mirror of
https://github.com/git/git.git
synced 2024-11-07 09:43:00 +01:00
Mirror of https://github.com/git/git
e8c3531717
Enhance usability of 'blob_plain' view protection against XSS attacks (enabled by setting $prevent_xss to true) by serving contents inline as safe 'text/plain' mimetype where possible, instead of serving with "Content-Disposition: attachment" to make sure they don't run in gitweb's security domain. This patch broadens downgrading to 'text/plain' further, to any */*+xml mimetype. This includes: application/xhtml+xml (*.xhtml, *.xht) application/atom+xml (*.atom) application/rss+xml (*.rss) application/mathml+xm (*.mathml) application/docbook+xml (*.docbook) image/svg+xml (*.svg, *.svgz) Probably most useful is serving XHTML files as text/plain in 'blob_plain' view, directly viewable. Because file with 'image/svg+xml' mimetype can be compressed SVGZ file, we have to check if */*+xml really is text file, via '-T $fd'. Signed-off-by: Jakub Narebski <jnareb@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com> |
||
|---|---|---|
| arm | ||
| compat | ||
| contrib | ||
| Documentation | ||
| git-gui | ||
| gitk-git | ||
| gitweb | ||
| mozilla-sha1 | ||
| perl | ||
| ppc | ||
| t | ||
| templates | ||
| xdiff | ||
| .gitattributes | ||
| .gitignore | ||
| .mailmap | ||
| abspath.c | ||
| alias.c | ||
| alloc.c | ||
| archive-tar.c | ||
| archive-zip.c | ||
| archive.c | ||
| archive.h | ||
| attr.c | ||
| attr.h | ||
| base85.c | ||
| blob.c | ||
| blob.h | ||
| branch.c | ||
| branch.h | ||
| builtin-add.c | ||
| builtin-annotate.c | ||
| builtin-apply.c | ||
| builtin-archive.c | ||
| builtin-blame.c | ||
| builtin-branch.c | ||
| builtin-bundle.c | ||
| builtin-cat-file.c | ||
| builtin-check-attr.c | ||
| builtin-check-ref-format.c | ||
| builtin-checkout-index.c | ||
| builtin-checkout.c | ||
| builtin-clean.c | ||
| builtin-clone.c | ||
| builtin-commit-tree.c | ||
| builtin-commit.c | ||
| builtin-config.c | ||
| builtin-count-objects.c | ||
| builtin-describe.c | ||
| builtin-diff-files.c | ||
| builtin-diff-index.c | ||
| builtin-diff-tree.c | ||
| builtin-diff.c | ||
| builtin-fast-export.c | ||
| builtin-fetch--tool.c | ||
| builtin-fetch-pack.c | ||
| builtin-fetch.c | ||
| builtin-fmt-merge-msg.c | ||
| builtin-for-each-ref.c | ||
| builtin-fsck.c | ||
| builtin-gc.c | ||
| builtin-grep.c | ||
| builtin-help.c | ||
| builtin-http-fetch.c | ||
| builtin-init-db.c | ||
| builtin-log.c | ||
| builtin-ls-files.c | ||
| builtin-ls-remote.c | ||
| builtin-ls-tree.c | ||
| builtin-mailinfo.c | ||
| builtin-mailsplit.c | ||
| builtin-merge-base.c | ||
| builtin-merge-file.c | ||
| builtin-merge-ours.c | ||
| builtin-merge-recursive.c | ||
| builtin-merge.c | ||
| builtin-mv.c | ||
| builtin-name-rev.c | ||
| builtin-pack-objects.c | ||
| builtin-pack-refs.c | ||
| builtin-prune-packed.c | ||
| builtin-prune.c | ||
| builtin-push.c | ||
| builtin-read-tree.c | ||
| builtin-receive-pack.c | ||
| builtin-reflog.c | ||
| builtin-remote.c | ||
| builtin-rerere.c | ||
| builtin-reset.c | ||
| builtin-rev-list.c | ||
| builtin-rev-parse.c | ||
| builtin-revert.c | ||
| builtin-rm.c | ||
| builtin-send-pack.c | ||
| builtin-shortlog.c | ||
| builtin-show-branch.c | ||
| builtin-show-ref.c | ||
| builtin-stripspace.c | ||
| builtin-symbolic-ref.c | ||
