зеркало из https://github.com/mozilla/pjs.git
Implement CheckHidden(), so that we can have some semblance of security.
This commit is contained in:
terry
Родитель
69b8829b85
Коммит
9febc7a662
|
|
@ -128,8 +128,12 @@ print "</BODY></HTML>\n";
|
|||
exit;
|
||||
|
||||
found_file:
|
||||
|
||||
($rcs_path) = $rcs_filename =~ m@$root/(.*)/.+?,v@;
|
||||
|
||||
CheckHidden($rcs_filename);
|
||||
|
||||
|
||||
# Parse the rcs file ($opt_rev is passed as a global)
|
||||
#
|
||||
$revision = &parse_cvs_file($rcs_filename);
|
||||
|
|
@ -209,7 +213,11 @@ print $font_tag;
|
|||
#
|
||||
$start_of_mark = 0;
|
||||
$end_of_mark = 0;
|
||||
$line_num_width = int(log($#revision_map)/log(10)) + 1;
|
||||
$count = $#revision_map;
|
||||
if ($count == 0) {
|
||||
$count = 1;
|
||||
}
|
||||
$line_num_width = int(log($count)/log(10)) + 1;
|
||||
$revision_width = 3;
|
||||
$author_width = 5;
|
||||
$line = 0;
|
||||
|
|
|
|||
|
|
@ -28,8 +28,6 @@
|
|||
#
|
||||
##############################################################################
|
||||
|
||||
# $Id: cvsblame.pl,v 1.1 1998-06-16 21:42:56 terry Exp $
|
||||
|
||||
require 'timelocal.pl'; # timestamps
|
||||
require 'ctime.pl'; # human-readable dates
|
||||
|
||||
|
|
@ -133,6 +131,10 @@ sub get_token {
|
|||
# Undo escape-coding of @ characters.
|
||||
$token =~ s/@@/@/og;
|
||||
|
||||
# Digest any extra blank lines.
|
||||
while (($line_buffer =~ /^$/) && !eof(RCSFILE)) {
|
||||
$line_buffer = <RCSFILE>;
|
||||
}
|
||||
return $token;
|
||||
}
|
||||
|
||||
|
|
@ -492,6 +494,8 @@ sub parse_cvs_file {
|
|||
# (%revision_deltatext)
|
||||
|
||||
@revision_map = ();
|
||||
CheckHidden($rcs_pathname);
|
||||
|
||||
die "$progname: error: This file appeared to be under CVS control, " .
|
||||
"but the RCS file is inaccessible.\n(Couldn't open '$rcs_pathname')\n"
|
||||
if !open (RCSFILE, "< $rcs_pathname");
|
||||
|
|
@ -653,6 +657,8 @@ sub read_cvs_entries
|
|||
|
||||
$cvsdir = $directory . '/CVS';
|
||||
|
||||
CheckHidden($cvsdir);
|
||||
|
||||
return if (! -d $cvsdir);
|
||||
|
||||
return if !open(ENTRIES, "< $cvsdir/Entries");
|
||||
|
|
@ -677,6 +683,8 @@ sub read_cvs_entries
|
|||
|
||||
# Given path to file in CVS working directory, compute path to RCS
|
||||
# repository file. Cache that info for future use.
|
||||
|
||||
|
||||
sub rcs_pathname {
|
||||
($pathname) = @_;
|
||||
|
||||
|
|
@ -689,7 +697,7 @@ sub rcs_pathname {
|
|||
if (!defined($repository{$directory})) {
|
||||
&read_cvs_entries($directory);
|
||||
}
|
||||
|
||||
|
||||
if (!defined($cvs_revision{$pathname})) {
|
||||
die "$progname: error: File '$pathname' does not appear to be under" .
