=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 4.14 retrieving revision 4.40 diff -u -p -r4.14 -r4.40 --- cvsweb/cvsweb.cgi 2019/11/11 12:46:23 4.14 +++ cvsweb/cvsweb.cgi 2019/11/30 13:08:41 4.40 @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: cvsweb.cgi,v 4.14 2019/11/11 12:46:23 schwarze Exp $ +# $Id: cvsweb.cgi,v 4.40 2019/11/30 13:08:41 schwarze Exp $ # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon # # cvsweb - a CGI interface to CVS trees. @@ -55,35 +55,29 @@ use filetest qw(access); use vars qw ( $VERSION $CheckoutMagic $MimeTypes $DEBUG - $config $allow_version_select - @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr - %MIRRORS %DEFAULTVALUE %ICONS %MTYPES - %DIFF_COMMANDS @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS + @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr %DEFAULTVALUE %MTYPES + @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS %alltags %fileinfo %tags @branchnames %nameprinted %symrev %revsym @allrevisions %date %author @revdisplayorder @revisions %state %difflines %log %branchpoint @revorder $keywordsubstitution - $prcgi @prcategories $re_prcategories $prkeyword $re_prkeyword $mancgi - $doCheckout $scriptname $scriptwhere + $mancgi $doCheckout $scriptname $scriptwhere $where $Browser $nofilelinks $maycompress @stickyvars $is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased %input $query $barequery $sortby $bydate $byrev $byauthor $bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot - $charset $output_filter - @command_path %CMD $allow_compress $backicon $diricon $fileicon $graphicon - $fullname $cvstreedefault $logo $defaulttitle $address $binfileicon - $long_intro $short_instruction $shortLogLen $show_author - $tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst - $inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos + %CMD $allow_compress $backicon $diricon $fileicon + $fullname $logo $defaulttitle $address $binfileicon $iconsdir + $shortLogLen $show_author $hr_breakable $hr_ignwhite $hr_ignkeysubst + $mime_types $allow_annotate $allow_markup $allow_mailtos $allow_log_extra $allow_dir_extra $allow_source_extra - $allow_cvsgraph $cvsgraph_config $use_java_script $edit_option_form + $edit_option_form $show_subdir_lastmod $show_log_in_markup $preformat_in_markup $tabstop $state $annTable $sel @ForbiddenFiles - $use_descriptions %descriptions @mytz $dwhere + $use_descriptions %descriptions $dwhere $use_moddate $gzip_open $file_list_len - $allow_tar @tar_options @gzip_options @zip_options @cvs_options + $allow_tar @tar_options @cvs_options @annotate_options @rcsdiff_options - $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url - $allow_enscript @enscript_options %enscript_types + $HTML_DOCTYPE $HTML_META $cssurl $CSS ); require Compress::Zlib; @@ -91,7 +85,7 @@ use Cwd qw(abs_path); use File::Path qw(rmtree); use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir tmpdir updir); -use File::Temp qw(tempdir tempfile); +use File::Temp qw(tempdir); use IPC::Run qw(); use Time::Local qw(timegm); use URI::Escape qw(uri_escape uri_unescape); @@ -103,8 +97,6 @@ use constant CVSWEBMARKUP => qr{^text/(x-cvsweb|vnd\.v use constant LOG_FILESEPR => qr/^={77}$/o; use constant LOG_REVSEPR => qr/^-{28}$/o; -use constant HAS_EDIFF => eval { require String::Ediff; }; - # ----------------------------------------------------------------------------- # All global initialization that can be done in compile time should go to @@ -121,8 +113,7 @@ BEGIN $HTML_META = < - - + EOM @@ -138,10 +129,10 @@ EOM # ----------------------------------------------------------------------------- -sub printDiffSelect($); +sub printDiffSelect(); sub printDiffSelectStickyVars(); sub getDiffLinks($$$); -sub printLogSortSelect($); +sub printLogSortSelect(); sub findLastModifiedSubdirs(@); sub htmlify_sub(&$); sub htmlify($;$); @@ -149,20 +140,14 @@ sub spacedHtmlText($;$); sub link($$); sub revcmp($$); sub fatal($$@); -sub config_error($$); sub redirect($;$); sub safeglob($); sub search_path($); -sub getEnscriptHL($); sub getMimeType($;$); sub head($;$); sub scan_directives(@); -sub openOutputFilter(); sub doAnnotate($$); sub doCheckout($$$); -sub doEnscript($$$;$); -sub doGraph(); -sub doGraphView(); sub cvswebMarkup($$$$$$;$); sub viewable($); sub doDiff($$$$$$); @@ -177,14 +162,11 @@ sub plural_write($$); sub readableTime($$); sub clickablePath($$); sub chooseCVSRoot(); -sub chooseMirror(); sub fileSortCmp(); sub download_url($$;$); sub download_link($$$;$); sub display_url($$;$); sub display_link($$;$$); -sub graph_link($;$); -sub history_link($$;$); sub toggleQuery($;$); sub htmlquote($); sub htmlunquote($); @@ -196,31 +178,99 @@ sub link_tags($); sub forbidden($); sub startproc(@); sub runproc(@); -sub checkout_to_temp($$$); # Get rid of unsafe environment vars. Don't do this in the BEGIN block # (think mod_perl)... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); -# Location of the configuration file inside the web server chroot: -$config = '/conf/cvsweb/cvsweb.conf'; +# Helps to achieve read only access to the repositories +# with cvs >= 1.12.1 and doesn't hurt other versions. +$ENV{CVSREADONLYFS} = 1; -######## Configuration parameters ######### +######## configuration defaults ######### -@CVSrepositories = @CVSROOT = %CVSROOT = %MIRRORS = %DEFAULTVALUE = %ICONS = - %MTYPES = %tags = %alltags = %fileinfo = %DIFF_COMMANDS = (); +%CMD = ( + cvs => '/usr/bin/cvs', + rcsdiff => '/usr/bin/rcsdiff', + rlog => '/usr/bin/rlog', + tar => '/bin/tar', +); -$cvstreedefault = $logo = $defaulttitle = - $address = $long_intro = $short_instruction = $shortLogLen = $show_author = - $tablepadding = $hr_breakable = $showfunc = $hr_ignwhite = - $hr_ignkeysubst = $inputTextSize = $mime_types = $allow_annotate = - $allow_markup = $allow_compress = $use_java_script = $edit_option_form = - $show_subdir_lastmod = $show_log_in_markup = $preformat_in_markup = - $tabstop = $use_moddate = $gzip_open = $DEBUG = $allow_cvsgraph = - $cvsgraph_config = $cvshistory_url = $allow_tar = undef; +%DEFAULTVALUE = ( + f => 'u', + hideattic => 1, + hidecvsroot => 0, + hidenonreadable => 1, + ignorecase => 0, + ln => 0, + logsort => 'date', + sortby => 'file', +); -$allow_version_select = $allow_mailtos = $allow_log_extra = 1; +@ForbiddenFiles = ( + qr|^CVSROOT/+passwd$|o, # CVSROOT/passwd should not be 'cvs add'ed though. + qr|/\.cvspass$|o, # Ditto. Just