Change the existing cgit_{open,close,fprintf}_filter functions to
delegate to filter-specific implementations accessed via function
pointers on the cgit_filter object.
We treat the exec filter type slightly specially here by putting its
structure definition in the header file and providing an
This is the preliminary refactoring for supporting more types of filter
(for example Lua scripts or persistent filters). The final patch adds a
table where more implementations can be added.
The first three (maybe four) patches are sensible cleanups even if we
don't want to take the whole plan
By switching the assignment of fields in the cgit_filter structure to
use designated initializers, the compiler will initialize all other
fields to their default value. This will be needed when we add the
extra_args field in the next patch.
Signed-off-by: John Keeping j...@keeping.me.uk
---
I'm merging this, but, it strikes me the initial intent of this was a
bit neat -- instead of dup2ing over stdout and restoring it with a
dup'd original stdout, the htmlfd just had to be modified. I may end
up reverting this change later, but for now I'll merge it.
What's the purpose of this? Why not just keep the original string that
was passed to about-filter=... in the cmd variable as we have now? The
thing that's variable from filter to filter is argv, the type (commit,
about, etc), and the mechanism (lua, stdout, etc). But the variable
aspects don't
On Sun, Jan 12, 2014 at 08:23:02PM +0100, Jason A. Donenfeld wrote:
What's the purpose of this? Why not just keep the original string that
was passed to about-filter=... in the cmd variable as we have now? The
thing that's variable from filter to filter is argv, the type (commit,
about, etc),
On Sun, Jan 12, 2014 at 8:35 PM, John Keeping j...@keeping.me.uk wrote:
I'm looking at splitting up the data so there is a filter object that
contains function pointers to implementation functions and then some
data that is specific to to given filter type. With that change, cmd
moves to the
Everywhere else we use html_txt to escape any special characters in
these variables. Do so here as well.
Signed-off-by: John Keeping j...@keeping.me.uk
---
I spotted this while looking at Jason's jd/gravatar series. The
following two patches cover other similar issues I spotted while
auditing
This is for consistency with other callers. The value returned from
cgit_rooturl is not guaranteed to be HTML-safe.
Signed-off-by: John Keeping j...@keeping.me.uk
---
ui-repolist.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/ui-repolist.c b/ui-repolist.c
index
As far as I know, there is no requirement that $SCRIPT_NAME contain only
URL-safe characters, so we need to make sure that any special characters
are escaped.
Signed-off-by: John Keeping j...@keeping.me.uk
---
ui-shared.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git
This allows running the entire test suite with a set of command-line
options. For example:
make test CGIT_TEST_OPTS=--valgrind
Signed-off-by: John Keeping j...@keeping.me.uk
---
tests/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/Makefile
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter
Are there any circumstances in which this could have prior lead to an XSS?
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf
Same question here -- XSS potential?
___
CGit mailing list
CGit@lists.zx2c4.com
http://lists.zx2c4.com/mailman/listinfo/cgit
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf
From: John Keeping j...@keeping.me.uk
This allows different filter implementations to be specified in the
configuration file. Currently only exec is supported, but it may now
be specified either with or without the exec: prefix.
Signed-off-by: John Keeping j...@keeping.me.uk
---
cgitrc.5.txt |
From: John Keeping j...@keeping.me.uk
This stops the code in cgit.c::print_repo needing to inspect the
cgit_filter structure, meaning that we can abstract out different filter
types that will have different fields that need to be printed.
Signed-off-by: John Keeping j...@keeping.me.uk
---
The beginnings of the filter framework I merged yesterday. This is
the second half. It is a combination of my work and John's, and
allows for a variety of different types of filters to be used with
cgit. We support long lived ones as well as one-off ones, complete
with support for redirecting
Signed-off-by: Jason A. Donenfeld ja...@zx2c4.com
---
filters/email-gravatar.py | 30 ++
1 file changed, 30 insertions(+)
create mode 100755 filters/email-gravatar.py
diff --git a/filters/email-gravatar.py b/filters/email-gravatar.py
new file mode 100755
index
Filters can now call hook_write and unhook_write if they want to
redirect writing to stdout to a different function. This saves us from
potential file descriptor pipes and other less efficient mechanisms.
We do this instead of replacing the call in html_raw because some places
stdlib's printf
At some point, we're going to want to do lazy deallocation of filters.
For example, if we implement lua, we'll want to load the lua runtime
once for each filter, even if that filter is called many times.
Similarly, for persistent exec filters, we'll want to load it once,
despite many open_filter
Signed-off-by: Jason A. Donenfeld ja...@zx2c4.com
---
filters/email-gravatar.lua | 25 +
filters/email-gravatar.py | 3 +++
2 files changed, 28 insertions(+)
create mode 100644 filters/email-gravatar.lua
diff --git a/filters/email-gravatar.lua
That would be much appreciated. Thanks Sebastian. Also, if there's
anything else that you worked on that didn't get picked up, now would
be a decent time to submit it for rereview.
___
CGit mailing list
CGit@lists.zx2c4.com
24 matches
Mail list logo