===================================================================
RCS file: /cvs/cvsweb/cvsweb.cgi,v
retrieving revision 4.3
retrieving revision 4.20
diff -u -p -r4.3 -r4.20
--- cvsweb/cvsweb.cgi	2019/11/09 09:11:55	4.3
+++ cvsweb/cvsweb.cgi	2019/11/11 15:46:39	4.20
@@ -1,5 +1,5 @@
-#!/usr/bin/perl -T
-# $Id: cvsweb.cgi,v 4.3 2019/11/09 09:11:55 schwarze Exp $
+#!/usr/bin/perl
+# $Id: cvsweb.cgi,v 4.20 2019/11/11 15:46:39 schwarze Exp $
 # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon
 #
 # cvsweb - a CGI interface to CVS trees.
@@ -50,7 +50,6 @@
 require 5.006;
 
 use strict;
-
 use warnings;
 use filetest qw(access);
 
@@ -63,20 +62,19 @@ use vars qw (
   %alltags %fileinfo %tags @branchnames %nameprinted
   %symrev %revsym @allrevisions %date %author @revdisplayorder
   @revisions %state %difflines %log %branchpoint @revorder $keywordsubstitution
-  $prcgi @prcategories $re_prcategories $prkeyword $re_prkeyword $mancgi
-  $doCheckout $scriptname $scriptwhere
+  $mancgi $doCheckout $scriptname $scriptwhere
   $where $Browser $nofilelinks $maycompress @stickyvars
   $is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased
   %input $query $barequery $sortby $bydate $byrev $byauthor
   $bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot
   $charset $output_filter
-  @command_path %CMD $allow_compress $backicon $diricon $fileicon $graphicon
+  @command_path %CMD $allow_compress $backicon $diricon $fileicon
   $fullname $cvstreedefault $logo $defaulttitle $address $binfileicon
   $long_intro $short_instruction $shortLogLen $show_author
   $tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst
   $inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos
   $allow_log_extra $allow_dir_extra $allow_source_extra
-  $allow_cvsgraph $cvsgraph_config $use_java_script $edit_option_form
+  $edit_option_form
   $show_subdir_lastmod $show_log_in_markup $preformat_in_markup
   $tabstop $state $annTable $sel @ForbiddenFiles
   $use_descriptions %descriptions @mytz $dwhere
@@ -84,11 +82,10 @@ use vars qw (
   $allow_tar @tar_options @gzip_options @zip_options @cvs_options
   @annotate_options @rcsdiff_options
   $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url
-  $allow_enscript @enscript_options %enscript_types
 );
 
+require Compress::Zlib;
 use Cwd                   qw(abs_path);
-use File::Basename        qw(dirname);
 use File::Path            qw(rmtree);
 use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir
                              tmpdir updir);
@@ -104,9 +101,6 @@ use constant CVSWEBMARKUP => qr{^text/(x-cvsweb|vnd\.v
 use constant LOG_FILESEPR => qr/^={77}$/o;
 use constant LOG_REVSEPR  => qr/^-{28}$/o;
 
-use constant HAS_ZLIB     => eval { require Compress::Zlib; };
-use constant HAS_EDIFF    => eval { require String::Ediff;  };
-
 # -----------------------------------------------------------------------------
 
 # All global initialization that can be done in compile time should go to
@@ -115,7 +109,7 @@ use constant HAS_EDIFF    => eval { require String::Ed
 
 BEGIN
 {
-  $VERSION = '3.0.6';
+  $VERSION = '3.1';
 
   $HTML_DOCTYPE =
     '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" ' .
@@ -123,8 +117,7 @@ BEGIN
 
   $HTML_META = <<EOM;
 <meta name="robots" content="nofollow" />
-<meta name="generator" content="FreeBSD-CVSweb $VERSION" />
-<meta http-equiv="Content-Script-Type" content="text/javascript" />
+<meta name="generator" content="CVSweb $VERSION" />
 <meta http-equiv="Content-Style-Type" content="text/css" />
 EOM
 
