From 2efd7cc4afbc14b8a05816ff283a659d0ae5562d Mon Sep 17 00:00:00 2001 From: cmpilato Date: Tue, 27 Mar 2007 19:03:37 +0000 Subject: [PATCH] Unify the allowable views configury, and all support for disabling the checkout view. The former is for sanity, the latter for security. * viewvc.conf.dist (allow_tar, allow_annotate, allow_markup): Removed. (allowed_views): New. * lib/config.py (Config._force_multi_value): Add 'allowed_views'. (Config.set_defaults): Set default for 'allowed_views'; no longer set defaults for 'allow_tar', 'allow_annotate', 'allow_markup'. * lib/viewvc.py (default_view, view_directory, download_tarball, get_file_view_info, view_annotate, view_diff, build_commit, view_revision, view_markup, view_checkout): Track changes, adding code to prevent checkout view URL generation when the view is disabled, and doing the same for markup views (which should have already been done, since we already had an allow_markup option!) * templates/query_results.ezt * templates/markup.ezt * templates/directory.ezt * templates/log.ezt * templates/log_table.ezt * templates/annotate.ezt Don't assume checkout and markup views are present. * docs/upgrading-howto.html Update to show the configuration changes. git-svn-id: http://viewvc.tigris.org/svn/viewvc/trunk@1544 8cb11bc2-c004-0410-86c3-e597b4017df7 --- docs/upgrading-howto.html | 4 ++ lib/config.py | 6 +-- lib/viewvc.py | 100 +++++++++++++++++++++--------------- templates/annotate.ezt | 2 +- templates/directory.ezt | 3 +- templates/log.ezt | 10 ++-- templates/log_table.ezt | 10 ++-- templates/markup.ezt | 2 +- templates/query_results.ezt | 3 +- viewvc.conf.dist | 32 +++++------- 10 files changed, 97 insertions(+), 75 deletions(-) diff --git a/docs/upgrading-howto.html b/docs/upgrading-howto.html index fe396a65..a0e2992b 100644 --- a/docs/upgrading-howto.html +++ b/docs/upgrading-howto.html @@ -114,6 +114,7 @@ td {
  • utilities/gzip
  • utilities/sed
  • options/use_py2html
    • +
  • options/allowed_views

    • The following options have been removed:

    @@ -127,6 +128,9 @@ td {
  • options/py2html_path
  • options/php_exe
  • options/cvsgraph_path
    • +
  • options/allow_annotate
    • +
  • options/allow_markup
    • +
  • options/allow_tar
    • diff --git a/lib/config.py b/lib/config.py index a5c11ae4..6f9962fb 100644 --- a/lib/config.py +++ b/lib/config.py @@ -41,7 +41,7 @@ class Config: _sections = ('general', 'utilities', 'options', 'cvsdb', 'templates') _force_multi_value = ('cvs_roots', 'forbidden', 'svn_roots', 'languages', 'kv_files', - 'root_parents') + 'root_parents', 'allowed_views') def __init__(self): for section in self._sections: @@ -195,6 +195,7 @@ class Config: self.options.root_as_url_component = 0 self.options.default_file_view = "log" self.options.checkout_magic = 0 + self.options.allowed_views = ['markup', 'annotate'] self.options.sort_by = 'file' self.options.sort_group_dirs = 1 self.options.hide_attic = 1 @@ -206,8 +207,6 @@ class Config: self.options.hr_ignore_white = 1 self.options.hr_ignore_keyword_subst = 1 self.options.hr_intraline = 0 - self.options.allow_annotate = 1 - self.options.allow_markup = 1 self.options.allow_compress = 1 self.options.template_dir = "templates" self.options.docroot = None @@ -224,7 +223,6 @@ class Config: self.options.source_highlight_line_numbers = 1 self.options.use_py2html = 0 self.options.use_php = 0 - self.options.allow_tar = 0 self.options.use_cvsgraph = 0 self.options.cvsgraph_conf = "cvsgraph.conf" self.options.use_re_search = 0 diff --git a/lib/viewvc.py b/lib/viewvc.py index 5293cdec..f65d3036 100644 --- a/lib/viewvc.py +++ b/lib/viewvc.py @@ -918,7 +918,7 @@ def default_view(mime_type, cfg): # very useful marked up. If the mime type is totally unknown (happens when # we encounter an unrecognized