=================================================================== RCS file: /cvs/cvsweb/cvsweb.cgi,v retrieving revision 4.20 retrieving revision 4.34 diff -u -p -r4.20 -r4.34 --- cvsweb/cvsweb.cgi 2019/11/11 15:46:39 4.20 +++ cvsweb/cvsweb.cgi 2019/11/29 16:30:06 4.34 @@ -1,5 +1,5 @@ #!/usr/bin/perl -# $Id: cvsweb.cgi,v 4.20 2019/11/11 15:46:39 schwarze Exp $ +# $Id: cvsweb.cgi,v 4.34 2019/11/29 16:30:06 schwarze Exp $ # $knu: cvsweb.cgi,v 1.299 2010/11/13 16:37:18 simon # # cvsweb - a CGI interface to CVS trees. @@ -56,8 +56,7 @@ use filetest qw(access); use vars qw ( $VERSION $CheckoutMagic $MimeTypes $DEBUG $config $allow_version_select - @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr - %MIRRORS %DEFAULTVALUE %ICONS %MTYPES + @CVSrepositories @CVSROOT %CVSROOT %CVSROOTdescr %DEFAULTVALUE %MTYPES %DIFF_COMMANDS @DIFFTYPES %DIFFTYPES @LOGSORTKEYS %LOGSORTKEYS %alltags %fileinfo %tags @branchnames %nameprinted %symrev %revsym @allrevisions %date %author @revdisplayorder @@ -67,21 +66,20 @@ use vars qw ( $is_links $is_lynx $is_w3m $is_msie $is_mozilla3 $is_textbased %input $query $barequery $sortby $bydate $byrev $byauthor $bylog $byfile $defaultDiffType $logsort $cvstree $cvsroot - $charset $output_filter - @command_path %CMD $allow_compress $backicon $diricon $fileicon - $fullname $cvstreedefault $logo $defaulttitle $address $binfileicon - $long_intro $short_instruction $shortLogLen $show_author - $tablepadding $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst + $charset $output_filter %CMD $allow_compress $backicon $diricon $fileicon + $fullname $logo $defaulttitle $address $binfileicon $iconsdir + $shortLogLen $show_author + $hr_breakable $showfunc $hr_ignwhite $hr_ignkeysubst $inputTextSize $mime_types $allow_annotate $allow_markup $allow_mailtos $allow_log_extra $allow_dir_extra $allow_source_extra $edit_option_form $show_subdir_lastmod $show_log_in_markup $preformat_in_markup $tabstop $state $annTable $sel @ForbiddenFiles - $use_descriptions %descriptions @mytz $dwhere + $use_descriptions %descriptions $dwhere $use_moddate $gzip_open $file_list_len - $allow_tar @tar_options @gzip_options @zip_options @cvs_options + $allow_tar @tar_options @cvs_options @annotate_options @rcsdiff_options - $HTML_DOCTYPE $HTML_META $cssurl $CSS $cvshistory_url + $HTML_DOCTYPE $HTML_META $cssurl $CSS ); require Compress::Zlib; @@ -129,6 +127,8 @@ EOM $MimeTypes = undef if $@; $CheckoutMagic = '~checkout~'; + $CMD{$_} = "/usr/bin/$_" for (qw(cvs rcsdiff rlog)); + $CMD{tar} = "/bin/tar"; } # ----------------------------------------------------------------------------- @@ -144,7 +144,6 @@ sub spacedHtmlText($;$); sub link($$); sub revcmp($$); sub fatal($$@); -sub config_error($$); sub redirect($;$); sub safeglob($); sub search_path($); @@ -168,13 +167,11 @@ sub plural_write($$); sub readableTime($$); sub clickablePath($$); sub chooseCVSRoot(); -sub chooseMirror(); sub fileSortCmp(); sub download_url($$;$); sub download_link($$$;$); sub display_url($$;$); sub display_link($$;$$); -sub history_link($$;$); sub toggleQuery($;$); sub htmlquote($); sub htmlunquote($); @@ -192,22 +189,26 @@ sub checkout_to_temp($$$); # (think mod_perl)... delete(@ENV{qw(PATH IFS CDPATH ENV BASH_ENV)}); +# Helps to achieve read only access to the repositories +# with cvs >= 1.12.1 and doesn't hurt other versions. +$ENV{CVSREADONLYFS} = 1; + # Location of the configuration file inside the web server chroot: $config = '/conf/cvsweb/cvsweb.conf'; ######## Configuration parameters ######### -@CVSrepositories = @CVSROOT = %CVSROOT = %MIRRORS = %DEFAULTVALUE = %ICONS = +@CVSrepositories = @CVSROOT = %CVSROOT = %DEFAULTVALUE = %MTYPES = %tags = %alltags = %fileinfo = %DIFF_COMMANDS = (); -$cvstreedefault = $logo = $defaulttitle = - $address = $long_intro = $short_instruction = $shortLogLen = $show_author = - $tablepadding = $hr_breakable = $showfunc = $hr_ignwhite = +$logo = $defaulttitle = + $address = $shortLogLen = $show_author = + $hr_breakable = $showfunc = $hr_ignwhite = $hr_ignkeysubst = $inputTextSize = $mime_types = $allow_annotate = $allow_markup = $allow_compress = $edit_option_form = $show_subdir_lastmod = $show_log_in_markup = $preformat_in_markup = $tabstop = $use_moddate = $gzip_open = $DEBUG = - $cvshistory_url = $allow_tar = undef; + $allow_tar = undef; $allow_version_select = $allow_mailtos = $allow_log_extra = 1; @@ -263,7 +264,7 @@ $scriptname = '' unless defined($scriptname); $where = $pathinfo; $doCheckout = $where =~ s|^/$CheckoutMagic/|/|o; $where =~ s|^/||; -$scriptname =~ s|^/*|/|; +$scriptname =~ s|^/+||; # Let's workaround thttpd's stupidity.. if ($scriptname =~ m|/$|) { @@ -271,6 +272,7 @@ if ($scriptname =~ m|/$|) { my $re = quotemeta $pathinfo; $scriptname =~ s/$re$//; } +$scriptname = "/$scriptname" if $scriptname; # $scriptname : the URI escaped path to this script # $where : the path in the CVS repository (without leading /, or only /) @@ -315,14 +317,18 @@ $maycompress = ( qw(cvsroot hideattic ignorecase sortby logsort f only_with_tag ln hidecvsroot hidenonreadable); -# # Load configuration. -# -if (-f $config) { - do "$config" or config_error($config, $@); -} else { - fatal("500 Internal Error", - 'Configuration not found. Set the parameter $config in cvsweb.cgi to your cvsweb.conf configuration file first.'); +{ + $config =~ m|^/| or fatal '500 Internal Error', + 'Configuration file name "%s" is not an absolute path.', + $config; + defined do $config and last; + $@ and fatal '500 Internal Error', + 'Error loading configuration file "%s": 
%s
', + $config, $@; + fatal '500 Internal Error', + 'Cannot read configuration file "%s": %s', + $config, $! || 'unknown error'; } # Try to find a readable dir where we can cd into. Some abs_path() @@ -469,7 +475,6 @@ for (my $i = 0; $i < scalar(@CVSrepositories); $i += 2 next; } $rootfound ||= 1; - $cvstreedefault = $key unless defined($cvstreedefault); $CVSROOTdescr{$key} = $descr; $CVSROOT{$key} = $root; push(@CVSROOT, $key); @@ -482,20 +487,8 @@ unless ($rootfound) { } undef $rootfound; -# -# Default CVS root -# -if (!defined($CVSROOT{$cvstreedefault})) { - fatal("500 Internal Error", - '$cvstreedefault points to a repository (%s) not ' . - 'defined in @CVSrepositories in your configuration ' . - 'file (%s).', - $cvstreedefault, - $config); -} +$DEFAULTVALUE{cvsroot} = $CVSrepositories[0]; -$DEFAULTVALUE{cvsroot} = $cvstreedefault; - while (my ($key, $defval) = each %DEFAULTVALUE) { # Replace not given parameters with defaults. @@ -573,22 +566,25 @@ $logsort = $input{logsort}; if ($input{cvsroot} && $CVSROOT{$input{cvsroot}}) { $cvstree = $input{cvsroot}; } else { - $cvstree = $cvstreedefault; + $cvstree = $CVSrepositories[0]; } $cvsroot = $CVSROOT{$cvstree}; -# create icons out of description -foreach my $k (keys %ICONS) { - my ($itxt, $ipath, $iwidth, $iheight) = @{$ICONS{$k}}; - no strict 'refs'; - if ($ipath) { - ${"${k}icon"} = - sprintf('%s', - htmlquote($ipath), htmlquote($itxt), $iwidth, $iheight); - } else { - ${"${k}icon"} = $itxt; - } +if ($iconsdir) { + $backicon = '[BACK]'; + $diricon = '[DIR]'; + $fileicon = '[TXT]'; + $binfileicon = '[BIN]'; +} else { + $backicon = 'back'; + $diricon = 'dir'; + $fileicon = 'file'; + $binfileicon = 'binfile'; } my $config_cvstree = "$config-$cvstree"; @@ -647,7 +643,7 @@ if ($input{tarball}) { my ($module) = ($where =~ m,^/?(.*),); # untaint $module =~ s,/([^/]*)$,,; - my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz|\.zip)$/); + my ($ext) = ($1 =~ /(\.t(?:ar\.)?gz)$/); my ($basedir) = ($module =~ m,([^/]+)$,); if ($basedir eq '' || $module eq '') { @@ -655,18 +651,9 @@ if ($input{tarball}) { 'You cannot download the top level directory.'); } - my $istar = ($ext eq '.tar.gz' || $ext eq '.tgz'); - if ($istar) { - fatal('500 Internal Error', 'tar command not found.') unless $CMD{tar}; - fatal('500 Internal Error', 'gzip command not found.') unless $CMD{gzip}; + unless ($ext eq '.tar.gz' || $ext eq '.tgz') { + fatal('404 Not Found', 'Unsupported archive type.'); } - my $iszip = ($ext eq '.zip'); - if ($iszip && !$CMD{zip}) { - fatal('500 Internal Error', 'zip command not found.'); - } - if (!$istar && !$iszip) { - fatal('500 Internal Error', 'Unsupported archive type.'); - } my $tmpexportdir; eval { @@ -697,35 +684,20 @@ if ($input{tarball}) { ('500 Internal Error', 'Export failure (exit status %s), output: 
%s
', $errcode, $err || $export_err); - } else { - $| = 1; # Essential to get the buffering right. local (*TAR_OUT); - - my (@cmd, $ctype); - if ($istar) { - my @tar = ($CMD{tar}, @tar_options, '-cf', '-', $basedir); - my @gzip = ($CMD{gzip}, @gzip_options, '-c'); - push(@cmd, \@tar, '|', \@gzip); - $ctype = 'application/x-gzip'; - } elsif ($iszip) { - my @zip = ($CMD{zip}, @zip_options, '-r', '-', $basedir); - push(@cmd, \@zip, \''); - $ctype = 'application/zip'; - } - push(@cmd, '>pipe', \*TAR_OUT); - - my ($h, $err) = startproc(@cmd); + my ($h, $err) = startproc($CMD{tar}, @tar_options, '-czf', '-', + $basedir, '>pipe', \*TAR_OUT); if ($h) { - print "Content-Type: $ctype\r\n\r\n"; + print "Content-Type: application/x-gzip\r\n\r\n"; local $/ = undef; print ; $h->finish(); } else { @fatal = ('500 Internal Error', - '%s failure (exit status %s), output: 
%s
', - $istar ? 'Tar' : 'Zip', $? >> 8 || -1, $err); + 'tar failure (exit status %s), output: 
%s
', + $? >> 8 || -1, $err); } } @@ -752,8 +724,6 @@ if (-d $fullname) { if ($where eq '/') { html_header($defaulttitle); - $long_intro =~ s/!!CVSROOTdescr!!/$CVSROOTdescr{$cvstree}/g; - print $long_intro; } else { html_header($where); my $html = (-f catfile($fullname, 'README.cvs.html,v') || @@ -790,7 +760,6 @@ if (-d $fullname) { } $h->finish(); } - print $short_instruction; } if ($use_descriptions && @@ -807,15 +776,9 @@ if (-d $fullname) { # give direct access to dirs if ($where eq '/') { - chooseMirror(); chooseCVSRoot(); - } else { print '

