X-Git-Url: https://git.cameronkatri.com/cgit.git/blobdiff_plain/2b3e76a9f95c50f55be70dbb1cfa029f5165a535..c712d5ac434b9ee8cb4e63a173a2538e1878637f:/ui-plain.c diff --git a/ui-plain.c b/ui-plain.c index 0daa7bf..cfdbf73 100644 --- a/ui-plain.c +++ b/ui-plain.c @@ -16,53 +16,11 @@ struct walk_tree_context { int match; }; -static char *get_mimetype_from_file(const char *filename, const char *ext) -{ - static const char *delimiters; - char *result; - FILE *fd; - char line[1024]; - char *mimetype; - char *token; - - if (!filename) - return NULL; - - fd = fopen(filename, "r"); - if (!fd) - return NULL; - - delimiters = " \t\r\n"; - result = NULL; - - /* loop over all lines in the file */ - while (!result && fgets(line, sizeof(line), fd)) { - mimetype = strtok(line, delimiters); - - /* skip empty lines and comment lines */ - if (!mimetype || (mimetype[0] == '#')) - continue; - - /* loop over all extensions of mimetype */ - while ((token = strtok(NULL, delimiters))) { - if (!strcasecmp(ext, token)) { - result = xstrdup(mimetype); - break; - } - } - } - fclose(fd); - - return result; -} - static int print_object(const unsigned char *sha1, const char *path) { enum object_type type; - char *buf, *ext; + char *buf, *mimetype; unsigned long size; - struct string_list_item *mime; - int freemime; type = sha1_object_info(sha1, &size); if (type == OBJ_BAD) { @@ -75,22 +33,20 @@ static int print_object(const unsigned char *sha1, const char *path) cgit_print_error_page(404, "Not found", "Not found"); return 0; } - ctx.page.mimetype = NULL; - ext = strrchr(path, '.'); - freemime = 0; - if (ext && *(++ext)) { - mime = string_list_lookup(&ctx.cfg.mimetypes, ext); - if (mime) { - ctx.page.mimetype = (char *)mime->util; - ctx.page.charset = NULL; - } else { - ctx.page.mimetype = get_mimetype_from_file(ctx.cfg.mimetype_file, ext); - if (ctx.page.mimetype) { - freemime = 1; - ctx.page.charset = NULL; - } + + mimetype = get_mimetype_for_filename(path); + ctx.page.mimetype = mimetype; + + if (!ctx.repo->enable_html_serving) { + html("X-Content-Type-Options: nosniff\n"); + html("Content-Security-Policy: default-src 'none'\n"); + if (mimetype) { + /* Built-in white list allows PDF and everything that isn't text/ and application/ */ + if ((!strncmp(mimetype, "text/", 5) || !strncmp(mimetype, "application/", 12)) && strcmp(mimetype, "application/pdf")) + ctx.page.mimetype = NULL; } } + if (!ctx.page.mimetype) { if (buffer_is_binary(buf, size)) { ctx.page.mimetype = "application/octet-stream"; @@ -104,9 +60,8 @@ static int print_object(const unsigned char *sha1, const char *path) ctx.page.etag = sha1_to_hex(sha1); cgit_print_http_headers(); html_raw(buf, size); - /* If we allocated this, then casting away const is safe. */ - if (freemime) - free((char*) ctx.page.mimetype); + free(mimetype); + free(buf); return 1; } @@ -139,8 +94,10 @@ static void print_dir(const unsigned char *sha1, const char *base, slash = strrchr(fullpath, '/'); if (slash) *(slash + 1) = 0; - else + else { + free(fullpath); fullpath = NULL; + } html("
  • "); cgit_plain_link("../", NULL, NULL, ctx.qry.head, ctx.qry.sha1, fullpath); @@ -178,7 +135,7 @@ static int walk_tree(const unsigned char *sha1, struct strbuf *base, struct walk_tree_context *walk_tree_ctx = cbdata; if (base->len == walk_tree_ctx->match_baselen) { - if (S_ISREG(mode)) { + if (S_ISREG(mode) || S_ISLNK(mode)) { if (print_object(sha1, pathname)) walk_tree_ctx->match = 1; } else if (S_ISDIR(mode)) { @@ -186,7 +143,7 @@ static int walk_tree(const unsigned char *sha1, struct strbuf *base, walk_tree_ctx->match = 2; return READ_TREE_RECURSIVE; } - } else if (base->len > walk_tree_ctx->match_baselen) { + } else if (base->len < INT_MAX && (int)base->len > walk_tree_ctx->match_baselen) { print_dir_entry(sha1, base->buf, base->len, pathname, mode); walk_tree_ctx->match = 2; } else if (S_ISDIR(mode)) { @@ -207,7 +164,7 @@ static int basedir_len(const char *path) void cgit_print_plain(void) { const char *rev = ctx.qry.sha1; - unsigned char sha1[20]; + struct object_id oid; struct commit *commit; struct pathspec_item path_items = { .match = ctx.qry.path, @@ -224,11 +181,11 @@ void cgit_print_plain(void) if (!rev) rev = ctx.qry.head; - if (get_sha1(rev, sha1)) { + if (get_oid(rev, &oid)) { cgit_print_error_page(404, "Not found", "Not found"); return; } - commit = lookup_commit_reference(sha1); + commit = lookup_commit_reference(&oid); if (!commit || parse_commit(commit)) { cgit_print_error_page(404, "Not found", "Not found"); return; @@ -236,7 +193,7 @@ void cgit_print_plain(void) if (!path_items.match) { path_items.match = ""; walk_tree_ctx.match_baselen = -1; - print_dir(commit->tree->object.sha1, "", 0, ""); + print_dir(commit->tree->object.oid.hash, "", 0, ""); walk_tree_ctx.match = 2; } else