|
||||
" CVS control.\n"
|
||||
|
|
|
|||
|
|
@ -177,13 +177,19 @@ sub query_checkins {
|
|||
# print "</pre>";
|
||||
|
||||
|
||||
$key = "$ci->[$CI_DIR]/$ci->[$CI_FILE]";
|
||||
if (IsHidden("$ci->[$CI_REPOSITORY]/$key")) {
|
||||
next;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if( $have_mod_map &&
|
||||
!&in_module( $mod_map, $ci->[$CI_DIR], $ci->[$CI_FILE] ) ){
|
||||
next;
|
||||
}
|
||||
|
||||
if( $begin_tag) {
|
||||
$key = "$ci->[$CI_DIR]/$ci->[$CI_FILE]";
|
||||
$rev = $begin_tag->{$key};
|
||||
print "<BR>$key begintag is $rev<BR>\n";
|
||||
if ($rev == "" || rev_is_after($ci->[$CI_REV], $rev)) {
|
||||
|
|
@ -192,7 +198,6 @@ sub query_checkins {
|
|||
}
|
||||
|
||||
if( $end_tag) {
|
||||
$key = "$ci->[$CI_DIR]/$ci->[$CI_FILE]";
|
||||
$rev = $end_tag->{$key};
|
||||
print "<BR>$key endtag is $rev<BR>\n";
|
||||
if ($rev == "" || rev_is_after($rev, $ci->[$CI_REV])) {
|
||||
|
|
|
|||
|
|
@ -381,6 +381,7 @@ if ($opt_command eq 'DIFF' ||
|
|||
&die("command $opt_command: file not defined in URL\n") if $opt_file eq '';
|
||||
&die("command $opt_command: rev1 not defined in URL\n") if $opt_rev1 eq '';
|
||||
&die("command $opt_command: rev2 not defined in URL\n") if $opt_rev2 eq '';
|
||||
|
||||
}
|
||||
|
||||
# Propagate diff options to created links
|
||||
|
|
@ -442,10 +443,6 @@ sub do_diff_frameset {
|
|||
# Create links to document created by DIFF command.
|
||||
sub do_diff_links {
|
||||
|
||||
chdir($dir);
|
||||
|
||||
open(RCSDIFF, "$rcsdiff -r$opt_rev1 -r$opt_rev2 $opt_file 2>/dev/null |");
|
||||
|
||||
print "<HEAD>\n";
|
||||
print "<SCRIPT LANGUAGE='JavaScript'>\n";
|
||||
print "var anchor = -1;\n\n";
|
||||
|
|
@ -458,11 +455,17 @@ sub do_diff_links {
|
|||
" parent.frames[0].location.hash = --anchor;\n",
|
||||
"}\n";
|
||||
print "</SCRIPT>\n";
|
||||
print "<TITLE>$opt_file: $opt_rev1 vs. $opt_rev2</TITLE>\n";
|
||||
print "</HEAD>";
|
||||
print "<BODY BGCOLOR=\"#FFFFFF\" TEXT=\"#000000\"";
|
||||
print " LINK=\"#0000EE\" VLINK=\"#551A8B\" ALINK=\"#FF0000\">\n";
|
||||
|
||||
print "<TITLE>$opt_file: $opt_rev1 vs. $opt_rev2</TITLE>\n";
|
||||
CheckHidden("$dir/$opt_file");
|
||||
|
||||
chdir($dir);
|
||||
|
||||
open(RCSDIFF, "$rcsdiff -r$opt_rev1 -r$opt_rev2 $opt_file 2>/dev/null |");
|
||||
|
||||
|
||||
print '<FORM><TABLE CELLPADDING=0 CELLSPACING=0 BORDER=0><TR VALIGN=TOP>';
|
||||
|
||||
|
|
@ -578,6 +581,8 @@ sub do_diff {
|
|||
print "<BODY BGCOLOR=\"$diff_bg_color\" TEXT=\"#000000\"";
|
||||
print " LINK=\"#0000EE\" VLINK=\"#551A8B\" ALINK=\"#FF0000\">";
|
||||
|
||||
CheckHidden("$dir/$opt_file");
|
||||
|
||||
chdir($dir);
|
||||
|
||||
local ($rcsfile) = "$opt_file,v";
|
||||
|
|
@ -591,11 +596,13 @@ sub do_diff {
|
|||
|
||||
# Show specified CVS log entry.
|
||||
sub do_log {
|
||||
print "<TITLE>$opt_file: $opt_rev CVS log entry</TITLE>\n";
|
||||
print '<PRE>';
|
||||
|
||||
CheckHidden("$dir/$opt_file");
|
||||
|
||||
chdir($dir);
|
||||
|
||||
print "<TITLE>$opt_file: $opt_rev CVS log entry</TITLE>\n";
|
||||
print '<PRE>';
|
||||
open(RCSLOG, "rlog -r$opt_rev $opt_file |");
|
||||
|
||||
while (<RCSLOG>) {
|
||||
|
|
@ -639,12 +646,15 @@ sub do_directory {
|
|||
|
||||
EmitHtmlHeader("CVS Differences", $output);
|
||||
|
||||
CheckHidden($dir);
|
||||
chdir($dir);
|
||||
|
||||
print "<TABLE BORDER CELLPADDING=2>\n";
|
||||
|
||||
foreach $file (split(/\+/, $opt_files)) {
|
||||
local ($path) = "$dir/$file,v";
|
||||
|
||||
CheckHidden($path);
|
||||
$path = "$dir/Attic/$file,v" if (! -r $path);
|
||||
&parse_rcs_file($path);
|
||||
|
||||
|
|
@ -950,7 +960,6 @@ __BOTTOM__
|
|||
|
||||
|
||||
sub do_cmd {
|
||||
|
||||
if ($opt_command eq 'DIFF_FRAMESET') { do_diff_frameset; }
|
||||
elsif ($opt_command eq 'DIFF_LINKS') { do_diff_links; }
|
||||
elsif ($opt_command eq 'DIFF') { do_diff; }
|
||||
|
|
|
|||
|
|
@ -58,6 +58,8 @@ if( $rev ne "" ){
|
|||
print "
|
||||
<head><title>Repository Directory $CVS_ROOT/$dir $s</title></head>";
|
||||
|
||||
CheckHidden("$CVS_ROOT/$dir");
|
||||
|
||||
$output = "<DIV ALIGN=LEFT>";
|
||||
|
||||
($dir_head, $dir_tail) = $dir =~ m@(.*/)?(.+)@;
|
||||
|
|
|
|||
|
|
@ -129,3 +129,46 @@ sub SqlQuote {
|
|||
s/\\/\\\\/g;
|
||||
return $_;
|
||||
}
|
||||
|
||||
|
||||
# Returns true if the given directory or filename is one of the hidden ones
|
||||
# that we don't want to show users.
|
||||
|
||||
sub IsHidden {
|
||||
my ($name) = (@_);
|
||||
$name =~ s:///*:/:g; # Remove any multiple slashes.
|
||||
if (!defined @hidelist) {
|
||||
if (open(HIDE, "<data/hidelist")) {
|
||||
while (<HIDE>) {
|
||||
chop;
|
||||
s/^\s*//g; # Strip leading whitespace
|
||||
s/\s*$//g; # Strip trailing whitespace
|
||||
if ( /^#/ || /^$/) {
|
||||
next;
|
||||
}
|
||||
|
||||
push(@hidelist, $_);
|
||||
}
|
||||
close HIDE;
|
||||
} else {
|
||||
@hidelist = ();
|
||||
}
|
||||
}
|
||||
foreach my $item (@hidelist) {
|
||||
if ($name =~ m/$item/) {
|
||||
return 1;
|
||||
}
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
sub CheckHidden {
|
||||
my ($name) = (@_);
|
||||
if (IsHidden($name)) {
|
||||
$| = 1;
|
||||
print "";
|
||||
die "Security violation; not allowed to access $name.";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче