=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 4.24 retrieving revision 4.38 diff -u -p -r4.24 -r4.38 --- cvsweb/cvsweb.cgi 2019/11/26 11:28:43 4.24 +++ cvsweb/cvsweb.cgi 2019/11/29 19:30:16 4.38 @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: cvsweb.cgi,v 4.24 2019/11/26 11:28:43 schwarze Exp $ +# $Id: cvsweb.cgi,v 4.38 2019/11/29 19:30:16 schwarze Exp $ # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon # # cvsweb - a CGI interface to CVS trees. @@ -56,9 +56,8 @@ use filetest qw(access); use vars qw ( $VERSION $CheckoutMagic $MimeTypes $DEBUG $config $allow_version_select - @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr - %MIRRORS %DEFAULTVALUE %ICONS %MTYPES - %DIFF_COMMANDS @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS + @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr %DEFAULTVALUE %MTYPES + @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS %alltags %fileinfo %tags @branchnames %nameprinted %symrev %revsym @allrevisions %date %author @revdisplayorder @revisions %state %difflines %log %branchpoint @revorder $keywordsubstitution @@ -67,19 +66,17 @@ use vars qw ( $is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased %input $query $barequery $sortby $bydate $byrev $byauthor $bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot - $charset $output_filter - @command_path %CMD $allow_compress $backicon $diricon $fileicon - $fullname $cvstreedefault $logo $defaulttitle $address $binfileicon - $long_intro $short_instruction $shortLogLen $show_author - $tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst - $inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos + %CMD $allow_compress $backicon $diricon $fileicon + $fullname $logo $defaulttitle $address $binfileicon $iconsdir + $shortLogLen $show_author $hr_breakable $hr_ignwhite $hr_ignkeysubst + $mime_types $allow_annotate $allow_markup $allow_mailtos $allow_log_extra $allow_dir_extra $allow_source_extra $edit_option_form $show_subdir_lastmod $show_log_in_markup $preformat_in_markup $tabstop $state $annTable $sel @ForbiddenFiles $use_descriptions %descriptions $dwhere $use_moddate $gzip_open $file_list_len - $allow_tar @tar_options @gzip_options @zip_options @cvs_options + $allow_tar @tar_options @cvs_options @annotate_options @rcsdiff_options $HTML_DOCTYPE $HTML_META $cssurl $CSS ); @@ -89,7 +86,7 @@ use Cwd qw(abs_path); use File::Path qw(rmtree); use File::Spec::Functions qw(canonpath catdir catfile curdir devnull rootdir tmpdir updir); -use File::Temp qw(tempdir tempfile); +use File::Temp qw(tempdir); use IPC::Run qw(); use Time::Local qw(timegm); use URI::Escape qw(uri_escape uri_unescape); @@ -129,6 +126,8 @@ EOM $MimeTypes = undef if $@; $CheckoutMagic = '~checkout~'; + $CMD{$_} = "/usr/bin/$_" for (qw(cvs rcsdiff rlog)); + $CMD{tar} = "/bin/tar"; } # ----------------------------------------------------------------------------- @@ -150,7 +149,6 @@ sub search_path($); sub getMimeType($;$); sub head($;$); sub scan_directives(@); -sub openOutputFilter(); sub doAnnotate($$); sub doCheckout($$$); sub cvswebMarkup($$$$$$;$); @@ -167,7 +165,6 @@ sub plural_write($$); sub readableTime($$); sub clickablePath($$); sub chooseCVSRoot(); -sub chooseMirror(); sub fileSortCmp(); sub download_url($$;$); sub download_link($$$;$); @@ -184,24 +181,27 @@ sub link_tags($); sub forbidden($); sub startproc(@); sub runproc(@); -sub checkout_to_temp($$$); # Get rid of unsafe environment vars. Don't do this in the BEGIN block # (think mod_perl)... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); +# Helps to achieve read only access to the repositories +# with cvs >= 1.12.1 and doesn't hurt other versions. +$ENV{CVSREADONLYFS} = 1; + # Location of the configuration file inside the web server chroot: $config = '/conf/cvsweb/cvsweb.conf'; ######## Configuration parameters ######### -@CVSrepositories = @CVSROOT = %CVSROOT = %MIRRORS = %DEFAULTVALUE = %ICONS = - %MTYPES = %tags = %alltags = %fileinfo = %DIFF_COMMANDS = (); +@CVSrepositories = @CVSROOT = %CVSROOT = %DEFAULTVALUE = + %MTYPES = %tags = %alltags = %fileinfo = (); -$cvstreedefault = $logo = $defaulttitle = - $address = $long_intro = $short_instruction = $shortLogLen = $show_author = - $tablepadding = $hr_breakable = $showfunc = $hr_ignwhite = - $hr_ignkeysubst = $inputTextSize = $mime_types = $allow_annotate = +$logo = $defaulttitle = + $address = $shortLogLen = $show_author = + $hr_breakable = $hr_ignwhite = + $hr_ignkeysubst = $mime_types = $allow_annotate = $allow_markup = $allow_compress = $edit_option_form = $show_subdir_lastmod = $show_log_in_markup = $preformat_in_markup = $tabstop = $use_moddate = $gzip_open = $DEBUG = @@ -472,7 +472,6 @@ for (my $i = 0; $i < scalar(@CVSrepositories); $i += 2 next; } $rootfound ||= 1; - $cvstreedefault = $key unless defined($cvstreedefault); $CVSROOTdescr{$key} = $descr; $CVSROOT{$key} = $root; push(@CVSROOT, $key); @@ -485,20 +484,8 @@ unless ($rootfound) { } undef $rootfound; -# -# Default CVS root -# -if (!defined($CVSROOT{$cvstreedefault})) { - fatal("500 Internal Error", - '$cvstreedefault points to a repository (%s) not ' . - 'defined in @CVSrepositories in your configuration ' . - 'file (%s).', - $cvstreedefault, - $config); -} +$DEFAULTVALUE{cvsroot} = $CVSrepositories[0]; -$DEFAULTVALUE{cvsroot} = $cvstreedefault; - while (my ($key, $defval) = each %DEFAULTVALUE) { # Replace not given parameters with defaults. @@ -576,22 +563,25 @@ $logsort = $input{logsort}; if ($input{cvsroot} && $CVSROOT{$input{cvsroot}}) { $cvstree = $input{cvsroot}; } else { - $cvstree = $cvstreedefault; + $cvstree = $CVSrepositories[0]; } $cvsroot = $CVSROOT{$cvstree}; -# create icons out of description -foreach my $k (keys %ICONS) { - my ($itxt, $ipath, $iwidth, $iheight) = @{$ICONS{$k}}; - no strict 'refs'; - if ($ipath) { - ${"${k}icon"} = - sprintf('%s', - htmlquote($ipath), htmlquote($itxt), $iwidth, $iheight); - } else { - ${"${k}icon"} = $itxt; - } +if ($iconsdir) { + $backicon = '[BACK]'; + $diricon = '[DIR]'; + $fileicon = '[TXT]'; + $binfileicon = '[BIN]'; +} else { + $backicon = 'back'; + $diricon = 'dir'; + $fileicon = 'file'; + $binfileicon = 'binfile'; } my $config_cvstree = "$config-$cvstree"; @@ -650,7 +640,7 @@ if ($input{tarball}) { my ($module) = ($where =~ m,^/?(.*),); # untaint $module =~ s,/([^/]*)$,,; - my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz|\.zip)$/); + my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz)$/); my ($basedir) = ($module =~ m,([^/]+)$,); if ($basedir eq '' || $module eq '') { @@ -658,18 +648,9 @@ if ($input{tarball}) { 'You cannot download the top level directory.'); } - my $istar = ($ext eq '.tar.gz' || $ext eq '.tgz'); - if ($istar) { - fatal('500 Internal Error', 'tar command not found.') unless $CMD{tar}; - fatal('500 Internal Error', 'gzip command not found.') unless $CMD{gzip}; + unless ($ext eq '.tar.gz' || $ext eq '.tgz') { + fatal('404 Not Found', 'Unsupported archive type.'); } - my $iszip = ($ext eq '.zip'); - if ($iszip && !$CMD{zip}) { - fatal('500 Internal Error', 'zip command not found.'); - } - if (!$istar && !$iszip) { - fatal('500 Internal Error', 'Unsupported archive type.'); - } my $tmpexportdir; eval { @@ -700,35 +681,20 @@ if ($input{tarball}) { ('500 Internal Error', 'Export failure (exit status %s), output: 
%s
', $errcode, $err || $export_err); - } else { - $| = 1; # Essential to get the buffering right. local (*TAR_OUT); - - my (@cmd, $ctype); - if ($istar) { - my @tar = ($CMD{tar}, @tar_options, '-cf', '-', $basedir); - my @gzip = ($CMD{gzip}, @gzip_options, '-c'); - push(@cmd, \@tar, '|', \@gzip); - $ctype = 'application/x-gzip'; - } elsif ($iszip) { - my @zip = ($CMD{zip}, @zip_options, '-r', '-', $basedir); - push(@cmd, \@zip, \''); - $ctype = 'application/zip'; - } - push(@cmd, '>pipe', \*TAR_OUT); - - my ($h, $err) = startproc(@cmd); + my ($h, $err) = startproc($CMD{tar}, @tar_options, '-czf', '-', + $basedir, '>pipe', \*TAR_OUT); if ($h) { - print "Content-Type: $ctype\r\n\r\n"; + print "Content-Type: application/x-gzip\r\n\r\n"; local $/ = undef; print ; $h->finish(); } else { @fatal = ('500 Internal Error', - '%s failure (exit status %s), output: 
%s
', - $istar ? 'Tar' : 'Zip', $? >> 8 || -1, $err); + 'tar failure (exit status %s), output: 
%s
', + $? >> 8 || -1, $err); } } @@ -755,8 +721,6 @@ if (-d $fullname) { if ($where eq '/') { html_header($defaulttitle); - $long_intro =~ s/!!CVSROOTdescr!!/$CVSROOTdescr{$cvstree}/g; - print $long_intro; } else { html_header($where); my $html = (-f catfile($fullname, 'README.cvs.html,v') || @@ -793,7 +757,6 @@ if (-d $fullname) { } $h->finish(); } - print $short_instruction; } if ($use_descriptions && @@ -810,9 +773,7 @@ if (-d $fullname) { # give direct access to dirs if ($where eq '/') { - chooseMirror(); chooseCVSRoot(); - } else { print '

Current directory: ', clickablePath($where, 0), ''; print "

\n"; @@ -824,8 +785,8 @@ if (-d $fullname) { my $infocols = 1; - printf(< + printf(< EOF printf('', ($byfile ? ' class="sorted"' : '')); @@ -1119,18 +1080,14 @@ EOF if ($allow_tar && $filesfound) { my ($basefile) = ($where =~ m,(?:.*/)?([^/]+),); - my $havetar = $CMD{tar} && $CMD{gzip}; - my $havezip = $CMD{zip}; - if (defined($basefile) && $basefile ne '' && ($havetar || $havezip)) { + if (defined($basefile) && $basefile ne '') { my $q = ($query ? "$query;" : '?') . 'tarball=1'; print "
\n", '
Download this directory in '; # Mangle the filename so browsers show a reasonable filename to download. - my @types = (); $basefile = uri_escape($basefile); - push(@types, &link('tarball', "$basefile.tar.gz$q")) if $havetar; - push(@types, &link('zip archive', "$basefile.zip$q")) if $havezip; - print join(' or ', @types), "
\n"; + print &link('tarball', "$basefile.tar.gz$q"); + print "\n"; } } @@ -1146,7 +1103,7 @@ EOF printf(qq{\n}, $v, $input{$v} || 0); } - if ($cvstree ne $cvstreedefault) { + if ($cvstree ne $CVSrepositories[0]) { print "\n"; } print <', devnull()) unless $DEBUG; - exec($output_filter) or exit -1; -} - - ############################### # show Annotation ############################### @@ -2117,60 +2048,6 @@ sub doDiff($$$$$$) my $mimetype = getMimeType($fullname); - # - # Check for per-MIME type diff commands. - # - my $diffcmd = undef; - if (my $diffcmds = $DIFF_COMMANDS{lc($mimetype)}) { - if ($f =~ /^ext(\d*)$/) { - my $n = $1 || 0; - $diffcmd = $diffcmds->[$n]; - } - } - if ($diffcmd && $diffcmd->{cmd} && $diffcmd->{name}) { - - if ($diffcmd->{args} && ref($diffcmd->{args}) ne 'ARRAY') { - fatal('500 Internal Error', - 'Configuration error: arguments to external diff tools must ' . - 'be given as array refs. See "%s" in ' . - '%%DIFF_COMMANDS.', - $diffcmd->{name}); - } - - (my $cvsname = $where) =~ s/\.diff$//; - - # Create two temporary files with the two revisions - my $temp_fn1 = checkout_to_temp($cvsroot, $cvsname, $rev1); - my $temp_fn2 = checkout_to_temp($cvsroot, $cvsname, $rev2); - - # Execute chosen diff binary. - local (*DIFF_OUT); - my @cmd = ($diffcmd->{cmd}); - push(@cmd, @{$diffcmd->{args}}) if $diffcmd->{args}; - push(@cmd, $temp_fn1, $temp_fn2); - my ($h, $err) = startproc(\@cmd, \"", '>pipe', \*DIFF_OUT); - if (!$h) { - unlink($temp_fn1); - unlink($temp_fn2); - fatal('500 Internal Error', - 'Diff failure (exit status %s), output: 
%s
', - $? >> 8 || -1, $err); - } - - http_header($diffcmd->{type} || 'text/plain'); - local $/ = undef; - print ; - $h->finish(); - unlink($temp_fn1); - unlink($temp_fn2); - - exit; - } - - # - # Normal CVS diff. - # - $f = $DEFAULTVALUE{f} || 'u' if ($f =~ /^ext\d*$/); my $difftype = $DIFFTYPES{$f}; if (!$difftype) { @@ -2181,7 +2058,7 @@ sub doDiff($$$$$$) my $human_readable = $difftype->{colored}; # Apply special diff options. - push @difftype, '-p' if $showfunc; + push @difftype, '-p'; if ($human_readable) { push(@difftype, '-w') if $hr_ignwhite; @@ -2191,7 +2068,6 @@ sub doDiff($$$$$$) my $fh = do { local (*FH); }; if (!open($fh, "-|")) { # child open(STDERR, ">&STDOUT"); # Redirect stderr to stdout - openOutputFilter(); exec($CMD{rcsdiff}, @rcsdiff_options, @difftype, "-r$rev1", "-r$rev2", $fullname) or exit -1; } @@ -2298,7 +2174,6 @@ sub getDirLogs($$@) my $fh = do { local (*FH); }; if (!open($fh, '-|')) { # Child open(STDERR, '>', devnull()) unless $DEBUG; # Ignore rlog's complaints. - openOutputFilter(); if ($file_list_len && $file_list_len > 1) { while (scalar(@files) > $file_list_len) { # Process files in chunks. system(@cmd, splice(@files, 0, $file_list_len)) == 0 or exit -1; @@ -2452,10 +2327,9 @@ sub getDirLogs($$@) if ($linesread == 0) { fatal('500 Internal Error', - 'Failed to spawn GNU rlog on "%s".

Did you set the @command_path in your configuration file correctly? (Currently: "%s")', - htmlquote(join(', ', @files)), join(':', @command_path)); + 'Failed to spawn rlog on "%s"', + htmlquote(join(', ', @files))); } - return @unreadable; } @@ -2477,7 +2351,6 @@ sub readLog($;$) my $fh = do { local (*FH); }; if (!open($fh, "-|")) { # child - openOutputFilter(); $revision = defined($revision) ? "-r$revision" : ''; if ($revision =~ /\./) { # Normal revision, not a branch/tag name. @@ -2703,13 +2576,6 @@ sub getDiffLinks($$$) &link(htmlquote(lc($DIFFTYPES{$difftype}{descr})), "$url;f=$f")); } } - if (my $extdiffs = $DIFF_COMMANDS{lc($mimetype)}) { - for my $i (0 .. scalar(@$extdiffs)-1) { - my $extdiff = $extdiffs->[$i]; - push(@links, &link(htmlquote($extdiff->{name}), "$url;f=ext$i")) - if ($extdiff->{cmd} && $extdiff->{name}); - } - } return @links; } @@ -2985,8 +2851,8 @@ EOF my $diffrev = defined($input{r1}) ? $input{r1} : $revdisplayorder[$#revdisplayorder]; - printf(< + printf(< @@ -3002,8 +2868,8 @@ EOF $diffrev = defined($input{r2}) ? $input{r2} : $revdisplayorder[0]; - printf(< + printf(< @@ -3507,27 +3373,6 @@ EOF } -sub chooseMirror() -{ - # This code comes from the original BSD-cvsweb - # and may not be useful for your site; If you don't - # set %MIRRORS this won't show up, anyway. - scalar(%MIRRORS) or return; - - # Should perhaps exclude the current site somehow... - print "\n

\nThis CVSweb is mirrored in\n"; - - my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}), sort keys %MIRRORS); - my $tmp = pop (@tmp); - - if (scalar(@tmp)) { - print join (', ', @tmp), ' and '; - } - - print "$tmp.\n

\n"; -} - - sub fileSortCmp() { (my $af = $a) =~ s/,v$//; @@ -3718,10 +3563,8 @@ sub http_header(;$$) { my ($content_type, $moddate) = @_; $content_type ||= 'text/html'; + $content_type .= '; charset="UTF-8"' if $content_type =~ /^text\//; - $content_type .= "; charset=$charset" - if ($charset && $content_type =~ m,^text/,); - # Note that in the following, we explicitly join() and concatenate the # headers instead of printing them as an array. This is because some # systems, eg. early versions of mod_perl 2 don't quite get it if the @@ -3847,37 +3690,6 @@ sub runproc(@) $errormsg = "'@{$_[0]}' failed: $@"; } return ($exitcode, $errormsg); -} - -# -# Check out a file to a temporary file. -# -sub checkout_to_temp($$$) -{ - my ($cvsroot, $cvsname, $rev) = @_; - - # Pipe given cvs file into a temporary place. - my ($temp_fh, $temp_fn) = tempfile('.cvsweb.XXXXXXXX', DIR => tmpdir()); - - my @cmd = ($CMD{cvs}, @cvs_options, '-Qd', $cvsroot, - 'co', '-p', "-r$rev", $cvsname); - - local (*DIFF_OUT); - my ($h, $err) = startproc(\@cmd, \"", '>pipe', \*DIFF_OUT); - if ($h) { - local $/ = undef; - print $temp_fh ; - $h->finish(); - close($temp_fh); - } else { - close($temp_fh); - unlink($temp_fn); - fatal('500 Internal Error', - 'Checkout failure (exit status %s), output: 
%s
', - $? >> 8 || -1, $err); - } - - return $temp_fn; } #