in case. +); +%MTYPES = ( + gif => 'image/gif', + html => 'text/html', + jpeg => 'image/jpeg', + jpg => 'image/jpeg', + png => 'image/png', +); + +$address = 'CVSweb'; +$allow_annotate = 1; +$allow_compress = 0; +$allow_dir_extra = 1; +$allow_log_extra = 1; +$allow_mailtos = 1; +$allow_markup = 1; +$allow_source_extra = 1; +$allow_tar = 0; +@annotate_options = qw(-f -R); +$cssurl = '/css/cvsweb.css'; +@cvs_options = qw(-f -R); +@CVSrepositories = ('local', ['Local Repository', '/cvs']); +$DEBUG = 0; +$defaulttitle = 'CVS Repository'; +$edit_option_form = 1; +$file_list_len = 0; +$hr_breakable = 1; +$hr_ignkeysubst = 1; +$hr_ignwhite = 0; +$iconsdir = '/icons'; +$logo = undef; +$mancgi = 'https://man.openbsd.org/%s.%s'; +$mime_types = '/conf/mime.types'; +$preformat_in_markup = 0; +@rcsdiff_options = qw(-q); +$shortLogLen = 80; +$show_author = 1; +$show_log_in_markup = 1; +$show_subdir_lastmod = 0; +$tabstop = 8; +@tar_options = qw(); +$use_descriptions = 0; +$use_moddate = 1; + +######## load configuration ######### + +{ + my $config = '/conf/cvsweb/cvsweb.conf'; + last unless -e $config; + defined do $config and last; + $@ and fatal '500 Internal Error', + 'Error loading configuration file "%s": 
%s
', + $config, $@; + fatal '500 Internal Error', + 'Cannot read configuration file "%s": %s', + $config, $! || 'unknown error'; +} + +######## other global variables ######### + @DIFFTYPES = qw(h H u c); @DIFFTYPES{@DIFFTYPES} = ( { @@ -252,8 +302,16 @@ $allow_version_select = $allow_mailtos = $allow_log_ex { descr => 'Revision', }, ); -##### End of configuration parameters ##### +%alltags = (); +@CVSROOT = (); +%CVSROOT = (); +%CVSROOTdescr = (); +%fileinfo = (); +$gzip_open = 0; +%tags = (); +######## end of global variables ######### + my $pathinfo = ''; if (defined($ENV{PATH_INFO}) && $ENV{PATH_INFO} ne '') { ($pathinfo) = ($ENV{PATH_INFO} =~ VALID_PATH) @@ -273,7 +331,7 @@ $scriptname = '' unless defined($scriptname); $where = $pathinfo; $doCheckout = $where =~ s|^/$CheckoutMagic/|/|o; $where =~ s|^/||; -$scriptname =~ s|^/*|/|; +$scriptname =~ s|^/+||; # Let's workaround thttpd's stupidity.. if ($scriptname =~ m|/$|) { @@ -281,6 +339,7 @@ if ($scriptname =~ m|/$|) { my $re = quotemeta $pathinfo; $scriptname =~ s/$re$//; } +$scriptname = "/$scriptname" if $scriptname; # $scriptname : the URI escaped path to this script # $where : the path in the CVS repository (without leading /, or only /) @@ -325,16 +384,6 @@ $maycompress = ( qw(cvsroot hideattic ignorecase sortby logsort f only_with_tag ln hidecvsroot hidenonreadable); -# -# Load configuration. -# -if (-f $config) { - do "$config" or config_error($config, $@); -} else { - fatal("500 Internal Error", - 'Configuration not found. Set the parameter $config in cvsweb.cgi to your cvsweb.conf configuration file first.'); -} - # Try to find a readable dir where we can cd into. Some abs_path() # implementations as well as various cvs operations require such a dir to # work properly. @@ -376,8 +425,8 @@ if (defined($ENV{QUERY_STRING})) { undef %input; my $t; -for my $p (qw(graph hideattic hidecvsroot hidenonreadable ignorecase ln copt - makeimage options tarball)) { +for my $p (qw(hideattic hidecvsroot