Merge from knu-cvsweb 1.104.1.55.
2001-01-02 21:23  knu
	* cvsweb.cgi, cvsweb.conf: Get cvsweb.cgi to run under perl -T.
	Change perl command line:
	  Change perl5 to perl and just declare `require 5.000'.
	  Remove -s option that was intended for debug use.
	  Add -T option to perform security checks.
	Change search paths for cvsweb.conf:
	  Don't adopt the value of $ENV{CVSWEB_CONFIG} that was intended
	for
	  debug use.
	  Search the same directory that cvsweb.cgi is in instead of the
	  current directory.
	Invoking `last' in `do { ... } while (0);' is wrong.  Change the
	loop to `while (1) { ... last; }'.
	Don't do chdir.  Instead, use tar(1)'s -C option and cvs(1)
	export's -d option.
	Explicitly define $ENV{PATH}.
	Turn $allow_compress off by default so user can debug cvsweb.cgi
	easily. (Still enabled on freefall)
			
			
This commit is contained in:
		
							parent
							
								
									ce1a91e27c
								
							
						
					
					
						commit
						885d6122bd
					
				
				
				Notes:
				
					svn2git
				
				2020-12-08 03:00:23 +00:00 
				
			
			svn path=/www/; revision=8626
					 2 changed files with 34 additions and 38 deletions
				
			
		|  | @ -1,4 +1,4 @@ | |||
| #!/usr/bin/perl5 -ws | ||||
| #!/usr/bin/perl -wT | ||||
| # | ||||
| # cvsweb - a CGI interface to CVS trees. | ||||
| # | ||||
|  | @ -43,11 +43,13 @@ | |||
| # SUCH DAMAGE. | ||||
| # | ||||
| # $zId: cvsweb.cgi,v 1.104 2000/11/01 22:05:12 hnordstrom Exp $ | ||||
| # $Id: cvsweb.cgi,v 1.63 2001-01-02 00:03:51 knu Exp $ | ||||
| # $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.62 2000/12/29 09:22:50 knu Exp $ | ||||
| # $Id: cvsweb.cgi,v 1.64 2001-01-02 12:45:29 knu Exp $ | ||||
| # $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.63 2001/01/02 00:03:51 knu Exp $ | ||||
| # | ||||
| ### | ||||
| 
 | ||||
| require 5.000; | ||||
| 
 | ||||
| use strict; | ||||
| 
 | ||||
| use vars qw ( | ||||
|  | @ -131,16 +133,18 @@ sub link_tags($); | |||
| sub forbidden_module($); | ||||
| 
 | ||||
| ##### Start of Configuration Area ######## | ||||
| use Cwd; | ||||
| use File::Basename; | ||||
| 
 | ||||
| # == EDIT this == | ||||
| # Locations to search for user configuration, in order: | ||||
| for ( | ||||
|      $ENV{CVSWEB_CONFIG}, | ||||
|      '/usr/local/etc/cvsweb.conf', | ||||
|      getcwd() . '/cvsweb.conf' | ||||
|      (dirname $0) . '/cvsweb.conf', | ||||
|      '/usr/local/etc/cvsweb.conf' | ||||
|     ) { | ||||
|     $config = $_ if defined($_) && -r $_; | ||||
|     if (defined($_) && -r $_) { | ||||
| 	($config) = /(.*)/; # untaint | ||||
| 	last; | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| # == Configuration defaults == | ||||
|  | @ -216,7 +220,7 @@ $LOG_REVSEPARATOR = q/^-{28}$/; | |||
| ##### End of configuration variables ##### | ||||
| 
 | ||||
| $cgi_style::hsty_base = 'http://www.FreeBSD.org'; | ||||
| $_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.62 2000/12/29 09:22:50 knu Exp $; | ||||
| $_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.63 2001/01/02 00:03:51 knu Exp $; | ||||
| @_ = split; | ||||
| $cgi_style::hsty_date = "@_[3,4]"; | ||||
| 
 | ||||
|  | @ -496,11 +500,11 @@ if ($module && &forbidden_module($module)) { | |||
| if ($input{tarball}) { | ||||
|     &fatal("403 Forbidden", "Downloading tarballs is prohibited.") | ||||
|       unless $allow_tar; | ||||
|     $where =~ s,/[^/]*$,,; | ||||
|     $where =~ s,^/,,; | ||||
|     my($basedir) = ($where =~ m,([^/]+)$,); | ||||
|     my($module) = ($where =~ m,^/?(.*),);	# untaint | ||||
|     $module =~ s,/[^/]*$,,; | ||||
|     my($basedir) = ($module =~ m,([^/]+)$,); | ||||
| 
 | ||||
|     if ($basedir eq '' || $where eq '') { | ||||
|     if ($basedir eq '' || $module eq '') { | ||||
| 	&fatal("500 Internal Error", "You cannot download the top level directory."); | ||||
|     } | ||||
| 
 | ||||
|  | @ -511,34 +515,24 @@ if ($input{tarball}) { | |||
| 
 | ||||
|     my $fatal = ''; | ||||
| 
 | ||||
|     do { | ||||
| 	chdir $tmpdir | ||||
| 	  or $fatal = "500 Internal Error", "Unable to cd to temporary directory: $!" | ||||
| 	    && last; | ||||
| 
 | ||||
|     while (1) { | ||||
| 	my $tag = (exists $input{only_with_tag} && length $input{only_with_tag}) | ||||
| 	  ? $input{only_with_tag} : "HEAD"; | ||||
| 
 | ||||
| 	system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, $where | ||||
| 	  and $fatal = "500 Internal Error","cvs co failure: $!: $where" | ||||
| 	    && last; | ||||
| 
 | ||||
| 	chdir "$where/.." | ||||
| 	  or $fatal = "500 Internal Error","Cannot find expected directory in checkout" | ||||
| 	system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, "-d", "$tmpdir/$basedir", $module | ||||
| 	  and $fatal = "500 Internal Error","cvs co failure: $!: $module" | ||||
| 	    && last; | ||||
| 
 | ||||
| 	$| = 1; # Essential to get the buffering right. | ||||
| 
 | ||||
| 	print "Content-type: application/x-gzip\r\n\r\n"; | ||||
| 
 | ||||
| 	system "tar", "-zcf", "-", $basedir, @tar_options | ||||
| 	system "tar", @tar_options, "-zcf", "-", "-C", $tmpdir, $basedir | ||||
| 	  and $fatal = "500 Internal Error","tar zc failure: $!: $basedir" | ||||
| 	    && last; | ||||
| 
 | ||||
| 	chdir $tmpdir | ||||
| 	  or $fatal = "500 Internal Error","Unable to cd to temporary directory: $!" | ||||
| 	    && last; | ||||
|     } while (0); | ||||
| 	last; | ||||
|     } | ||||
| 
 | ||||
|     system "rm", "-rf", $tmpdir if -d $tmpdir; | ||||
| 
 | ||||
|  | @ -1386,8 +1380,8 @@ sub doAnnotate($$) { | |||
|     # the public domain. | ||||
|     # we could abandon the use of rlog, rcsdiff and co using | ||||
|     # the cvsserver in a similiar way one day (..after rewrite) | ||||
|     $pid = open2($reader, $writer, "cvs @cvs_options -l server") || fatal ("500 Internal Error", | ||||
| 							       "Fatal Error - unable to open cvs for annotation"); | ||||
|     $pid = open2($reader, $writer, "cvs", @cvs_options, "server") | ||||
|       || fatal ("500 Internal Error", "Fatal Error - unable to open cvs for annotation"); | ||||
| 
 | ||||
|     # OK, first send the request to the server.  A simplified example is: | ||||
|     #     Root /home/kingdon/zwork/cvsroot | ||||
|  | @ -2735,7 +2729,7 @@ sub navigateHeader($$$$$) { | |||
|     print qq`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">`; | ||||
|     print "<HTML>\n<HEAD>\n"; | ||||
|     print qq`<META name="robots" content="nofollow">\n`; | ||||
|     print '<!-- CVSweb $zRevision: 1.104 $  $Revision: 1.63 $ -->'; | ||||
|     print '<!-- CVSweb $zRevision: 1.104 $  $Revision: 1.64 $ -->'; | ||||
|     print "\n<TITLE>$path$filename - $title - $rev</TITLE></HEAD>\n"; | ||||
|     print  "$body_tag_for_src\n"; | ||||
|     print "<table width=\"100%\" border=0 cellspacing=0 cellpadding=1 bgcolor=\"$navigationHeaderColor\">"; | ||||
|  | @ -3129,7 +3123,7 @@ sub http_header(;$) { | |||
| 
 | ||||
| sub html_header($) { | ||||
|     my ($title) = @_; | ||||
|     my $version = '$zRevision: 1.104 $  $Revision: 1.63 $'; #' | ||||
|     my $version = '$zRevision: 1.104 $  $Revision: 1.64 $'; #' | ||||
|     http_header(defined($charset) ? "text/html; charset=$charset" : "text/html"); | ||||
| 
 | ||||
|     (my $header = &cgi_style::html_header) =~ s/^.*\n\n//; # remove HTTP response header | ||||
|  |  | |||
|  | @ -7,8 +7,8 @@ | |||
| #     2000      A. MUSHA     <knu@FreeBSD.org> | ||||
| #          based on work by Bill Fenner  <fenner@FreeBSD.org> | ||||
| # $zId: cvsweb.conf,v 1.27 2000/07/27 10:16:39 kcoar Exp $ | ||||
| # $Id: cvsweb.conf,v 1.11 2001-01-02 00:03:51 knu Exp $ | ||||
| # $FreeBSD: www/en/cgi/cvsweb.conf,v 1.10 2000/12/28 18:42:21 knu Exp $ | ||||
| # $Id: cvsweb.conf,v 1.12 2001-01-02 12:45:29 knu Exp $ | ||||
| # $FreeBSD: www/en/cgi/cvsweb.conf,v 1.11 2001/01/02 00:03:51 knu Exp $ | ||||
| # | ||||
| ### | ||||
| 
 | ||||
|  | @ -401,9 +401,11 @@ $open_extern_window = 1; | |||
| # this allows editing of all your options more intuitive | ||||
| $edit_option_form = (not $dirtable); | ||||
| 
 | ||||
| # remember to set the path to your | ||||
| # rcsutils: rlog, rcsdiff (gzip if you use compression) | ||||
| #$ENV{'PATH'} = '/usr/local/bin'; | ||||
| # Set the path for the following commands: | ||||
| #   cvs, rlog, rcsdiff | ||||
| #   gzip (if you enable $allow_compress) | ||||
| #   tar,rm (if you enable $allow_tar) | ||||
| $ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin'; | ||||
| 
 | ||||
| # If you have files which automatically refers to other files | ||||
| # (such as HTML) then this allows you to browse the checked | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue