]> gitweb.ps.run Git - ps-cgit/blobdiff - cgit.c
projects / ps-cgit / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
auth: add basic authentication filter framework
[ps-cgit] / cgit.c
diff --git a/cgit.c b/cgit.c
index 080725848d764af19363d2b922f4b949d8524a2f..c52ef331b76995419aff93935784f1174150a8bc 100644 (file)
--- a/cgit.c
+++ b/cgit.c
@@ -1,7 +1,6 @@
 /* cgit.c: cgi for the git scm
  *
 /* cgit.c: cgi for the git scm
  *
- * Copyright (C) 2006 Lars Hjemli
- * Copyright (C) 2010, 2012 Jason A. Donenfeld <Jason@zx2c4.com>
+ * Copyright (C) 2006-2014 cgit Development Team <cgit@lists.zx2c4.com>
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
  *
  * Licensed under GNU General Public License v2
  *   (see COPYING for full license text)
@@ -14,11 +13,13 @@
 #include "html.h"
 #include "ui-shared.h"
 #include "ui-stats.h"
 #include "html.h"
 #include "ui-shared.h"
 #include "ui-stats.h"
+#include "ui-blob.h"
+#include "ui-summary.h"
 #include "scan-tree.h"
 
 const char *cgit_version = CGIT_VERSION;
 
 #include "scan-tree.h"
 
 const char *cgit_version = CGIT_VERSION;
 
-void add_mimetype(const char *name, const char *value)
+static void add_mimetype(const char *name, const char *value)
 {
        struct string_list_item *item;
 
 {
        struct string_list_item *item;
 
@@ -26,39 +27,9 @@ void add_mimetype(const char *name, const char *value)
        item->util = xstrdup(value);
 }
 
        item->util = xstrdup(value);
 }
 
-struct cgit_filter *new_filter(const char *cmd, filter_type filtertype)
-{
-       struct cgit_filter *f;
-       int args_size = 0;
-       int extra_args;
-
-       if (!cmd || !cmd[0])
-               return NULL;
-
-       switch (filtertype) {
-               case SOURCE:
-                       extra_args = 1;
-                       break;
-
-               case ABOUT:
-               case COMMIT:
-               default:
-                       extra_args = 0;
-                       break;
-       }
-
-       f = xmalloc(sizeof(struct cgit_filter));
-       f->cmd = xstrdup(cmd);
-       args_size = (2 + extra_args) * sizeof(char *);
-       f->argv = xmalloc(args_size);
-       memset(f->argv, 0, args_size);
-       f->argv[0] = f->cmd;
-       return f;
-}
-
 static void process_cached_repolist(const char *path);
 
 static void process_cached_repolist(const char *path);
 
-void repo_config(struct cgit_repo *repo, const char *name, const char *value)
+static void repo_config(struct cgit_repo *repo, const char *name, const char *value)
 {
        struct string_list_item *item;
 
 {
        struct string_list_item *item;
 
@@ -84,7 +55,12 @@ void repo_config(struct cgit_repo *repo, const char *name, const char *value)
                repo->enable_remote_branches = atoi(value);
        else if (!strcmp(name, "enable-subject-links"))
                repo->enable_subject_links = atoi(value);
                repo->enable_remote_branches = atoi(value);
        else if (!strcmp(name, "enable-subject-links"))
                repo->enable_subject_links = atoi(value);
-       else if (!strcmp(name, "commit-sort")) {
+       else if (!strcmp(name, "branch-sort")) {
+               if (!strcmp(value, "age"))
+                       repo->branch_sort = 1;
+               if (!strcmp(value, "name"))
+                       repo->branch_sort = 0;
+       } else if (!strcmp(name, "commit-sort")) {
                if (!strcmp(value, "date"))
                        repo->commit_sort = 1;
                if (!strcmp(value, "topo"))
                if (!strcmp(value, "date"))
                        repo->commit_sort = 1;
                if (!strcmp(value, "topo"))
@@ -94,27 +70,31 @@ void repo_config(struct cgit_repo *repo, const char *name, const char *value)
        else if (!strcmp(name, "module-link"))
                repo->module_link= xstrdup(value);
        else if (!prefixcmp(name, "module-link.")) {
        else if (!strcmp(name, "module-link"))
                repo->module_link= xstrdup(value);
        else if (!prefixcmp(name, "module-link.")) {
-               item = string_list_append(&repo->submodules, name + 12);
+               item = string_list_append(&repo->submodules, xstrdup(name + 12));
                item->util = xstrdup(value);
        } else if (!strcmp(name, "section"))
                repo->section = xstrdup(value);
                item->util = xstrdup(value);
        } else if (!strcmp(name, "section"))
                repo->section = xstrdup(value);
-       else if (!strcmp(name, "readme") && value != NULL)
-               repo->readme = xstrdup(value);
-       else if (!strcmp(name, "logo") && value != NULL)
+       else if (!strcmp(name, "readme") && value != NULL) {
+               if (repo->readme.items == ctx.cfg.readme.items)
+                       memset(&repo->readme, 0, sizeof(repo->readme));
+               string_list_append(&repo->readme, xstrdup(value));
+       } else if (!strcmp(name, "logo") && value != NULL)
                repo->logo = xstrdup(value);
        else if (!strcmp(name, "logo-link") && value != NULL)
                repo->logo_link = xstrdup(value);
        else if (ctx.cfg.enable_filter_overrides) {
                if (!strcmp(name, "about-filter"))
                repo->logo = xstrdup(value);
        else if (!strcmp(name, "logo-link") && value != NULL)
                repo->logo_link = xstrdup(value);
        else if (ctx.cfg.enable_filter_overrides) {
                if (!strcmp(name, "about-filter"))
-                       repo->about_filter = new_filter(value, ABOUT);
+                       repo->about_filter = cgit_new_filter(value, ABOUT);
                else if (!strcmp(name, "commit-filter"))
                else if (!strcmp(name, "commit-filter"))
-                       repo->commit_filter = new_filter(value, COMMIT);
+                       repo->commit_filter = cgit_new_filter(value, COMMIT);
                else if (!strcmp(name, "source-filter"))
                else if (!strcmp(name, "source-filter"))
-                       repo->source_filter = new_filter(value, SOURCE);
+                       repo->source_filter = cgit_new_filter(value, SOURCE);
+               else if (!strcmp(name, "email-filter"))
+                       repo->email_filter = cgit_new_filter(value, EMAIL);
        }
 }
 
