From dfff4b7aa42de7e7d58caeebe2c6128449f09b76 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 16 Dec 2008 19:42:02 -0800 Subject: gitweb: do not run "git diff" that is Porcelain Jakub says that legacy-style URI to view two blob differences are never generated since 1.4.3. This codepath runs "git diff" Porcelain from the gitweb, which is a no-no. It can trigger diff.external command that is specified in the configuration file of the repository being viewed. This patch applies to v1.5.4 and later. Signed-off-by: Junio C Hamano diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl index b582332..86a6ced 100755 --- a/gitweb/gitweb.perl +++ b/gitweb/gitweb.perl @@ -4809,43 +4809,9 @@ sub git_blobdiff { or die_error(undef, "Open git-diff-tree failed"); } - # old/legacy style URI - if (!%diffinfo && # if new style URI failed - defined $hash && defined $hash_parent) { - # fake git-diff-tree raw output - $diffinfo{'from_mode'} = $diffinfo{'to_mode'} = "blob"; - $diffinfo{'from_id'} = $hash_parent; - $diffinfo{'to_id'} = $hash; - if (defined $file_name) { - if (defined $file_parent) { - $diffinfo{'status'} = '2'; - $diffinfo{'from_file'} = $file_parent; - $diffinfo{'to_file'} = $file_name; - } else { # assume not renamed - $diffinfo{'status'} = '1'; - $diffinfo{'from_file'} = $file_name; - $diffinfo{'to_file'} = $file_name; - } - } else { # no filename given - $diffinfo{'status'} = '2'; - $diffinfo{'from_file'} = $hash_parent; - $diffinfo{'to_file'} = $hash; - } - - # non-textual hash id's can be cached - if ($hash =~ m/^[0-9a-fA-F]{40}$/ && - $hash_parent =~ m/^[0-9a-fA-F]{40}$/) { - $expires = '+1d'; - } - - # open patch output - open $fd, "-|", git_cmd(), "diff", @diff_opts, - '-p', ($format eq 'html' ? "--full-index" : ()), - $hash_parent, $hash, "--" - or die_error(undef, "Open git-diff failed"); - } else { + # old/legacy style URI -- not generated anymore since 1.4.3. + if (!%diffinfo) { die_error('404 Not Found', "Missing one of the blob diff parameters") - unless %diffinfo; } # header -- cgit v0.10.2-6-g49f6 From 34b146c0f444fc9f83bea3215bd0cd546fc57c33 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Tue, 16 Dec 2008 22:03:29 -0800 Subject: GIT 1.5.4.7 Signed-off-by: Junio C Hamano diff --git a/Documentation/RelNotes-1.5.4.7.txt b/Documentation/RelNotes-1.5.4.7.txt new file mode 100644 index 0000000..9065a0e --- /dev/null +++ b/Documentation/RelNotes-1.5.4.7.txt @@ -0,0 +1,10 @@ +GIT v1.5.4.7 Release Notes +========================== + +Fixes since 1.5.4.7 +------------------- + + * Removed support for an obsolete gitweb request URI, whose + implementation ran "git diff" Porcelain, instead of using plumbing, + which would have run an external diff command specified in the + repository configuration as the gitweb user. diff --git a/RelNotes b/RelNotes index b9aa240..8fbe7db 120000 --- a/RelNotes +++ b/RelNotes @@ -1 +1 @@ -Documentation/RelNotes-1.5.4.6.txt \ No newline at end of file +Documentation/RelNotes-1.5.4.7.txt \ No newline at end of file -- cgit v0.10.2-6-g49f6