ui-diff.c: avoid html injection

[ps-cgit] / ui-log.c

diff --git a/ui-log.c b/ui-log.c
index 5cf66cbd0828d764f59a2b6b012e1a80eb9ff622..8add66aa0f41c16081a2ead29ba2c19a8f41ace5 100644 (file)
--- a/ui-log.c
+++ b/ui-log.c
@@ -96,8 +96,9 @@ void print_commit(struct commit *commit, struct rev_info *revs)
 {
        struct commitinfo *info;
        char *tmp;
-       int cols = 2;
+       int cols = revs->graph ? 3 : 2;
        struct strbuf graphbuf = STRBUF_INIT;
+       struct strbuf msgbuf = STRBUF_INIT;
 
        if (ctx.repo->enable_log_filecount) {
                cols++;
@@ -109,7 +110,7 @@ void print_commit(struct commit *commit, struct rev_info *revs)
                /* Advance graph until current commit */
                while (!graph_next_line(revs->graph, &graphbuf)) {
                        /* Print graph segment in otherwise empty table row */
-                       html("<tr class='nohover'><td/><td class='commitgraph'>");
+                       html("<tr class='nohover'><td class='commitgraph'>");
                        html(graphbuf.buf);
                        htmlf("</td><td colspan='%d' /></tr>\n", cols);
                        strbuf_setlen(&graphbuf, 0);
@@ -118,14 +119,7 @@ void print_commit(struct commit *commit, struct rev_info *revs)
        }
 
        info = cgit_parse_commit(commit);
-       htmlf("<tr%s><td>",
-               ctx.qry.showmsg ? " class='logheader'" : "");
-       tmp = fmt("id=%s", sha1_to_hex(commit->object.sha1));
-       tmp = cgit_fileurl(ctx.repo->url, "commit", ctx.qry.vpath, tmp);
-       html_link_open(tmp, NULL, NULL);
-       cgit_print_age(commit->date, TM_WEEK * 2, FMT_SHORTDATE);
-       html_link_close();
-       html("</td>");
+       htmlf("<tr%s>", ctx.qry.showmsg ? " class='logheader'" : "");
 
        if (revs->graph) {
                /* Print graph segment for current commit */
@@ -134,13 +128,57 @@ void print_commit(struct commit *commit, struct rev_info *revs)
                html("</td>");
                strbuf_setlen(&graphbuf, 0);
        }
+       else {
+               html("<td>");
+               tmp = fmt("id=%s", sha1_to_hex(commit->object.sha1));
+               tmp = cgit_fileurl(ctx.repo->url, "commit", ctx.qry.vpath, tmp);
+               html_link_open(tmp, NULL, NULL);
+               cgit_print_age(commit->date, TM_WEEK * 2, FMT_SHORTDATE);
+               html_link_close();
+               html("</td>");
+       }
 
        htmlf("<td%s>", ctx.qry.showmsg ? " class='logsubject'" : "");
+       if (ctx.qry.showmsg) {
+               /* line-wrap long commit subjects instead of truncating them */
+               size_t subject_len = strlen(info->subject);
+
+               if (subject_len > ctx.cfg.max_msg_len &&
+                   ctx.cfg.max_msg_len >= 15) {
+                       /* symbol for signaling line-wrap (in PAGE_ENCODING) */
+                       const char wrap_symbol[] = { ' ', 0xE2, 0x86, 0xB5, 0 };
+                       int i = ctx.cfg.max_msg_len - strlen(wrap_symbol);
+
+                       /* Rewind i to preceding space character */
+                       while (i > 0 && !isspace(info->subject[i]))
+                               --i;
+                       if (!i) /* Oops, zero spaces. Reset i */
+                               i = ctx.cfg.max_msg_len - strlen(wrap_symbol);
+
+                       /* add remainder starting at i to msgbuf */
+                       strbuf_add(&msgbuf, info->subject + i, subject_len - i);
+                       strbuf_trim(&msgbuf);
+                       strbuf_add(&msgbuf, "\n\n", 2);
+
+                       /* Place wrap_symbol at position i in info->subject */
+                       strcpy(info->subject + i, wrap_symbol);
+               }
+       }
        cgit_commit_link(info->subject, NULL, NULL, ctx.qry.head,
                         sha1_to_hex(commit->object.sha1), ctx.qry.vpath, 0);
        show_commit_decorations(commit);
        html("</td><td>");
        html_txt(info->author);
+
+       if (revs->graph) {
+               html("</td><td>");
+               tmp = fmt("id=%s", sha1_to_hex(commit->object.sha1));
+               tmp = cgit_fileurl(ctx.repo->url, "commit", ctx.qry.vpath, tmp);
+               html_link_open(tmp, NULL, NULL);
+               cgit_print_age(commit->date, TM_WEEK * 2, FMT_SHORTDATE);
+               html_link_close();
+       }
+
        if (ctx.repo->enable_log_filecount) {
                files = 0;
                add_lines = 0;
@@ -156,8 +194,7 @@ void print_commit(struct commit *commit, struct rev_info *revs)
        html("</td></tr>\n");
 
        if (revs->graph || ctx.qry.showmsg) { /* Print a second table row */
-               struct strbuf msgbuf = STRBUF_INIT;
-               html("<tr class='nohover'><td/>"); /* Empty 'Age' column */
+               html("<tr class='nohover'>");
 
                if (ctx.qry.showmsg) {
                        /* Concatenate commit message + notes in msgbuf */
@@ -198,15 +235,17 @@ void print_commit(struct commit *commit, struct rev_info *revs)
                        }
                        html("</td>\n");
                }
+               else
+                       html("<td/>"); /* Empty 'Age' column */
 
                /* Print msgbuf into remainder of table row */
                htmlf("<td colspan='%d'%s>\n", cols,
                        ctx.qry.showmsg ? " class='logmsg'" : "");
                html_txt(msgbuf.buf);
                html("</td></tr>\n");
-               strbuf_release(&msgbuf);
        }
 
+       strbuf_release(&msgbuf);
        strbuf_release(&graphbuf);
        cgit_free_commitinfo(info);
 }
@@ -246,7 +285,7 @@ static char *next_token(char **src)
 }
 
 void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern,
-                   char *path, int pager)
+                   char *path, int pager, int commit_graph)
 {
        struct rev_info rev;
        struct commit *commit;
@@ -286,7 +325,7 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
                        }
                }
        }
-       if (ctx.repo->enable_commit_graph) {
+       if (commit_graph) {
                static const char *graph_arg = "--graph";
                static const char *color_arg = "--color";
                vector_push(&vec, &graph_arg, 0);
@@ -320,9 +359,11 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
        if (pager)
                html("<table class='list nowrap'>");
 
-       html("<tr class='nohover'><th class='left'>Age</th>");
-       if (ctx.repo->enable_commit_graph)
+       html("<tr class='nohover'>");
+       if (commit_graph)
                html("<th></th>");
+       else
+               html("<th class='left'>Age</th>");
        html("<th class='left'>Commit message");
        if (pager) {
                html(" (");
@@ -333,6 +374,8 @@ void cgit_print_log(const char *tip, int ofs, int cnt, char *grep, char *pattern
                html(")");
        }
        html("</th><th class='left'>Author</th>");
+       if (commit_graph)
+               html("<th class='left'>Age</th>");
        if (ctx.repo->enable_log_filecount) {
                html("<th class='left'>Files</th>");
                columns++;