X-Git-Url: https://git.cameronkatri.com/cgit.git/blobdiff_plain/6821d8ea4a64d15b8f284d1af01ab184ef1e76c3..cef27b670a66c9840bb6120260864e4b3a701dc2:/ui-plain.c diff --git a/ui-plain.c b/ui-plain.c index da76406..001001c 100644 --- a/ui-plain.c +++ b/ui-plain.c @@ -1,82 +1,127 @@ /* ui-plain.c: functions for output of plain blobs by path * - * Copyright (C) 2008 Lars Hjemli + * Copyright (C) 2006-2014 cgit Development Team * * Licensed under GNU General Public License v2 * (see COPYING for full license text) */ #include "cgit.h" +#include "ui-plain.h" #include "html.h" #include "ui-shared.h" -int match_baselen; -int match; +struct walk_tree_context { + int match_baselen; + int match; +}; -static void print_object(const unsigned char *sha1, const char *path) +static int print_object(const struct object_id *oid, const char *path) { enum object_type type; - char *buf, *ext; + char *buf, *mimetype; unsigned long size; - struct string_list_item *mime; - type = sha1_object_info(sha1, &size); + type = oid_object_info(the_repository, oid, &size); if (type == OBJ_BAD) { - html_status(404, "Not found", 0); - return; + cgit_print_error_page(404, "Not found", "Not found"); + return 0; } - buf = read_sha1_file(sha1, &type, &size); + buf = read_object_file(oid, &type, &size); if (!buf) { - html_status(404, "Not found", 0); - return; + cgit_print_error_page(404, "Not found", "Not found"); + return 0; } - ctx.page.mimetype = NULL; - ext = strrchr(path, '.'); - if (ext && *(++ext)) { - mime = string_list_lookup(ext, &ctx.cfg.mimetypes); - if (mime) - ctx.page.mimetype = (char *)mime->util; + + mimetype = get_mimetype_for_filename(path); + ctx.page.mimetype = mimetype; + + if (!ctx.repo->enable_html_serving) { + html("X-Content-Type-Options: nosniff\n"); + html("Content-Security-Policy: default-src 'none'\n"); + if (mimetype) { + /* Built-in white list allows PDF and everything that isn't text/ and application/ */ + if ((!strncmp(mimetype, "text/", 5) || !strncmp(mimetype, "application/", 12)) && strcmp(mimetype, "application/pdf")) + ctx.page.mimetype = NULL; + } } + if (!ctx.page.mimetype) { - if (buffer_is_binary(buf, size)) + if (buffer_is_binary(buf, size)) { ctx.page.mimetype = "application/octet-stream"; - else + ctx.page.charset = NULL; + } else { ctx.page.mimetype = "text/plain"; + } } - ctx.page.filename = fmt("%s", path); + ctx.page.filename = path; ctx.page.size = size; - ctx.page.etag = sha1_to_hex(sha1); - cgit_print_http_headers(&ctx); + ctx.page.etag = oid_to_hex(oid); + cgit_print_http_headers(); html_raw(buf, size); - match = 1; + free(mimetype); + free(buf); + return 1; } -static void print_dir(const unsigned char *sha1, const char *path, - const char *base) +static char *buildpath(const char *base, int baselen, const char *path) { - char *fullpath; - if (path[0] || base[0]) - fullpath = fmt("/%s%s/", base, path); + if (path[0]) + return fmtalloc("%.*s%s/", baselen, base, path); else - fullpath = "/"; - ctx.page.etag = sha1_to_hex(sha1); - cgit_print_http_headers(&ctx); - htmlf("%s\n\n" - "

%s

\n