename"; |
$filename = "$dirname/$filename"; |
my ($file) = "$fullname/$filename"; |
my ($file) = "$fullname/$filename"; |
next if ($filename !~ /,v$/ || !-f $file); |
next if ($filename !~ /,v$/ || !-f $file); |
|
|
|
# Skip forbidden files. |
|
(my $f = $file) =~ s/,v$//; |
|
next if forbidden_file($f); |
|
|
$filename =~ s/,v$//; |
$filename =~ s/,v$//; |
my $modtime = -M $file; |
my $modtime = -M $file; |
|
|
Line 1587 sub doAnnotate($$) { |
|
Line 1619 sub doAnnotate($$) { |
|
$ENV{QUERY_STRING}); |
$ENV{QUERY_STRING}); |
} |
} |
|
|
if (&forbidden_file($fullname)) { |
|
fatal("403 Forbidden", |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
|
($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; |
($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; |
($filename = $where) =~ s/^.*\///; |
($filename = $where) =~ s/^.*\///; |
|
|
Line 1777 sub doCheckout($$) { |
|
Line 1803 sub doCheckout($$) { |
|
$ENV{QUERY_STRING}); |
$ENV{QUERY_STRING}); |
} |
} |
|
|
if (&forbidden_file($fullname)) { |
|
fatal("403 Forbidden", |
|
'Access forbidden. This file is mentioned in @ForbiddenFiles'); |
|
return; |
|
} |
|
|
|
# get mimetype |
# get mimetype |
if (defined($input{"content-type"}) |
if (defined($input{"content-type"}) |
&& ($input{"content-type"} =~ /\S\/\S/)) |
&& ($input{"content-type"} =~ /\S\/\S/)) |
Line 3317 sub chooseCVSRoot() { |
|
Line 3337 sub chooseCVSRoot() { |
|
print "CVS Root: <b>[$cvstree]</b>"; |
print "CVS Root: <b>[$cvstree]</b>"; |
} |
} |
|
|
print " <label for=\"path\" accesskey=\"P\">Module path or alias:"; |
print " <label for=\"mpath\" accesskey=\"M\">Module path or alias:"; |
print "</label>\n"; |
print "</label>\n"; |
print "<input type=\"text\" id=\"path\" name=\"path\" value=\"\" size=\"15\">\n"; |
print "<input type=\"text\" id=\"mpath\" name=\"path\" value=\"\" size=\"15\">\n"; |
print "<input type=\"submit\" value=\"Go\" accesskey=\"G\">"; |
print "<input type=\"submit\" value=\"Go\" accesskey=\"O\">"; |
|
|
if (2 <= @CVSROOT) { |
if (2 <= @CVSROOT) { |
print "</td>\n</tr>\n</table>"; |
print "</td>\n</tr>\n</table>"; |
Line 3331 sub chooseCVSRoot() { |
|
Line 3351 sub chooseCVSRoot() { |
|
} |
} |
|
|
sub chooseMirror() { |
sub chooseMirror() { |
my ($mirror, $moremirrors); |
|
$moremirrors = 0; |
|
|
|
# This code comes from the original BSD-cvsweb |
# This code comes from the original BSD-cvsweb |
# and may not be useful for your site; If you don't |
# and may not be useful for your site; If you don't |
# set %MIRRORS this won't show up, anyway |
# set %MIRRORS this won't show up, anyway. |
# |
scalar(%MIRRORS) or return; |
# Should perhaps exlude the current site somehow.. |
|
if (keys %MIRRORS) { |
|
print "\nThis CVSweb is mirrored in:\n"; |
|
|
|
foreach $mirror (keys %MIRRORS) { |
# Should perhaps exclude the current site somehow... |
print ", " if ($moremirrors); |
print "\n<p>\nThis CVSweb is mirrored in\n"; |
print &link(htmlquote($mirror), $MIRRORS{$mirror}); |
