Author: cmpilato
Date: 2007-03-27 12:03:37-0700
New Revision: 1544
Modified:
trunk/docs/upgrading-howto.html
trunk/lib/config.py
trunk/lib/viewvc.py
trunk/templates/annotate.ezt
trunk/templates/directory.ezt
trunk/templates/log.ezt
trunk/templates/log_table.ezt
trunk/templates/markup.ezt
trunk/templates/query_results.ezt
trunk/viewvc.conf.dist
Log:
Unify the allowable views configury, and all support for disabling the
checkout view. The former is for sanity, the latter for security.
* viewvc.conf.dist
(allow_tar, allow_annotate, allow_markup): Removed.
(allowed_views): New.
* lib/config.py
(Config._force_multi_value): Add 'allowed_views'.
(Config.set_defaults): Set default for 'allowed_views'; no longer set
defaults for 'allow_tar', 'allow_annotate', 'allow_markup'.
* lib/viewvc.py
(default_view, view_directory, download_tarball, get_file_view_info,
view_annotate, view_diff, build_commit, view_revision, view_markup,
view_checkout): Track changes, adding code to prevent checkout view
URL generation when the view is disabled, and doing the same for
markup views (which should have already been done, since we already
had an allow_markup option!)
* templates/query_results.ezt
* templates/markup.ezt
* templates/directory.ezt
* templates/log.ezt
* templates/log_table.ezt
* templates/annotate.ezt
Don't assume checkout and markup views are present.
* docs/upgrading-howto.html
Update to show the configuration changes.
Modified: trunk/docs/upgrading-howto.html
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/docs/upgrading-howto.html?view=diff&rev=1544&p1=trunk/docs/upgrading-howto.html&p2=trunk/docs/upgrading-howto.html&r1=1543&r2=1544
==============================================================================
--- trunk/docs/upgrading-howto.html (original)
+++ trunk/docs/upgrading-howto.html 2007-03-27 12:03:37-0700
@@ -114,6 +114,7 @@
<li>utilities/gzip</li>
<li>utilities/sed</li>
<li>options/use_py2html</li>
+ <li>options/allowed_views</li>
</ul>
<p>The following options have been removed:</p>
@@ -127,6 +128,9 @@
<li>options/py2html_path</li>
<li>options/php_exe</li>
<li>options/cvsgraph_path</li>
+ <li>options/allow_annotate</li>
+ <li>options/allow_markup</li>
+ <li>options/allow_tar</li>
</ul>
</div>
Modified: trunk/lib/config.py
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/config.py?view=diff&rev=1544&p1=trunk/lib/config.py&p2=trunk/lib/config.py&r1=1543&r2=1544
==============================================================================
--- trunk/lib/config.py (original)
+++ trunk/lib/config.py 2007-03-27 12:03:37-0700
@@ -41,7 +41,7 @@
_sections = ('general', 'utilities', 'options', 'cvsdb', 'templates')
_force_multi_value = ('cvs_roots', 'forbidden',
'svn_roots', 'languages', 'kv_files',
- 'root_parents')
+ 'root_parents', 'allowed_views')
def __init__(self):
for section in self._sections:
@@ -195,6 +195,7 @@
self.options.root_as_url_component = 0
self.options.default_file_view = "log"
self.options.checkout_magic = 0
+ self.options.allowed_views = ['markup', 'annotate']
self.options.sort_by = 'file'
self.options.sort_group_dirs = 1
self.options.hide_attic = 1
@@ -206,8 +207,6 @@
self.options.hr_ignore_white = 1
self.options.hr_ignore_keyword_subst = 1
self.options.hr_intraline = 0
- self.options.allow_annotate = 1
- self.options.allow_markup = 1
self.options.allow_compress = 1
self.options.template_dir = "templates"
self.options.docroot = None
@@ -224,7 +223,6 @@
self.options.source_highlight_line_numbers = 1
self.options.use_py2html = 0
self.options.use_php = 0
- self.options.allow_tar = 0
self.options.use_cvsgraph = 0
self.options.cvsgraph_conf = "cvsgraph.conf"
self.options.use_re_search = 0
Modified: trunk/lib/viewvc.py
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/lib/viewvc.py?view=diff&rev=1544&p1=trunk/lib/viewvc.py&p2=trunk/lib/viewvc.py&r1=1543&r2=1544
==============================================================================
--- trunk/lib/viewvc.py (original)