@@ -140,10 +133,10 @@ EOM
 
 # -----------------------------------------------------------------------------
 
-sub printDiffSelect($);
+sub printDiffSelect();
 sub printDiffSelectStickyVars();
 sub getDiffLinks($$$);
-sub printLogSortSelect($);
+sub printLogSortSelect();
 sub findLastModifiedSubdirs(@);
 sub htmlify_sub(&$);
 sub htmlify($;$);
@@ -155,16 +148,12 @@ sub config_error($$);
 sub redirect($;$);
 sub safeglob($);
 sub search_path($);
-sub getEnscriptHL($);
 sub getMimeType($;$);
 sub head($;$);
 sub scan_directives(@);
 sub openOutputFilter();
 sub doAnnotate($$);
 sub doCheckout($$$);
-sub doEnscript($$$;$);
-sub doGraph();
-sub doGraphView();
 sub cvswebMarkup($$$$$$;$);
 sub viewable($);
 sub doDiff($$$$$$);
@@ -185,7 +174,6 @@ sub download_url($$;$);
 sub download_link($$$;$);
 sub display_url($$;$);
 sub display_link($$;$$);
-sub graph_link($;$);
 sub history_link($$;$);
 sub toggleQuery($;$);
 sub htmlquote($);
@@ -204,23 +192,9 @@ sub checkout_to_temp($$$);
 # (think mod_perl)...
 delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)});
 
-my ($mydir) = (dirname($0) =~ /(.*)/);    # untaint
+# Location of the configuration file inside the web server chroot:
+$config = '/conf/cvsweb/cvsweb.conf';
 
-##### Start of Configuration Area ########
-
-# == EDIT this ==
-# Locations to search for user configuration, in order:
-for (catfile($mydir, 'cvsweb.conf'), '/usr/local/etc/cvsweb/cvsweb.conf') {
-  if (-r $_) {
-    $config = $_;
-    last;
-  }
-}
-
-##### End of Configuration Area   ########
-
-undef $mydir;
-
 ######## Configuration parameters #########
 
 @CVSrepositories = @CVSROOT = %CVSROOT = %MIRRORS = %DEFAULTVALUE = %ICONS =
@@ -230,10 +204,10 @@ $cvstreedefault = $logo = $defaulttitle =
   $address = $long_intro = $short_instruction = $shortLogLen = $show_author =
   $tablepadding = $hr_breakable = $showfunc = $hr_ignwhite =
   $hr_ignkeysubst = $inputTextSize = $mime_types = $allow_annotate =
-  $allow_markup = $allow_compress = $use_java_script = $edit_option_form =
+  $allow_markup = $allow_compress = $edit_option_form =
   $show_subdir_lastmod = $show_log_in_markup = $preformat_in_markup =
-  $tabstop = $use_moddate = $gzip_open = $DEBUG = $allow_cvsgraph =
-  $cvsgraph_config = $cvshistory_url = $allow_tar = undef;
+  $tabstop = $use_moddate = $gzip_open = $DEBUG =
+  $cvshistory_url = $allow_tar = undef;
 
 $allow_version_select = $allow_mailtos = $allow_log_extra = 1;
 
@@ -333,7 +307,7 @@ $maycompress = (
     && $ENV{HTTP_ACCEPT_ENCODING} =~ /gzip/)
    || $is_mozilla3)
   && !$is_msie
-  && !(defined($ENV{MOD_PERL}) && !HAS_ZLIB)
+  && !(defined($ENV{MOD_PERL}))
 );
 
 # Parameters that will be sticky in all constructed links/query strings.
@@ -374,9 +348,17 @@ if (defined($ENV{QUERY_STRING})) {
     $p =~ y/+/ /;
     my ($key, $val) = split(/=/, $p, 2);
     next unless defined($key);
-    $val = 1 unless defined($val);
-    ($key = uri_unescape($key)) =~ /[[:graph:]]/ or next;
-    ($val = uri_unescape($val)) =~ /[[:graph:]]/ or next;
+    $key = uri_unescape($key);
+    $key =~ /([^a-z_12-])/ and fatal('404 Not Found',
+      'Invalid character "%s" in query parameter "%s"', $1, $key);
+    if (defined $val) {
+      $val = uri_unescape($val);
+      $val =~ /([^a-zA-Z_01-9.\/-])/ and fatal('404 Not Found',
+        'Invalid character "%s" in the value "%s" of the query parameter "%s"',
+        $1, $val, $key);
+    } else {
+      $val = 1;
+    }
     $query{$key} = $val;
   }
 }
@@ -384,8 +366,8 @@ if (defined($ENV{QUERY_STRING})) {
 undef %input;
 
 my $t;
-for my $p (qw(graph hideattic hidecvsroot hidenonreadable ignorecase ln copt
-              makeimage options tarball)) {
+for my $p (qw(hideattic hidecvsroot hidenonreadable ignorecase ln copt
+              options tarball)) {
   $t = $query{$p};
   if (defined($t)) {
     ($input{$p}) = ($t =~ /^([01]|on)$/)
@@ -548,27 +530,6 @@ foreach (@stickyvars) {
   }
 }
 
