=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 1.1.1.31 retrieving revision 1.1.1.36 diff -u -p -r1.1.1.31 -r1.1.1.36 --- cvsweb/cvsweb.cgi 2002/05/22 08:16:25 1.1.1.31 +++ cvsweb/cvsweb.cgi 2002/09/30 19:48:52 1.1.1.36 @@ -3,14 +3,15 @@ # cvsweb - a CGI interface to CVS trees. # # Written in their spare time by -# Bill Fenner (original work) -# extended by Henner Zeller , -# Henrik Nordstrom -# Ken Coar -# Dick Balaska -# Akinori MUSHA -# Jens-Uwe Mager -# Ville Skyttä (html cleanup) +# Bill Fenner (original work) +# extended by Henner Zeller , +# Henrik Nordstrom +# Ken Coar +# Dick Balaska +# Akinori MUSHA +# Jens-Uwe Mager +# Ville Skyttä +# Vassilii Khachaturov # # Based on: # * Bill Fenners cvsweb.cgi revision 1.28 available from: @@ -18,8 +19,9 @@ # # Copyright (c) 1996-1998 Bill Fenner # (c) 1998-1999 Henner Zeller -# (c) 1999 Henrik Nordstrom -# (c) 2000-2002 Akinori MUSHA +# (c) 1999 Henrik Nordstrom +# (c) 2000-2002 Akinori MUSHA +# (c) 2002 Ville Skyttä # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -43,7 +45,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.104 2002/05/22 08:10:18 knu Exp $ +# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.119.2.6 2002/09/26 20:56:05 scop Exp $ # $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $ # $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $ # @@ -91,8 +93,8 @@ use vars qw ( $module $use_descriptions %descriptions @mytz $dwhere $moddate $use_moddate $has_zlib $gzip_open $allow_tar @tar_options @gzip_options @zip_options @cvs_options - $LOG_FILESEPARATOR $LOG_REVSEPARATOR - $tmpdir $HTML_DOCTYPE + @annotate_options $LOG_FILESEPARATOR $LOG_REVSEPARATOR + $tmpdir $HTML_DOCTYPE $HTML_META ); sub printDiffSelect($); @@ -147,7 +149,7 @@ sub forbidden_module($); ##### Start of Configuration Area ######## delete $ENV{PATH}; -$cvsweb_revision = '2.0.3'; +$cvsweb_revision = '2.0.6'; use File::Basename (); @@ -185,7 +187,7 @@ $cvstreedefault = $body_tag = $body_tag_for_src = $log $extern_window_width = $extern_window_height = $edit_option_form = $show_subdir_lastmod = $show_log_in_markup = $v = $navigationHeaderColor = $tableBorderColor = $markupLogColor = $tabstop = $use_moddate = $moddate = - $gzip_open = $HTML_DOCTYPE = undef; + $gzip_open = $HTML_DOCTYPE = $HTML_META = undef; $tmpdir = defined($ENV{TMPDIR}) ? $ENV{TMPDIR} : "/var/tmp"; $LOG_FILESEPARATOR = q/^={77}$/; @@ -236,6 +238,13 @@ $LOG_REVSEPARATOR = q/^-{28}$/; $HTML_DOCTYPE = ''; +$HTML_META = < + + + +EOM + ##### End of configuration variables ##### use Time::Local (); @@ -335,7 +344,8 @@ $input{only_with_tag} = $input{only_on_branch} # Prevent cross-site scripting foreach (@unsafevars) { - if (defined($input{$_}) && $input{$_} =~ /[^\w\-.]/) { + # Colons are needed in diffs between tags. + if (defined($input{$_}) && $input{$_} =~ /[^\w\-.:]/) { fatal("500 Internal Error", 'Malformed query (%s=%s)', $_, $input{$_}); @@ -458,8 +468,7 @@ if ($input{'cvsroot'} && $CVSROOT{$input{'cvsroot'}}) $cvsroot = $CVSROOT{$cvstree}; # create icons out of description -my $k; -foreach $k (keys %ICONS) { +foreach my $k (keys %ICONS) { no strict 'refs'; my ($itxt, $ipath, $iwidth, $iheight) = @{$ICONS{$k}}; if ($ipath) { @@ -471,7 +480,6 @@ foreach $k (keys %ICONS) { ${"${k}icon"} = $itxt; } } -undef $k; my $config_cvstree = "$config-$cvstree"; @@ -630,14 +638,14 @@ if (-d $fullname) { print $short_instruction; } - my $descriptions; - if (($use_descriptions) && open(DESC, "<$cvsroot/CVSROOT/descriptions")) + if ($use_descriptions && open(DESC, "<$cvsroot/CVSROOT/descriptions")) { while () { chomp; my ($dir, $description) = /(\S+)\s+(.*)/; $descriptions{$dir} = $description; } + close(DESC); } print "