+++ trunk/lib/viewvc.py 2007-03-27 12:03:37-0700
@@ -918,7 +918,7 @@
# very useful marked up. If the mime type is totally unknown (happens when
# we encounter an unrecognized file extension) we also view it through
# the markup page since that's better than sending it text/plain.
- if (cfg.options.allow_markup and
+ if ('markup' in cfg.options.allowed_views and
(is_viewable_image(mime_type) or is_text(mime_type))):
return view_markup
return view_checkout
@@ -930,28 +930,31 @@
mime_type = mime_type or request.mime_type
if pathrev == -1: # cheesy default value, since we need to preserve None
pathrev = request.pathrev
- download_text_href = annotate_href = revision_href = None
- view_href = request.get_url(view_func=view_markup,
- where=where,
- pathtype=vclib.FILE,
- params={'revision': rev,
- 'pathrev': pathrev},
- escape=1)
- download_href = request.get_url(view_func=view_checkout,
- where=where,
- pathtype=vclib.FILE,
- params={'revision': rev,
- 'pathrev': pathrev},
- escape=1)
- if not is_plain_text(mime_type):
- download_text_href = request.get_url(view_func=view_checkout,
- where=where,
- pathtype=vclib.FILE,
- params={'content-type': 'text/plain',
- 'revision': rev,
- 'pathrev': pathrev},
- escape=1)
- if request.cfg.options.allow_annotate:
+ view_href = download_href = download_text_href = annotate_href =
revision_href = None
+
+ if 'markup' in request.cfg.options.allowed_views:
+ view_href = request.get_url(view_func=view_markup,
+ where=where,
+ pathtype=vclib.FILE,
+ params={'revision': rev,
+ 'pathrev': pathrev},
+ escape=1)
+ if 'co' in request.cfg.options.allowed_views:
+ download_href = request.get_url(view_func=view_checkout,
+ where=where,
+ pathtype=vclib.FILE,
+ params={'revision': rev,
+ 'pathrev': pathrev},
+ escape=1)
+ if not is_plain_text(mime_type):
+ download_text_href = request.get_url(view_func=view_checkout,
+ where=where,
+ pathtype=vclib.FILE,
+ params={'content-type':
'text/plain',
+ 'revision': rev,
+ 'pathrev': pathrev},
+ escape=1)
+ if 'annotate' in request.cfg.options.allowed_views:
annotate_href = request.get_url(view_func=view_annotate,
where=where,
pathtype=vclib.FILE,
@@ -1390,6 +1393,10 @@
return time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime(date)) + ' UTC'
def view_markup(request):
+ if 'markup' not in request.cfg.options.allowed_views:
+ raise debug.ViewVCException('Markup view is disabled',
+ '403 Forbidden')
+
cfg = request.cfg
path, rev = _orig_path(request)
fp, revision = request.repos.openfile(path, rev)
@@ -1457,7 +1464,8 @@
})
markup_fp = None
- if is_viewable_image(request.mime_type):
+ if is_viewable_image(request.mime_type) \
+ and 'co' in cfg.options.allowed_views:
fp.close()
url = request.get_url(view_func=view_checkout, params={'revision': rev},
escape=1)
@@ -1791,7 +1799,7 @@
data['dir_paging_action'], data['dir_paging_hidden_values'] = \
request.get_form(params={'dir_pagestart': None})
- if cfg.options.allow_tar:
+ if 'tar' in cfg.options.allowed_views:
data['tarball_href'] = request.get_url(view_func=download_tarball,
params={},
escape=1)
@@ -2189,6 +2197,10 @@
generate_page(request, "log", data)
def view_checkout(request):
+ if 'co' not in request.cfg.options.allowed_views:
+ raise debug.ViewVCException('Checkout view is disabled',
+ '403 Forbidden')
+
path, rev = _orig_path(request)
fp, revision = request.repos.openfile(path, rev)
@@ -2200,7 +2212,7 @@
fp.close()
def view_annotate(request):
- if not request.cfg.options.allow_annotate:
+ if 'annotate' not in request.cfg.options.allowed_views:
raise debug.ViewVCException('Annotation view is disabled',
'403 Forbidden')
@@ -2836,7 +2848,7 @@
data['patch_href'] = request.get_url(view_func=view_patch,
params=orig_params,
escape=1)
- if request.cfg.options.allow_annotate:
+ if 'annotate' in request.cfg.options.allowed_views:
data['annotate_href'] = request.get_url(view_func=view_annotate,
where=path_right,
pathtype=vclib.FILE,
@@ -3020,7 +3032,7 @@
def download_tarball(request):
cfg = request.cfg
- if not request.cfg.options.allow_tar:
+ if 'tar' not in request.cfg.options.allowed_views:
raise debug.ViewVCException('Tarball generation is disabled',
'403 Forbidden')
@@ -3120,11 +3132,13 @@
link_rev = str(rev)
link_where = change.filename
- change.view_href = request.get_url(view_func=view_func,
- where=link_where,
- pathtype=change.pathtype,
- params={'pathrev' : link_rev},
- escape=1)
+ if view_func != view_markup \
+ or 'markup' in request.cfg.options.allowed_views:
+ change.view_href = request.get_url(view_func=view_func,
+ where=link_where,
+ pathtype=change.pathtype,
+ params={'pathrev' : link_rev},
+ escape=1)
change.log_href = request.get_url(view_func=view_log,
where=link_where,
pathtype=change.pathtype,
@@ -3358,14 +3372,6 @@
where=filename, pathtype=vclib.FILE,
params=params,
escape=1)
- view_href = request.get_url(view_func=view_markup,
- where=filename, pathtype=vclib.FILE,
- params={'revision': f.GetRevision() },
- escape=1)
- download_href = request.get_url(view_func=view_checkout,
- where=filename, pathtype=vclib.FILE,
- params={'revision': f.GetRevision() },
- escape=1)
diff_href = request.get_url(view_func=view_diff,
where=filename, pathtype=vclib.FILE,
params={'r1': prev_rev(f.GetRevision()),
@@ -3373,6 +3379,18 @@
'diff_format': None},
escape=1)
+ view_href = download_href = None
+ if 'markup' in request.cfg.options.allowed_views:
+ view_href = request.get_url(view_func=view_markup,
+ where=filename, pathtype=vclib.FILE,
+ params={'revision': f.GetRevision() },
+ escape=1)
+ if 'co' in request.cfg.options.allowed_views:
+ download_href = request.get_url(view_func=view_checkout,
+ where=filename, pathtype=vclib.FILE,
+ params={'revision': f.GetRevision() },
+ escape=1)
+
# skip files in forbidden or hidden modules
dir_parts = filter(None, string.split(dirname, '/'))
if dir_parts \
Modified: trunk/templates/annotate.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/annotate.ezt?view=diff&rev=1544&p1=trunk/templates/annotate.ezt&p2=trunk/templates/annotate.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/annotate.ezt (original)
+++ trunk/templates/annotate.ezt 2007-03-27 12:03:37-0700
@@ -6,7 +6,7 @@
<p>
Revision [if-any revision_href]<a
href="[revision_href]"><strong>[rev]</strong></a>[else]<strong>[rev]</strong>[end]
-
(<a href="[view_href]"><strong>view</strong></a>)
-(<a href="[download_href]"><strong>download</strong></a>)
+[if-any download_href](<a
href="[download_href]"><strong>download</strong></a>)[end]
[if-any download_text_href](<a href="[download_text_href]"><strong>as
text</strong></a>)[end]
[if-any orig_path]
<br />Original Path: <a href="[orig_href]"><em>[orig_path]</em></a>
Modified: trunk/templates/directory.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/directory.ezt?view=diff&rev=1544&p1=trunk/templates/directory.ezt&p2=trunk/templates/directory.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/directory.ezt (original)
+++ trunk/templates/directory.ezt 2007-03-27 12:03:37-0700
@@ -96,7 +96,8 @@
[is entries.pathtype "dir"]
<td> [if-any entries.rev]<a href="[entries.log_href]" title="View
directory revision log"><strong>[entries.rev]</strong></a>[end]</td>
[else]
- <td> [if-any entries.rev]<a href="[if-any
entries.prefer_markup][entries.view_href][else][entries.download_href][end]"
title="[if-any entries.prefer_markup]View[else]Download[end] file
contents"><strong>[entries.rev]</strong></a>[end]</td>
+ [define rev_href][if-any
entries.prefer_markup][entries.view_href][else][if-any
entries.download_href][entries.download_href][end][end][end]
+ <td> [if-any entries.rev][if-any rev_href]<a href="[rev_href]"
title="[if-any entries.prefer_markup]View[else]Download[end] file
contents">[end]<strong>[entries.rev]</strong>[if-any
rev_href]</a>[end][end]</td>
[end]
<td> [entries.ago]</td>
<td> [entries.author]</td>
Modified: trunk/templates/log.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/log.ezt?view=diff&rev=1544&p1=trunk/templates/log.ezt&p2=trunk/templates/log.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/log.ezt (original)
+++ trunk/templates/log.ezt 2007-03-27 12:03:37-0700
@@ -19,10 +19,12 @@
[end]
Revision [is roottype "svn"]<a
href="[entries.revision_href]"><strong>[entries.rev]</strong></a>[else]<strong>[entries.rev]</strong>[end]
-
- [is pathtype "file"]
- (<a href="[entries.view_href]">view</a>)
- [else]
- <a href="[entries.view_href]">Directory Listing</a>
+ [if-any entries.view_href]
+ [is pathtype "file"]
+ (<a href="[entries.view_href]">view</a>)
+ [else]
+ <a href="[entries.view_href]">Directory Listing</a>
+ [end]
[end]
[if-any entries.download_href](<a
href="[entries.download_href]">download</a>)[end]
[if-any entries.download_text_href](<a
href="[entries.download_text_href]">as text</a>)[end]
Modified: trunk/templates/log_table.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/log_table.ezt?view=diff&rev=1544&p1=trunk/templates/log_table.ezt&p2=trunk/templates/log_table.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/log_table.ezt (original)
+++ trunk/templates/log_table.ezt 2007-03-27 12:03:37-0700
@@ -34,10 +34,12 @@
[# Tasks column]
<td>
- [is pathtype "file"]
- <a href="[entries.view_href]"><strong>View</strong></a><br />
- [else]
- <a href="[entries.view_href]"><strong>Directory
Listing</strong></a><br />
+ [if-any entries.view_href]
+ [is pathtype "file"]
+ <a href="[entries.view_href]"><strong>View</strong></a><br />
+ [else]
+ <a href="[entries.view_href]"><strong>Directory
Listing</strong></a><br />
+ [end]
[end]
[if-any entries.download_href]<a
href="[entries.download_href]"><strong>Download</strong></a><br />[end]
[if-any entries.download_text_href]<a
href="[entries.download_text_href]"><strong>As text</strong></a><br />[end]
Modified: trunk/templates/markup.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/markup.ezt?view=diff&rev=1544&p1=trunk/templates/markup.ezt&p2=trunk/templates/markup.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/markup.ezt (original)
+++ trunk/templates/markup.ezt 2007-03-27 12:03:37-0700
@@ -8,7 +8,7 @@
<hr />
<div class="vc_summary">
Revision [if-any revision_href]<a
href="[revision_href]"><strong>[rev]</strong></a>[else]<strong>[rev]</strong>[end]
-
-(<a href="[download_href]"><strong>download</strong></a>)
+[if-any download_href](<a
href="[download_href]"><strong>download</strong></a>)[end]
[if-any download_text_href](<a href="[download_text_href]"><strong>as
text</strong></a>)[end]
[if-any annotate_href](<a
href="[annotate_href]"><strong>annotate</strong></a>)[end]
Modified: trunk/templates/query_results.ezt
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/templates/query_results.ezt?view=diff&rev=1544&p1=trunk/templates/query_results.ezt&p2=trunk/templates/query_results.ezt&r1=1543&r2=1544
==============================================================================
--- trunk/templates/query_results.ezt (original)
+++ trunk/templates/query_results.ezt 2007-03-27 12:03:37-0700
@@ -34,7 +34,8 @@
<tbody>
<tr class="vc_row_[if-index commits even]even[else]odd[end]">
<td style="vertical-align: top;">
- [if-any commits.files.rev]<a href="[if-any
commits.files.prefer_markup][commits.files.view_href][else][commits.files.download_href][end]">[commits.files.rev]</a>[else] [end]
+ [define rev_href][if-any
commits.files.prefer_markup][commits.files.view_href][else][if-any
commits.files.download_href][commits.files.download_href][end][end][end]
+ [if-any commits.files.rev][if-any rev_href]<a
href="[rev_href]">[end][commits.files.rev][if-any
rev_href]</a>[end][else] [end]
</td>
<td style="vertical-align: top;">
<a href="[commits.files.dir_href]">[commits.files.dir]/</a>
Modified: trunk/viewvc.conf.dist
Url:
http://viewvc.tigris.org/source/browse/viewvc/trunk/viewvc.conf.dist?view=diff&rev=1544&p1=trunk/viewvc.conf.dist&p2=trunk/viewvc.conf.dist&r1=1543&r2=1544
==============================================================================
--- trunk/viewvc.conf.dist (original)
+++ trunk/viewvc.conf.dist 2007-03-27 12:03:37-0700
@@ -347,6 +347,18 @@
# any old ViewCVS URL which doesn't have an explicit "root" parameter.
root_as_url_component = 0
+# checkout_magic: Use checkout links with magic /*checkout*/ prefixes so
+# checked out HTML pages can have working links to other repository files
+# Note: This option is DEPRECATED and should not be used in new ViewVC
+# installations. Setting "default_file_view = co" achieves the same effect
+checkout_magic = 0
+
+# allowed_views: List the ViewVC views which are enabled. Views not
+# in this comma-delited list will not be served (or, will return an
+# error on attempted access).
+# Possible values: "tar", "annotate", "co", "markup"
+allowed_views = markup, annotate
+
# default_file_view: "log" or "co"
# Controls whether the default view for file URLs is a checkout view or
# a log view. "log" is the default for backwards compatibility with old
@@ -355,14 +367,10 @@
# to other repository files
# Note: Changing this option may cause old ViewCVS URLs that referred
# to log pages to load checkout pages instead.
+# Also note: If you choose the "co" view, be sure to enable it (via
+# the allowed_views option)
default_file_view = log
-# checkout_magic: Use checkout links with magic /*checkout*/ prefixes so
-# checked out HTML pages can have working links to other repository files
-# Note: This option is DEPRECATED and should not be used in new ViewVC
-# installations. Setting "default_file_view = co" achieves the same effect
-checkout_magic = 0
-
# http_expiration_time: Expiration time (in seconds) for cacheable
# pages served by ViewVC. Note that in most cases, a cache aware
# client will only revalidate the page after it expires (using the
@@ -440,12 +448,6 @@
#
hr_intraline = 0
-# allow annotation of files.
-allow_annotate = 1
-
-# allow pretty-printed version of files
-allow_markup = 1
-
# allow compression with gzip of output if the Browser accepts it
# (HTTP_ACCEPT_ENCODING=gzip)
# [make sure to have gzip in the path]
@@ -530,12 +532,6 @@
use_php = 0
#
-# ViewVC can generate tarball from a repository on the fly.
-#
-allow_tar = 0
-# allow_tar = 1
-
-#
# Use CvsGraph. See http://www.akhphd.au.dk/~bertho/cvsgraph/ for
# documentation and download.
#
|
