[PATCH] gitweb: option 'strict export'

Matthias Lederhofer <matled@xxxxxxx> · Sat, 16 Sep 2006 23:43:23 +0200

With this option enabled gitweb will only give access to repositories
which are also shown on the overview page.
---
Matthias Lederhofer <matled@xxxxxxx> wrote:
> Perhaps there should be another option which allows only those
> repositories to be shown which are in $projects_list.
Here it is.  This option is probably the one more likely to be used.
It disallows access to repositories (using ?p=path/to/repository) that
are not on the projects-list-page.
---
 Makefile           |    2 ++
 gitweb/gitweb.perl |   12 +++++++++++-
 2 files changed, 13 insertions(+), 1 deletions(-)

diff --git a/Makefile b/Makefile
index 63df24c..0e17d4c 100644
--- a/Makefile
+++ b/Makefile
@@ -133,6 +133,7 @@ GITWEB_CSS = gitweb.css
 GITWEB_LOGO = git-logo.png
 GITWEB_FAVICON = git-favicon.png
 GITWEB_EXPORT_OK =
+GITWEB_STRICT_EXPORT =
 
 export prefix bindir gitexecdir template_dir GIT_PYTHON_DIR
 
@@ -639,6 +640,7 @@ gitweb/gitweb.cgi: gitweb/gitweb.perl
 	    -e 's|++GITWEB_LOGO++|$(GITWEB_LOGO)|g' \
 	    -e 's|++GITWEB_FAVICON++|$(GITWEB_FAVICON)|g' \
 	    -e 's|++GITWEB_EXPORT_OK++|$(GITWEB_EXPORT_OK)|g' \
+	    -e 's|++GITWEB_STRICT_EXPORT++|$(GITWEB_STRICT_EXPORT)|g' \
 	    $< >$@+
 	chmod +x $@+
 	mv $@+ $@
diff --git a/gitweb/gitweb.perl b/gitweb/gitweb.perl
index 3944d13..976f7ec 100755
--- a/gitweb/gitweb.perl
+++ b/gitweb/gitweb.perl
@@ -57,6 +57,9 @@ our $projects_list = "++GITWEB_LIST++";
 # show repository only if this file exists
 our $export_ok = "++GITWEB_EXPORT_OK++";
 
+# only allow viewing of repositories also shown on the overview page
+our $strict_export = "++GITWEB_STRICT_EXPORT++";
+
 # list of git base URLs used for URL to where fetch project from,
 # i.e. full URL is "$git_base_url/$project"
 our @git_base_url_list = ("++GITWEB_BASE_URL++");
@@ -189,7 +192,8 @@ if (defined $project) {
 	}
 	if (!(-d "$projectroot/$project") ||
 	    !(-e "$projectroot/$project/HEAD") ||
-	    ($export_ok && !(-e "$projectroot/$project/$export_ok"))) {
+	    ($export_ok && !(-e "$projectroot/$project/$export_ok")) ||
+	    ($strict_export && !project_in_list($project))) {
 		undef $project;
 		die_error(undef, "No such project");
 	}
@@ -384,6 +388,12 @@ sub untabify {
 	return $line;
 }
 
+sub project_in_list {
+	my $project = shift;
+	my @list = git_get_projects_list();
+	return(@list && scalar(grep { $_->{'path'} eq $project } @list) != 0);
+}
+
 ## ----------------------------------------------------------------------
 ## HTML aware string manipulation
 
-- 
1.4.2.g0ea2

-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