\n"; @@ -802,39 +810,37 @@ if (-d $fullname) { my $filesexists; my $filesfound; - foreach (sort { &fileSortCmp } @dir) { - if ($_ eq '.') { - next; - } + foreach my $file (sort { &fileSortCmp } @dir) { + next if ($file eq '.'); + # ignore CVS lock and stale NFS files - next if (/^#cvs\.|^,|^\.nfs/); + next if ($file =~ /^#cvs\.|^,|^\.nfs/); # Check whether to show the CVSROOT path - next if ($input{'hidecvsroot'} && ($_ eq 'CVSROOT')); + next if ($input{'hidecvsroot'} && $file eq 'CVSROOT'); # Check whether the module is in the restricted list - next if ($_ && &forbidden_module($_)); + next if ($file && &forbidden_module($file)); # Ignore non-readable files - next if ($input{'hidenonreadable'} && !(-r "$fullname/$_")); + next if ($input{'hidenonreadable'} && !(-r "$fullname/$file")); - if (s|^Attic/||) { + if ($file =~ s|^Attic/||) { $attic = " (in the Attic) " . $hideAtticToggleLink; } else { $attic = ""; } - if ($_ eq '..' || -d "$fullname/$_") { - next if ($_ eq '..' && $where eq '/'); - my ($rev, $date, $log, $author, $filename); - ($rev, $date, $log, $author, $filename) = - @{$fileinfo{$_}} - if (defined($fileinfo{$_})); + if ($file eq '..' || -d "$fullname/$file") { + next if ($file eq '..' && $where eq '/'); + my ($rev, $date, $log, $author, $filename) = + @{$fileinfo{$file}} + if (defined($fileinfo{$file})); printf "\n", $tabcolors[$dirrow % 2] if $dirtable; - if ($_ eq '..') { + if ($file eq '..') { $url = "../$query"; if ($nofilelinks) { print $backicon; @@ -843,17 +849,17 @@ if (-d $fullname) { } print ' ', &link("Parent Directory", $url); } else { - $url = './' . urlencode($_) . "/$query"; - print ""; + $url = './' . urlencode($file) . "/$query"; + print ""; if ($nofilelinks) { print $diricon; } else { print &link($diricon, $url); } - print ' ', &link("$_/", $url), $attic; + print ' ', &link("$file/", $url), $attic; - if ($_ eq "Attic") { + if ($file eq "Attic") { print "  "; print &link( "[Don't hide]", @@ -896,7 +902,7 @@ if (-d $fullname) { } } else { my ($dwhere) = - ($where ne "/" ? $where : "") . $_; + ($where ne "/" ? $where : "") . $file; if ($use_descriptions && defined $descriptions{$dwhere}) @@ -923,27 +929,29 @@ if (-d $fullname) { print "
\n"; } $dirrow++; - } elsif (s/,v$//) { - $fileurl = ($attic ? "Attic/" : "") . urlencode($_); + } elsif ($file =~ s/,v$//) { + + # Skip forbidden files now so we'll give no hint + # about their existence. This should probably have + # been done earlier, but it's straightforward here. + next if forbidden_file("$fullname/$file"); + + $fileurl = ($attic ? "Attic/" : "") . urlencode($file); $url = './' . $fileurl . $query; - my $rev = ''; - my $date = ''; - my $log = ''; - my $author = ''; $filesexists++; - next if (!defined($fileinfo{$_})); - ($rev, $date, $log, $author) = @{$fileinfo{$_}}; + next if (!defined($fileinfo{$file})); + my ($rev, $date, $log, $author) = @{$fileinfo{$file}}; $filesfound++; printf "\n", $tabcolors[$dirrow % 2] if $dirtable; - print ""; + print ""; if ($nofilelinks) { print $fileicon; } else { print &link($fileicon, $url); } - print ' ', &link($_, $url), $attic; + print ' ', &link(htmlquote($file), $url), $attic; print "\n " if ($dirtable); download_link($fileurl, $rev, $rev, $defaultViewable ? "text/x-cvsweb-markup" : @@ -1002,8 +1010,9 @@ if (-d $fullname) { || $input{$var} ne $DEFAULTVALUE{$var}) && $input{$var} ne "" && $var ne "only_with_tag"); } - print "

