git/gitweb, branch v1.6.6.3

Git 1.6.6.3

2010-12-15T19:32:57Z

Signed-off-by: Junio C Hamano

Git 1.6.5.9

2010-12-15T19:27:41Z

Signed-off-by: Junio C Hamano

gitweb: Introduce esc_attr to escape attributes of HTML elements

2010-12-15T19:16:31Z

It is needed only to escape attributes of handcrafted HTML elements, and not those generated using CGI.pm subroutines / methods for HTML generation. While at it, add esc_url and esc_html where needed, and prefer to use CGI.pm HTML generating methods than handcrafted HTML code. Most of those are probably unnecessary (could be exploited only by person with write access to gitweb config, or at least access to the repository). This fixes CVE-2010-3906 Reported-by: Emanuele Gentili Helped-by: John 'Warthog9' Hawley Helped-by: Jonathan Nieder Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

gitweb: Describe (possible) gitweb.js minification in gitweb/README

2009-12-03T20:38:45Z

Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

Merge branch 'jn/gitweb-blame'

2009-12-01T19:28:15Z

* jn/gitweb-blame: gitweb: Add link to other blame implementation in blame views gitweb: Make linking to actions requiring JavaScript a feature gitweb.js: fix padLeftStr() and its usage gitweb.js: Harden setting blamed commit info in incremental blame gitweb.js: fix null object exception in initials calculation gitweb: Minify gitweb.js if JSMIN is defined gitweb: Create links leading to 'blame_incremental' using JavaScript gitweb: Colorize 'blame_incremental' view during processing gitweb: Incremental blame (using JavaScript) gitweb: Add optional "time to generate page" info in footer Conflicts: Makefile gitweb/gitweb.css

gitweb: Add link to other blame implementation in blame views

2009-12-01T19:25:21Z

Add link to 'blame_incremental' action (which requires JavaScript) in 'blame' view, and add link to 'blame' action in 'blame_incremental' view. Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

gitweb: Make linking to actions requiring JavaScript a feature

2009-12-01T04:09:41Z

Let gitweb turn some links (like 'blame' links) into linking to actions which require JavaScript (like 'blame_incremental' action) only if 'javascript-actions' feature is enabled. This means that links to such actions would be present only if both JavaScript is enabled and 'javascript-actions' feature is enabled. Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

gitweb.js: fix padLeftStr() and its usage

2009-11-25T08:06:32Z

It seems that in Firefox-3.5 inserting with javascript inserts the literal instead of a space. Fix this by inserting the unicode representation for instead. Also fix the off-by-one error in the padding calculation that was causing one less space to be inserted than was requested by the caller. Signed-off-by: Stephen Boyd Cc: Jakub Narebski Signed-off-by: Junio C Hamano

gitweb.js: Harden setting blamed commit info in incremental blame

2009-11-25T08:04:39Z

Internet Explorer 8 stops at beginning of blame filling with the following bug: "firstChild is null or not an object" at this line: a_sha1.firstChild.data = commit.sha1.substr(0, 8); It is (probably) caused by the fact that while a_sha1 element, which looks like this: It has a firstChild which is a text node containing only whitespace (single space character) in other web browsers (Firefox 3.5, Opera 10, Google Chrome 3.0), IE8 clobbers DOM, removing trailing/leading whitespace. Protect against this bug by creating text element if it does not exist. Found-by: Stephen Boyd Signed-off-by: Jakub Narebski Signed-off-by: Junio C Hamano

Merge branch 'mr/gitweb-snapshot'

2009-11-24T06:28:31Z

* mr/gitweb-snapshot: t/gitweb-lib: Split HTTP response with non-GNU sed gitweb: Smarter snapshot names gitweb: Document current snapshot rules via new tests t/gitweb-lib.sh: Split gitweb output into headers and body gitweb: check given hash before trying to create snapshot