Commits


gotwebd: fix NULL deref on ENOMEM in gotweb_process_request ok tracey@


gotwebd: fix memory leak introduced in d927f8c ok tracey@


don't create signed tag objects with trailing NUL Although Git itself did not care, the superfluous NUL at the end of the tag object was breaking GitHub's SSH signature detection. ok stsp@


gotwebd: add CSP policy ok tracey@


gotwebd: fix for possible NULL beign passed to fcgi_printf reported by and ok tracey@


gotwebd: make sure to escape possibly unsafe strings this fixes only the HTML escaping of strings, the urlencode is still missig. while here also plug a memory leak in gotweb_render_branches and drop some needless ternary operators. ok tracey@


gotwebd: minor tweaks to the generated HTML spotted by validator.w3.org: - use target="_blank" instead of `_sotd' - drop `alt' attributes in `a' tags This fixes all the errors reported; only a warning suggesting to add a `lang' attribute on the <html> tag remains.


mark functions internally used by sockets.c as static ok tracey


fix previous: store port number in host byte order, convert for struct sockaddr With the previous patch the listen port was correct, but the debug log output was still displaying the swapped port number. Now both listen behaviour and debug log output agree.


fix gotwebd default fcgi listen port byte-order (port 10275 -> port 9000) ok tracey


gotwebd: listen on localhost only by default ok tracey


gotwebd: struct socket_conf can only use a single address, so don't use a list ok tracey


gotwebd: add fcgi_printf instead of fcgi_gen_response which outputs only a fixed strings provide a printf-like fcgi_printf: it greatly simplifies the generation of the HTML pages. While here also (probably) fix some HTML errors: the output was verified with the W3C validator and it's correct (in the sense that the tags are properly closed, there are still some other things the validator complains about.) ok/encouragement baseprime@, ok jamsek Thanks for reading such a boring diff!


fix overflow in blame callback spotted by noticing gotwebd crashing on some blame requests. Diff from stsp@ with a fix from tracey@, I'm committing it only because he is short on time. ok stsp@


gotwebd: initialize IPv4 and IPv6 sockets in the same way ok tracey