file extension) we also view it through # the markup page since that's better than sending it text/plain. - if (cfg.options.allow_markup and + if ('markup' in cfg.options.allowed_views and (is_viewable_image(mime_type) or is_text(mime_type))): return view_markup return view_checkout @@ -930,28 +930,31 @@ def get_file_view_info(request, where, rev=None, mime_type=None, pathrev=-1): mime_type = mime_type or request.mime_type if pathrev == -1: # cheesy default value, since we need to preserve None pathrev = request.pathrev - download_text_href = annotate_href = revision_href = None - view_href = request.get_url(view_func=view_markup, - where=where, - pathtype=vclib.FILE, - params={'revision': rev, - 'pathrev': pathrev}, - escape=1) - download_href = request.get_url(view_func=view_checkout, - where=where, - pathtype=vclib.FILE, - params={'revision': rev, - 'pathrev': pathrev}, - escape=1) - if not is_plain_text(mime_type): - download_text_href = request.get_url(view_func=view_checkout, - where=where, - pathtype=vclib.FILE, - params={'content-type': 'text/plain', - 'revision': rev, - 'pathrev': pathrev}, - escape=1) - if request.cfg.options.allow_annotate: + view_href = download_href = download_text_href = annotate_href = revision_href = None + + if 'markup' in request.cfg.options.allowed_views: + view_href = request.get_url(view_func=view_markup, + where=where, + pathtype=vclib.FILE, + params={'revision': rev, + 'pathrev': pathrev}, + escape=1) + if 'co' in request.cfg.options.allowed_views: + download_href = request.get_url(view_func=view_checkout, + where=where, + pathtype=vclib.FILE, + params={'revision': rev, + 'pathrev': pathrev}, + escape=1) + if not is_plain_text(mime_type): + download_text_href = request.get_url(view_func=view_checkout, + where=where, + pathtype=vclib.FILE, + params={'content-type': 'text/plain', + 'revision': rev, + 'pathrev': pathrev}, + escape=1) + if 'annotate' in request.cfg.options.allowed_views: annotate_href = request.get_url(view_func=view_annotate, where=where, pathtype=vclib.FILE, @@ -1390,6 +1393,10 @@ def make_rss_time_string(date, cfg): return time.strftime("%a, %d %b %Y %H:%M:%S", time.gmtime(date)) + ' UTC' def view_markup(request): + if 'markup' not in request.cfg.options.allowed_views: + raise debug.ViewVCException('Markup view is disabled', + '403 Forbidden') + cfg = request.cfg path, rev = _orig_path(request) fp, revision = request.repos.openfile(path, rev) @@ -1457,7 +1464,8 @@ def view_markup(request): }) markup_fp = None - if is_viewable_image(request.mime_type): + if is_viewable_image(request.mime_type) \ + and 'co' in cfg.options.allowed_views: fp.close() url = request.get_url(view_func=view_checkout, params={'revision': rev}, escape=1) @@ -1791,7 +1799,7 @@ def view_directory(request): data['dir_paging_action'], data['dir_paging_hidden_values'] = \ request.get_form(params={'dir_pagestart': None}) - if cfg.options.allow_tar: + if 'tar' in cfg.options.allowed_views: data['tarball_href'] = request.get_url(view_func=download_tarball, params={}, escape=1) @@ -2189,6 +2197,10 @@ def view_log(request): generate_page(request, "log", data) def view_checkout(request): + if 'co' not in request.cfg.options.allowed_views: + raise debug.ViewVCException('Checkout view is disabled', + '403 Forbidden') + path, rev = _orig_path(request) fp, revision = request.repos.openfile(path, rev) @@ -2200,7 +2212,7 @@ def view_checkout(request): fp.close() def view_annotate(request): - if not request.cfg.options.allow_annotate: + if 'annotate' not in request.cfg.options.allowed_views: raise debug.ViewVCException('Annotation view is disabled', '403 Forbidden') @@ -2836,7 +2848,7 @@ def view_diff(request): data['patch_href'] = request.get_url(view_func=view_patch, params=orig_params, escape=1) - if