]> git.cameronkatri.com Git - cgit.git/blobdiff - ui-shared.c
git.ckatri.com / cgit.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
authentication: use hidden form instead of referer
[cgit.git] / ui-shared.c
diff --git a/ui-shared.c b/ui-shared.c
index 77a302d0c5bba8a54c29a6551b15cea6f02c9205..4f47c507054b1d3c7ca854c0481fccd9cf9f5847 100644 (file)
--- a/ui-shared.c
+++ b/ui-shared.c
@@ -1,12 +1,13 @@
 /* ui-shared.c: common web output functions
  *
- * Copyright (C) 2006 Lars Hjemli
+ * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
  */
 
 #include "cgit.h"
+#include "ui-shared.h"
 #include "cmd.h"
 #include "html.h"
 
@@ -27,14 +28,25 @@ static char *http_date(time_t t)
                   tm->tm_hour, tm->tm_min, tm->tm_sec);
 }
 
-void cgit_print_error(const char *msg)
+void cgit_print_error(const char *fmt, ...)
 {
+       va_list ap;
+       va_start(ap, fmt);
+       cgit_vprint_error(fmt, ap);
+       va_end(ap);
+}
+
+void cgit_vprint_error(const char *fmt, va_list ap)
+{
+       va_list cp;
        html("<div class='error'>");
-       html_txt(msg);
+       va_copy(cp, ap);
+       html_vtxtf(fmt, cp);
+       va_end(cp);
        html("</div>\n");
 }
 
-char *cgit_httpscheme()
+const char *cgit_httpscheme()
 {
        if (ctx.env.https && !strcmp(ctx.env.https, "on"))
                return "https://";
@@ -42,7 +54,7 @@ char *cgit_httpscheme()
                return "http://";
 }
 
-char *cgit_hosturl()
+const char *cgit_hosturl()
 {
        if (ctx.env.http_host)
                return ctx.env.http_host;
@@ -50,44 +62,43 @@ char *cgit_hosturl()
                return NULL;
        if (!ctx.env.server_port || atoi(ctx.env.server_port) == 80)
                return ctx.env.server_name;
-       return xstrdup(fmt("%s:%s", ctx.env.server_name, ctx.env.server_port));
+       return fmtalloc("%s:%s", ctx.env.server_name, ctx.env.server_port);
 }
 
-char *cgit_rooturl()
+const char *cgit_rooturl()
 {
        if (ctx.cfg.virtual_root)
-               return fmt("%s/", ctx.cfg.virtual_root);
+               return ctx.cfg.virtual_root;
        else
                return ctx.cfg.script_name;
 }
 
 char *cgit_repourl(const char *reponame)
 {
-       if (ctx.cfg.virtual_root) {
-               return fmt("%s/%s/", ctx.cfg.virtual_root, reponame);
-       } else {
-               return fmt("?r=%s", reponame);
-       }
+       if (ctx.cfg.virtual_root)
+               return fmtalloc("%s%s/", ctx.cfg.virtual_root, reponame);
+       else
+               return fmtalloc("?r=%s", reponame);
 }
 
 char *cgit_fileurl(const char *reponame, const char *pagename,
                   const char *filename, const char *query)
 {
-       char *tmp;
+       struct strbuf sb = STRBUF_INIT;
        char *delim;
 
        if (ctx.cfg.virtual_root) {
-               tmp = fmt("%s/%s/%s/%s", ctx.cfg.virtual_root, reponame,
-                         pagename, (filename ? filename:""));
+               strbuf_addf(&sb, "%s%s/%s/%s", ctx.cfg.virtual_root, reponame,
+                           pagename, (filename ? filename:""));
                delim = "?";
        } else {
-               tmp = fmt("?url=%s/%s/%s", reponame, pagename,
-                         (filename ? filename : ""));
+               strbuf_addf(&sb, "?url=%s/%s/%s", reponame, pagename,
+                           (filename ? filename : ""));
                delim = "&amp;";
        }
        if (query)
-               tmp = fmt("%s%s%s", tmp, delim, query);
-       return tmp;
+               strbuf_addf(&sb, "%s%s", delim, query);
+       return strbuf_detach(&sb, NULL);
 }
 
 char *cgit_pageurl(const char *reponame, const char *pagename,
@@ -109,7 +120,7 @@ const char *cgit_repobasename(const char *reponame)
        /* strip trailing slashes */
        while (p && rvbuf[p] == '/') rvbuf[p--] = 0;
        /* strip trailing .git */
-       if (p >= 3 && !strncmp(&rvbuf[p-3], ".git", 4)) {
+       if (p >= 3 && !prefixcmp(&rvbuf[p-3], ".git")) {
                p -= 3; rvbuf[p--] = 0;
        }
        /* strip more trailing slashes if any */
@@ -125,12 +136,10 @@ static void site_url(const char *page, const char *search, const char *sort, int
 {
        char *delim = "?";
 
