/* ui-clone.c: functions for http cloning, based on
* git's http-backend.c by Shawn O. Pearce
*
- * Copyright (C) 2008 Lars Hjemli
+ * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
*
* Licensed under GNU General Public License v2
* (see COPYING for full license text)
*/
#include "cgit.h"
+#include "ui-clone.h"
#include "html.h"
#include "ui-shared.h"
+#include "packfile.h"
+#include "object-store.h"
-static int print_ref_info(const char *refname, const unsigned char *sha1,
+static int print_ref_info(const char *refname, const struct object_id *oid,
int flags, void *cb_data)
{
struct object *obj;
- if (!(obj = parse_object(sha1)))
+ if (!(obj = parse_object(the_repository, oid)))
return 0;
- htmlf("%s\t%s\n", sha1_to_hex(sha1), refname);
+ htmlf("%s\t%s\n", oid_to_hex(oid), refname);
if (obj->type == OBJ_TAG) {
- if (!(obj = deref_tag(obj, refname, 0)))
+ if (!(obj = deref_tag(the_repository, obj, refname, 0)))
return 0;
- htmlf("%s\t%s^{}\n", sha1_to_hex(obj->sha1), refname);
+ htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
}
return 0;
}
-static void print_pack_info(struct cgit_context *ctx)
+static void print_pack_info(void)
{
struct packed_git *pack;
- int ofs;
-
- ctx->page.mimetype = "text/plain";
- ctx->page.filename = "objects/info/packs";
- cgit_print_http_headers(ctx);
- ofs = strlen(ctx->repo->path) + strlen("/objects/pack/");
- prepare_packed_git();
- for (pack = packed_git; pack; pack = pack->next)
- if (pack->pack_local)
- htmlf("P %s\n", pack->pack_name + ofs);
+ char *offset;
+
+ ctx.page.mimetype = "text/plain";
+ ctx.page.filename = "objects/info/packs";
+ cgit_print_http_headers();
+ reprepare_packed_git(the_repository);
+ for (pack = get_packed_git(the_repository); pack; pack = pack->next) {
+ if (pack->pack_local) {
+ offset = strrchr(pack->pack_name, '/');
+ if (offset && offset[1] != '\0')
+ ++offset;
+ else
+ offset = pack->pack_name;
+ htmlf("P %s\n", offset);
+ }
+ }
}
-static void send_file(struct cgit_context *ctx, char *path)
+static void send_file(const char *path)
{
struct stat st;
if (stat(path, &st)) {
switch (errno) {
case ENOENT:
- html_status(404, "Not found", 0);
+ cgit_print_error_page(404, "Not found", "Not found");
break;
case EACCES:
- html_status(403, "Forbidden", 0);
+ cgit_print_error_page(403, "Forbidden", "Forbidden");
break;
default:
- html_status(400, "Bad request", 0);
+ cgit_print_error_page(400, "Bad request", "Bad request");
}
return;
}
- ctx->page.mimetype = "application/octet-stream";
- ctx->page.filename = path;
- if (prefixcmp(ctx->repo->path, path))
- ctx->page.filename += strlen(ctx->repo->path) + 1;
- cgit_print_http_headers(ctx);
+ ctx.page.mimetype = "application/octet-stream";
+ ctx.page.filename = path;
+ skip_prefix(path, ctx.repo->path, &ctx.page.filename);
+ skip_prefix(ctx.page.filename, "/", &ctx.page.filename);
+ cgit_print_http_headers();
html_include(path);
}
-void cgit_clone_info(struct cgit_context *ctx)
+void cgit_clone_info(void)
{
- if (!ctx->qry.path || strcmp(ctx->qry.path, "refs"))
+ if (!ctx.qry.path || strcmp(ctx.qry.path, "refs")) {
+ cgit_print_error_page(400, "Bad request", "Bad request");
return;
+ }
- ctx->page.mimetype = "text/plain";
- ctx->page.filename = "info/refs";
- cgit_print_http_headers(ctx);
- for_each_ref(print_ref_info, ctx);
+ ctx.page.mimetype = "text/plain";
+ ctx.page.filename = "info/refs";
+ cgit_print_http_headers();
+ for_each_ref(print_ref_info, NULL);
}
-void cgit_clone_objects(struct cgit_context *ctx)
+void cgit_clone_objects(void)
{
- if (!ctx->qry.path) {
- html_status(400, "Bad request", 0);
+ char *p;
+
+ if (!ctx.qry.path)
+ goto err;
+
+ if (!strcmp(ctx.qry.path, "info/packs")) {
+ print_pack_info();
return;
}
- if (!strcmp(ctx->qry.path, "info/packs")) {
- print_pack_info(ctx);
- return;
+ /* Avoid directory traversal by forbidding "..", but also work around
+ * other funny business by just specifying a fairly strict format. For
+ * example, now we don't have to stress out about the Cygwin port.
+ */
+ for (p = ctx.qry.path; *p; ++p) {
+ if (*p == '.' && *(p + 1) == '.')
+ goto err;
+ if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
+ goto err;
}
- send_file(ctx, git_path("objects/%s", ctx->qry.path));
+ send_file(git_path("objects/%s", ctx.qry.path));
+ return;
+
+err:
+ cgit_print_error_page(400, "Bad request", "Bad request");
}
-void cgit_clone_head(struct cgit_context *ctx)
+void cgit_clone_head(void)
{
- send_file(ctx, git_path("%s", "HEAD"));
+ send_file(git_path("%s", "HEAD"));
}