-if ($allow_enscript) {
-  push(@DIFFTYPES, qw(uc cc));
-  @DIFFTYPES{qw(uc cc)} = (
-    {
-     'descr'   => 'unified, colored',
-     'opts'    => ['-u'],
-     'colored' => 0,
-    },
-    {
-     'descr'   => 'context, colored',
-     'opts'    => ['-c'],
-     'colored' => 0,
-    },
-  );
-} else {
-  # No Enscript -> respect difftype, but don't offer colorization.
-  if ($input{f} && $input{f} =~ /^([ucs])c$/) {
-    $input{f} = $1;
-  }
-}
-
 # is there any query ?
 if (@barequery) {
   $barequery = join (';', @barequery);
@@ -641,10 +602,6 @@ if (-f $config_cvstree) {
 }
 undef $config_cvstree;
 
-$re_prcategories  = '(?:' . join ('|', @prcategories) . ')' if @prcategories;
-$re_prkeyword     = quotemeta($prkeyword) if defined($prkeyword);
-$prcgi           .= '%s' if defined($prcgi) && $prcgi !~ /%s/;
-
 $fullname         = catfile($cvsroot, $where);
 
 my $rewrite = 0;
@@ -773,6 +730,7 @@ if ($input{tarball}) {
   }
 
   # Clean up.
+  chdir("..");
   rmtree($tmpexportdir);
 
   &fatal(@fatal) if @fatal;
@@ -1066,12 +1024,11 @@ EOF
       $filesfound++;
 
       printf "<tr class=\"%s\">\n", ($dirrow % 2) ? 'even' : 'odd';
-      printf '<td class="file"%s>', $allow_cvsgraph ? '' : ' colspan="2"';
+      printf '<td class="file" colspan="2">';
 
       my $icon = $isbinary ? $binfileicon : $fileicon;
       print $nofilelinks ? $icon : &link($icon, $url);
       print '&nbsp;', &link(htmlquote($file), $url), $attic;
-      print '</td><td class="graph">', graph_link($fileurl) if $allow_cvsgraph;
       print "</td>\n<td width=\"30\">", display_link($fileurl, $rev);
       my $ageclass = 'age';
       my $age      = '';
@@ -1136,10 +1093,10 @@ EOF
                 || $input{$var} ne $DEFAULTVALUE{$var})
             && $var ne 'only_with_tag');
     }
-    printf(<<EOF, ($use_java_script ? ' onchange="this.form.submit()"' : ''));
+    print <<EOF;
 <span class="nowrap">
 <label for="only_with_tag" accesskey="T">Show only files with tag:
-<select id="only_with_tag" name="only_with_tag"%s>
+<select id="only_with_tag" name="only_with_tag">
 <option value="">All tags / default branch</option>
 EOF
     foreach my $tag (reverse sort { lc $a cmp lc $b } keys %tags) {
@@ -1186,7 +1143,7 @@ EOF
 <legend>General options</legend>
 <input type="hidden" name="copt" value="1" />
 EOF
-    for my $v qw(hidecvsroot hidenonreadable) {
+    for my $v (qw(hidecvsroot hidenonreadable)) {
       printf(qq{<input type="hidden" name="%s" value="%s" />\n},
              $v, $input{$v} || 0);
     }
@@ -1237,7 +1194,7 @@ EOF
 </td>
 <td class="opt-value">
 EOF
-    printLogSortSelect(0);
+    printLogSortSelect();
     print <<EOF;
 </td>
 <td class="opt-label">
@@ -1256,7 +1213,7 @@ EOF
 </td>
 <td>
 EOF
-    printDiffSelect(0);
+    printDiffSelect();
     print <<EOF;
 </td>
 <td colspan="2" class="opt-label">
@@ -1295,16 +1252,6 @@ elsif (-f $fullname . ',v') {
     exit;
   }
 
-  if ($allow_cvsgraph && $input{graph}) {
-    if ($input{makeimage}) {
-      doGraph();
-    } else {
-      doGraphView();
-    }
-    gzipclose();
-    exit;
-  }
-
   &doLog($fullname);
 }
 
@@ -1380,12 +1327,9 @@ gzipclose();
 ## End MAIN
 
 
-sub printDiffSelect($)
+sub printDiffSelect()
 {
-  my ($use_java_script) = @_;
-
   print '<select id="f" name="f"';
-  print ' onchange="this.form.submit()"' if $use_java_script;
   print ">\n";
 
   for my $difftype (@DIFFTYPES) {
@@ -1409,12 +1353,9 @@ sub printDiffSelectStickyVars()
 }
 
 
-sub printLogSortSelect($)
+sub printLogSortSelect()
 {
-  my ($use_java_script) = @_;
-
   print '<select id="logsort" name="logsort"';
-  print ' onchange="this.form.submit()"' if $use_java_script;
   print ">\n";
 
   for my $sortkey (@LOGSORTKEYS) {
@@ -1508,39 +1449,6 @@ sub htmlify($;$)
   }
 
   if ($extra) {
-
-    # get PR #'s as link: "PR#nnnn" "PR: nnnn, ..." "PR nnnn, ..." "bin/nnnn"
-    if (defined($prcgi) && defined($re_prkeyword)) {
-      my $prev;
-
-      do {
-        $prev = $_;
-        $_ = htmlify_sub {
-          s{
-            (\b$re_prkeyword[:\#]?\s*
-             (?:
-              \#?
-              \d+[,\s]\s*
-             )*
-             \#?)
-            (\d+)\b
-           }{
-             $1 . &link($2, sprintf($prcgi, $2))
-           }egix;
-        } $_;
-      } while ($_ ne $prev);
-
-      if (defined($re_prcategories)) {
-        $_ = htmlify_sub {
-          s{
-            (\b$re_prcategories/(\d+)\b)
-           }{
-             &link($1, sprintf($prcgi, $2))
-           }egox;
-        } $_;
-      }
-    }
-
     # get manpage specs as link: "foo.1" "foo(1)"
     if (defined($mancgi)) {
       $_ = htmlify_sub {
@@ -1556,7 +1464,7 @@ sub htmlify($;$)
          }{
             my($text, $name, $section) = ($1, $2, defined($3) ? $3 : $4);
             ($name =~ /[A-Za-z]/ && $name !~ /\.(:|$)/)
-             ? &link($text, sprintf($mancgi, $section, uri_escape($name)))
+             ? &link($text, sprintf($mancgi, uri_escape($name), $section))
               : $text;
          }egx;
       } $_;
@@ -1718,21 +1626,6 @@ sub search_path($)
 
 
 #
-# Gets the enscript(1) highlight mode corresponding to the given filename,
-# or undef if unsupported.
-#
-sub getEnscriptHL($)
-{
-  return undef unless $allow_enscript;
-  my ($filename) = @_;
-  while (my ($hl, $regex) = each %enscript_types) {
-    return $hl if ($filename =~ $regex);
-  }
-  return undef;
-}
-
-
-#
 # Gets the MIME type for the given file name.
 #
 sub getMimeType($;$)
@@ -2160,14 +2053,8 @@ EOF
     printf '<embed src="%s" width="100%%" height="100%%" /><br />',
       $url . $barequery;
   } else {
-
     print "<pre>\n";
     my $linenumbers = $input{ln} || 0;
-
-    if (my $enscript_hl = getEnscriptHL($filename)) {
-      doEnscript($filehandle, $enscript_hl, $linenumbers);
-
-    } else {
       my $ln  = 0;
       my @buf = ();
       my $ts  = undef;
@@ -2187,8 +2074,6 @@ EOF
         }
         print $preformat_in_markup ? spacedHtmlText($_, $ts) : htmlquote($_);
       }
-    }
-
     print "</pre>\n";
   }
   html_footer();
@@ -2331,36 +2216,6 @@ sub doDiff($$$$$$)
     html_footer();
     gzipclose();
     exit;
-
-  } elsif ($f =~ /^([ucs])c$/) {
-    #
-    # Enscript colored diff.
-    #
-    my $hl = 'diff';
-    $hl .= $1 if ($1 eq 'u' || $1 eq 's');
-    (my $where_nd = $where)       =~ s/\.diff$//;
-    (my $pathname = $where_nd)    =~ s|((?<=/)Attic/)?[^/]*$||;
-    (my $filename = $where_nd)    =~ s|^.*/||;
-    (my $swhere   = $scriptwhere) =~ s|\.diff$||;
-    navigateHeader($swhere, $pathname, $filename, $rev2, 'diff');
-    printf(<<EOF, $where_nd, $rev1, $rev2);
-<h3 style="text-align: center">Diff for /%s between versions %s and %s</h3>
-<pre>
-EOF
-    doEnscript(\$fh, $hl, 0, 'cvsweb_diff');
-    print <<EOF;
-</pre>
-<hr style="width: 100%" />
-<form method="get" action="$scriptwhere">
-EOF
-    printDiffSelectStickyVars();
-    print 'Diff format: ';
-    printDiffSelect($use_java_script);
-    print "<input type=\"submit\" value=\"Show\" />\n</form>\n";
-    html_footer();
-    gzipclose();
-    exit;
-
   } else {
     #
     # Plain diff.
@@ -2928,8 +2783,6 @@ sub printLog($$$;$$)
                             $fileurl, $_, $barequery, $_));
       }
     }
-    print ' - ', graph_link('', 'revision graph')
-      if (!$inlogview && $allow_cvsgraph);
   }
   print "<br />\n";
 