-       if (ctx.cfg.virtual_root) {
+       if (ctx.cfg.virtual_root)
                html_attr(ctx.cfg.virtual_root);
-               if (ctx.cfg.virtual_root[strlen(ctx.cfg.virtual_root) - 1] != '/')
-                       html("/");
-       } else
-               html(ctx.cfg.script_name);
+       else
+               html_url_path(ctx.cfg.script_name);
 
        if (page) {
                htmlf("?p=%s", page);
@@ -200,8 +209,6 @@ static char *repolink(const char *title, const char *class, const char *page,
        html(" href='");
        if (ctx.cfg.virtual_root) {
                html_url_path(ctx.cfg.virtual_root);
-               if (ctx.cfg.virtual_root[strlen(ctx.cfg.virtual_root) - 1] != '/')
-                       html("/");
                html_url_path(ctx.repo->url);
                if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
                        html("/");
@@ -212,7 +219,7 @@ static char *repolink(const char *title, const char *class, const char *page,
                                html_url_path(path);
                }
        } else {
-               html(ctx.cfg.script_name);
+               html_url_path(ctx.cfg.script_name);
                html("?url=");
                html_url_arg(ctx.repo->url);
                if (ctx.repo->url[strlen(ctx.repo->url) - 1] != '/')
@@ -425,58 +432,59 @@ static void cgit_self_link(char *name, const char *title, const char *class,
                           struct cgit_context *ctx)
 {
        if (!strcmp(ctx->qry.page, "repolist"))
-               return cgit_index_link(name, title, class, ctx->qry.search, ctx->qry.sort,
-                                      ctx->qry.ofs);
+               cgit_index_link(name, title, class, ctx->qry.search, ctx->qry.sort,
+                               ctx->qry.ofs);
        else if (!strcmp(ctx->qry.page, "summary"))
-               return cgit_summary_link(name, title, class, ctx->qry.head);
+               cgit_summary_link(name, title, class, ctx->qry.head);
        else if (!strcmp(ctx->qry.page, "tag"))
-               return cgit_tag_link(name, title, class, ctx->qry.head,
-                                    ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL);
+               cgit_tag_link(name, title, class, ctx->qry.head,
+                             ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL);
        else if (!strcmp(ctx->qry.page, "tree"))
-               return cgit_tree_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path);
+               cgit_tree_link(name, title, class, ctx->qry.head,
+                              ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                              ctx->qry.path);
        else if (!strcmp(ctx->qry.page, "plain"))
-               return cgit_plain_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path);
+               cgit_plain_link(name, title, class, ctx->qry.head,
+                               ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                               ctx->qry.path);
        else if (!strcmp(ctx->qry.page, "log"))
-               return cgit_log_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path, ctx->qry.ofs,
-                                     ctx->qry.grep, ctx->qry.search,
-                                     ctx->qry.showmsg);
+               cgit_log_link(name, title, class, ctx->qry.head,
+                             ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                             ctx->qry.path, ctx->qry.ofs,
+                             ctx->qry.grep, ctx->qry.search,
+                             ctx->qry.showmsg);
        else if (!strcmp(ctx->qry.page, "commit"))
-               return cgit_commit_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path, 0);
+               cgit_commit_link(name, title, class, ctx->qry.head,
+                                ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                                ctx->qry.path, 0);
        else if (!strcmp(ctx->qry.page, "patch"))
-               return cgit_patch_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path);
+               cgit_patch_link(name, title, class, ctx->qry.head,
+                               ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                               ctx->qry.path);
        else if (!strcmp(ctx->qry.page, "refs"))
-               return cgit_refs_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path);
+               cgit_refs_link(name, title, class, ctx->qry.head,
+                              ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                              ctx->qry.path);
        else if (!strcmp(ctx->qry.page, "snapshot"))
-               return cgit_snapshot_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
-                                     ctx->qry.path);
+               cgit_snapshot_link(name, title, class, ctx->qry.head,
+                                  ctx->qry.has_sha1 ? ctx->qry.sha1 : NULL,
+                                  ctx->qry.path);
        else if (!strcmp(ctx->qry.page, "diff"))
-               return cgit_diff_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.sha1, ctx->qry.sha2,
-                                     ctx->qry.path, 0);
+               cgit_diff_link(name, title, class, ctx->qry.head,
+                              ctx->qry.sha1, ctx->qry.sha2,
+                              ctx->qry.path, 0);
        else if (!strcmp(ctx->qry.page, "stats"))
-               return cgit_stats_link(name, title, class, ctx->qry.head,
-                                     ctx->qry.path);
-
-       /* Don't known how to make link for this page */
-       repolink(title, class, ctx->qry.page, ctx->qry.head, ctx->qry.path);
-       html("><!-- cgit_self_link() doesn't know how to make link for page '");
-       html_txt(ctx->qry.page);
-       html("' -->");
-       html_txt(name);
-       html("</a>");
+               cgit_stats_link(name, title, class, ctx->qry.head,
+                               ctx->qry.path);
+       else {
+               /* Don't known how to make link for this page */
+               repolink(title, class, ctx->qry.page, ctx->qry.head, ctx->qry.path);
+               html("><!-- cgit_self_link() doesn't know how to make link for page '");
+               html_txt(ctx->qry.page);
+               html("' -->");
+               html_txt(name);
+               html("</a>");
+       }
 }
 
 void cgit_object_link(struct object *obj)
@@ -522,6 +530,7 @@ void cgit_submodule_link(const char *class, char *path, const char *rev)
        char tail, *dir;
        size_t len;
 
+       len = 0;
        tail = 0;
        list = &ctx.repo->submodules;
        item = lookup_path(list, path);
@@ -538,21 +547,21 @@ void cgit_submodule_link(const char *class, char *path, const char *rev)
                htmlf("class='%s' ", class);
        html("href='");
        if (item) {
-               html_attr(fmt(item->util, rev));
+               html_attrf(item->util, rev);
        } else if (ctx.repo->module_link) {
                dir = strrchr(path, '/');
                if (dir)
                        dir++;
                else
                        dir = path;
-               html_attr(fmt(ctx.repo->module_link, dir, rev));
+               html_attrf(ctx.repo->module_link, dir, rev);
        } else {
                html("#");
        }
        html("'>");
        html_txt(path);
        html("</a>");
-       html_txt(fmt(" @ %.7s", rev));
+       html_txtf(" @ %.7s", rev);
        if (item && tail)
                path[len - 1] = tail;
 }
@@ -632,6 +641,8 @@ void cgit_print_http_headers(struct cgit_context *ctx)
        if (ctx->page.filename)
                htmlf("Content-Disposition: inline; filename=\"%s\"\n",
                      ctx->page.filename);
+       if (!ctx->env.authenticated)
+               html("Cache-Control: no-cache, no-store\n");
        htmlf("Last-Modified: %s\n", http_date(ctx->page.modified));
        htmlf("Expires: %s\n", http_date(ctx->page.expires));
        if (ctx->page.etag)
@@ -649,7 +660,7 @@ void cgit_print_docstart(struct cgit_context *ctx)
                return;
        }
 
-       char *host = cgit_hosturl();
+       const char *host = cgit_hosturl();
        html(cgit_doctype);
        html("<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>\n");
        html("<head>\n");
@@ -668,12 +679,16 @@ void cgit_print_docstart(struct cgit_context *ctx)
                html("'/>\n");
        }
        if (host && ctx->repo && ctx->qry.head) {
+               struct strbuf sb = STRBUF_INIT;
+               strbuf_addf(&sb, "h=%s", ctx->qry.head);
+
                html("<link rel='alternate' title='Atom feed' href='");
                html(cgit_httpscheme());
                html_attr(cgit_hosturl());
                html_attr(cgit_fileurl(ctx->repo->url, "atom", ctx->qry.vpath,
-                                      fmt("h=%s", ctx->qry.head)));
+                                      sb.buf));
                html("' type='application/atom+xml'/>\n");
+               strbuf_release(&sb);
        }
        if (ctx->cfg.head_include)
                html_include(ctx->cfg.head_include);
@@ -715,13 +730,14 @@ static int print_branch_option(const char *refname, const unsigned char *sha1,
 void cgit_add_hidden_formfields(int incl_head, int incl_search,
                                const char *page)
 {
-       char *url;
-
        if (!ctx.cfg.virtual_root) {
-               url = fmt("%s/%s", ctx.qry.repo, page);
+               struct strbuf url = STRBUF_INIT;
+
+               strbuf_addf(&url, "%s/%s", ctx.qry.repo, page);
                if (ctx.qry.vpath)
-                       url = fmt("%s/%s", url, ctx.qry.vpath);
-               html_hidden("url", url);
+                       strbuf_addf(&url, "/%s", ctx.qry.vpath);
+               html_hidden("url", url.buf);
+               strbuf_release(&url);
        }
 