request.cfg.options.allow_annotate: + if 'annotate' in request.cfg.options.allowed_views: data['annotate_href'] = request.get_url(view_func=view_annotate, where=path_right, pathtype=vclib.FILE, @@ -3020,7 +3032,7 @@ def generate_tarball(out, request, reldir, stack, dir_mtime=None): def download_tarball(request): cfg = request.cfg - if not request.cfg.options.allow_tar: + if 'tar' not in request.cfg.options.allowed_views: raise debug.ViewVCException('Tarball generation is disabled', '403 Forbidden') @@ -3120,11 +3132,13 @@ def view_revision(request): link_rev = str(rev) link_where = change.filename - change.view_href = request.get_url(view_func=view_func, - where=link_where, - pathtype=change.pathtype, - params={'pathrev' : link_rev}, - escape=1) + if view_func != view_markup \ + or 'markup' in request.cfg.options.allowed_views: + change.view_href = request.get_url(view_func=view_func, + where=link_where, + pathtype=change.pathtype, + params={'pathrev' : link_rev}, + escape=1) change.log_href = request.get_url(view_func=view_log, where=link_where, pathtype=change.pathtype, @@ -3358,14 +3372,6 @@ def build_commit(request, files, limited_files, dir_strip): where=filename, pathtype=vclib.FILE, params=params, escape=1) - view_href = request.get_url(view_func=view_markup, - where=filename, pathtype=vclib.FILE, - params={'revision': f.GetRevision() }, - escape=1) - download_href = request.get_url(view_func=view_checkout, - where=filename, pathtype=vclib.FILE, - params={'revision': f.GetRevision() }, - escape=1) diff_href = request.get_url(view_func=view_diff, where=filename, pathtype=vclib.FILE, params={'r1': prev_rev(f.GetRevision()), @@ -3373,6 +3379,18 @@ def build_commit(request, files, limited_files, dir_strip): 'diff_format': None}, escape=1) + view_href = download_href = None + if 'markup' in request.cfg.options.allowed_views: + view_href = request.get_url(view_func=view_markup, + where=filename, pathtype=vclib.FILE, + params={'revision': f.GetRevision() }, + escape=1) + if 'co' in request.cfg.options.allowed_views: + download_href = request.get_url(view_func=view_checkout, + where=filename, pathtype=vclib.FILE, + params={'revision': f.GetRevision() }, + escape=1) + # skip files in forbidden or hidden modules dir_parts = filter(None, string.split(dirname, '/')) if dir_parts \ diff --git a/templates/annotate.ezt b/templates/annotate.ezt index 09a9780a..db8dd727 100644 --- a/templates/annotate.ezt +++ b/templates/annotate.ezt @@ -6,7 +6,7 @@

    Revision [if-any revision_href][rev][else][rev][end] - (view) -(download) +[if-any download_href](download)[end] [if-any download_text_href](as text)[end] [if-any orig_path]
    Original Path: [orig_path] diff --git a/templates/directory.ezt b/templates/directory.ezt index 00415fa9..32c1fe05 100644 --- a/templates/directory.ezt +++ b/templates/directory.ezt @@ -96,7 +96,8 @@ [is entries.pathtype "dir"]  [if-any entries.rev][entries.rev][end] [else] -  [if-any entries.rev][entries.rev][end] + [define rev_href][if-any entries.prefer_markup][entries.view_href][else][if-any entries.download_href][entries.download_href][end][end][end] +  [if-any entries.rev][if-any rev_href][end][entries.rev][if-any rev_href][end][end] [end]  [entries.ago]  [entries.author] diff --git a/templates/log.ezt b/templates/log.ezt index 8133492d..749ae123 100644 --- a/templates/log.ezt +++ b/templates/log.ezt @@ -19,10 +19,12 @@ [end] Revision [is roottype "svn"][entries.rev][else][entries.rev][end] - - [is pathtype "file"] - (view) - [else] - Directory Listing + [if-any entries.view_href] + [is pathtype "file"] + (view) + [else] + Directory Listing + [end] [end] [if-any entries.download_href](download)[end] [if-any entries.download_text_href](as text)[end] diff --git a/templates/log_table.ezt b/templates/log_table.ezt index 203c9c2b..c92919d3 100644 --- a/templates/log_table.ezt +++ b/templates/log_table.ezt @@ -34,10 +34,12 @@ [# Tasks column] - [is pathtype "file"] - View