Show only files with tag:\n"; - print ""; print "\n"; @@ -1015,10 +1024,11 @@ if (-d $fullname) { ">$tag\n"; } print "\n"; - print " Module path or alias:\n"; - printf "\n", + print " \n"; + printf "\n", htmlquote($where); - print "

\n"; + print "

\n"; print "\n"; } @@ -1056,7 +1066,9 @@ if (-d $fullname) { print "
\n"; print "\n\n"; print "\n\n"; - print "\n\n\n"; - print "\n\n"; - print "\n\n\n"; - print "\n\n"; + ">\n\n"; print "\n\n\n
Preferences
Sort files by
"; + print "\nSort log by: "; + print ""; printLogSortSelect(0); print "
Diff format: "; + print "
"; printDiffSelect(0); print "
"; - print ""; + print ""; print "
\n
\n\n"; } html_footer(); @@ -1089,6 +1104,13 @@ if (-d $fullname) { # View Files ############################### elsif (-f $fullname . ',v') { + + if (forbidden_file($fullname)) { + fatal('403 Forbidden', + 'Access forbidden. This file is mentioned in @ForbiddenFiles'); + return; + } + if (defined($input{'rev'}) || $doCheckout) { &doCheckout($fullname, $input{'rev'}); gzipclose(); @@ -1184,7 +1206,7 @@ sub printDiffSelect($) { my ($use_java_script) = @_; my $f = $input{'f'}; - print '\n"; @@ -1236,6 +1258,11 @@ sub findLastModifiedSubdirs(@) { $filename = "$dirname/$filename"; my ($file) = "$fullname/$filename"; next if ($filename !~ /,v$/ || !-f $file); + + # Skip forbidden files. + (my $f = $file) =~ s/,v$//; + next if forbidden_file($f); + $filename =~ s/,v$//; my $modtime = -M $file; @@ -1378,6 +1405,7 @@ sub spacedHtmlText($;$) { return $_; } +# Note that this doesn't htmlquote the first argument... sub link($$) { my ($name, $url) = @_; @@ -1572,12 +1600,6 @@ sub doAnnotate($$) { $ENV{QUERY_STRING}); } - if (&forbidden_file($fullname)) { - fatal("403 Forbidden", - 'Access forbidden. This file is mentioned in @ForbiddenFiles'); - return; - } - ($pathname = $where) =~ s/(Attic\/)?[^\/]*$//; ($filename = $where) =~ s/^.*\///; @@ -1585,16 +1607,27 @@ sub doAnnotate($$) { $| = 1; $| = 0; # Flush + # Work around a mod_perl bug (?) in order to make open2() work. + # Search for "untie STDIN" in mod_perl mailing list archives. + my $old_stdin; + if ($is_mod_perl && ($old_stdin = tied *STDIN)) { + local $^W = undef; + untie *STDIN; + } + # this annotate version is based on the # cvs annotate-demo Perl script by Cyclic Software # It was written by Cyclic Software, http://www.cyclic.com/, and is in # the public domain. # we could abandon the use of rlog, rcsdiff and co using # the cvsserver in a similiar way one day (..after rewrite) - $pid = open2($reader, $writer, $CMD{cvs}, @cvs_options, "server") + $pid = open2($reader, $writer, $CMD{cvs}, @annotate_options, 'server') or fatal("500 Internal Error", 'Fatal Error - unable to open cvs for annotation'); + # Re-tie STDIN if we fiddled around with it earlier, just to be sure. + tie(*STDIN, ref($old_stdin), $old_stdin) if ($old_stdin && !tied(*STDIN)); + # OK, first send the request to the server. A simplified example is: # Root /home/kingdon/zwork/cvsroot # Argument foo/xx @@ -1738,6 +1771,8 @@ sub doAnnotate($$) { } else { print ""; } + html_footer(); + close($reader) or warn "cannot close: $!"; wait; } @@ -1762,12 +1797,6 @@ sub doCheckout($$) { $ENV{QUERY_STRING}); } - if (&forbidden_file($fullname)) { - fatal("403 Forbidden", - 'Access forbidden. This file is mentioned in @ForbiddenFiles'); - return; - } - # get mimetype if (defined($input{"content-type"}) && ($input{"content-type"} =~ /\S\/\S/)) @@ -2086,7 +2115,7 @@ sub getDirLogs($$@) { push (@files, &safeglob("$DirName/*,v")); push (@files, &safeglob("$DirName/Attic/*,v")) if (!$input{'hideattic'}); - foreach $file (@otherFiles) { + foreach my $file (@otherFiles) { push (@files, "$DirName/$file"); } @@ -2763,7 +2792,6 @@ sub printLog($;$) { printDiffLinks($input{'r1'}, $url); } - print '
' if $diff; } print "\n

