Commit Briefs
don't create signed tag objects with trailing NUL
Although Git itself did not care, the superfluous NUL at the end of the tag object was breaking GitHub's SSH signature detection. ok stsp@
gotwebd: add CSP policy
ok tracey@
gotwebd: fix for possible NULL beign passed to fcgi_printf
reported by and ok tracey@
gotwebd: make sure to escape possibly unsafe strings
this fixes only the HTML escaping of strings, the urlencode is still missig. while here also plug a memory leak in gotweb_render_branches and drop some needless ternary operators. ok tracey@
gotwebd: minor tweaks to the generated HTML
spotted by validator.w3.org: - use target="_blank" instead of `_sotd' - drop `alt' attributes in `a' tags This fixes all the errors reported; only a warning suggesting to add a `lang' attribute on the <html> tag remains.
fix previous: store port number in host byte order, convert for struct sockaddr
With the previous patch the listen port was correct, but the debug log output was still displaying the swapped port number. Now both listen behaviour and debug log output agree.
gotwebd: add fcgi_printf
instead of fcgi_gen_response which outputs only a fixed strings provide a printf-like fcgi_printf: it greatly simplifies the generation of the HTML pages. While here also (probably) fix some HTML errors: the output was verified with the W3C validator and it's correct (in the sense that the tags are properly closed, there are still some other things the validator complains about.) ok/encouragement baseprime@, ok jamsek Thanks for reading such a boring diff!
fix overflow in blame callback
spotted by noticing gotwebd crashing on some blame requests. Diff from stsp@ with a fix from tracey@, I'm committing it only because he is short on time. ok stsp@
fix snprintf error handling
follow the "proper secure idiom" described in the CAVEATS section of printf(3). reminded by tb@ and millert@
convert two snprintf to strlcpy
"looks good to me" millert@
got(1): Replace 'Ar sign' with 'Cm sign'
Cm sign matches the markup used in the ssh-keygen(1) man page. Patch by Josiah Frentsos
Group options in accordance with style(9)
patch by Josiah Frentsos
gotwebd: fix double free in gotweb_process_request
don't free the querystring, it's already done later by fcgi_celanup_request. ok tracey@