@@ -3062,89 +2915,6 @@ sub printLog($$$;$$)
 }
 
 
-#
-# Generates the HTML view for CvsGraph.
-#
-sub doGraphView()
-{
-  (my $pathname = $where) =~ s|[^/]*$||;
-  (my $filename = $where) =~ s|^.*/||;
-
-  navigateHeader($scriptwhere, $pathname, $filename, undef, 'graph');
-
-  my $title = 'Revision graph of ' . htmlquote($pathname . $filename);
-  my $mapname = 'CvsGraphMap';
-
-  printf(<<EOF, $title, $mapname, $cvstree, $title);
-<h3 style="text-align: center">%s</h3>
-<div style="text-align: center"><img border="0" usemap="#%s" src="?cvsroot=%s;graph=1;makeimage=1" alt="%s" />
-EOF
-
-  # Remove any pre-existing tag/branch names from branch links.
-  (my $notag_query = $barequery) =~ s/;+only_with_tag=.*?(?=;|$)//g;
-
-  my @graph_cmd =
-    ($CMD{cvsgraph},
-     '-r', $cvsroot,
-     '-m', $pathname,
-     '-i',
-     '-M', $mapname,
-     '-x', 'x',
-     "-Omap_branch_href=\"href=\\\"./?only_with_tag=%(%t%)$notag_query\\\"\"",
-     "-Omap_rev_href=\"href=\\\"?rev=%(%R%)$barequery\\\"\"",
-     "-Omap_diff_href=\"href=\\\"%(%F%).diff" .
-     "?r1=%(%P%);r2=%(%R%)$barequery\\\"\"",
-     );
-  push(@graph_cmd, '-c', $cvsgraph_config) if $cvsgraph_config;
-  push(@graph_cmd, $filename . ',v');
-
-  local *CVSGRAPH_OUT;
-  my ($h, $err) =
-    startproc(\@graph_cmd, \"", '>pipe', \*CVSGRAPH_OUT);
-  fatal('500 Internal Error', $err) unless $h;
-
-  # Browser compatibility kludge: many browsers do not support client side
-  # image maps where the <map> element contains only the id attribute.  Let's
-  # add the corresponding name attribute to it on the fly.
-  while (<CVSGRAPH_OUT>) {
-    s/(<map\s+id="([^"]+)")\s*>/$1 name="$2">/;
-    print;
-  }
-
-  $h->finish();
-  print "</div>\n";
-
-  html_footer();
-}
-
-
-#
-# Generates a graph using CvsGraph.
-#
-sub doGraph()
-{
-  (my $pathname = $where) =~ s|[^/]*$||;
-  (my $filename = $where) =~ s|^.*/||;
-
-  http_header('image/png');
-
-  my @graph_cmd = ($CMD{cvsgraph}, '-r', $cvsroot, '-m', $pathname);
-  push(@graph_cmd, '-c', $cvsgraph_config) if $cvsgraph_config;
-  push(@graph_cmd, $filename . ',v');
-
-  local *CVSGRAPH_OUT;
-  my ($h, $err) =
-    startproc(\@graph_cmd, \"", '>pipe', \*CVSGRAPH_OUT);
-  fatal('500 Internal Error', $err) unless $h;
-  {
-    local $/ = undef;
-    binmode(\*STDOUT);
-    print <CVSGRAPH_OUT>;
-  }
-  $h->finish();
-}
-
-
 sub doLog($)
 {
   my ($fullname) = @_;
@@ -3169,8 +2939,6 @@ sub doLog($)
     &clickablePath($upwhere, 1), "</b>\n</p>\n";
   print "<p>\n ";
   print &link('Request diff between arbitrary revisions', '#diff');
-  print ' - ', &graph_link('', 'Display revisions graphically')
-    if $allow_cvsgraph;
   if ($cvshistory_url) {
     (my $d = $upwhere) =~ s|/+$||;
     print ' - ', history_link($d, $filename);
@@ -3273,7 +3041,7 @@ EOF
 </td>
 <td class="opt-value">
 EOF
-  printDiffSelect($use_java_script);
+  printDiffSelect();
   print <<EOF;
 </td>
 <td></td>
@@ -3282,14 +3050,14 @@ EOF
 
   if (@branchnames) {
 
-    printf(<<EOF, $use_java_script ? ' onchange="this.form.submit()"' : '');
+    print <<EOF;
 <tr>
 <td class="opt-label">
 <label for="only_with_tag" accesskey="B">View only branch:</label>
 </td>
 <td class="opt-value">
 <a name="branch">
-<select id="only_with_tag" name="only_with_tag"%s>
+<select id="only_with_tag" name="only_with_tag">
 EOF
 