|
$moremirrors = 1; |
my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}), |
} |
sort keys %MIRRORS); |
print "<p>\n"; |
my $tmp = pop(@tmp); |
|
|
|
if (scalar(@tmp)) { |
|
print join(', ', @tmp), ' and '; |
} |
} |
|
|
|
print "$tmp.\n</p>\n"; |
} |
} |
|
|
sub fileSortCmp() { |
sub fileSortCmp() { |
Line 3376 sub fileSortCmp() { |
|
Line 3396 sub fileSortCmp() { |
|
|
|
if ($comp == 0) { |
if ($comp == 0) { |
|
|
# Directories first, then sorted on name if no other sort critera |
# Directories first, then files under version control, |
# available. |
# then other, "rogue" files. |
my $ad = ((-d "$fullname/$a") ? "D" : "F"); |
# Sort by filename if no other criteria available. |
my $bd = ((-d "$fullname/$b") ? "D" : "F"); |
|
|
my $ad = ((-d "$fullname/$a") ? 'D' |
|
: (defined($fileinfo{$af}) ? 'F' : 'R')); |
|
my $bd = ((-d "$fullname/$b") ? 'D' |
|
: (defined($fileinfo{$bf}) ? 'F' : 'R')); |
($c = $a) =~ s|.*/||; |
($c = $a) =~ s|.*/||; |
($d = $b) =~ s|.*/||; |
($d = $b) =~ s|.*/||; |
$comp = ("$ad$c" cmp "$bd$d"); |
$comp = ("$ad$c" cmp "$bd$d"); |
Line 3439 sub download_link($$$;$) { |
|
Line 3463 sub download_link($$$;$) { |
|
# currently, the best way is to comment out the size parameters |
# currently, the best way is to comment out the size parameters |
# ($extern_window...) in cvsweb.conf. |
# ($extern_window...) in cvsweb.conf. |
if ($use_java_script) { |
if ($use_java_script) { |
my @attr = qw(resizeable scrollbars); |
my @attr = qw(resizable scrollbars); |
|
|
push @attr, qw(status toolbar) |
push @attr, qw(status toolbar) |
if (defined($mimetype) && $mimetype eq "text/html"); |
if (defined($mimetype) && $mimetype eq "text/html"); |
Line 3456 sub download_link($$$;$) { |
|
Line 3480 sub download_link($$$;$) { |
|
# the same window *twice*. |
# the same window *twice*. |
printf |
printf |
q` onclick="window.open('%s','cvs_checkout','%s');return false"`, |
q` onclick="window.open('%s','cvs_checkout','%s');return false"`, |
hrefquote($fullurl), join (',', @attr); |
hrefquote("$fullurl$barequery"), join (',', @attr); |
} |
} |
} |
} |
print "><b>$textlink</b></a>"; |
print "><b>$textlink</b></a>"; |
Line 3607 sub http_header(;$) { |
|
Line 3631 sub http_header(;$) { |
|
sub html_header($) { |
sub html_header($) { |
my ($title) = @_; |
my ($title) = @_; |
http_header("text/html"); |
http_header("text/html"); |
|
|
|
(my $header = &cgi_style::html_header) =~ s,\A.*</head>\n,,s; |
|
|
print <<EOH; |
print <<EOH; |
$HTML_DOCTYPE |
$HTML_DOCTYPE |
<html> |
<html> |
<head> |
<head> |
<title>$title</title> |
<title>$title</title> |
$HTML_META</head> |
$HTML_META</head> |
$body_tag |
$header |
$logo <h1 align="center">$title</h1> |
|
EOH |
EOH |
} |
} |
|
|
sub html_footer() { |
sub html_footer() { |
print "<hr noshade>\n<address>$address</address>\n</body>\n</html>\n"; |
return &cgi_style::html_footer; |
} |
} |
|
|
sub link_tags($) { |
sub link_tags($) { |