aboutsummaryrefslogtreecommitdiffstats
path: root/filters (follow)
Commit message (Collapse)AuthorAgeFilesLines
* simple-authentication: styleJason A. Donenfeld2014-01-231-1/+1
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: document tweakables in lua scriptJason A. Donenfeld2014-01-171-0/+10
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: have cgit calculate login addressJason A. Donenfeld2014-01-161-6/+1
| | | | | | | This way we're sure to use virtual root, or any other strangeness encountered. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: lua string comparisons are time invariantJason A. Donenfeld2014-01-161-2/+2
| | | | | | By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* authentication: use hidden form instead of refererJason A. Donenfeld2014-01-161-79/+121
| | | | | | | This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* auth: add basic authentication filter frameworkJason A. Donenfeld2014-01-161-0/+225
| | | | | | | | | | | | | | | | This leverages the new lua support. See filters/simple-authentication.lua for explaination of how this works. There is also additional documentation in cgitrc.5.txt. Though this is a cookie-based approach, cgit's caching mechanism is preserved for authenticated pages. Very plugable and extendable depending on user needs. The sample script uses an HMAC-SHA1 based cookie to store the currently logged in user, with an expiration date. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* email-gravatar: fix html syntax issuesChristian Hesse2014-01-152-2/+2
| | | | | an attribute value specification must be an attribute value literal unless SHORTTAG YES is specified
* email-gravatar: do not scale icons upJason A. Donenfeld2014-01-142-2/+2
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: allow returning exit code from filterJason A. Donenfeld2014-01-141-0/+1
| | | | | | | Filters can now indicate a status back to cgit by means of the exit code for exec, or the return value from close for Lua. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* email-gravatar: fix html syntax issuesChristian Hesse2014-01-142-2/+2
| | | | | | * make ampersand a html entity * add required alt attribute * add required img end tag
* email-gravatar.py: fix UTF-8Christian Hesse2014-01-141-0/+4
|
* email-gravatar.lua: fix for lua 5.2Christian Hesse2014-01-141-1/+1
|
* filter: add page source to email filterJason A. Donenfeld2014-01-142-1/+3
| | | | | | | | Since the email filter is called from lots of places, the script might benefit from knowing the origin. That way it can modify its contents and/or size depending. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filter: add gravatar scriptsJason A. Donenfeld2014-01-142-0/+58
| | | | | | | The lua one is hugely faster than the python one, but both are included for comparison. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filters: Improved syntax-highlighting.pyStefan Tatschner2014-01-131-19/+33
| | | | | | | | | | | | | | | | - Switched back to python2 according to a problem in pygments with python3. With the next release of pygments this problem should be fixed. Issue see here: https://bitbucket.org/birkenfeld/pygments-main/issue/901/problems-with-python3 - Just read the stdin, decode it to utf-8 and ignore unknown signs. This ensures that even destroyed files do not cause any errors in the filter. - Improved language guessing: -> At first use guess_lexer_for_filename for a better detection of the used programming languages (even mixed cases will be detected, e.g. php + html). -> If nothing was found look if there is a shebang and use guess_lexer. -> As default/fallback choose TextLexer. Signed-off-by: Stefan Tatschner <stefan@sevenbyte.org>
* Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch2014-01-081-0/+1
| | | | | | | Previously the script tried to encode output from Pygments with the ASCII codec, which failed. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
* Fix about-formatting.shPřemysl Janouch2014-01-081-1/+1
| | | | | | dash failed to parse the script. Signed-off-by: Přemysl Janouch <p.janouch@gmail.com>
* filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts2014-01-081-1/+63
| | | | | | v2: add highlight 3.13 as present on Fedora 19 Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
* filters: toggle perl utf8 situationJason A. Donenfeld2013-05-281-4/+0
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* filters: import more modern scriptsJason A. Donenfeld2013-05-278-0/+1813
| | | | Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
* syntax-highlighting.sh: Fix command injection.Jason A. Donenfeld2012-10-271-2/+2
| | | | | | | | | By not quoting the argument, an attacker with the ability to add files to the repository could pass arbitrary arguments to the highlight command, in particular, the --plug-in argument which can lead to arbitrary command execution. This patch adds simple argument quoting.
* syntax-highlight: when the file has no extension, assume textFerry Huberts2012-10-091-1/+4
| | | | | | | | | | There are 2 situations: 1- empty extension: assuming text is better than highlight producing no output because of a missing argument. 2- no extension at all: assuming text is better than setting the extension to the filename, which is what now happens. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
* Revert "filters/syntax-highlighting.sh: work around highlight --force bug"Ferry Huberts2012-10-091-17/+0
| | | | | | | | | This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166. An update with the latest highlight landed in EPEL. This new version doesn't have the --force bug, so the workaround can now be removed. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl>
* Merge branch 'stable'Lars Hjemli2012-03-181-0/+28
|\
| * filters/syntax-highlighting.sh: work around highlight --force bugFerry Huberts2012-03-181-0/+17
| |
| * filters/highlight.sh: manually support highlight version 2 and 3Ferry Huberts2012-03-181-0/+11
| |
* | commit-links.sh: improve regular expressionsFerry Huberts2011-07-191-2/+5
| | | | | | | | | | | | | | | | | | | | | | The default length for sha1 abbreviations in git is 7. A '#num' at the beginning of the commit message is now recognised, a ':#num' as well, etc.: a '#num' anywhere is now converted to a link. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* | filters: document environment variables in filter scriptsFerry Huberts2011-03-262-0/+22
|/ | | | | Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> Signed-off-by: Lars Hjemli <hjemli@gmail.com>
* commit-links.sh: Seperate the expressions for filtering commit messages.Jeff Smith2010-07-221-7/+9
| | | | | This allows for putting descriptions closer to their expressions. It should also make it clearer how to apply an expression conditionally.
* syntax highlighting for all formats supported by "highlight"Georg Lukas2009-11-191-17/+12
| | | | | | | | | | | | | | | | | | The highlight tool can be given any of the supported file extensions as its -S parameter. This patch replaces the case-switch by extracting the extension from the supplied file name and passing it to highlight. However, this requires a shell supporting the ${var##pattern} syntax, like dash or bash. Unknown extensions cause a fall-back to plain text using the --force switch. Error messages are redirected to /dev/null. A special case maps Makefile and Makefile.* to the "mk" extension. The total overhead is reduced by calling "exec highlight". No forks are needed during script execution. Signed-off-by: Georg Lukas <georg@op-co.de>
* Add some example filter scriptsLars Hjemli2009-08-092-0/+51
Signed-off-by: Lars Hjemli <hjemli@gmail.com>