\n
\n";
 	print &htmlify($log{$_}, $allow_log_extra);
@@ -2825,41 +2853,47 @@ sub doLog($) {
 		    || $input{$_} ne $DEFAULTVALUE{$_}) && $input{$_} ne ""));
 	}
 	print "\n\n";
-	print "\n";
+	    "\n";
 	print "\n\n";
-	print "\n\n\n";
-	print "\n";
+	    "\n";
+	print "\n";
 	print "\n
Diffs between \n";
-	print "";
+	print "\n";
+	print "\n";
 	$diffrev = $revdisplayorder[$#revdisplayorder];
 	$diffrev = $input{"r1"} if (defined($input{"r1"}));
 	print
-	    "
and \n";
-	print "
";
+	print "\n";
+	print "\n";
 	$diffrev = $revdisplayorder[0];
 	$diffrev = $input{"r2"} if (defined($input{"r2"}));
 	print
-	    "
\n";
 	print "\n";
 	print "
\n";
 	print "
\n";
 	print "\n";
-	print "\n\n";
+	print "\n\n";
 	print "\n\n\n";
 
 	if (@branchnames) {
-		print "\n\n";
+		print "\n\n";
 		print "\n";
-	print "\n\n";
-	print "\n";
+	print "\n";
 	print "\n
Preferred Diff type:
";
+	print "";
 	printDiffSelect($use_java_script);
 	print "
View only Branch:
";
+		print "";
 		print "\n";
-		print "";
 	print "\n";
-	print "Sort log by:";
+	print "";
 	printLogSortSelect($use_java_script);
 	print "
\n";
 	print "
\n";
 	html_footer();
@@ -3146,12 +3180,8 @@ sub navigateHeader($$$$$) {
 $HTML_DOCTYPE
 
 
-
-
-
-
 $path$filename - $title - $rev$css
-
+$HTML_META
 $body_tag_for_src
 

 

@@ -3281,8 +3311,8 @@ sub chooseCVSRoot() {
 		# isn't gray and the form elements are not placed
 		# within a table ...
 		print "\n\n";
-		print "\n";
-		print "\n";
+		print "\n\n
CVS Root:\n\n\n";
-	print "";
+	print " \n";
+	print "\n";
+	print "";
 
 	if (2 <= @CVSROOT) {
 		print "
";
@@ -3314,24 +3345,24 @@ sub chooseCVSRoot() {
 }
 
 sub chooseMirror() {
-	my ($mirror, $moremirrors);
-	$moremirrors = 0;
 
 	# This code comes from the original BSD-cvsweb
 	# and may not be useful for your site; If you don't
-	# set %MIRRORS this won't show up, anyway
-	#
-	# Should perhaps exlude the current site somehow..
-	if (keys %MIRRORS) {
-		print "\nThis cvsweb is mirrored in:\n";
+	# set %MIRRORS this won't show up, anyway.
+	scalar(%MIRRORS) or return;
 
-		foreach $mirror (keys %MIRRORS) {
-			print ", " if ($moremirrors);
-			print &link(htmlquote($mirror), $MIRRORS{$mirror});
-			$moremirrors = 1;
-		}
-		print "
\n";
+	# Should perhaps exclude the current site somehow...
+	print "\n
\nThis CVSweb is mirrored in\n";
+
+	my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}),
+		      sort keys %MIRRORS);
+	my $tmp = pop(@tmp);
+
+	if (scalar(@tmp)) {
+	    print join(', ', @tmp), ' and ';
 	}
+
+	print "$tmp.\n
\n";
 }
 
 sub fileSortCmp() {
@@ -3359,10 +3390,14 @@ sub fileSortCmp() {
 
 	if ($comp == 0) {
 
-		# Directories first, then sorted on name if no other sort critera
-		# available.
-		my $ad = ((-d "$fullname/$a") ? "D" : "F");
-		my $bd = ((-d "$fullname/$b") ? "D" : "F");
+		# Directories first, then files under version control,
+		# then other, "rogue" files.
+		# Sort by filename if no other criteria available.
+
+		my $ad = ((-d "$fullname/$a") ? 'D'
+		    : (defined($fileinfo{$af}) ? 'F' : 'R'));
+		my $bd = ((-d "$fullname/$b") ? 'D'
+		    : (defined($fileinfo{$bf}) ? 'F' : 'R'));
 		($c = $a) =~ s|.*/||;
 		($d = $b) =~ s|.*/||;
 		$comp = ("$ad$c" cmp "$bd$d");
@@ -3422,7 +3457,7 @@ sub download_link($$$;$) {
 		# currently, the best way is to comment out the size parameters
 		# ($extern_window...) in cvsweb.conf.
 		if ($use_java_script) {
-			my @attr = qw(resizeable scrollbars);
+			my @attr = qw(resizable scrollbars);
 
 			push @attr, qw(status toolbar)
 			    if (defined($mimetype) && $mimetype eq "text/html");
@@ -3439,7 +3474,7 @@ sub download_link($$$;$) {
 			# the same window *twice*.
 			printf
 			    q` onclick="window.open('%s','cvs_checkout','%s');return false"`,
-			    hrefquote($fullurl), join (',', @attr);
+			    hrefquote("$fullurl$barequery"), join (',', @attr);
 		}
 	}
 	print ">$textlink";
@@ -3594,19 +3629,16 @@ sub html_header($) {
 $HTML_DOCTYPE
 
 
-
-
-
 $title
-
-
+$HTML_META
 $body_tag
 $logo 
$title

 EOH
 }
 
 sub html_footer() {
-	print "
\n
$address
\n\n\n";
+	print "
\n
$address
\n" if $address;
+	print "\n\n";
 }
 
 sub link_tags($) {