    - [else] - Directory Listing
    + [if-any entries.view_href] + [is pathtype "file"] + View
    + [else] + Directory Listing
    + [end] [end] [if-any entries.download_href]Download
    [end] [if-any entries.download_text_href]As text
    [end] diff --git a/templates/markup.ezt b/templates/markup.ezt index 9c0ae438..7f972645 100644 --- a/templates/markup.ezt +++ b/templates/markup.ezt @@ -8,7 +8,7 @@

    Revision [if-any revision_href][rev][else][rev][end] - -(download) +[if-any download_href](download)[end] [if-any download_text_href](as text)[end] [if-any annotate_href](annotate)[end] diff --git a/templates/query_results.ezt b/templates/query_results.ezt index 0854f55a..c165a59b 100644 --- a/templates/query_results.ezt +++ b/templates/query_results.ezt @@ -34,7 +34,8 @@ - [if-any commits.files.rev][commits.files.rev][else] [end] + [define rev_href][if-any commits.files.prefer_markup][commits.files.view_href][else][if-any commits.files.download_href][commits.files.download_href][end][end][end] + [if-any commits.files.rev][if-any rev_href][end][commits.files.rev][if-any rev_href][end][else] [end] [commits.files.dir]/ diff --git a/viewvc.conf.dist b/viewvc.conf.dist index 16cd8c3a..776f96f3 100644 --- a/viewvc.conf.dist +++ b/viewvc.conf.dist @@ -347,6 +347,18 @@ sed = # any old ViewCVS URL which doesn't have an explicit "root" parameter. root_as_url_component = 0 +# checkout_magic: Use checkout links with magic /*checkout*/ prefixes so +# checked out HTML pages can have working links to other repository files +# Note: This option is DEPRECATED and should not be used in new ViewVC +# installations. Setting "default_file_view = co" achieves the same effect +checkout_magic = 0 + +# allowed_views: List the ViewVC views which are enabled. Views not +# in this comma-delited list will not be served (or, will return an +# error on attempted access). +# Possible values: "tar", "annotate", "co", "markup" +allowed_views = markup, annotate + # default_file_view: "log" or "co" # Controls whether the default view for file URLs is a checkout view or # a log view. "log" is the default for backwards compatibility with old @@ -355,14 +367,10 @@ root_as_url_component = 0 # to other repository files # Note: Changing this option may cause old ViewCVS URLs that referred # to log pages to load checkout pages instead. +# Also note: If you choose the "co" view, be sure to enable it (via +# the allowed_views option) default_file_view = log -# checkout_magic: Use checkout links with magic /*checkout*/ prefixes so -# checked out HTML pages can have working links to other repository files -# Note: This option is DEPRECATED and should not be used in new ViewVC -# installations. Setting "default_file_view = co" achieves the same effect -checkout_magic = 0 - # http_expiration_time: Expiration time (in seconds) for cacheable # pages served by ViewVC. Note that in most cases, a cache aware # client will only revalidate the page after it expires (using the @@ -440,12 +448,6 @@ hr_ignore_keyword_subst = 1 # hr_intraline = 0 -# allow annotation of files. -allow_annotate = 1 - -# allow pretty-printed version of files -allow_markup = 1 - # allow compression with gzip of output if the Browser accepts it # (HTTP_ACCEPT_ENCODING=gzip) # [make sure to have gzip in the path] @@ -529,12 +531,6 @@ source_highlight_line_numbers = 1 # use php to colorize .php and .inc files? use_php = 0 -# -# ViewVC can generate tarball from a repository on the fly. -# -allow_tar = 0 -# allow_tar = 1 - # # Use CvsGraph. See http://www.akhphd.au.dk/~bertho/cvsgraph/ for # documentation and download.