Merge from knu-cvsweb 1.104.1.55.
2001-01-02 21:23 knu
* cvsweb.cgi, cvsweb.conf: Get cvsweb.cgi to run under perl -T.
Change perl command line:
Change perl5 to perl and just declare `require 5.000'.
Remove -s option that was intended for debug use.
Add -T option to perform security checks.
Change search paths for cvsweb.conf:
Don't adopt the value of $ENV{CVSWEB_CONFIG} that was intended
for
debug use.
Search the same directory that cvsweb.cgi is in instead of the
current directory.
Invoking `last' in `do { ... } while (0);' is wrong. Change the
loop to `while (1) { ... last; }'.
Don't do chdir. Instead, use tar(1)'s -C option and cvs(1)
export's -d option.
Explicitly define $ENV{PATH}.
Turn $allow_compress off by default so user can debug cvsweb.cgi
easily. (Still enabled on freefall)
This commit is contained in:
Akinori MUSHA
parent
ce1a91e27c
commit
885d6122bd
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/www/; revision=8626
2 changed files with 34 additions and 38 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
#!/usr/bin/perl5 -ws
|
#!/usr/bin/perl -wT
|
||||||
#
|
#
|
||||||
# cvsweb - a CGI interface to CVS trees.
|
# cvsweb - a CGI interface to CVS trees.
|
||||||
#
|
#
|
||||||
|
|
@ -43,11 +43,13 @@
|
||||||
# SUCH DAMAGE.
|
# SUCH DAMAGE.
|
||||||
#
|
#
|
||||||
# $zId: cvsweb.cgi,v 1.104 2000/11/01 22:05:12 hnordstrom Exp $
|
# $zId: cvsweb.cgi,v 1.104 2000/11/01 22:05:12 hnordstrom Exp $
|
||||||
# $Id: cvsweb.cgi,v 1.63 2001-01-02 00:03:51 knu Exp $
|
# $Id: cvsweb.cgi,v 1.64 2001-01-02 12:45:29 knu Exp $
|
||||||
# $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.62 2000/12/29 09:22:50 knu Exp $
|
# $FreeBSD: www/en/cgi/cvsweb.cgi,v 1.63 2001/01/02 00:03:51 knu Exp $
|
||||||
#
|
#
|
||||||
###
|
###
|
||||||
|
|
||||||
|
require 5.000;
|
||||||
|
|
||||||
use strict;
|
use strict;
|
||||||
|
|
||||||
use vars qw (
|
use vars qw (
|
||||||
|
|
@ -131,16 +133,18 @@ sub link_tags($);
|
||||||
sub forbidden_module($);
|
sub forbidden_module($);
|
||||||
|
|
||||||
##### Start of Configuration Area ########
|
##### Start of Configuration Area ########
|
||||||
use Cwd;
|
use File::Basename;
|
||||||
|
|
||||||
# == EDIT this ==
|
# == EDIT this ==
|
||||||
# Locations to search for user configuration, in order:
|
# Locations to search for user configuration, in order:
|
||||||
for (
|
for (
|
||||||
$ENV{CVSWEB_CONFIG},
|
(dirname $0) . '/cvsweb.conf',
|
||||||
'/usr/local/etc/cvsweb.conf',
|
'/usr/local/etc/cvsweb.conf'
|
||||||
getcwd() . '/cvsweb.conf'
|
|
||||||
) {
|
) {
|
||||||
$config = $_ if defined($_) && -r $_;
|
if (defined($_) && -r $_) {
|
||||||
|
($config) = /(.*)/; # untaint
|
||||||
|
last;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# == Configuration defaults ==
|
# == Configuration defaults ==
|
||||||
|
|
@ -216,7 +220,7 @@ $LOG_REVSEPARATOR = q/^-{28}$/;
|
||||||
##### End of configuration variables #####
|
##### End of configuration variables #####
|
||||||
|
|
||||||
$cgi_style::hsty_base = 'http://www.FreeBSD.org';
|
$cgi_style::hsty_base = 'http://www.FreeBSD.org';
|
||||||
$_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.62 2000/12/29 09:22:50 knu Exp $;
|
$_ = q$FreeBSD: www/en/cgi/cvsweb.cgi,v 1.63 2001/01/02 00:03:51 knu Exp $;
|
||||||
@_ = split;
|
@_ = split;
|
||||||
$cgi_style::hsty_date = "@_[3,4]";
|
$cgi_style::hsty_date = "@_[3,4]";
|
||||||
|
|
||||||
|
|
@ -496,11 +500,11 @@ if ($module && &forbidden_module($module)) {
|
||||||
if ($input{tarball}) {
|
if ($input{tarball}) {
|
||||||
&fatal("403 Forbidden", "Downloading tarballs is prohibited.")
