diff --git a/gitweb.pl b/gitweb.cgi similarity index 85% rename from gitweb.pl rename to gitweb.cgi index 096786b932..017664b8f4 100755 --- a/gitweb.pl +++ b/gitweb.cgi @@ -14,14 +14,17 @@ use CGI::Carp qw(fatalsToBrowser); my $cgi = new CGI; -my $version = "049"; -my $projectroot = "/"; -my $defaultprojects = "home/kay/public_html"; -my $gitbin = "/home/kay/bin/git"; -my $gittmp = "/tmp"; +my $version = "053"; +my $projectroot = "/pub/scm"; +my $defaultprojects = "linux/kernel/git"; +my $gitbin = "/usr/bin"; +my $gittmp = "/tmp/gitweb"; +my $giturl = "/pub/software/scm/cogito"; my $my_url = $cgi->url(); my $my_uri = $cgi->url(-absolute => 1); +mkdir($gittmp, 0700); + my $project = $cgi->param('p'); my $action = $cgi->param('a'); my $hash = $cgi->param('h'); @@ -30,17 +33,19 @@ my $time_back = $cgi->param('t'); if (!(defined($time_back))) { $time_back = 1; } -$ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/.git/objects"; +$ENV{'SHA1_FILE_DIRECTORY'} = "$projectroot/$project/objects"; # sanitize input $action =~ s/[^0-9a-zA-Z\.\-]//g; -$project =~ s/\/\.//g; -$project =~ s/^\/+//g; -$project =~ s/\/+$//g; -$project =~ s/|//g; $hash =~ s/[^0-9a-fA-F]//g; $hash_parent =~ s/[^0-9a-fA-F]//g; $time_back =~ s/[^0-9]+//g; +if (defined($project) && $project =~ /(^|\/)(|\.|\.\.)($|\/)/) { + print $cgi->header(-type=>'text/plain', -status=>'403 Permission denied'); + print "Malformed query, file missing or permission denied\n"; + exit 0; +} +$project =~ s/|//g; sub git_header_html { print $cgi->header(-type => 'text/html', -charset => 'utf-8'); @@ -51,38 +56,55 @@ print <git - $project $action EOF print "
\n" . - "" . + "" . "\"git\""; if ($defaultprojects ne "") { print $cgi->a({-href => "$my_uri"}, "projects") . " / "; @@ -108,7 +130,7 @@ sub git_footer_html { sub git_head { my $path = shift; - open my $fd, "$projectroot/$path/.git/HEAD"; + open my $fd, "$projectroot/$path/HEAD"; my $head = <$fd>; close $fd; chomp $head; @@ -281,14 +303,19 @@ if ($action eq "git-logo.png") { # show list of default projects if ($project eq "") { opendir(my $fd, "$projectroot/$defaultprojects"); - my (@path) = sort grep(!/^\./, readdir($fd)); + my (@users) = sort grep(!/^\./, readdir($fd)); closedir($fd); git_header_html(); print "
\n"; print "

\n"; - foreach my $line (@path) { - if (-e "$projectroot/$defaultprojects/$line/.git/HEAD") { - print $cgi->a({-href => "$my_uri?p=$defaultprojects/$line;a=log"}, "$defaultprojects/$line") . "
\n"; + foreach my $user (@users) { + opendir($fd, "$projectroot/$defaultprojects/$user"); + my (@repos) = sort grep(/\.git$/, readdir($fd)); + closedir($fd); + foreach my $repo (@repos) { + if (-e "$projectroot/$defaultprojects/$user/$repo/HEAD") { + print $cgi->a({-href => "$my_uri?p=$defaultprojects/$user/$repo;a=log"}, "$defaultprojects/$user/$repo") . "
\n"; + } } } print "
"; @@ -506,7 +533,7 @@ if ($action eq "blob") { } } print "\n" . - "
"; + "
\n"; git_footer_html(); } elsif ($action eq "blobdiff") { git_header_html();