1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
| | # Copyright (C) 2015 all contributors <meta@public-inbox.org>
# License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
package PublicInbox::RepoBase;
use strict;
use warnings;
use PublicInbox::Hval;
our %MIME_TYPE_WHITELIST = ('application/pdf' => 1);
sub new { bless {}, shift }
sub call {
my ($self, $cmd, $req) = @_;
my $vcs = $req->{-repo}->{vcs};
my $rv = eval {
no strict 'refs';
my $sub = "call_${vcs}_$cmd";
$self->$sub($req);
};
$@ ? [ 500, ['Content-Type', 'text/plain'], [] ] : $rv;
}
sub mime_load {
my ($self, $file) = @_;
my %rv;
open my $fh, '<', $file or return \%rv;
while (<$fh>) {
next if /^#/; # no comments
my ($type, @ext) = split(/\s+/);
if (defined $type) {
$rv{$_} = $type foreach @ext;
}
}
\%rv;
}
# returns undef if missing, so users can scan the blob if needed
sub mime_type_unsafe {
my ($self, $fn) = @_;
$fn =~ /\.([^\.]+)\z/ or return;
my $ext = $1;
my $m = $self->{mime_types} ||= $self->mime_load('/etc/mime.types');
$m->{$ext};
}
sub mime_type {
my ($self, $fn) = @_;
my $ct = $self->mime_type_unsafe($fn);
return unless defined $ct;
# XSS protection. Assume the browser knows what to do
# with images/audio/video; but don't allow random HTML from
# a repository to be served
($ct =~ m!\A(?:image|audio|video)/! || $MIME_TYPE_WHITELIST{$ct}) ?
$ct : undef;
}
# starts an HTML page for Repobrowse in a consistent way
sub html_start {
my ($self, $req, $title_html, $opts) = @_;
my $desc = $req->{-repo}->desc_html;
my $meta = '';
if ($opts) {
my @robots;
foreach (qw(nofollow noindex)) {
push @robots, $_ if $opts->{$_};
}
$meta = qq(<meta\nname=robots\ncontent=") .
join(',', @robots) . '" />';
}
"<html><head><title>$title_html</title>" .
PublicInbox::Hval::STYLE . $meta .
"</head><body><pre><b>$desc</b>";
}
sub r {
my ($self, $status, $req, @extra) = @_;
my @h;
my $body = '';
if ($status == 301 || $status == 302) {
# The goal is to be able to make redirects like we make
# <a href=> tags with '../'
my $env = $req->{env};
my $base = PublicInbox::Repobrowse::base_url($env);
my ($redir) = @extra;
if (index($redir, '/') != 0) { # relative redirect
my @orig = split(m!/+!, $env->{PATH_INFO});
my @dest = split(m!/+!, $redir);
while ($dest[0] eq '..') {
pop @orig;
shift @dest;
}
my $end = '';
$end = pop @dest if $dest[-1] =~ /\A[#\?]/;
$redir = $base . join('/', @orig, @dest) . $end;
} else {
$redir = $base . $redir;
}
push @h, qw(Content-Type text/plain Location), $redir;
# mainly for curl (no-'-L') users:
$body = "Redirecting to $redir\n";
} else {
push @h, 'Content-Type', 'text/plain; charset=UTF-8';
}
[ $status, \@h, [ $body ] ]
}
sub rt {
my ($self, $status, $t) = @_;
my $res = [ $status, [ 'Content-Type', "text/$t; charset=UTF-8" ] ];
$res->[2] = [ $_[3] ] if defined $_[3];
$res;
}
1;
|