        }
 }
 
-void config_cb(const char *name, const char *value)
+static void config_cb(const char *name, const char *value)
 {
        if (!strcmp(name, "section") || !strcmp(name, "repo.group"))
                ctx.cfg.section = xstrdup(value);
 {
        if (!strcmp(name, "section") || !strcmp(name, "repo.group"))
                ctx.cfg.section = xstrdup(value);
@@ -124,8 +104,8 @@ void config_cb(const char *name, const char *value)
                ctx.repo->path = trim_end(value, '/');
        else if (ctx.repo && !prefixcmp(name, "repo."))
                repo_config(ctx.repo, name + 5, value);
                ctx.repo->path = trim_end(value, '/');
        else if (ctx.repo && !prefixcmp(name, "repo."))
                repo_config(ctx.repo, name + 5, value);
-       else if (!strcmp(name, "readme"))
-               ctx.cfg.readme = xstrdup(value);
+       else if (!strcmp(name, "readme") && value != NULL)
+               string_list_append(&ctx.cfg.readme, xstrdup(value));
        else if (!strcmp(name, "root-title"))
                ctx.cfg.root_title = xstrdup(value);
        else if (!strcmp(name, "root-desc"))
        else if (!strcmp(name, "root-title"))
                ctx.cfg.root_title = xstrdup(value);
        else if (!strcmp(name, "root-desc"))
@@ -155,9 +135,7 @@ void config_cb(const char *name, const char *value)
        else if (!strcmp(name, "strict-export"))
                ctx.cfg.strict_export = xstrdup(value);
        else if (!strcmp(name, "virtual-root")) {
        else if (!strcmp(name, "strict-export"))
                ctx.cfg.strict_export = xstrdup(value);
        else if (!strcmp(name, "virtual-root")) {
-               ctx.cfg.virtual_root = trim_end(value, '/');
-               if (!ctx.cfg.virtual_root && (!strcmp(value, "/")))
-                       ctx.cfg.virtual_root = "";
+               ctx.cfg.virtual_root = ensure_end(value, '/');
        } else if (!strcmp(name, "nocache"))
                ctx.cfg.nocache = atoi(value);
        else if (!strcmp(name, "noplainemail"))
        } else if (!strcmp(name, "nocache"))
                ctx.cfg.nocache = atoi(value);
        else if (!strcmp(name, "noplainemail"))
@@ -204,12 +182,18 @@ void config_cb(const char *name, const char *value)
                ctx.cfg.cache_static_ttl = atoi(value);
        else if (!strcmp(name, "cache-dynamic-ttl"))
                ctx.cfg.cache_dynamic_ttl = atoi(value);
                ctx.cfg.cache_static_ttl = atoi(value);
        else if (!strcmp(name, "cache-dynamic-ttl"))
                ctx.cfg.cache_dynamic_ttl = atoi(value);
+       else if (!strcmp(name, "cache-about-ttl"))
+               ctx.cfg.cache_about_ttl = atoi(value);
        else if (!strcmp(name, "case-sensitive-sort"))
                ctx.cfg.case_sensitive_sort = atoi(value);
        else if (!strcmp(name, "about-filter"))
        else if (!strcmp(name, "case-sensitive-sort"))
                ctx.cfg.case_sensitive_sort = atoi(value);
        else if (!strcmp(name, "about-filter"))
-               ctx.cfg.about_filter = new_filter(value, ABOUT);
+               ctx.cfg.about_filter = cgit_new_filter(value, ABOUT);
        else if (!strcmp(name, "commit-filter"))
        else if (!strcmp(name, "commit-filter"))
-               ctx.cfg.commit_filter = new_filter(value, COMMIT);
+               ctx.cfg.commit_filter = cgit_new_filter(value, COMMIT);
+       else if (!strcmp(name, "email-filter"))
+               ctx.cfg.email_filter = cgit_new_filter(value, EMAIL);
+       else if (!strcmp(name, "auth-filter"))
+               ctx.cfg.auth_filter = cgit_new_filter(value, AUTH);
        else if (!strcmp(name, "embedded"))
                ctx.cfg.embedded = atoi(value);
        else if (!strcmp(name, "max-atom-items"))
        else if (!strcmp(name, "embedded"))
                ctx.cfg.embedded = atoi(value);
        else if (!strcmp(name, "max-atom-items"))
@@ -243,7 +227,7 @@ void config_cb(const char *name, const char *value)
        else if (!strcmp(name, "section-sort"))
                ctx.cfg.section_sort = atoi(value);
        else if (!strcmp(name, "source-filter"))
        else if (!strcmp(name, "section-sort"))
                ctx.cfg.section_sort = atoi(value);
        else if (!strcmp(name, "source-filter"))
-               ctx.cfg.source_filter = new_filter(value, SOURCE);
+               ctx.cfg.source_filter = cgit_new_filter(value, SOURCE);
        else if (!strcmp(name, "summary-log"))
                ctx.cfg.summary_log = atoi(value);
        else if (!strcmp(name, "summary-branches"))
        else if (!strcmp(name, "summary-log"))
                ctx.cfg.summary_log = atoi(value);
        else if (!strcmp(name, "summary-branches"))
@@ -273,6 +257,11 @@ void config_cb(const char *name, const char *value)
                        ctx.cfg.commit_sort = 1;
                if (!strcmp(value, "topo"))
                        ctx.cfg.commit_sort = 2;
                        ctx.cfg.commit_sort = 1;
                if (!strcmp(value, "topo"))
                        ctx.cfg.commit_sort = 2;
+       } else if (!strcmp(name, "branch-sort")) {
+               if (!strcmp(value, "age"))
+                       ctx.cfg.branch_sort = 1;
+               if (!strcmp(value, "name"))
+                       ctx.cfg.branch_sort = 0;
        } else if (!prefixcmp(name, "mimetype."))
                add_mimetype(name + 9, value);
        else if (!strcmp(name, "include"))
        } else if (!prefixcmp(name, "mimetype."))
                add_mimetype(name + 9, value);
        else if (!strcmp(name, "include"))
@@ -315,7 +304,7 @@ static void querystring_cb(const char *name, const char *value)
                ctx.qry.name = xstrdup(value);
        } else if (!strcmp(name, "mimetype")) {
                ctx.qry.mimetype = xstrdup(value);
                ctx.qry.name = xstrdup(value);
        } else if (!strcmp(name, "mimetype")) {
                ctx.qry.mimetype = xstrdup(value);
-       } else if (!strcmp(name, "s")){
+       } else if (!strcmp(name, "s")) {
                ctx.qry.sort = xstrdup(value);
        } else if (!strcmp(name, "showmsg")) {
                ctx.qry.showmsg = atoi(value);
                ctx.qry.sort = xstrdup(value);
        } else if (!strcmp(name, "showmsg")) {
                ctx.qry.showmsg = atoi(value);
@@ -333,27 +322,26 @@ static void querystring_cb(const char *name, const char *value)
        }
 }
 