Current directory: ', clickablePath($where, 0), ''; - if ($cvshistory_url) { - (my $d = $where) =~ s|^/*(.*?)/*$|$1|; - print ' - ', history_link($d, ''); - } print "

\n"; print "

Current tag: ", htmlquote($input{only_with_tag}), "

\n" if $input{only_with_tag}; @@ -825,8 +788,8 @@ if (-d $fullname) { my $infocols = 1; - printf(< + printf(< EOF printf('', ($byfile ? ' class="sorted"' : '')); @@ -1120,18 +1083,14 @@ EOF if ($allow_tar && $filesfound) { my ($basefile) = ($where =~ m,(?:.*/)?([^/]+),); - my $havetar = $CMD{tar} && $CMD{gzip}; - my $havezip = $CMD{zip}; - if (defined($basefile) && $basefile ne '' && ($havetar || $havezip)) { + if (defined($basefile) && $basefile ne '') { my $q = ($query ? "$query;" : '?') . 'tarball=1'; print "
\n", '
Download this directory in '; # Mangle the filename so browsers show a reasonable filename to download. - my @types = (); $basefile = uri_escape($basefile); - push(@types, &link('tarball', "$basefile.tar.gz$q")) if $havetar; - push(@types, &link('zip archive', "$basefile.zip$q")) if $havezip; - print join(' or ', @types), "
\n"; + print &link('tarball', "$basefile.tar.gz$q"); + print "\n"; } } @@ -1147,7 +1106,7 @@ EOF printf(qq{\n}, $v, $input{$v} || 0); } - if ($cvstree ne $cvstreedefault) { + if ($cvstree ne $CVSrepositories[0]) { print "\n"; } print <%s":

' . - '%s
', @_); -} - - -# # Sends a redirect to the given URL. # sub redirect($;$) @@ -1612,20 +1560,6 @@ sub safeglob($) # -# Searches @command_path for the given executable file. -# -sub search_path($) -{ - my ($command) = @_; - for my $d (@command_path) { - my $cmd = catfile($d, $command); - return $cmd if (-x $cmd && !-d _); - } - return ''; -} - - -# # Gets the MIME type for the given file name. # sub getMimeType($;$) @@ -2464,10 +2398,9 @@ sub getDirLogs($$@) if ($linesread == 0) { fatal('500 Internal Error', - 'Failed to spawn GNU rlog on "%s".

Did you set the @command_path in your configuration file correctly? (Currently: "%s")', - htmlquote(join(', ', @files)), join(':', @command_path)); + 'Failed to spawn rlog on "%s"', + htmlquote(join(', ', @files))); } - return @unreadable; } @@ -2787,12 +2720,7 @@ sub printLog($$$;$$) print "
\n"; print ''; - if (@mytz) { - my ($est) = $mytz[(localtime($date{$_}))[8]]; - print scalar localtime($date{$_}), " $est ("; - } else { - print scalar gmtime($date{$_}), " UTC ("; - } + print scalar gmtime($date{$_}), ' UTC ('; print readableTime(time() - $date{$_}, 1), ' ago)'; print ' by ', htmlquote($author{$_}), "
\n"; @@ -2939,10 +2867,6 @@ sub doLog($) &clickablePath($upwhere, 1), "\n

\n"; print "

\n "; print &link('Request diff between arbitrary revisions', '#diff'); - if ($cvshistory_url) { - (my $d = $upwhere) =~ s|/+$||; - print ' - ', history_link($d, $filename); - } print "\n

\n
\n"; print "

\n"; @@ -3528,27 +3452,6 @@ EOF } -sub chooseMirror() -{ - # This code comes from the original BSD-cvsweb - # and may not be useful for your site; If you don't - # set %MIRRORS this won't show up, anyway. - scalar(%MIRRORS) or return; - - # Should perhaps exclude the current site somehow... - print "\n

\nThis CVSweb is mirrored in\n"; - - my @tmp = map(&link(htmlquote($_), $MIRRORS{$_}), sort keys %MIRRORS); - my $tmp = pop (@tmp); - - if (scalar(@tmp)) { - print join (', ', @tmp), ' and '; - } - - print "$tmp.\n

\n"; -} - - sub fileSortCmp() { (my $af = $a) =~ s/,v$//; @@ -3673,21 +3576,6 @@ sub display_link($$;$$) return sprintf('%s', display_url($url, $revision, $mtype) . $barequery, htmlquote($textlink)); -} - -# -# Returns a link to CVSHistory for the given directory and filename. -# -sub history_link($$;$) -{ - my ($dir, $file, $text) = @_; - $dir ||= ''; - $file ||= ''; - $text ||= 'History'; - return &link($text, - sprintf('%s?cvsroot=%s;dsearch=%s;fsearch=%s;limit=1', - $cvshistory_url, uri_escape($input{cvsroot} || ''), - uri_escape($dir), uri_escape($file))); } # Returns a Query string with the