        if (incl_head && ctx.qry.head && ctx.repo->defbranch &&
@@ -800,14 +816,16 @@ static void print_header(struct cgit_context *ctx)
                cgit_index_link("index", NULL, NULL, NULL, NULL, 0);
                html(" : ");
                cgit_summary_link(ctx->repo->name, ctx->repo->name, NULL, NULL);
-               html("</td><td class='form'>");
-               html("<form method='get' action=''>\n");
-               cgit_add_hidden_formfields(0, 1, ctx->qry.page);
-               html("<select name='h' onchange='this.form.submit();'>\n");
-               for_each_branch_ref(print_branch_option, ctx->qry.head);
-               html("</select> ");
-               html("<input type='submit' name='' value='switch'/>");
-               html("</form>");
+               if (ctx->env.authenticated) {
+                       html("</td><td class='form'>");
+                       html("<form method='get' action=''>\n");
+                       cgit_add_hidden_formfields(0, 1, ctx->qry.page);
+                       html("<select name='h' onchange='this.form.submit();'>\n");
+                       for_each_branch_ref(print_branch_option, ctx->qry.head);
+                       html("</select> ");
+                       html("<input type='submit' name='' value='switch'/>");
+                       html("</form>");
+               }
        } else
                html_txt(ctx->cfg.root_title);
        html("</td></tr>\n");
@@ -829,11 +847,11 @@ static void print_header(struct cgit_context *ctx)
 void cgit_print_pageheader(struct cgit_context *ctx)
 {
        html("<div id='cgit'>");
-       if (!ctx->cfg.noheader)
+       if (!ctx->env.authenticated || !ctx->cfg.noheader)
                print_header(ctx);
 
        html("<table class='tabs'><tr><td>\n");
-       if (ctx->repo) {
+       if (ctx->env.authenticated && ctx->repo) {
                cgit_summary_link("summary", NULL, hc(ctx, "summary"),
                                  ctx->qry.head);
                cgit_refs_link("refs", NULL, hc(ctx, "refs"), ctx->qry.head,
@@ -850,7 +868,7 @@ void cgit_print_pageheader(struct cgit_context *ctx)
                if (ctx->repo->max_stats)
                        cgit_stats_link("stats", NULL, hc(ctx, "stats"),
                                        ctx->qry.head, ctx->qry.vpath);
-               if (ctx->repo->readme)
+               if (ctx->repo->readme.nr)
                        reporevlink("about", "about", NULL,
                                    hc(ctx, "about"), ctx->qry.head, NULL,
                                    NULL);
@@ -872,7 +890,7 @@ void cgit_print_pageheader(struct cgit_context *ctx)
                html("'/>\n");
                html("<input type='submit' value='search'/>\n");
                html("</form>\n");
-       } else {
+       } else if (ctx->env.authenticated) {
                site_link(NULL, "index", NULL, hc(ctx, "repolist"), NULL, NULL, 0);
                if (ctx->cfg.root_readme)
                        site_link("about", "about", NULL, hc(ctx, "about"),
@@ -888,7 +906,7 @@ void cgit_print_pageheader(struct cgit_context *ctx)
                html("</form>");
        }
        html("</td></tr></table>\n");
-       if (ctx->qry.vpath) {
+       if (ctx->env.authenticated && ctx->qry.vpath) {
                html("<div class='path'>");
                html("path: ");
                cgit_print_path_crumbs(ctx, ctx->qry.vpath);
@@ -916,19 +934,23 @@ void cgit_print_snapshot_links(const char *repo, const char *head,
                               const char *hex, int snapshots)
 {
        const struct cgit_snapshot_format* f;
-       char *prefix;
-       char *filename;
+       struct strbuf filename = STRBUF_INIT;
+       size_t prefixlen;
        unsigned char sha1[20];
 
        if (get_sha1(fmt("refs/tags/%s", hex), sha1) == 0 &&
            (hex[0] == 'v' || hex[0] == 'V') && isdigit(hex[1]))
                hex++;
-       prefix = xstrdup(fmt("%s-%s", cgit_repobasename(repo), hex));
+       strbuf_addf(&filename, "%s-%s", cgit_repobasename(repo), hex);
+       prefixlen = filename.len;
        for (f = cgit_snapshot_formats; f->suffix; f++) {
                if (!(snapshots & f->bit))
                        continue;
-               filename = fmt("%s%s", prefix, f->suffix);
-               cgit_snapshot_link(filename, NULL, NULL, NULL, NULL, filename);
+               strbuf_setlen(&filename, prefixlen);
+               strbuf_addstr(&filename, f->suffix);
+               cgit_snapshot_link(filename.buf, NULL, NULL, NULL, NULL,
+                                  filename.buf);
                html("<br/>");
        }
+       strbuf_release(&filename);
 }
A hyperfast web frontend for git repositories written in C.