| builtin-tag.c | ||
| builtin-tar-tree.c | ||
| builtin-unpack-objects.c | ||
| builtin-update-index.c | ||
| builtin-update-ref.c | ||
| builtin-upload-archive.c | ||
| builtin-verify-pack.c | ||
| builtin-verify-tag.c | ||
| builtin-write-tree.c | ||
| builtin.h | ||
| bundle.c | ||
| bundle.h | ||
| cache-tree.c | ||
| cache-tree.h | ||
| cache.h | ||
| check-builtins.sh | ||
| check-racy.c | ||
| check_bindir | ||
| color.c | ||
| color.h | ||
| combine-diff.c | ||
| command-list.txt | ||
| commit.c | ||
| commit.h | ||
| config.c | ||
| config.mak.in | ||
| configure.ac | ||
| connect.c | ||
| convert.c | ||
| copy.c | ||
| COPYING | ||
| csum-file.c | ||
| csum-file.h | ||
| ctype.c | ||
| daemon.c | ||
| date.c | ||
| decorate.c | ||
| decorate.h | ||
| delta.h | ||
| diff-delta.c | ||
| diff-lib.c | ||
| diff-no-index.c | ||
| diff.c | ||
| diff.h | ||
| diffcore-break.c | ||
| diffcore-delta.c | ||
| diffcore-order.c | ||
| diffcore-pickaxe.c | ||
| diffcore-rename.c | ||
| diffcore.h | ||
| dir.c | ||
| dir.h | ||
| editor.c | ||
| entry.c | ||
| environment.c | ||
| exec_cmd.c | ||
| exec_cmd.h | ||
| fast-import.c | ||
| fetch-pack.h | ||
| fixup-builtins | ||
| fsck.c | ||
| fsck.h | ||
| generate-cmdlist.sh | ||
| git-add--interactive.perl | ||
| git-am.sh | ||
| git-archimport.perl | ||
| git-bisect.sh | ||
| git-compat-util.h | ||
| git-cvsexportcommit.perl | ||
| git-cvsimport.perl | ||
| git-cvsserver.perl | ||
| git-filter-branch.sh | ||
| git-instaweb.sh | ||
| git-lost-found.sh | ||
| git-merge-octopus.sh | ||
| git-merge-one-file.sh | ||
| git-merge-resolve.sh | ||
| git-mergetool.sh | ||
| git-parse-remote.sh | ||
| git-pull.sh | ||
| git-quiltimport.sh | ||
| git-rebase--interactive.sh | ||
| git-rebase.sh | ||
| git-relink.perl | ||
| git-repack.sh | ||
| git-request-pull.sh | ||
| git-send-email.perl | ||
| git-sh-setup.sh | ||
| git-stash.sh | ||
| git-submodule.sh | ||
| git-svn.perl | ||
| GIT-VERSION-GEN | ||
| git-web--browse.sh | ||
| git.c | ||
| git.spec.in | ||
| graph.c | ||
| graph.h | ||
| grep.c | ||
| grep.h | ||
| hash-object.c | ||
| hash.c | ||
| hash.h | ||
| help.c | ||
| help.h | ||
| http-push.c | ||
| http-walker.c | ||
| http.c | ||
| http.h | ||
| ident.c | ||
| imap-send.c | ||
| index-pack.c | ||
| INSTALL | ||
| levenshtein.c | ||
| levenshtein.h | ||
| list-objects.c | ||
| list-objects.h | ||
| ll-merge.c | ||
| ll-merge.h | ||
| lockfile.c | ||
| log-tree.c | ||
| log-tree.h | ||
| mailmap.c | ||
| mailmap.h | ||
| Makefile | ||
| match-trees.c | ||
| merge-file.c | ||
| merge-index.c | ||
| merge-recursive.c | ||
| merge-recursive.h | ||
| merge-tree.c | ||
| mktag.c | ||
| mktree.c | ||
| name-hash.c | ||
| object.c | ||
| object.h | ||
| pack-check.c | ||
| pack-redundant.c | ||
| pack-refs.c | ||
| pack-refs.h | ||
| pack-revindex.c | ||
| pack-revindex.h | ||
| pack-write.c | ||
| pack.h | ||
| pager.c | ||
| parse-options.c | ||
| parse-options.h | ||
| patch-delta.c | ||
| patch-id.c | ||
| patch-ids.c | ||
| patch-ids.h | ||
| path.c | ||
| pkt-line.c | ||
| pkt-line.h | ||
| preload-index.c | ||
| pretty.c | ||
| progress.c | ||
| progress.h | ||
| quote.c | ||
| quote.h | ||
| reachable.c | ||
| reachable.h | ||
| read-cache.c | ||
| README | ||
| reflog-walk.c | ||
| reflog-walk.h | ||
| refs.c | ||
| refs.h | ||