        }
 }
 
-char *xstrdupn(const char *str)
-{
-       return (str ? xstrdup(str) : NULL);
-}
-
 static void prepare_context(struct cgit_context *ctx)
 {
        memset(ctx, 0, sizeof(*ctx));
        ctx->cfg.agefile = "info/web/last-modified";
        ctx->cfg.nocache = 0;
        ctx->cfg.cache_size = 0;
 static void prepare_context(struct cgit_context *ctx)
 {
        memset(ctx, 0, sizeof(*ctx));
        ctx->cfg.agefile = "info/web/last-modified";
        ctx->cfg.nocache = 0;
        ctx->cfg.cache_size = 0;
-       ctx->cfg.cache_dynamic_ttl = 5;
        ctx->cfg.cache_max_create_time = 5;
        ctx->cfg.cache_max_create_time = 5;
-       ctx->cfg.cache_repo_ttl = 5;
        ctx->cfg.cache_root = CGIT_CACHE_ROOT;
        ctx->cfg.cache_root = CGIT_CACHE_ROOT;
+       ctx->cfg.cache_about_ttl = 15;
+       ctx->cfg.cache_repo_ttl = 5;
        ctx->cfg.cache_root_ttl = 5;
        ctx->cfg.cache_scanrc_ttl = 15;
        ctx->cfg.cache_root_ttl = 5;
        ctx->cfg.cache_scanrc_ttl = 15;
+       ctx->cfg.cache_dynamic_ttl = 5;
        ctx->cfg.cache_static_ttl = -1;
        ctx->cfg.case_sensitive_sort = 1;
        ctx->cfg.cache_static_ttl = -1;
        ctx->cfg.case_sensitive_sort = 1;
+       ctx->cfg.branch_sort = 0;
+       ctx->cfg.commit_sort = 0;
        ctx->cfg.css = "/cgit.css";
        ctx->cfg.logo = "/cgit.png";
        ctx->cfg.css = "/cgit.css";
        ctx->cfg.logo = "/cgit.png";
+       ctx->cfg.favicon = "/favicon.ico";
        ctx->cfg.local_time = 0;
        ctx->cfg.enable_http_clone = 1;
        ctx->cfg.enable_index_owner = 1;
        ctx->cfg.local_time = 0;
        ctx->cfg.enable_http_clone = 1;
        ctx->cfg.enable_index_owner = 1;
@@ -382,16 +370,20 @@ static void prepare_context(struct cgit_context *ctx)
        ctx->cfg.summary_tags = 10;
        ctx->cfg.max_atom_items = 10;
        ctx->cfg.ssdiff = 0;
        ctx->cfg.summary_tags = 10;
        ctx->cfg.max_atom_items = 10;
        ctx->cfg.ssdiff = 0;
-       ctx->env.cgit_config = xstrdupn(getenv("CGIT_CONFIG"));
-       ctx->env.http_host = xstrdupn(getenv("HTTP_HOST"));
-       ctx->env.https = xstrdupn(getenv("HTTPS"));
-       ctx->env.no_http = xstrdupn(getenv("NO_HTTP"));
-       ctx->env.path_info = xstrdupn(getenv("PATH_INFO"));
-       ctx->env.query_string = xstrdupn(getenv("QUERY_STRING"));
-       ctx->env.request_method = xstrdupn(getenv("REQUEST_METHOD"));
-       ctx->env.script_name = xstrdupn(getenv("SCRIPT_NAME"));
-       ctx->env.server_name = xstrdupn(getenv("SERVER_NAME"));
-       ctx->env.server_port = xstrdupn(getenv("SERVER_PORT"));
+       ctx->env.cgit_config = getenv("CGIT_CONFIG");
+       ctx->env.http_host = getenv("HTTP_HOST");
+       ctx->env.https = getenv("HTTPS");
+       ctx->env.no_http = getenv("NO_HTTP");
+       ctx->env.path_info = getenv("PATH_INFO");
+       ctx->env.query_string = getenv("QUERY_STRING");
+       ctx->env.request_method = getenv("REQUEST_METHOD");
+       ctx->env.script_name = getenv("SCRIPT_NAME");
+       ctx->env.server_name = getenv("SERVER_NAME");
+       ctx->env.server_port = getenv("SERVER_PORT");
+       ctx->env.http_cookie = getenv("HTTP_COOKIE");
+       ctx->env.http_referer = getenv("HTTP_REFERER");
+       ctx->env.content_length = getenv("CONTENT_LENGTH") ? strtoul(getenv("CONTENT_LENGTH"), NULL, 10) : 0;
+       ctx->env.authenticated = 0;
        ctx->page.mimetype = "text/html";
        ctx->page.charset = PAGE_ENCODING;
        ctx->page.filename = NULL;
        ctx->page.mimetype = "text/html";
        ctx->page.charset = PAGE_ENCODING;
        ctx->page.filename = NULL;
@@ -401,9 +393,9 @@ static void prepare_context(struct cgit_context *ctx)
        ctx->page.etag = NULL;
        memset(&ctx->cfg.mimetypes, 0, sizeof(struct string_list));
        if (ctx->env.script_name)
        ctx->page.etag = NULL;
        memset(&ctx->cfg.mimetypes, 0, sizeof(struct string_list));
        if (ctx->env.script_name)
-               ctx->cfg.script_name = ctx->env.script_name;
+               ctx->cfg.script_name = xstrdup(ctx->env.script_name);
        if (ctx->env.query_string)
        if (ctx->env.query_string)
-               ctx->qry.raw = ctx->env.query_string;
+               ctx->qry.raw = xstrdup(ctx->env.query_string);
        if (!ctx->env.cgit_config)
                ctx->env.cgit_config = CGIT_CONFIG;
 }
        if (!ctx->env.cgit_config)
                ctx->env.cgit_config = CGIT_CONFIG;
 }
@@ -414,8 +406,8 @@ struct refmatch {
        int match;
 };
 
        int match;
 };
 
-int find_current_ref(const char *refname, const unsigned char *sha1,
-                    int flags, void *cb_data)
+static int find_current_ref(const char *refname, const unsigned char *sha1,
+                           int flags, void *cb_data)
 {
        struct refmatch *info;
 
 {
        struct refmatch *info;
 