hidenonreadable ignorecase ln copt + options tarball)) { $t = $query{$p}; if (defined($t)) { ($input{$p}) = ($t =~ /^([01]|on)$/) @@ -479,33 +528,17 @@ for (my $i = 0; $i < scalar(@CVSrepositories); $i += 2 next; } $rootfound ||= 1; - $cvstreedefault = $key unless defined($cvstreedefault); $CVSROOTdescr{$key} = $descr; $CVSROOT{$key} = $root; push(@CVSROOT, $key); } unless ($rootfound) { - fatal('500 Internal Error', - 'No valid CVS roots found! See @CVSrepositories in ' . - 'the configuration file (%s).', - $config); + fatal('500 Internal Error', 'no valid CVS roots found'); } undef $rootfound; -# -# Default CVS root -# -if (!defined($CVSROOT{$cvstreedefault})) { - fatal("500 Internal Error", - '$cvstreedefault points to a repository (%s) not ' . - 'defined in @CVSrepositories in your configuration ' . - 'file (%s).', - $cvstreedefault, - $config); -} +$DEFAULTVALUE{cvsroot} = $CVSrepositories[0]; -$DEFAULTVALUE{cvsroot} = $cvstreedefault; - while (my ($key, $defval) = each %DEFAULTVALUE) { # Replace not given parameters with defaults. @@ -540,27 +573,6 @@ foreach (@stickyvars) { } } -if ($allow_enscript) { - push(@DIFFTYPES, qw(uc cc)); - @DIFFTYPES{qw(uc cc)} = ( - { - 'descr' => 'unified, colored', - 'opts' => ['-u'], - 'colored' => 0, - }, - { - 'descr' => 'context, colored', - 'opts' => ['-c'], - 'colored' => 0, - }, - ); -} else { - # No Enscript -> respect difftype, but don't offer colorization. - if ($input{f} && $input{f} =~ /^([ucs])c$/) { - $input{f} = $1; - } -} - # is there any query ? if (@barequery) { $barequery = join (';', @barequery); @@ -604,39 +616,27 @@ $logsort = $input{logsort}; if ($input{cvsroot} && $CVSROOT{$input{cvsroot}}) { $cvstree = $input{cvsroot}; } else { - $cvstree = $cvstreedefault; + $cvstree = $CVSrepositories[0]; } $cvsroot = $CVSROOT{$cvstree}; -# create icons out of description -foreach my $k (keys %ICONS) { - my ($itxt, $ipath, $iwidth, $iheight) = @{$ICONS{$k}}; - no strict 'refs'; - if ($ipath) { - ${"${k}icon"} = - sprintf('%s', - htmlquote($ipath), htmlquote($itxt), $iwidth, $iheight); - } else { - ${"${k}icon"} = $itxt; - } +if ($iconsdir) { + $backicon = '[BACK]'; + $diricon = '[DIR]'; + $fileicon = '[TXT]'; + $binfileicon = '[BIN]'; +} else { + $backicon = 'back'; + $diricon = 'dir'; + $fileicon = 'file'; + $binfileicon = 'binfile'; } -my $config_cvstree = "$config-$cvstree"; - -# Do some special configuration for cvstrees -if (-f $config_cvstree) { - do "$config_cvstree" - or fatal("500 Internal Error", - 'Error in loading configuration file: %s

%s
', - $config_cvstree, $@); -} -undef $config_cvstree; - -$re_prcategories = '(?:' . join ('|', @prcategories) . ')' if @prcategories; -$re_prkeyword = quotemeta($prkeyword) if defined($prkeyword); -$prcgi .= '%s' if defined($prcgi) && $prcgi !~ /%s/; - $fullname = catfile($cvsroot, $where); my $rewrite = 0; @@ -682,7 +682,7 @@ if ($input{tarball}) { my ($module) = ($where =~ m,^/?(.*),); # untaint $module =~ s,/([^/]*)$,,; - my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz|\.zip)$/); + my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz)$/); my ($basedir) = ($module =~ m,([^/]+)$,); if ($basedir eq '' || $module eq '') { @@ -690,18 +690,9 @@ if ($input{tarball}) { 'You cannot download the top level directory.'); } - my $istar = ($ext eq '.tar.gz' || $ext eq '.tgz'); - if ($istar) { - fatal('500 Internal Error', 'tar command not found.') unless $CMD{tar}; - fatal('500 Internal Error', 'gzip command not found.') unless $CMD{gzip}; + unless ($ext eq '.tar.gz' || $ext eq '.tgz') { + fatal('404 Not Found', 'Unsupported archive type.'); } - my $iszip = ($ext eq '.zip'); - if ($iszip && !$CMD{zip}) { - fatal('500 Internal Error', 'zip command not found.'); - } - if (!$istar && !$iszip) { - fatal('500 Internal Error', 'Unsupported archive type.'); - } my $tmpexportdir; eval { @@ -732,35 +723,20 @@ if ($input{tarball}) { ('500 Internal Error', 'Export failure (exit status %s), output: 
%s
', $errcode, $err || $export_err); - } else { - $| = 1; # Essential to get the buffering right. local (*TAR_OUT); - - my (@cmd, $ctype); - if ($istar) { - my @tar = ($CMD{tar}, @tar_options, '-cf', '-', $basedir); - my @gzip = ($CMD{gzip}, @gzip_options, '-c'); - push(@cmd, \@tar, '|', \@gzip); - $ctype = 'application/x-gzip'; - } elsif ($iszip) { - my @zip = ($CMD{zip}, @zip_options, '-r', '-', $basedir); - push(@cmd, \@zip, \''); - $ctype = 'application/zip'; - } - push(@cmd, '>pipe', \*TAR_OUT); - - my ($h, $err) = startproc(@cmd); + my ($h, $err) = startproc($CMD{tar}, @tar_options, '-czf', '-', + $basedir, '>pipe', \*TAR_OUT); if ($h) { - print "Content-Type: $ctype\r\n\r\n"; + print "Content-Type: application/x-gzip\r\n\r\n"; local $/ = undef; print ; $h->finish(); } else { @fatal = ('500 Internal Error', - '%s failure (exit status %s), output: 
%s
', - $istar ? 'Tar' : 'Zip', $? >> 8 || -1, $err); + 'tar failure (exit status %s), output: 
%s
', + $? >> 8 || -1, $err); } } @@ -787,8 +763,6 @@ if (-d $fullname) { if ($where eq '/') { html_header($defaulttitle); - $long_intro =~ s/!!CVSROOTdescr!!/$CVSROOTdescr{$cvstree}/g; - print $long_intro; } else { html_header($where); my $html = (-f catfile($fullname, 'README.cvs.html,v') || @@ -825,7 +799,6 @@ if (-d $fullname) { } $h->finish(); } - print $short_instruction; } if ($use_descriptions && @@ -842,15 +815,9 @@ if (-d $fullname) { # give direct access to dirs if ($where eq '/') { - chooseMirror(); chooseCVSRoot(); - } else { print '

Current directory: ', clickablePath($where, 0), ''; - if ($cvshistory_url) { - (my $d = $where) =~ s|^/*(.*?)/*$|$1|; - print ' - ', history_link($d, ''); - } print "

\n"; print "

Current tag: ", htmlquote($input{only_with_tag}), "

\n" if $input{only_with_tag}; @@ -860,8 +827,8 @@ if (-d $fullname) { my $infocols = 1; - printf(< + printf(< EOF printf('', ($byfile ? ' class="sorted"' : '')); @@ -1059,12 +1026,11 @@ EOF $filesfound++; printf "\n", ($dirrow % 2) ? 'even' : 'odd'; - printf '', $allow_cvsgraph ? '' : ' colspan="2"'; + printf ''; my $icon = $isbinary ? $binfileicon : $fileicon; print $nofilelinks ? $icon : &link($icon, $url); print ' ', &link(htmlquote($file), $url), $attic; - print '', graph_link($fileurl) if $allow_cvsgraph; print "\n", display_link($fileurl, $rev); my $ageclass = 'age'; my $age = ''; @@ -1129,10 +1095,10 @@ EOF || $input{$var} ne $DEFAULTVALUE{$var}) && $var ne 'only_with_tag'); } - printf(<