Age | Commit message (Collapse) | Author |
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
There's no use in giving a silly example to folks who will just copy it,
so instead try to do something slightly better.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This is much better than having the user generate it themselves.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Though SHA1 is broken, HMAC-SHA1 is still fine. But let's not push our
luck; SHA256 is more sensible anyway.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Place file contents into a single block so that syntax highlighting can
be applied in the usual fashion. Place the alternating color bars
behind the file contents. Force the default syntax highlighting
background to transparent.
Signed-off-by: Jeff Smith <whydoubt@gmail.com>
Reviewed-by: John Keeping <john@keeping.me.uk>
|
|
Signed-off-by: Ville Skyttä <ville.skytta@iki.fi>
|
|
|
|
Otherwise we get the classic Python UTF-8 errors, and the text is all
out of order. While we're at it, switch to python3 so we only have to
support one set of oddball semantics.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Suggested-by: Daniel Campbell <dlcampbell@gmx.com>
|
|
|
|
|
|
|
|
|
|
Signed-off-by: Christian Hesse <mail@eworm.de>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
http://www.w3.org/International/questions/qa-escapes#use
|
|
|
|
|
|
|
|
This allows custom links to be used for repository owners by
configuring a filter to be applied in the "Owner" column in the
repository list.
|
|
Serving cgit via https and getting avatar via http gives error messages
about untrusted content. This decides whether or not to use https link
by looking at the environment variable HTTPS, which is set in CGI.
|
|
|
|
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This way we're sure to use virtual root, or any other strangeness
encountered.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
By default, strings are compared by hash, so we can remove this comment.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This also gives us some CSRF protection. Note that we make use of the
hmac to protect the redirect value.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and extendable depending on user needs.
The sample script uses an HMAC-SHA1 based cookie to store the
currently logged in user, with an expiration date.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
an attribute value specification must be an attribute value literal
unless SHORTTAG YES is specified
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Filters can now indicate a status back to cgit by means of the exit code
for exec, or the return value from close for Lua.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
* make ampersand a html entity
* add required alt attribute
* add required img end tag
|
|
|
|
|
|
Since the email filter is called from lots of places, the script might
benefit from knowing the origin. That way it can modify its contents
and/or size depending.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
The lua one is hugely faster than the python one, but both are included
for comparison.
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
- Switched back to python2 according to a problem in pygments with python3.
With the next release of pygments this problem should be fixed.
Issue see here:
https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3
- Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures
that even destroyed files do not cause any errors in the filter.
- Improved language guessing:
-> At first use guess_lexer_for_filename for a better detection of the used
programming languages (even mixed cases will be detected, e.g. php + html).
-> If nothing was found look if there is a shebang and use guess_lexer.
-> As default/fallback choose TextLexer.
Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
|
|
Previously the script tried to encode output from Pygments with
the ASCII codec, which failed.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
|
dash failed to parse the script.
Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
|
|
v2: add highlight 3.13 as present on Fedora 19
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
|
|
By not quoting the argument, an attacker with the ability to add files
to the repository could pass arbitrary arguments to the highlight
command, in particular, the --plug-in argument which can lead to
arbitrary command execution.
This patch adds simple argument quoting.
|
|
There are 2 situations:
1- empty extension: assuming text is better than highlight
producing no output because of a missing argument.
2- no extension at all: assuming text is better than setting
the extension to the filename, which is what now happens.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|
This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166.
An update with the latest highlight landed in EPEL. This new version
doesn't have the --force bug, so the workaround can now be removed.
Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
|
|
|