@@ -427,7 +419,13 @@ int find_current_ref(const char *refname, const unsigned char *sha1,
        return info->match;
 }
 
        return info->match;
 }
 
-char *find_default_branch(struct cgit_repo *repo)
+static void free_refmatch_inner(struct refmatch *info)
+{
+       if (info->first_ref)
+               free(info->first_ref);
+}
+
+static char *find_default_branch(struct cgit_repo *repo)
 {
        struct refmatch info;
        char *ref;
 {
        struct refmatch info;
        char *ref;
@@ -442,10 +440,12 @@ char *find_default_branch(struct cgit_repo *repo)
                ref = info.first_ref;
        if (ref)
                ref = xstrdup(ref);
                ref = info.first_ref;
        if (ref)
                ref = xstrdup(ref);
+       free_refmatch_inner(&info);
+
        return ref;
 }
 
        return ref;
 }
 
-static char *guess_defbranch(const char *repo_path)
+static char *guess_defbranch(void)
 {
        const char *ref;
        unsigned char sha1[20];
 {
        const char *ref;
        unsigned char sha1[20];
@@ -455,35 +455,117 @@ static char *guess_defbranch(const char *repo_path)
                return "master";
        return xstrdup(ref + 11);
 }
                return "master";
        return xstrdup(ref + 11);
 }
+/* The caller must free filename and ref after calling this. */
+static inline void parse_readme(const char *readme, char **filename, char **ref, struct cgit_repo *repo)
+{
+       const char *colon;
+
+       *filename = NULL;
+       *ref = NULL;
+
+       if (!readme || !readme[0])
+               return;
+
+       /* Check if the readme is tracked in the git repo. */
+       colon = strchr(readme, ':');
+       if (colon && strlen(colon) > 1) {
+               /* If it starts with a colon, we want to use
+                * the default branch */
+               if (colon == readme && repo->defbranch)
+                       *ref = xstrdup(repo->defbranch);
+               else
+                       *ref = xstrndup(readme, colon - readme);
+               readme = colon + 1;
+       }
+
+       /* Prepend repo path to relative readme path unless tracked. */
+       if (!(*ref) && readme[0] != '/')
+               *filename = fmtalloc("%s/%s", repo->path, readme);
+       else
+               *filename = xstrdup(readme);
+}
+static void choose_readme(struct cgit_repo *repo)
+{
+       int found;
+       char *filename, *ref;
+       struct string_list_item *entry;
+
+       if (!repo->readme.nr)
+               return;
+
+       found = 0;
+       for_each_string_list_item(entry, &repo->readme) {
+               parse_readme(entry->string, &filename, &ref, repo);
+               if (!filename) {
+                       free(filename);
+                       free(ref);
+                       continue;
+               }
+               /* If there's only one item, we skip the possibly expensive
+                * selection process. */
+               if (repo->readme.nr == 1) {
+                       found = 1;
+                       break;
+               }
+               if (ref) {
+                       if (cgit_ref_path_exists(filename, ref, 1)) {
+                               found = 1;
+                               break;
+                       }
+               }
+               else if (!access(filename, R_OK)) {
+                       found = 1;
+                       break;
+               }
+               free(filename);
+               free(ref);
+       }
+       repo->readme.strdup_strings = 1;
+       string_list_clear(&repo->readme, 0);
+       repo->readme.strdup_strings = 0;
+       if (found)
+               string_list_append(&repo->readme, filename)->util = ref;
+}
 
 static int prepare_repo_cmd(struct cgit_context *ctx)
 {
 
 static int prepare_repo_cmd(struct cgit_context *ctx)
 {
-       char *tmp;
        unsigned char sha1[20];
        int nongit = 0;
        int rc;
 
        unsigned char sha1[20];
        int nongit = 0;
        int rc;
 
+       /* The path to the git repository. */
        setenv("GIT_DIR", ctx->repo->path, 1);
        setenv("GIT_DIR", ctx->repo->path, 1);
+
+       /* Do not look in /etc/ for gitconfig and gitattributes. */
+       setenv("GIT_CONFIG_NOSYSTEM", "1", 1);
+       setenv("GIT_ATTR_NOSYSTEM", "1", 1);
+       unsetenv("HOME");
+       unsetenv("XDG_CONFIG_HOME");
+
+       /* Setup the git directory and initialize the notes system. Both of these
+        * load local configuration from the git repository, so we do them both while
+        * the HOME variables are unset. */
        setup_git_directory_gently(&nongit);
        setup_git_directory_gently(&nongit);
+       init_display_notes(NULL);
+
        if (nongit) {
        if (nongit) {
+               const char *name = ctx->repo->name;
                rc = errno;
                rc = errno;
-               ctx->page.title = fmt("%s - %s", ctx->cfg.root_title,
-                                     "config error");
-               tmp = fmt("Failed to open %s: %s",
-                         ctx->repo->name,
-                         rc ? strerror(rc) : "Not a valid git repository");
+               ctx->page.title = fmtalloc("%s - %s", ctx->cfg.root_title,
+                                               "config error");
                ctx->repo = NULL;
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
                ctx->repo = NULL;
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
-               cgit_print_error(tmp);
+               cgit_print_error("Failed to open %s: %s", name,
+                                rc ? strerror(rc) : "Not a valid git repository");
                cgit_print_docend();
                return 1;
        }
                cgit_print_docend();
                return 1;
        }
-       ctx->page.title = fmt("%s - %s", ctx->repo->name, ctx->repo->desc);
+       ctx->page.title = fmtalloc("%s - %s", ctx->repo->name, ctx->repo->desc);
 
        if (!ctx->repo->defbranch)
 
        if (!ctx->repo->defbranch)
-               ctx->repo->defbranch = guess_defbranch(ctx->repo->path);
+               ctx->repo->defbranch = guess_defbranch();
 
        if (!ctx->qry.head) {
                ctx->qry.nohead = 1;
 
        if (!ctx->qry.head) {
                ctx->qry.nohead = 1;
@@ -500,27 +582,109 @@ static int prepare_repo_cmd(struct cgit_context *ctx)
        }
 
        if (get_sha1(ctx->qry.head, sha1)) {
        }
 
        if (get_sha1(ctx->qry.head, sha1)) {
-               tmp = xstrdup(ctx->qry.head);
+               char *tmp = xstrdup(ctx->qry.head);
                ctx->qry.head = ctx->repo->defbranch;
                ctx->page.status = 404;
                ctx->page.statusmsg = "Not found";
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
                ctx->qry.head = ctx->repo->defbranch;
                ctx->page.status = 404;
                ctx->page.statusmsg = "Not found";
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
-               cgit_print_error(fmt("Invalid branch: %s", tmp));
+               cgit_print_error("Invalid branch: %s", tmp);
                cgit_print_docend();
                return 1;
        }
        sort_string_list(&ctx->repo->submodules);
        cgit_prepare_repo_env(ctx->repo);
                cgit_print_docend();
                return 1;
        }
        sort_string_list(&ctx->repo->submodules);
        cgit_prepare_repo_env(ctx->repo);
+       choose_readme(ctx->repo);
        return 0;
 }
 
        return 0;
 }
 
+static inline void open_auth_filter(struct cgit_context *ctx, const char *function)
+{
+       cgit_open_filter(ctx->cfg.auth_filter, function,
+               ctx->env.http_cookie ? ctx->env.http_cookie : "",
+               ctx->env.request_method ? ctx->env.request_method : "",
+               ctx->env.query_string ? ctx->env.query_string : "",
+               ctx->env.http_referer ? ctx->env.http_referer : "",
+               ctx->env.path_info ? ctx->env.path_info : "",
+               ctx->env.http_host ? ctx->env.http_host : "",
+               ctx->env.https ? ctx->env.https : "",
+               ctx->qry.repo ? ctx->qry.repo : "",
+               ctx->qry.page ? ctx->qry.page : "",
+               ctx->qry.url ? ctx->qry.url : "");
+}
+
+#define MAX_AUTHENTICATION_POST_BYTES 4096
+static inline void authenticate_post(struct cgit_context *ctx)
+{
+       if (ctx->env.http_referer && strlen(ctx->env.http_referer) > 0) {
+               html("Status: 302 Redirect\n");
+               html("Cache-Control: no-cache, no-store\n");
+               htmlf("Location: %s\n", ctx->env.http_referer);
+       } else {
+               html("Status: 501 Missing Referer\n");
+               html("Cache-Control: no-cache, no-store\n\n");
+               exit(0);
+       }
+
+       open_auth_filter(ctx, "authenticate-post");
+       char buffer[MAX_AUTHENTICATION_POST_BYTES];
+       int len;
+       len = ctx->env.content_length;
+       if (len > MAX_AUTHENTICATION_POST_BYTES)
+               len = MAX_AUTHENTICATION_POST_BYTES;
+       if (read(STDIN_FILENO, buffer, len) < 0)
+               die_errno("Could not read POST from stdin");
+       if (write(STDOUT_FILENO, buffer, len) < 0)
+               die_errno("Could not write POST to stdout");
+       /* The filter may now spit out a Set-Cookie: ... */
+       cgit_close_filter(ctx->cfg.auth_filter);
+
+       html("\n");
+       exit(0);
+}
+
+static inline void authenticate_cookie(struct cgit_context *ctx)
+{
+       /* If we don't have an auth_filter, consider all cookies valid, and thus return early. */
+       if (!ctx->cfg.auth_filter) {
+               ctx->env.authenticated = 1;
+               return;
+       }
+
+       /* If we're having something POST'd to /login, we're authenticating POST,
+        * instead of the cookie, so call authenticate_post and bail out early.
+        * This pattern here should match /?p=login with POST. */
+       if (ctx->env.request_method && ctx->qry.page && !ctx->repo && \
+           !strcmp(ctx->env.request_method, "POST") && !strcmp(ctx->qry.page, "login")) {
+               authenticate_post(ctx);
+               return;
+       }
+
+       /* If we've made it this far, we're authenticating the cookie for real, so do that. */
+       open_auth_filter(ctx, "authenticate-cookie");
+       ctx->env.authenticated = cgit_close_filter(ctx->cfg.auth_filter);
+}
+
 static void process_request(void *cbdata)
 {
        struct cgit_context *ctx = cbdata;
        struct cgit_cmd *cmd;
 
 static void process_request(void *cbdata)
 {
        struct cgit_context *ctx = cbdata;
        struct cgit_cmd *cmd;
 
+       /* If we're not yet authenticated, no matter what page we're on,
+        * display the authentication body from the auth_filter. This should
+        * never be cached. */
+       if (!ctx->env.authenticated) {
+               ctx->page.title = "Authentication Required";
+               cgit_print_http_headers(ctx);
+               cgit_print_docstart(ctx);
+               cgit_print_pageheader(ctx);
+               open_auth_filter(ctx, "body");
+               cgit_close_filter(ctx->cfg.auth_filter);
+               cgit_print_docend();
+               return;
+       }
+
        cmd = cgit_get_cmd(ctx);
        if (!cmd) {
                ctx->page.title = "cgit error";
        cmd = cgit_get_cmd(ctx);
        if (!cmd) {
                ctx->page.title = "cgit error";
@@ -549,7 +713,7 @@ static void process_request(void *cbdata)
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
                cgit_print_http_headers(ctx);
                cgit_print_docstart(ctx);
                cgit_print_pageheader(ctx);
-               cgit_print_error(fmt("No repository selected"));
+               cgit_print_error("No repository selected");
                cgit_print_docend();
                return;
        }
                cgit_print_docend();
                return;
        }
@@ -569,33 +733,28 @@ static void process_request(void *cbdata)
                cgit_print_docend();
 }
 
                cgit_print_docend();
 }
 
-int cmp_repos(const void *a, const void *b)
+static int cmp_repos(const void *a, const void *b)
 {
        const struct cgit_repo *ra = a, *rb = b;
        return strcmp(ra->url, rb->url);
 }
 
 {
        const struct cgit_repo *ra = a, *rb = b;
        return strcmp(ra->url, rb->url);
 }
 
-char *build_snapshot_setting(int bitmap)
+static char *build_snapshot_setting(int bitmap)
 {
        const struct cgit_snapshot_format *f;
 {
        const struct cgit_snapshot_format *f;
-       char *result = xstrdup("");
-       char *tmp;
-       int len;
+       struct strbuf result = STRBUF_INIT;
 
        for (f = cgit_snapshot_formats; f->suffix; f++) {
                if (f->bit & bitmap) {
 
        for (f = cgit_snapshot_formats; f->suffix; f++) {
                if (f->bit & bitmap) {
-                       tmp = result;
-                       result = xstrdup(fmt("%s%s ", tmp, f->suffix));
-                       free(tmp);
+                       if (result.len)
+                               strbuf_addch(&result, ' ');
+                       strbuf_addstr(&result, f->suffix);
                }
        }
                }
        }
-       len = strlen(result);
-       if (len)
-               result[len - 1] = '\0';
-       return result;
+       return strbuf_detach(&result, NULL);
 }
 
 }
 
-char *get_first_line(char *txt)
+static char *get_first_line(char *txt)
 {
        char *t = xstrdup(txt);
        char *p = strchr(t, '\n');
 {
        char *t = xstrdup(txt);
        char *p = strchr(t, '\n');
@@ -604,8 +763,9 @@ char *get_first_line(char *txt)
        return t;
 }
 
        return t;
 }
 
-void print_repo(FILE *f, struct cgit_repo *repo)
+static void print_repo(FILE *f, struct cgit_repo *repo)
 {
 {
+       struct string_list_item *item;
        fprintf(f, "repo.url=%s\n", repo->url);
        fprintf(f, "repo.name=%s\n", repo->name);
        fprintf(f, "repo.path=%s\n", repo->path);
        fprintf(f, "repo.url=%s\n", repo->url);
        fprintf(f, "repo.name=%s\n", repo->name);
        fprintf(f, "repo.path=%s\n", repo->path);
@@ -616,8 +776,12 @@ void print_repo(FILE *f, struct cgit_repo *repo)
                fprintf(f, "repo.desc=%s\n", tmp);
                free(tmp);
        }
                fprintf(f, "repo.desc=%s\n", tmp);
                free(tmp);
        }
-       if (repo->readme)
-               fprintf(f, "repo.readme=%s\n", repo->readme);
+       for_each_string_list_item(item, &repo->readme) {
+               if (item->util)
+                       fprintf(f, "repo.readme=%s:%s\n", (char *)item->util, item->string);
+               else
+                       fprintf(f, "repo.readme=%s\n", item->string);
+       }
        if (repo->defbranch)
                fprintf(f, "repo.defbranch=%s\n", repo->defbranch);
        if (repo->module_link)
        if (repo->defbranch)
                fprintf(f, "repo.defbranch=%s\n", repo->defbranch);
        if (repo->module_link)
@@ -633,27 +797,43 @@ void print_repo(FILE *f, struct cgit_repo *repo)
        fprintf(f, "repo.enable-log-linecount=%d\n",
                repo->enable_log_linecount);
        if (repo->about_filter && repo->about_filter != ctx.cfg.about_filter)
        fprintf(f, "repo.enable-log-linecount=%d\n",
                repo->enable_log_linecount);
        if (repo->about_filter && repo->about_filter != ctx.cfg.about_filter)
-               fprintf(f, "repo.about-filter=%s\n", repo->about_filter->cmd);
+               cgit_fprintf_filter(repo->about_filter, f, "repo.about-filter=");
        if (repo->commit_filter && repo->commit_filter != ctx.cfg.commit_filter)
        if (repo->commit_filter && repo->commit_filter != ctx.cfg.commit_filter)
-               fprintf(f, "repo.commit-filter=%s\n", repo->commit_filter->cmd);
+               cgit_fprintf_filter(repo->commit_filter, f, "repo.commit-filter=");
        if (repo->source_filter && repo->source_filter != ctx.cfg.source_filter)
        if (repo->source_filter && repo->source_filter != ctx.cfg.source_filter)
-               fprintf(f, "repo.source-filter=%s\n", repo->source_filter->cmd);
+               cgit_fprintf_filter(repo->source_filter, f, "repo.source-filter=");
+       if (repo->email_filter && repo->email_filter != ctx.cfg.email_filter)
+               cgit_fprintf_filter(repo->email_filter, f, "repo.email-filter=");
        if (repo->snapshots != ctx.cfg.snapshots) {
                char *tmp = build_snapshot_setting(repo->snapshots);
        if (repo->snapshots != ctx.cfg.snapshots) {
                char *tmp = build_snapshot_setting(repo->snapshots);
-               fprintf(f, "repo.snapshots=%s\n", tmp);
+               fprintf(f, "repo.snapshots=%s\n", tmp ? tmp : "");
                free(tmp);
        }
        if (repo->max_stats != ctx.cfg.max_stats)
                fprintf(f, "repo.max-stats=%s\n",
                        cgit_find_stats_periodname(repo->max_stats));
                free(tmp);
        }
        if (repo->max_stats != ctx.cfg.max_stats)
                fprintf(f, "repo.max-stats=%s\n",
                        cgit_find_stats_periodname(repo->max_stats));
+       if (repo->logo)
+               fprintf(f, "repo.logo=%s\n", repo->logo);
+       if (repo->logo_link)
+               fprintf(f, "repo.logo-link=%s\n", repo->logo_link);
+       fprintf(f, "repo.enable-remote-branches=%d\n", repo->enable_remote_branches);
+       fprintf(f, "repo.enable-subject-links=%d\n", repo->enable_subject_links);
+       if (repo->branch_sort == 1)
+               fprintf(f, "repo.branch-sort=age\n");
+       if (repo->commit_sort) {
+               if (repo->commit_sort == 1)
+                       fprintf(f, "repo.commit-sort=date\n");
+               else if (repo->commit_sort == 2)
+                       fprintf(f, "repo.commit-sort=topo\n");
+       }
        fprintf(f, "\n");
 }
 
        fprintf(f, "\n");
 }
 
-void print_repolist(FILE *f, struct cgit_repolist *list, int start)
+static void print_repolist(FILE *f, struct cgit_repolist *list, int start)
 {
        int i;
 
 {
        int i;
 
-       for(i = start; i < list->count; i++)
+       for (i = start; i < list->count; i++)
                print_repo(f, &list->repos[i]);
 }
 
                print_repo(f, &list->repos[i]);
 }
 
@@ -662,20 +842,22 @@ void print_repolist(FILE *f, struct cgit_repolist *list, int start)
  */
 static int generate_cached_repolist(const char *path, const char *cached_rc)
 {
  */
 static int generate_cached_repolist(const char *path, const char *cached_rc)
 {
-       char *locked_rc;
+       struct strbuf locked_rc = STRBUF_INIT;
+       int result = 0;
        int idx;
        FILE *f;
 
        int idx;
        FILE *f;
 
-       locked_rc = xstrdup(fmt("%s.lock", cached_rc));
-       f = fopen(locked_rc, "wx");
+       strbuf_addf(&locked_rc, "%s.lock", cached_rc);
+       f = fopen(locked_rc.buf, "wx");
        if (!f) {
                /* Inform about the error unless the lockfile already existed,
                 * since that only means we've got concurrent requests.
                 */
        if (!f) {
                /* Inform about the error unless the lockfile already existed,
                 * since that only means we've got concurrent requests.
                 */
-               if (errno != EEXIST)
+               result = errno;
+               if (result != EEXIST)
                        fprintf(stderr, "[cgit] Error opening %s: %s (%d)\n",
                        fprintf(stderr, "[cgit] Error opening %s: %s (%d)\n",
-                               locked_rc, strerror(errno), errno);
-               return errno;
+                               locked_rc.buf, strerror(result), result);
+               goto out;
        }
        idx = cgit_repolist.count;
        if (ctx.cfg.project_list)
        }
        idx = cgit_repolist.count;
        if (ctx.cfg.project_list)
@@ -683,55 +865,59 @@ static int generate_cached_repolist(const char *path, const char *cached_rc)
        else
                scan_tree(path, repo_config);
        print_repolist(f, &cgit_repolist, idx);
        else
                scan_tree(path, repo_config);
        print_repolist(f, &cgit_repolist, idx);
-       if (rename(locked_rc, cached_rc))
+       if (rename(locked_rc.buf, cached_rc))
                fprintf(stderr, "[cgit] Error renaming %s to %s: %s (%d)\n",
                fprintf(stderr, "[cgit] Error renaming %s to %s: %s (%d)\n",
-                       locked_rc, cached_rc, strerror(errno), errno);
+                       locked_rc.buf, cached_rc, strerror(errno), errno);
        fclose(f);
        fclose(f);
-       return 0;
+out:
+       strbuf_release(&locked_rc);
+       return result;
 }
 
 static void process_cached_repolist(const char *path)
 {
        struct stat st;
 }
 
 static void process_cached_repolist(const char *path)
 {
        struct stat st;
-       char *cached_rc;
+       struct strbuf cached_rc = STRBUF_INIT;
        time_t age;
        unsigned long hash;
 
        hash = hash_str(path);
        if (ctx.cfg.project_list)
                hash += hash_str(ctx.cfg.project_list);
        time_t age;
        unsigned long hash;
 
        hash = hash_str(path);
        if (ctx.cfg.project_list)
                hash += hash_str(ctx.cfg.project_list);
-       cached_rc = xstrdup(fmt("%s/rc-%8lx", ctx.cfg.cache_root, hash));
+       strbuf_addf(&cached_rc, "%s/rc-%8lx", ctx.cfg.cache_root, hash);
 
 
-       if (stat(cached_rc, &st)) {
+       if (stat(cached_rc.buf, &st)) {
                /* Nothing is cached, we need to scan without forking. And
                 * if we fail to generate a cached repolist, we need to
                 * invoke scan_tree manually.
                 */
                /* Nothing is cached, we need to scan without forking. And
                 * if we fail to generate a cached repolist, we need to
                 * invoke scan_tree manually.
                 */
-               if (generate_cached_repolist(path, cached_rc)) {
+               if (generate_cached_repolist(path, cached_rc.buf)) {
                        if (ctx.cfg.project_list)
                                scan_projects(path, ctx.cfg.project_list,
                                              repo_config);
                        else
                                scan_tree(path, repo_config);
                }
                        if (ctx.cfg.project_list)
                                scan_projects(path, ctx.cfg.project_list,
                                              repo_config);
                        else
                                scan_tree(path, repo_config);
                }
-               return;
+               goto out;
        }
 
        }
 
-       parse_configfile(cached_rc, config_cb);
+       parse_configfile(cached_rc.buf, config_cb);
 
        /* If the cached configfile hasn't expired, lets exit now */
        age = time(NULL) - st.st_mtime;
        if (age <= (ctx.cfg.cache_scanrc_ttl * 60))
 
        /* If the cached configfile hasn't expired, lets exit now */
        age = time(NULL) - st.st_mtime;
        if (age <= (ctx.cfg.cache_scanrc_ttl * 60))
-               return;
+               goto out;
 
        /* The cached repolist has been parsed, but it was old. So lets
         * rescan the specified path and generate a new cached repolist
         * in a child-process to avoid latency for the current request.
         */
        if (fork())
 
        /* The cached repolist has been parsed, but it was old. So lets
         * rescan the specified path and generate a new cached repolist
         * in a child-process to avoid latency for the current request.
         */
        if (fork())
-               return;
+               goto out;
 
 
-       exit(generate_cached_repolist(path, cached_rc));
+       exit(generate_cached_repolist(path, cached_rc.buf));
+out:
+       strbuf_release(&cached_rc);
 }
 
 static void cgit_parse_args(int argc, const char **argv)
 }
 
 static void cgit_parse_args(int argc, const char **argv)
@@ -740,45 +926,38 @@ static void cgit_parse_args(int argc, const char **argv)
        int scan = 0;
 
        for (i = 1; i < argc; i++) {
        int scan = 0;
 
        for (i = 1; i < argc; i++) {
-               if (!strncmp(argv[i], "--cache=", 8)) {
+               if (!prefixcmp(argv[i], "--cache=")) {
                        ctx.cfg.cache_root = xstrdup(argv[i] + 8);
                        ctx.cfg.cache_root = xstrdup(argv[i] + 8);
-               }
-               if (!strcmp(argv[i], "--nocache")) {
+               } else if (!strcmp(argv[i], "--nocache")) {
                        ctx.cfg.nocache = 1;
                        ctx.cfg.nocache = 1;
-               }
-               if (!strcmp(argv[i], "--nohttp")) {
+               } else if (!strcmp(argv[i], "--nohttp")) {
                        ctx.env.no_http = "1";
                        ctx.env.no_http = "1";
-               }
-               if (!strncmp(argv[i], "--query=", 8)) {
+               } else if (!prefixcmp(argv[i], "--query=")) {
                        ctx.qry.raw = xstrdup(argv[i] + 8);
                        ctx.qry.raw = xstrdup(argv[i] + 8);
-               }
-               if (!strncmp(argv[i], "--repo=", 7)) {
+               } else if (!prefixcmp(argv[i], "--repo=")) {
                        ctx.qry.repo = xstrdup(argv[i] + 7);
                        ctx.qry.repo = xstrdup(argv[i] + 7);
-               }
-               if (!strncmp(argv[i], "--page=", 7)) {
+               } else if (!prefixcmp(argv[i], "--page=")) {
                        ctx.qry.page = xstrdup(argv[i] + 7);
                        ctx.qry.page = xstrdup(argv[i] + 7);
-               }
-               if (!strncmp(argv[i], "--head=", 7)) {
+               } else if (!prefixcmp(argv[i], "--head=")) {
                        ctx.qry.head = xstrdup(argv[i] + 7);
                        ctx.qry.has_symref = 1;
                        ctx.qry.head = xstrdup(argv[i] + 7);
                        ctx.qry.has_symref = 1;
-               }
-               if (!strncmp(argv[i], "--sha1=", 7)) {
+               } else if (!prefixcmp(argv[i], "--sha1=")) {
                        ctx.qry.sha1 = xstrdup(argv[i] + 7);
                        ctx.qry.has_sha1 = 1;
                        ctx.qry.sha1 = xstrdup(argv[i] + 7);
                        ctx.qry.has_sha1 = 1;
-               }
-               if (!strncmp(argv[i], "--ofs=", 6)) {
+               } else if (!prefixcmp(argv[i], "--ofs=")) {
                        ctx.qry.ofs = atoi(argv[i] + 6);
                        ctx.qry.ofs = atoi(argv[i] + 6);
-               }
-               if (!strncmp(argv[i], "--scan-tree=", 12) ||
-                   !strncmp(argv[i], "--scan-path=", 12)) {
-                       /* HACK: the global snapshot bitmask defines the
-                        * set of allowed snapshot formats, but the config
-                        * file hasn't been parsed yet so the mask is
-                        * currently 0. By setting all bits high before
-                        * scanning we make sure that any in-repo cgitrc
-                        * snapshot setting is respected by scan_tree().
-                        * BTW: we assume that there'll never be more than
-                        * 255 different snapshot formats supported by cgit...
+               } else if (!prefixcmp(argv[i], "--scan-tree=") ||
+                          !prefixcmp(argv[i], "--scan-path=")) {
+                       /*
+                        * HACK: The global snapshot bit mask defines the set
+                        * of allowed snapshot formats, but the config file
+                        * hasn't been parsed yet so the mask is currently 0.
+                        * By setting all bits high before scanning we make
+                        * sure that any in-repo cgitrc snapshot setting is
+                        * respected by scan_tree().
+                        *
+                        * NOTE: We assume that there aren't more than 8
+                        * different snapshot formats supported by cgit...
                         */
                        ctx.cfg.snapshots = 0xFF;
                        scan++;
                         */
                        ctx.cfg.snapshots = 0xFF;
                        scan++;
@@ -801,21 +980,26 @@ static int calc_ttl()
        if (!ctx.qry.page)
                return ctx.cfg.cache_repo_ttl;
 
        if (!ctx.qry.page)
                return ctx.cfg.cache_repo_ttl;
 
-       if (ctx.qry.has_symref)
-               return ctx.cfg.cache_dynamic_ttl;
+       if (!strcmp(ctx.qry.page, "about"))
+               return ctx.cfg.cache_about_ttl;
 
        if (ctx.qry.has_sha1)
                return ctx.cfg.cache_static_ttl;
 
 
        if (ctx.qry.has_sha1)
                return ctx.cfg.cache_static_ttl;
 
+       if (ctx.qry.has_symref)
+               return ctx.cfg.cache_dynamic_ttl;
+
        return ctx.cfg.cache_repo_ttl;
 }
 
 int main(int argc, const char **argv)
 {
        const char *path;
        return ctx.cfg.cache_repo_ttl;
 }
 
 int main(int argc, const char **argv)
 {
        const char *path;
-       char *qry;
        int err, ttl;
 
        int err, ttl;
 
+       cgit_init_filters();
+       atexit(cgit_cleanup_filters);
+
        prepare_context(&ctx);
        cgit_repolist.length = 0;
        cgit_repolist.count = 0;
        prepare_context(&ctx);
        cgit_repolist.length = 0;
        cgit_repolist.count = 0;
@@ -830,11 +1014,8 @@ int main(int argc, const char **argv)
         * that virtual-root equals SCRIPT_NAME, minus any possibly
         * trailing slashes.
         */
         * that virtual-root equals SCRIPT_NAME, minus any possibly
         * trailing slashes.
         */
-       if (!ctx.cfg.virtual_root && ctx.cfg.script_name) {
-               ctx.cfg.virtual_root = trim_end(ctx.cfg.script_name, '/');
-               if (!ctx.cfg.virtual_root)
-                       ctx.cfg.virtual_root = "";
-       }
+       if (!ctx.cfg.virtual_root && ctx.cfg.script_name)
+               ctx.cfg.virtual_root = ensure_end(ctx.cfg.script_name, '/');
 
        /* If no url parameter is specified on the querystring, lets
         * use PATH_INFO as url. This allows cgit to work with virtual
 
        /* If no url parameter is specified on the querystring, lets
         * use PATH_INFO as url. This allows cgit to work with virtual
@@ -847,24 +1028,32 @@ int main(int argc, const char **argv)
                        path++;
                ctx.qry.url = xstrdup(path);
                if (ctx.qry.raw) {
                        path++;
                ctx.qry.url = xstrdup(path);
                if (ctx.qry.raw) {
-                       qry = ctx.qry.raw;
-                       ctx.qry.raw = xstrdup(fmt("%s?%s", path, qry));
-                       free(qry);
+                       char *newqry = fmtalloc("%s?%s", path, ctx.qry.raw);
+                       free(ctx.qry.raw);
+                       ctx.qry.raw = newqry;
                } else
                        ctx.qry.raw = xstrdup(ctx.qry.url);
                cgit_parse_url(ctx.qry.url);
        }
 
                } else
                        ctx.qry.raw = xstrdup(ctx.qry.url);
                cgit_parse_url(ctx.qry.url);
        }
 
+       /* Before we go any further, we set ctx.env.authenticated by checking to see
+        * if the supplied cookie is valid. All cookies are valid if there is no
+        * auth_filter. If there is an auth_filter, the filter decides. */
+       authenticate_cookie(&ctx);
+
        ttl = calc_ttl();
        ttl = calc_ttl();
-       ctx.page.expires += ttl * 60;
-       if (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD"))
+       if (ttl < 0)
+               ctx.page.expires += 10 * 365 * 24 * 60 * 60; /* 10 years */
+       else
+               ctx.page.expires += ttl * 60;
+       if (!ctx.env.authenticated || (ctx.env.request_method && !strcmp(ctx.env.request_method, "HEAD")))
                ctx.cfg.nocache = 1;
        if (ctx.cfg.nocache)
                ctx.cfg.cache_size = 0;
        err = cache_process(ctx.cfg.cache_size, ctx.cfg.cache_root,
                            ctx.qry.raw, ttl, process_request, &ctx);
        if (err)
                ctx.cfg.nocache = 1;
        if (ctx.cfg.nocache)
                ctx.cfg.cache_size = 0;
        err = cache_process(ctx.cfg.cache_size, ctx.cfg.cache_root,
                            ctx.qry.raw, ttl, process_request, &ctx);
        if (err)
-               cgit_print_error(fmt("Error processing page: %s (%d)",
-                                    strerror(err), err));
+               cgit_print_error("Error processing page: %s (%d)",
+                                strerror(err), err);
        return err;
 }
        return err;
 }
Unnamed repository; edit this file 'description' to name the repository.