Hi,
On Wednesday 15 January 2014 02:02:13 Jason A. Donenfeld wrote:
While still a horrendous mess, I've begun work adding authentication
support, using our nice new lua filter system.
A sample script looks like this [at the moment]:
On Wed, Jan 15, 2014 at 10:28 AM, Peter Wu lekenst...@gmail.com wrote:
The script is vulnerable to header injection:
$ curl -i http://git.zx2c4.com/login -H 'Referer: x%0d\nX: 1' \
-d 'username=1; path%3d/password=%0aY: 2'
HTTP/1.1 302 Redirect
Server: ZX2C4 Web Server
Date: Wed, 15 Jan
Jimminy cricket. Okay, merged.
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Squashed and merged this series.
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
On Wed, Jan 15, 2014 at 08:24:21AM +0100, Lars Hjemli wrote:
On Tue, Jan 14, 2014 at 10:09 PM, Doug Carter dcar...@mercycorps.org wrote:
I'd like to create
a some ssl clone text that can be copy/pasted like github does it:
g...@git.foo.com:repo.git
Is there a way to do this and not
Username: jason
Password: secretpassword
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
This leverages the new lua support. See
filters/simple-authentication.lua for explaination of how this works.
There is also additional documentation in cgitrc.5.txt.
Though this is a cookie-based approach, cgit's caching mechanism is
preserved for authenticated pages.
Very plugable and
Drop the context parameter from the following functions (and all static
helpers used by them) and use the global context instead:
* cgit_get_cmd()
* All cgit command functions.
* cgit_clone_info()
* cgit_clone_objects()
* cgit_clone_head()
* cgit_print_plain()
* cgit_show_stats()
Fix all
Jason noticed that sometimes, we pass a reference (pointer) to the
global context variable. This series removes all such references and
replaces them with direct use of the global variable.
Most of the patches are much easier to review with the following
options:
--word-diff=color
In initialization routines, use the global context variable instead of
passing a pointer around locally.
Signed-off-by: Lukas Fleischer c...@cryptocrack.de
---
cgit.c | 207 -
1 file changed, 103 insertions(+), 104 deletions(-)
On Wed, Jan 15, 2014 at 7:29 PM, Jason A. Donenfeld ja...@zx2c4.com wrote:
On Wed, Jan 15, 2014 at 7:17 PM, Peter Wu lekenst...@gmail.com wrote:
The current login page is cachable, you should add Cache-Control: private
to
prevent that.
Excellent idea.
I've added no-cache, no-store to the
Jason A. Donenfeld ja...@zx2c4.com wrote:
In theory, passing around the variable, and not relying on a global,
is better. It allows us at somepoint to have multiple contexts, for,
say, implementing FastCGI or an event loop single-process multi
response model.
This. I prefer we keep passing
On Thu, Jan 16, 2014 at 1:59 AM, Eric Wong normalper...@yhbt.net wrote:
This. I prefer we keep passing around the ctx variable to keep the code
more flexible for future reuse. Of course, IIRC git itself has this
limitation, too...
Can anyone confirm or deny this? Is it a pointless endeavor
Hey Konstantin,
On Thu, Jan 9, 2014 at 4:21 PM, Konstantin Ryabitsev mri...@kernel.org wrote:
That's pretty nifty. That reminds me -- I'm working on a web-of-trust
site for kernel.org and something I wouldn't mind having is a way to
link from cgit to the web of trust for that person. E.g. an
14 matches
Mail list logo