     my @tmp = ();
@@ -3322,7 +3090,7 @@ EOF
 </td>
 <td>
 EOF
-  printLogSortSelect($use_java_script);
+  printLogSortSelect();
   print <<EOF;
 </td>
 <td><input type="submit" value="Set" accesskey="S" /></td>
@@ -3360,214 +3128,6 @@ EOF
     }
   } elsif ($state eq "PreChange") {     # state eq "PreChange"
                                         # we got removes with subsequent adds
-    if (HAS_EDIFF) {
-      # construct the suffix tree
-      my $left_diff = join("\n", @$leftColRef[0..$leftRow-1]);
-      my $right_diff = join("\n", @$rightColRef[0..$rightRow-1]);
-      my $diff_str = String::Ediff::ediff($left_diff, $right_diff);
-
-      my @diff_str = split(/ /, $diff_str);
-      my $INFINITY = 10000000;
-      push(@diff_str, ($INFINITY) x 8);
-      my ($idx, $b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-        (0, @diff_str[0..7]);
-      my ($l_cul, $r_cul) = (0, 0);
-      my ($ldx, $rdx) = (0, 0);
-      my (@left_html, @right_html);
-      for (my $j = 0; $j < $leftRow; $j++) {
-        my $line_len = length(@$leftColRef[$j]);
-        my $line = @$leftColRef[$j];
-        $l_cul += length($line) + 1; # includes "\n"
-        my $l_culx = $l_cul - 1; # not includes "\n"
-        if ($j < $lb1) {
-          $line = spacedHtmlText($line);
-          push(@left_html, "<td class=\"diff diff-changed\">$line</td>");
-        } elsif ($lb1 == $j) {
-          my $html_line;
-          while ($lb1 == $j) {
-            my $begin_char = $l_culx - $b1;
-
-            $line =~ /^(.*)(.{$begin_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-unchanged">';
-            $line = $2;
-            last if ($j != $le1);
-
-            my $end_char = $l_culx - $e1;
-            $line =~ /^(.*)(.{$end_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-changed">';
-            $line = $2;
-
-            $idx++;
-            my ($tb1, $te1, $tlb1, $tle1, $tb2, $te2, $tlb2, $tle2) =
-              ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2);
-            ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-              @diff_str[$idx*8..($idx+1)*8-1];
-            $lb1 = $INFINITY if ($lb1 < 0);
-            $lb2 = $INFINITY if ($lb2 < 0);
-            $le1 = $INFINITY if ($le1 < 0);
-            $le2 = $INFINITY if ($le2 < 0);
-            if ($te1 > $b1) {
-              ($b1, $lb1) = ($te1, $tle1);
-            }
-            if ($te2 > $b2) {
-              ($b2, $lb2) = ($te2, $tle2);
-            }
-          }
-          push(@left_html,
-               sprintf('<td><span class="diff diff-changed">%s%s</span></td>',
-                       $html_line, spacedHtmlText($line)));
-        } elsif ($le1 == $j) {
-          my $html_line;
-          while ($le1 == $j) {
-            my $end_char = $l_culx - $e1;
-            $line =~ /^(.*)(.{$end_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-changed">';
-            $line = $2;
-
-            $idx++;
-            my ($tb1, $te1, $tlb1, $tle1, $tb2, $te2, $tlb2, $tle2) =
-              ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2);
-            ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-              @diff_str[$idx*8..($idx+1)*8-1];
-            $lb1 = $INFINITY if ($lb1 < 0);
-            $lb2 = $INFINITY if ($lb2 < 0);
-            $le1 = $INFINITY if ($le1 < 0);
-            $le2 = $INFINITY if ($le2 < 0);
-            if ($te1 > $b1) {
-              ($b1, $lb1) = ($te1, $tle1);
-            }
-            if ($te2 > $b2) {
-              ($b2, $lb2) = ($te2, $tle2);
-            }
-
-            last if ($lb1 != $j);
-
-            my $begin_char = $l_culx - $b1;
-
-            $line =~ /^(.*)(.{$begin_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-unchanged">';
-            $line = $2;
-          }
-          push(@left_html,
-              sprintf('<td><span class="diff diff-unchanged">%s%s</span></td>',
-                      $html_line, spacedHtmlText($line)));
-        } else {
-          $line = spacedHtmlText($line);
-          push(@left_html, "<td class=\"diff diff-unchanged\">$line</td>");
-        }
-      }
-      ($idx, $b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-        (0, @diff_str[0..7]);
-      $lb1 = $INFINITY if ($lb1 < 0);
-      $lb2 = $INFINITY if ($lb2 < 0);
-      $le1 = $INFINITY if ($le1 < 0);
-      $le2 = $INFINITY if ($le2 < 0);
-      for (my $j = 0; $j < $rightRow; $j++) {
-        my $line_len = length(@$rightColRef[$j]);
-        my $line = @$rightColRef[$j];
-        $r_cul += length($line) + 1; # includes "\n"
-        my $r_culx = $r_cul - 1; # not includes "\n"
-        if ($j < $lb2) {
-          $line = spacedHtmlText($line);
-          push(@right_html, "<td class=\"diff diff-changed\">$line</td>");
-        } elsif ($lb2 == $j) {
-          my $html_line;
-          while ($lb2 == $j) {
-            my $begin_char = $r_culx - $b2;
-
-            $line =~ /^(.*)(.{$begin_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-unchanged">';
-            $line = $2;
-
-            last if ($j != $le2);
-
-            my $end_char = $r_culx - $e2;
-            $line =~ /^(.*)(.{$end_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-changed">';
-            $line = $2;
-
-            $idx++;
-            my ($tb1, $te1, $tlb1, $tle1, $tb2, $te2, $tlb2, $tle2) =
-              ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2);
-            ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-              @diff_str[$idx*8..($idx+1)*8-1];
-            $lb1 = $INFINITY if ($lb1 < 0);
-            $lb2 = $INFINITY if ($lb2 < 0);
-            $le1 = $INFINITY if ($le1 < 0);
-            $le2 = $INFINITY if ($le2 < 0);
-            if ($te1 > $b1) {
-              ($b1, $lb1) = ($te1, $tle1);
-            }
-            if ($te2 > $b2) {
-              ($b2, $lb2) = ($te2, $tle2);
-            }
-          }
-          push(@right_html,
-               sprintf('<td><span class="diff diff-changed">%s%s</span></td>',
-                       $html_line, spacedHtmlText($line)));
-        } elsif ($le2 == $j) {
-          my $html_line;
-          while ($le2 == $j) {
-            my $end_char = $r_culx - $e2;
-            $line =~ /^(.*)(.{$end_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-changed">';
-            $line = $2;
-
-            $idx++;
-            my ($tb1, $te1, $tlb1, $tle1, $tb2, $te2, $tlb2, $tle2) =
-              ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2);
-            ($b1, $e1, $lb1, $le1, $b2, $e2, $lb2, $le2) =
-              @diff_str[$idx*8..($idx+1)*8-1];
-            $lb1 = $INFINITY if ($lb1 < 0);
-            $lb2 = $INFINITY if ($lb2 < 0);
-            $le1 = $INFINITY if ($le1 < 0);
-            $le2 = $INFINITY if ($le2 < 0);
-            if ($te1 > $b1) {
-              ($b1, $lb1) = ($te1, $tle1);
-            }
-            if ($te2 > $b2) {
-              ($b2, $lb2) = ($te2, $tle2);
-            }
-
-            last if ($lb2 != $j);
-
-            my $begin_char = $r_culx - $b2;
-            $line =~ /^(.*)(.{$begin_char})$/;
-            $html_line .= spacedHtmlText($1) .
-              '</span><span class="diff diff-unchanged">';
-            $line = $2;
-          }
-          push(@right_html,
-               sprintf('<td nowrap="nowrap"><span class="diff diff-unchanged"'.
-                       '>%s%s</span></td>',
-                       $html_line, spacedHtmlText($line)));
-        } else {
-          $line = spacedHtmlText ($line);
-          push @right_html, "<td class=\"diff diff-unchanged\">$line</td>";
-        }
-      }
-      for (my $j = 0; $j < $leftRow || $j < $rightRow ; $j++) { # dump out both cols
-        print  '<tr>';
-        if ($j < $leftRow) {
-          print $left_html[$j];
-        } else {
-          print '<td class="diff diff-changed-missing">&nbsp;</td>';
-        }
-        if ($j < $rightRow) {
-          print $right_html[$j];
-        } else {
-          print '<td class="diff diff-changed-missing">&nbsp;</td>';
-        }
-        print "</tr>\n";
-      }
-    } else {
       for (my $j = 0; $j < $leftRow || $j < $rightRow; $j++) { # dump both cols
         print "<tr>\n";
         if ($j < $leftRow) {
@@ -3586,7 +3146,6 @@ EOF
         }
         print "\n</tr>\n";
       }
-    }
   }
 }
 
@@ -3757,7 +3316,7 @@ EOF
 <label for="f">Diff format:<br />
 EOF
   printDiffSelectStickyVars();
-  printDiffSelect($use_java_script);
+  printDiffSelect();
   printf(<<EOF, $rev1, $rev2);
 </label>
 <input type="submit" value="Show" />
@@ -3779,36 +3338,6 @@ EOF
 }
 
 
-sub doEnscript($$$;$)
-{
-  my ($filehandle, $highlight, $linenumbers, $lang) = @_;
-  $lang ||= 'cvsweb';
-
-  my @cmd = ($CMD{enscript},
-             @enscript_options,
-             '-q', "--language=$lang", '-o', '-', "--highlight=$highlight");
-
-  local *ENSCRIPT_OUT;
-  my ($h, $err) =
-    startproc(\@cmd, $filehandle, '>pipe', \*ENSCRIPT_OUT);
-  fatal('500 Internal Error', $err) unless $h;
-
-  # We could short-circuit and have enscript output directly to STDOUT above,
-  # but that doesn't work with mod_perl (at least some 1.99 versions).
-  if ($linenumbers) {
-    my $ln = 0;
-    while (<ENSCRIPT_OUT>) {
-      printf '<a id="l%d" class="src">%5d: </a>', (++$ln) x 2;
-      print $_;
-    }
-  } else {
-    local $/ = undef;
-    print <ENSCRIPT_OUT>;
-  }
-  $h->finish();
-}
-
-
 #
 # The passed in $path and $filename should not be URI escaped, and $swhere
 # *should* be.
@@ -3967,9 +3496,9 @@ sub chooseCVSRoot()
         if ($input{$k} && $k ne 'cvsroot');
     }
 
-    printf(<<EOF, $use_java_script ? ' onchange="this.form.submit()"' : '');
+    print <<EOF;
 <label for="cvsroot" accesskey="C">CVS Root:
-<select id="cvsroot" name="cvsroot"%s>
+<select id="cvsroot" name="cvsroot">
 EOF
 
     foreach my $k (@CVSROOT) {
@@ -4147,17 +3676,6 @@ sub display_link($$;$$)
 }
 
 #
-# Expects the passed in URL to be URI escaped, and without a query string.
-# The passed in link text should be already HTML escaped as appropriate.
-#
-sub graph_link($;$)
-{
-  my ($url, $text) = @_;
-  $text ||= $graphicon;
-  return sprintf('<a href="%s?graph=1%s">%s</a>', $url, $barequery, $text);
-}
-
-#
 # Returns a link to CVSHistory for the given directory and filename.
 #
 sub history_link($$;$)
@@ -4210,6 +3728,7 @@ sub htmlquote($)
   # Special Characters; RFC 1866
   s/&/&amp;/g;
   s/\"/&quot;/g;
+  s/%22/&quot;/g;
   s/</&lt;/g;
   s/>/&gt;/g;
   return $_;
@@ -4249,12 +3768,10 @@ sub http_header(;$$)
   push(@headers, 'Last-Modified: ' . scalar gmtime($moddate) . ' GMT')
     if $moddate;
   push(@headers, 'Content-Type: ' . $content_type);
+  push(@headers, "Content-Security-Policy: default-src 'none'; " .
+    "img-src 'self'; style-src 'unsafe-inline'");
 
   if ($allow_compress && $maycompress) {
-    if (HAS_ZLIB
-        || (defined($CMD{gzip}) && open(GZIP, "| $CMD{gzip} -1 -c")))
-    {
-
       push(@headers, 'Content-Encoding: gzip');
       push(@headers, 'Vary: Accept-Encoding');     # RFC 2616, 14.44
       print join("\r\n", @headers) . "\r\n\r\n";
@@ -4262,18 +3779,9 @@ sub http_header(;$$)
       $| = 1;
       $| = 0;                                      # Flush header output.
 
-      tie(*GZIP, __PACKAGE__, \*STDOUT) if HAS_ZLIB;
+      tie(*GZIP, __PACKAGE__, \*STDOUT);
       select(GZIP);
       $gzip_open = 1;
-
-    } else {
-
-      print join("\r\n", @headers) . "\r\n\r\n";
-      printf
-        '<span style="font-size: smaller">Unable to find gzip binary in the <b>$command_path</b> (<code>%s</code>) to compress output</span><br />',
-          htmlquote(join(':', @command_path));
-    }
-
   } else {
     print join("\r\n", @headers) . "\r\n\r\n";
   }
@@ -4441,7 +3949,7 @@ sub TIEHANDLE
               crc    => 0,
               len    => 0,
             };
-  my ($header) = pack("c10",
+  my ($header) = pack("C10",
                       MAGIC1, MAGIC2, Compress::Zlib::Z_DEFLATED(),
                       0, 0, 0, 0, 0, 0, OSCODE);
   print {$o->{handle}} $header;