| RelNotes | ||
| remote.c | ||
| remote.h | ||
| rerere.c | ||
| rerere.h | ||
| revision.c | ||
| revision.h | ||
| run-command.c | ||
| run-command.h | ||
| send-pack.h | ||
| server-info.c | ||
| setup.c | ||
| sha1-lookup.c | ||
| sha1-lookup.h | ||
| sha1_file.c | ||
| sha1_name.c | ||
| shallow.c | ||
| shell.c | ||
| shortlog.h | ||
| show-index.c | ||
| sideband.c | ||
| sideband.h | ||
| strbuf.c | ||
| strbuf.h | ||
| string-list.c | ||
| string-list.h | ||
| symlinks.c | ||
| tag.c | ||
| tag.h | ||
| tar.h | ||
| test-chmtime.c | ||
| test-date.c | ||
| test-delta.c | ||
| test-dump-cache-tree.c | ||
| test-genrandom.c | ||
| test-match-trees.c | ||
| test-parse-options.c | ||
| test-path-utils.c | ||
| test-sha1.c | ||
| test-sha1.sh | ||
| thread-utils.c | ||
| thread-utils.h | ||
| trace.c | ||
| transport.c | ||
| transport.h | ||
| tree-diff.c | ||
| tree-walk.c | ||
| tree-walk.h | ||
| tree.c | ||
| tree.h | ||
| unpack-file.c | ||
| unpack-trees.c | ||
| unpack-trees.h | ||
| update-server-info.c | ||
| upload-pack.c | ||
| usage.c | ||
| userdiff.c | ||
| userdiff.h | ||
| utf8.c | ||
| utf8.h | ||
| var.c | ||
| walker.c | ||
| walker.h | ||
| wrapper.c | ||
| write_or_die.c | ||
| ws.c | ||
| wt-status.c | ||
| wt-status.h | ||
| xdiff-interface.c | ||
| xdiff-interface.h | ||
//////////////////////////////////////////////////////////////// GIT - the stupid content tracker //////////////////////////////////////////////////////////////// "git" can mean anything, depending on your mood. - random three-letter combination that is pronounceable, and not actually used by any common UNIX command. The fact that it is a mispronunciation of "get" may or may not be relevant. - stupid. contemptible and despicable. simple. Take your pick from the dictionary of slang. - "global information tracker": you're in a good mood, and it actually works for you. Angels sing, and a light suddenly fills the room. - "goddamn idiotic truckload of sh*t": when it breaks Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git is an Open Source project covered by the GNU General Public License. It was originally written by Linus Torvalds with help of a group of hackers around the net. It is currently maintained by Junio C Hamano. Please read the file INSTALL for installation instructions. See Documentation/gittutorial.txt to get started, then see Documentation/everyday.txt for a useful minimum set of commands, and "man git-commandname" for documentation of each command. CVS users may also want to read Documentation/cvs-migration.txt. Many Git online resources are accessible from http://git.or.cz/ including full documentation and Git related tools. The user discussion and development of Git take place on the Git mailing list -- everyone is welcome to post bug reports, feature requests, comments and patches to git@vger.kernel.org. To subscribe to the list, send an email with just "subscribe git" in the body to majordomo@vger.kernel.org. The mailing list archives are available at http://marc.theaimsgroup.com/?l=git and other archival sites. The messages titled "A note from the maintainer", "What's in git.git (stable)" and "What's cooking in git.git (topics)" and the discussion following them on the mailing list give a good reference for project status, development direction and remaining tasks.