|
&fatal("403 Forbidden", "Downloading tarballs is prohibited.")
|
||||||
unless $allow_tar;
|
unless $allow_tar;
|
||||||
$where =~ s,/[^/]*$,,;
|
my($module) = ($where =~ m,^/?(.*),); # untaint
|
||||||
$where =~ s,^/,,;
|
$module =~ s,/[^/]*$,,;
|
||||||
my($basedir) = ($where =~ m,([^/]+)$,);
|
my($basedir) = ($module =~ m,([^/]+)$,);
|
||||||
|
|
||||||
if ($basedir eq '' || $where eq '') {
|
if ($basedir eq '' || $module eq '') {
|
||||||
&fatal("500 Internal Error", "You cannot download the top level directory.");
|
&fatal("500 Internal Error", "You cannot download the top level directory.");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -511,34 +515,24 @@ if ($input{tarball}) {
|
||||||
|
|
||||||
my $fatal = '';
|
my $fatal = '';
|
||||||
|
|
||||||
do {
|
while (1) {
|
||||||
chdir $tmpdir
|
|
||||||
or $fatal = "500 Internal Error", "Unable to cd to temporary directory: $!"
|
|
||||||
&& last;
|
|
||||||
|
|
||||||
my $tag = (exists $input{only_with_tag} && length $input{only_with_tag})
|
my $tag = (exists $input{only_with_tag} && length $input{only_with_tag})
|
||||||
? $input{only_with_tag} : "HEAD";
|
? $input{only_with_tag} : "HEAD";
|
||||||
|
|
||||||
system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, $where
|
system "cvs", @cvs_options, "-Qd", $cvsroot, "export", "-r", $tag, "-d", "$tmpdir/$basedir", $module
|
||||||
and $fatal = "500 Internal Error","cvs co failure: $!: $where"
|
and $fatal = "500 Internal Error","cvs co failure: $!: $module"
|
||||||
&& last;
|
|
||||||
|
|
||||||
chdir "$where/.."
|
|
||||||
or $fatal = "500 Internal Error","Cannot find expected directory in checkout"
|
|
||||||
&& last;
|
&& last;
|
||||||
|
|
||||||
$| = 1; # Essential to get the buffering right.
|
$| = 1; # Essential to get the buffering right.
|
||||||
|
|
||||||
print "Content-type: application/x-gzip\r\n\r\n";
|
print "Content-type: application/x-gzip\r\n\r\n";
|
||||||
|
|
||||||
system "tar", "-zcf", "-", $basedir, @tar_options
|
system "tar", @tar_options, "-zcf", "-", "-C", $tmpdir, $basedir
|
||||||
and $fatal = "500 Internal Error","tar zc failure: $!: $basedir"
|
and $fatal = "500 Internal Error","tar zc failure: $!: $basedir"
|
||||||
&& last;
|
&& last;
|
||||||
|
|
||||||
chdir $tmpdir
|
last;
|
||||||
or $fatal = "500 Internal Error","Unable to cd to temporary directory: $!"
|
}
|
||||||
&& last;
|
|
||||||
} while (0);
|
|
||||||
|
|
||||||
system "rm", "-rf", $tmpdir if -d $tmpdir;
|
system "rm", "-rf", $tmpdir if -d $tmpdir;
|
||||||
|
|
||||||
|
|
@ -1386,8 +1380,8 @@ sub doAnnotate($$) {
|
||||||
# the public domain.
|
# the public domain.
|
||||||
# we could abandon the use of rlog, rcsdiff and co using
|
# we could abandon the use of rlog, rcsdiff and co using
|
||||||
# the cvsserver in a similiar way one day (..after rewrite)
|
# the cvsserver in a similiar way one day (..after rewrite)
|
||||||
$pid = open2($reader, $writer, "cvs @cvs_options -l server") || fatal ("500 Internal Error",
|
$pid = open2($reader, $writer, "cvs", @cvs_options, "server")
|
||||||
"Fatal Error - unable to open cvs for annotation");
|
|| fatal ("500 Internal Error", "Fatal Error - unable to open cvs for annotation");
|
||||||
|
|
||||||
# OK, first send the request to the server. A simplified example is:
|
# OK, first send the request to the server. A simplified example is:
|
||||||
# Root /home/kingdon/zwork/cvsroot
|
# Root /home/kingdon/zwork/cvsroot
|
||||||
|
|
@ -2735,7 +2729,7 @@ sub navigateHeader($$$$$) {
|
||||||
print qq`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">`;
|
print qq`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">`;
|
||||||
print "<HTML>\n<HEAD>\n";
|
print "<HTML>\n<HEAD>\n";
|
||||||
print qq`<META name="robots" content="nofollow">\n`;
|
print qq`<META name="robots" content="nofollow">\n`;
|
||||||
print '<!-- CVSweb $zRevision: 1.104 $ $Revision: 1.63 $ -->';
|
print '<!-- CVSweb $zRevision: 1.104 $ $Revision: 1.64 $ -->';
|
||||||
print "\n<TITLE>$path$filename - $title - $rev</TITLE></HEAD>\n";
|
print "\n<TITLE>$path$filename - $title - $rev</TITLE></HEAD>\n";
|
||||||
print "$body_tag_for_src\n";
|
print "$body_tag_for_src\n";
|
||||||
print "<table width=\"100%\" border=0 cellspacing=0 cellpadding=1 bgcolor=\"$navigationHeaderColor\">";
|
print "<table width=\"100%\" border=0 cellspacing=0 cellpadding=1 bgcolor=\"$navigationHeaderColor\">";
|
||||||
|
|
@ -3129,7 +3123,7 @@ sub http_header(;$) {
|
||||||
|
|
||||||
sub html_header($) {
|
sub html_header($) {
|
||||||
my ($title) = @_;
|
my ($title) = @_;
|
||||||
my $version = '$zRevision: 1.104 $ $Revision: 1.63 $'; #'
|
my $version = '$zRevision: 1.104 $ $Revision: 1.64 $'; #'
|
||||||
http_header(defined($charset) ? "text/html; charset=$charset" : "text/html");
|
http_header(defined($charset) ? "text/html; charset=$charset" : "text/html");
|
||||||
|
|
||||||
(my $header = &cgi_style::html_header) =~ s/^.*\n\n//; # remove HTTP response header
|
(my $header = &cgi_style::html_header) =~ s/^.*\n\n//; # remove HTTP response header
|
||||||
|
|
|
||||||
|
|
@ -7,8 +7,8 @@
|
||||||
# 2000 A. MUSHA <knu@FreeBSD.org>
|
# 2000 A. MUSHA <knu@FreeBSD.org>
|
||||||
# based on work by Bill Fenner <fenner@FreeBSD.org>
|
# based on work by Bill Fenner <fenner@FreeBSD.org>
|
||||||
# $zId: cvsweb.conf,v 1.27 2000/07/27 10:16:39 kcoar Exp $
|
# $zId: cvsweb.conf,v 1.27 2000/07/27 10:16:39 kcoar Exp $
|
||||||
# $Id: cvsweb.conf,v 1.11 2001-01-02 00:03:51 knu Exp $
|
# $Id: cvsweb.conf,v 1.12 2001-01-02 12:45:29 knu Exp $
|
||||||
# $FreeBSD: www/en/cgi/cvsweb.conf,v 1.10 2000/12/28 18:42:21 knu Exp $
|
# $FreeBSD: www/en/cgi/cvsweb.conf,v 1.11 2001/01/02 00:03:51 knu Exp $
|
||||||
#
|
#
|
||||||
###
|
###
|
||||||
|
|
||||||
|
|
@ -401,9 +401,11 @@ $open_extern_window = 1;
|
||||||
# this allows editing of all your options more intuitive
|
# this allows editing of all your options more intuitive
|
||||||
$edit_option_form = (not $dirtable);
|
$edit_option_form = (not $dirtable);
|
||||||
|
|
||||||
# remember to set the path to your
|
# Set the path for the following commands:
|
||||||
# rcsutils: rlog, rcsdiff (gzip if you use compression)
|
# cvs, rlog, rcsdiff
|
||||||
#$ENV{'PATH'} = '/usr/local/bin';
|
# gzip (if you enable $allow_compress)
|
||||||
|
# tar,rm (if you enable $allow_tar)
|
||||||
|
$ENV{'PATH'} = '/bin:/usr/bin:/usr/local/bin';
|
||||||
|
|
||||||
# If you have files which automatically refers to other files
|
# If you have files which automatically refers to other files
|
||||||
# (such as HTML) then this allows you to browse the checked
|
# (such as HTML) then this allows you to browse the checked
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue