ui-diff.c: avoid html injection

[ps-cgit] / cgit.c

diff --git a/cgit.c b/cgit.c
index 53ab68da2d7ff8f8b54deafcfdb3de47cf0c89b0..f4dd6ef93c4b1b73d1583df8cab06627e34ae491 100644 (file)
--- a/cgit.c
+++ b/cgit.c
@@ -73,9 +73,13 @@ void repo_config(struct cgit_repo *repo, const char *name, const char *value)
                repo->module_link= xstrdup(value);
        else if (!strcmp(name, "section"))
                repo->section = xstrdup(value);
                repo->module_link= xstrdup(value);
        else if (!strcmp(name, "section"))
                repo->section = xstrdup(value);

-       else if (!strcmp(name, "readme") && value != NULL) {
+       else if (!strcmp(name, "readme") && value != NULL)

                repo->readme = xstrdup(value);
                repo->readme = xstrdup(value);

-       } else if (ctx.cfg.enable_filter_overrides) {
+       else if (!strcmp(name, "logo") && value != NULL)
+               repo->logo = xstrdup(value);
+       else if (!strcmp(name, "logo-link") && value != NULL)
+               repo->logo_link = xstrdup(value);
+       else if (ctx.cfg.enable_filter_overrides) {

                if (!strcmp(name, "about-filter"))
                        repo->about_filter = new_filter(value, 0);
                else if (!strcmp(name, "commit-filter"))
                if (!strcmp(name, "about-filter"))
                        repo->about_filter = new_filter(value, 0);
                else if (!strcmp(name, "commit-filter"))


@@ -199,6 +203,8 @@ void config_cb(const char *name, const char *value)
                                      ctx.cfg.project_list, repo_config);
                else
                        scan_tree(expand_macros(value), repo_config);
                                      ctx.cfg.project_list, repo_config);
                else
                        scan_tree(expand_macros(value), repo_config);

+       else if (!strcmp(name, "scan-hidden-path"))
+               ctx.cfg.scan_hidden_path = atoi(value);

        else if (!strcmp(name, "section-from-path"))
                ctx.cfg.section_from_path = atoi(value);
        else if (!strcmp(name, "source-filter"))
        else if (!strcmp(name, "section-from-path"))
                ctx.cfg.section_from_path = atoi(value);
        else if (!strcmp(name, "source-filter"))


@@ -319,6 +325,7 @@ static void prepare_context(struct cgit_context *ctx)
        ctx->cfg.robots = "index, nofollow";
        ctx->cfg.root_title = "Git repository browser";
        ctx->cfg.root_desc = "a fast webinterface for the git dscm";
        ctx->cfg.robots = "index, nofollow";
        ctx->cfg.root_title = "Git repository browser";
        ctx->cfg.root_desc = "a fast webinterface for the git dscm";

+       ctx->cfg.scan_hidden_path = 0;

        ctx->cfg.script_name = CGIT_SCRIPT_NAME;
        ctx->cfg.section = "";
        ctx->cfg.summary_branches = 10;
        ctx->cfg.script_name = CGIT_SCRIPT_NAME;
        ctx->cfg.section = "";
        ctx->cfg.summary_branches = 10;


@@ -745,10 +752,11 @@ int main(int argc, const char **argv)
        http_parse_querystring(ctx.qry.raw, querystring_cb);
 
        /* If virtual-root isn't specified in cgitrc, lets pretend
        http_parse_querystring(ctx.qry.raw, querystring_cb);
 
        /* If virtual-root isn't specified in cgitrc, lets pretend

-        * that virtual-root equals SCRIPT_NAME.
+        * that virtual-root equals SCRIPT_NAME, minus any possibly
+        * trailing slashes.

         */
        if (!ctx.cfg.virtual_root)
         */
        if (!ctx.cfg.virtual_root)

-               ctx.cfg.virtual_root = ctx.cfg.script_name;
+               ctx.cfg.virtual_root = trim_end(ctx.cfg.script_name, '/');

 
        /* If no url parameter is specified on the querystring, lets
         * use PATH_INFO as url. This allows cgit to work with virtual
 
        /* If no url parameter is specified on the querystring, lets
         * use PATH_INFO as url. This allows cgit to work with virtual