1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
/* ui-clone.c: functions for http cloning, based on
* git's http-backend.c by Shawn O. Pearce
*
* Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
*
* Licensed under GNU General Public License v2
* (see COPYING for full license text)
*/
#define USE_THE_REPOSITORY_VARIABLE
#include "cgit.h"
#include "ui-clone.h"
#include "html.h"
#include "ui-shared.h"
#include "packfile.h"
#include "object-store.h"
static int print_ref_info(const char *refname, const char *referent UNUSED,
const struct object_id *oid, int flags, void *cb_data)
{
struct object *obj;
if (!(obj = parse_object(the_repository, oid)))
return 0;
htmlf("%s\t%s\n", oid_to_hex(oid), refname);
if (obj->type == OBJ_TAG) {
if (!(obj = deref_tag(the_repository, obj, refname, 0)))
return 0;
htmlf("%s\t%s^{}\n", oid_to_hex(&obj->oid), refname);
}
return 0;
}
static void print_pack_info(void)
{
struct packed_git *pack;
char *offset;
ctx.page.mimetype = "text/plain";
ctx.page.filename = "objects/info/packs";
cgit_print_http_headers();
reprepare_packed_git(the_repository);
for (pack = get_packed_git(the_repository); pack; pack = pack->next) {
if (pack->pack_local) {
offset = strrchr(pack->pack_name, '/');
if (offset && offset[1] != '\0')
++offset;
else
offset = pack->pack_name;
htmlf("P %s\n", offset);
}
}
}
static void send_file(const char *path)
{
struct stat st;
if (stat(path, &st)) {
switch (errno) {
case ENOENT:
cgit_print_error_page(404, "Not found", "Not found");
break;
case EACCES:
cgit_print_error_page(403, "Forbidden", "Forbidden");
break;
default:
cgit_print_error_page(400, "Bad request", "Bad request");
}
return;
}
ctx.page.mimetype = "application/octet-stream";
ctx.page.filename = path;
skip_prefix(path, ctx.repo->path, &ctx.page.filename);
skip_prefix(ctx.page.filename, "/", &ctx.page.filename);
cgit_print_http_headers();
html_include(path);
}
void cgit_clone_info(void)
{
if (!ctx.qry.path || strcmp(ctx.qry.path, "refs")) {
cgit_print_error_page(400, "Bad request", "Bad request");
return;
}
ctx.page.mimetype = "text/plain";
ctx.page.filename = "info/refs";
cgit_print_http_headers();
refs_for_each_ref(get_main_ref_store(the_repository),
print_ref_info, NULL);
}
void cgit_clone_objects(void)
{
char *p, *path;
if (!ctx.qry.path)
goto err;
if (!strcmp(ctx.qry.path, "info/packs")) {
print_pack_info();
return;
}
/* Avoid directory traversal by forbidding "..", but also work around
* other funny business by just specifying a fairly strict format. For
* example, now we don't have to stress out about the Cygwin port.
*/
for (p = ctx.qry.path; *p; ++p) {
if (*p == '.' && *(p + 1) == '.')
goto err;
if (!isalnum(*p) && *p != '/' && *p != '.' && *p != '-')
goto err;
}
path = repo_git_path(the_repository, "objects/%s", ctx.qry.path);
send_file(path);
free(path);
return;
err:
cgit_print_error_page(400, "Bad request", "Bad request");
}
void cgit_clone_head(void)
{
char *path;
path = repo_git_path(the_repository, "HEAD");
send_file(path);
free(path);
}
|
