===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 1.1.1.37
retrieving revision 4.27
diff -u -p -r1.1.1.37 -r4.27
--- cvsweb/cvsweb.cgi 2007/03/17 21:52:33 1.1.1.37
+++ cvsweb/cvsweb.cgi 2019/11/26 12:09:02 4.27
@@ -1,4 +1,6 @@
-#!/usr/bin/perl -T
+#!/usr/bin/perl
+# $Id: cvsweb.cgi,v 4.27 2019/11/26 12:09:02 schwarze Exp $
+# $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon
#
# cvsweb - a CGI interface to CVS trees.
#
@@ -44,17 +46,10 @@
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
-#
-# $FreeBSD: projects/cvsweb/cvsweb.cgi,v 1.295 2005/09/25 20:28:51 scop Exp $
-# $zId: cvsweb.cgi,v 1.112 2001/07/24 13:03:16 hzeller Exp $
-# $Idaemons: /home/cvs/cvsweb/cvsweb.cgi,v 1.84 2001/10/07 20:50:10 knu Exp $
-#
-###
require 5.006;
use strict;
-
use warnings;
use filetest qw(access);
@@ -62,37 +57,35 @@ use vars qw (
$VERSION $CheckoutMagic $MimeTypes $DEBUG
$config $allow_version_select
@CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr
- %MIRRORS %DEFAULTVALUE %ICONS %MTYPES
+ %DEFAULTVALUE %ICONS %MTYPES
%DIFF_COMMANDS @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS
%alltags %fileinfo %tags @branchnames %nameprinted
%symrev %revsym @allrevisions %date %author @revdisplayorder
@revisions %state %difflines %log %branchpoint @revorder $keywordsubstitution
- $prcgi @prcategories $re_prcategories $prkeyword $re_prkeyword $mancgi
- $doCheckout $scriptname $scriptwhere
- $where $Browser $nofilelinks $maycompress @stickyvars %funcline_regexp
+ $mancgi $doCheckout $scriptname $scriptwhere
+ $where $Browser $nofilelinks $maycompress @stickyvars
$is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased
%input $query $barequery $sortby $bydate $byrev $byauthor
$bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot
$charset $output_filter
- @command_path %CMD $allow_compress $backicon $diricon $fileicon $graphicon
- $fullname $cvstreedefault $logo $defaulttitle $address $binfileicon
+ @command_path %CMD $allow_compress $backicon $diricon $fileicon
+ $fullname $logo $defaulttitle $address $binfileicon
$long_intro $short_instruction $shortLogLen $show_author
$tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst
$inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos
$allow_log_extra $allow_dir_extra $allow_source_extra
- $allow_cvsgraph $cvsgraph_config $use_java_script $edit_option_form
+ $edit_option_form
$show_subdir_lastmod $show_log_in_markup $preformat_in_markup
$tabstop $state $annTable $sel @ForbiddenFiles
- $use_descriptions %descriptions @mytz $dwhere
+ $use_descriptions %descriptions $dwhere
$use_moddate $gzip_open $file_list_len
- $allow_tar @tar_options @gzip_options @zip_options @cvs_options
+ $allow_tar @tar_options @gzip_options @cvs_options
@annotate_options @rcsdiff_options
- $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url
- $allow_enscript @enscript_options %enscript_types
+ $HTML_DOCTYPE $HTML_META $cssurl $CSS
);
+require Compress::Zlib;
use Cwd qw(abs_path);
-use File::Basename qw(dirname);
use File::Path qw(rmtree);
use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir
tmpdir updir);
@@ -108,9 +101,6 @@ use constant CVSWEBMARKUP => qr{^text/(x-cvsweb|vnd\.v
use constant LOG_FILESEPR => qr/^={77}$/o;
use constant LOG_REVSEPR => qr/^-{28}$/o;
-use constant HAS_ZLIB => eval { require Compress::Zlib; };
-use constant HAS_EDIFF => eval { require String::Ediff; };
-
# -----------------------------------------------------------------------------
# All global initialization that can be done in compile time should go to
@@ -119,7 +109,7 @@ use constant HAS_EDIFF => eval { require String::Ed
BEGIN
{
- $VERSION = '3.0.6';
+ $VERSION = '3.1';
$HTML_DOCTYPE =
' 'colored',
@@ -263,12 +230,6 @@ $allow_version_select = $allow_mailtos = $allow_log_ex
'opts' => ['-c'],
'colored' => 0,
},
- {
- 'descr' => 'side by side',
- # width=168 should be enough to support 80 character line lengths
- 'opts' => ['--side-by-side', '--width=168'],
- 'colored' => 0,
- },
);
@LOGSORTKEYS = qw(cvs date rev);
@@ -299,7 +260,7 @@ $scriptname = '' unless defined($scriptname);
$where = $pathinfo;
$doCheckout = $where =~ s|^/$CheckoutMagic/|/|o;
$where =~ s|^/||;
-$scriptname =~ s|^/*|/|;
+$scriptname =~ s|^/+||;
# Let's workaround thttpd's stupidity..
if ($scriptname =~ m|/$|) {
@@ -307,6 +268,7 @@ if ($scriptname =~ m|/$|) {
my $re = quotemeta $pathinfo;
$scriptname =~ s/$re$//;
}
+$scriptname = "/$scriptname" if $scriptname;
# $scriptname : the URI escaped path to this script
# $where : the path in the CVS repository (without leading /, or only /)
@@ -343,7 +305,7 @@ $maycompress = (
&& $ENV{HTTP_ACCEPT_ENCODING} =~ /gzip/)
|| $is_mozilla3)
&& !$is_msie
- && !(defined($ENV{MOD_PERL}) && !HAS_ZLIB)
+ && !(defined($ENV{MOD_PERL}))
);
# Parameters that will be sticky in all constructed links/query strings.
@@ -351,14 +313,18 @@ $maycompress = (
qw(cvsroot hideattic ignorecase sortby logsort f only_with_tag ln
hidecvsroot hidenonreadable);
-#
# Load configuration.
-#
-if (-f $config) {
- do "$config" or config_error($config, $@);
-} else {
- fatal("500 Internal Error",
- 'Configuration not found. Set the parameter $config
in cvsweb.cgi to your cvsweb.conf configuration file first.');
+{
+ $config =~ m|^/| or fatal '500 Internal Error',
+ 'Configuration file name "%s
" is not an absolute path.',
+ $config;
+ defined do $config and last;
+ $@ and fatal '500 Internal Error',
+ 'Error loading configuration file "%s
":
%s', + $config, $@; + fatal '500 Internal Error', + 'Cannot read configuration file "
%s
": %s',
+ $config, $! || 'unknown error';
}
# Try to find a readable dir where we can cd into. Some abs_path()
@@ -384,9 +350,17 @@ if (defined($ENV{QUERY_STRING})) {
$p =~ y/+/ /;
my ($key, $val) = split(/=/, $p, 2);
next unless defined($key);
- $val = 1 unless defined($val);
- ($key = uri_unescape($key)) =~ /[[:graph:]]/ or next;
- ($val = uri_unescape($val)) =~ /[[:graph:]]/ or next;
+ $key = uri_unescape($key);
+ $key =~ /([^a-z_12-])/ and fatal('404 Not Found',
+ 'Invalid character "%s" in query parameter "%s"', $1, $key);
+ if (defined $val) {
+ $val = uri_unescape($val);
+ $val =~ /([^a-zA-Z_01-9.\/-])/ and fatal('404 Not Found',
+ 'Invalid character "%s" in the value "%s" of the query parameter "%s"',
+ $1, $val, $key);
+ } else {
+ $val = 1;
+ }
$query{$key} = $val;
}
}
@@ -394,8 +368,8 @@ if (defined($ENV{QUERY_STRING})) {
undef %input;
my $t;
-for my $p (qw(graph hideattic hidecvsroot hidenonreadable ignorecase ln copt
- makeimage options tarball)) {
+for my $p (qw(hideattic hidecvsroot hidenonreadable ignorecase ln copt
+ options tarball)) {
$t = $query{$p};
if (defined($t)) {
($input{$p}) = ($t =~ /^([01]|on)$/)
@@ -497,7 +471,6 @@ for (my $i = 0; $i < scalar(@CVSrepositories); $i += 2
next;
}
$rootfound ||= 1;
- $cvstreedefault = $key unless defined($cvstreedefault);
$CVSROOTdescr{$key} = $descr;
$CVSROOT{$key} = $root;
push(@CVSROOT, $key);
@@ -510,20 +483,8 @@ unless ($rootfound) {
}
undef $rootfound;
-#
-# Default CVS root
-#
-if (!defined($CVSROOT{$cvstreedefault})) {
- fatal("500 Internal Error",
- '$cvstreedefault
points to a repository (%s) not ' .
- 'defined in @CVSrepositories
in your configuration ' .
- 'file (%s
).',
- $cvstreedefault,
- $config);
-}
+$DEFAULTVALUE{cvsroot} = $CVSrepositories[0];
-$DEFAULTVALUE{cvsroot} = $cvstreedefault;
-
while (my ($key, $defval) = each %DEFAULTVALUE) {
# Replace not given parameters with defaults.
@@ -558,33 +519,6 @@ foreach (@stickyvars) {
}
}
-if ($allow_enscript) {
- push(@DIFFTYPES, qw(uc cc sc));
- @DIFFTYPES{qw(uc cc sc)} = (
- {
- 'descr' => 'unified, colored',
- 'opts' => ['-u'],
- 'colored' => 0,
- },
- {
- 'descr' => 'context, colored',
- 'opts' => ['-c'],
- 'colored' => 0,
- },
- {
- 'descr' => 'side by side, colored',
- # width=168 should be enough to support 80 character line lengths
- 'opts' => ['--side-by-side', '--width=168'],
- 'colored' => 0,
- },
- );
-} else {
- # No Enscript -> respect difftype, but don't offer colorization.
- if ($input{f} && $input{f} =~ /^([ucs])c$/) {
- $input{f} = $1;
- }
-}
-
# is there any query ?
if (@barequery) {
$barequery = join (';', @barequery);
@@ -628,7 +562,7 @@ $logsort = $input{logsort};
if ($input{cvsroot} && $CVSROOT{$input{cvsroot}}) {
$cvstree = $input{cvsroot};
} else {
- $cvstree = $cvstreedefault;
+ $cvstree = $CVSrepositories[0];
}
$cvsroot = $CVSROOT{$cvstree};
@@ -657,10 +591,6 @@ if (-f $config_cvstree) {
}
undef $config_cvstree;
-$re_prcategories = '(?:' . join ('|', @prcategories) . ')' if @prcategories;
-$re_prkeyword = quotemeta($prkeyword) if defined($prkeyword);
-$prcgi .= '%s' if defined($prcgi) && $prcgi !~ /%s/;
-
$fullname = catfile($cvsroot, $where);
my $rewrite = 0;
@@ -706,7 +636,7 @@ if ($input{tarball}) {
my ($module) = ($where =~ m,^/?(.*),); # untaint
$module =~ s,/([^/]*)$,,;
- my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz|\.zip)$/);
+ my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz)$/);
my ($basedir) = ($module =~ m,([^/]+)$,);
if ($basedir eq '' || $module eq '') {
@@ -714,16 +644,11 @@ if ($input{tarball}) {
'You cannot download the top level directory.');
}
- my $istar = ($ext eq '.tar.gz' || $ext eq '.tgz');
+ my $istar = $ext eq '.tar.gz' || $ext eq '.tgz';
if ($istar) {
fatal('500 Internal Error', 'tar command not found.') unless $CMD{tar};
fatal('500 Internal Error', 'gzip command not found.') unless $CMD{gzip};
- }
- my $iszip = ($ext eq '.zip');
- if ($iszip && !$CMD{zip}) {
- fatal('500 Internal Error', 'zip command not found.');
- }
- if (!$istar && !$iszip) {
+ } else {
fatal('500 Internal Error', 'Unsupported archive type.');
}
@@ -768,10 +693,6 @@ if ($input{tarball}) {
my @gzip = ($CMD{gzip}, @gzip_options, '-c');
push(@cmd, \@tar, '|', \@gzip);
$ctype = 'application/x-gzip';
- } elsif ($iszip) {
- my @zip = ($CMD{zip}, @zip_options, '-r', '-', $basedir);
- push(@cmd, \@zip, \'');
- $ctype = 'application/zip';
}
push(@cmd, '>pipe', \*TAR_OUT);
@@ -783,12 +704,13 @@ if ($input{tarball}) {
$h->finish();
} else {
@fatal = ('500 Internal Error',
- '%s failure (exit status %s), output: %s', - $istar ? 'Tar' : 'Zip', $? >> 8 || -1, $err); + 'tar failure (exit status %s), output:
%s', + $? >> 8 || -1, $err); } } # Clean up. + chdir(".."); rmtree($tmpexportdir); &fatal(@fatal) if @fatal; @@ -865,15 +787,9 @@ if (-d $fullname) { # give direct access to dirs if ($where eq '/') { - chooseMirror(); chooseCVSRoot(); - } else { print '
Current directory: ', clickablePath($where, 0), ''; - if ($cvshistory_url) { - (my $d = $where) =~ s|^/*(.*?)/*$|$1|; - print ' - ', history_link($d, ''); - } print "
\n"; print "Current tag: ", htmlquote($input{only_with_tag}), "
\n" if $input{only_with_tag}; @@ -883,8 +799,8 @@ if (-d $fullname) { my $infocols = 1; - printf(<