]> git.cameronkatri.com Git - cgit.git/blob - ui-clone.c
ui-shared: ban strcat()
[cgit.git] / ui-clone.c
1 /* ui-clone.c: functions for http cloning, based on
2 * git's http-backend.c by Shawn O. Pearce
3 *
4 * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
5 *
6 * Licensed under GNU General Public License v2
7 * (see COPYING for full license text)
8 */
9
10 #include "cgit.h"
11 #include "ui-clone.h"
12 #include "html.h"
13 #include "ui-shared.h"
14 #include "packfile.h"
15 #include "object-store.h"
16
17 static int print_ref_info(const char *refname, const struct object_id *oid,
18 int flags, void *cb_data)
19 {
20 struct object *obj;
21
22 if (!(obj = parse_object(oid)))
23 return 0;
24
25 htmlf("%s\t%s\n", oid_to_hex(oid), refname);
26 if (obj->type == OBJ_TAG) {
27 if (!(obj = deref_tag(obj, refname, 0)))
28 return 0;
29 htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
30 }
31 return 0;
32 }
33
34 static void print_pack_info(void)
35 {
36 struct packed_git *pack;
37 char *offset;
38
39 ctx.page.mimetype = "text/plain";
40 ctx.page.filename = "objects/info/packs";
41 cgit_print_http_headers();
42 reprepare_packed_git(the_repository);
43 for (pack = get_packed_git(the_repository); pack; pack = pack->next) {
44 if (pack->pack_local) {
45 offset = strrchr(pack->pack_name, '/');
46 if (offset && offset[1] != '\0')
47 ++offset;
48 else
49 offset = pack->pack_name;
50 htmlf("P %s\n", offset);
51 }
52 }
53 }
54
55 static void send_file(const char *path)
56 {
57 struct stat st;
58
59 if (stat(path, &st)) {
60 switch (errno) {
61 case ENOENT:
62 cgit_print_error_page(404, "Not found", "Not found");
63 break;
64 case EACCES:
65 cgit_print_error_page(403, "Forbidden", "Forbidden");
66 break;
67 default:
68 cgit_print_error_page(400, "Bad request", "Bad request");
69 }
70 return;
71 }
72 ctx.page.mimetype = "application/octet-stream";
73 ctx.page.filename = path;
74 skip_prefix(path, ctx.repo->path, &ctx.page.filename);
75 skip_prefix(ctx.page.filename, "/", &ctx.page.filename);
76 cgit_print_http_headers();
77 html_include(path);
78 }
79
80 void cgit_clone_info(void)
81 {
82 if (!ctx.qry.path || strcmp(ctx.qry.path, "refs")) {
83 cgit_print_error_page(400, "Bad request", "Bad request");
84 return;
85 }
86
87 ctx.page.mimetype = "text/plain";
88 ctx.page.filename = "info/refs";
89 cgit_print_http_headers();
90 for_each_ref(print_ref_info, NULL);
91 }
92
93 void cgit_clone_objects(void)
94 {
95 char *p;
96
97 if (!ctx.qry.path)
98 goto err;
99
100 if (!strcmp(ctx.qry.path, "info/packs")) {
101 print_pack_info();
102 return;
103 }
104
105 /* Avoid directory traversal by forbidding "..", but also work around
106 * other funny business by just specifying a fairly strict format. For
107 * example, now we don't have to stress out about the Cygwin port.
108 */
109 for (p = ctx.qry.path; *p; ++p) {
110 if (*p == '.' && *(p + 1) == '.')
111 goto err;
112 if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
113 goto err;
114 }
115
116 send_file(git_path("objects/%s", ctx.qry.path));
117 return;
118
119 err:
120 cgit_print_error_page(400, "Bad request", "Bad request");
121 }
122
123 void cgit_clone_head(void)
124 {
125 send_file(git_path("%s", "HEAD"));
126 }