diff --git a/custom/conf/app.example.ini b/custom/conf/app.example.ini index 277df08399..045b4cfed7 100644 --- a/custom/conf/app.example.ini +++ b/custom/conf/app.example.ini @@ -244,6 +244,10 @@ TIMEOUT_STEP = 10s ; If the browser client supports EventSource and SharedWorker, a SharedWorker will be used in preference to polling notification. Set to -1 to disable the EventSource EVENT_SOURCE_UPDATE_TIME = 10s +[ui.svg] +; Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images. +ENABLE_RENDER = true + [markdown] ; Render soft line breaks as hard line breaks, which means a single newline character between ; paragraphs will cause a line break and adding trailing whitespace to paragraphs is not diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 402da203e3..17d349b583 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -194,6 +194,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`. - `TIMEOUT_STEP`: **10s**. - `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker`, a `SharedWorker` will be used in preference to polling notification endpoint. Set to **-1** to disable the `EventSource`. +### UI - SVG Images (`ui.svg`) + +- `ENABLE_RENDER`: **true**: Whether to render SVG files as images. If SVG rendering is disabled, SVG files are displayed as text and cannot be embedded in markdown files as images. + ## Markdown (`markdown`) - `ENABLE_HARD_LINE_BREAK_IN_COMMENTS`: **true**: Render soft line breaks as hard line breaks in comments, which diff --git a/integrations/download_test.go b/integrations/download_test.go index 6bc5e5a9af..305155e9ac 100644 --- a/integrations/download_test.go +++ b/integrations/download_test.go @@ -23,6 +23,20 @@ func TestDownloadByID(t *testing.T) { assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String()) } +func TestDownloadByIDForSVGUsesSecureHeaders(t *testing.T) { + defer prepareTestEnv(t)() + + session := loginUser(t, "user2") + + // Request raw blob + req := NewRequest(t, "GET", "/user2/repo2/raw/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b") + resp := session.MakeRequest(t, req, http.StatusOK) + + assert.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox", resp.HeaderMap.Get("Content-Security-Policy")) + assert.Equal(t, "image/svg+xml", resp.HeaderMap.Get("Content-Type")) + assert.Equal(t, "nosniff", resp.HeaderMap.Get("X-Content-Type-Options")) +} + func TestDownloadByIDMedia(t *testing.T) { defer prepareTestEnv(t)() @@ -34,3 +48,17 @@ func TestDownloadByIDMedia(t *testing.T) { assert.Equal(t, "# repo1\n\nDescription for repo1", resp.Body.String()) } + +func TestDownloadByIDMediaForSVGUsesSecureHeaders(t *testing.T) { + defer prepareTestEnv(t)() + + session := loginUser(t, "user2") + + // Request raw blob + req := NewRequest(t, "GET", "/user2/repo2/media/blob/6395b68e1feebb1e4c657b4f9f6ba2676a283c0b") + resp := session.MakeRequest(t, req, http.StatusOK) + + assert.Equal(t, "default-src 'none'; style-src 'unsafe-inline'; sandbox", resp.HeaderMap.Get("Content-Security-Policy")) + assert.Equal(t, "image/svg+xml", resp.HeaderMap.Get("Content-Type")) + assert.Equal(t, "nosniff", resp.HeaderMap.Get("X-Content-Type-Options")) +} diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/HEAD b/integrations/gitea-repositories-meta/user2/repo2.git/HEAD new file mode 100644 index 0000000000..cb089cd89a --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/HEAD @@ -0,0 +1 @@ +ref: refs/heads/master diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/config b/integrations/gitea-repositories-meta/user2/repo2.git/config new file mode 100644 index 0000000000..07d359d07c --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/config @@ -0,0 +1,4 @@ +[core] + repositoryformatversion = 0 + filemode = true + bare = true diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/description b/integrations/gitea-repositories-meta/user2/repo2.git/description new file mode 100644 index 0000000000..498b267a8c --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/description @@ -0,0 +1 @@ +Unnamed repository; edit this file 'description' to name the repository. diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/applypatch-msg.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/applypatch-msg.sample new file mode 100755 index 0000000000..a5d7b84a67 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/applypatch-msg.sample @@ -0,0 +1,15 @@ +#!/bin/sh +# +# An example hook script to check the commit log message taken by +# applypatch from an e-mail message. +# +# The hook should exit with non-zero status after issuing an +# appropriate message if it wants to stop the commit. The hook is +# allowed to edit the commit message file. +# +# To enable this hook, rename this file to "applypatch-msg". + +. git-sh-setup +commitmsg="$(git rev-parse --git-path hooks/commit-msg)" +test -x "$commitmsg" && exec "$commitmsg" ${1+"$@"} +: diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/commit-msg.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/commit-msg.sample new file mode 100755 index 0000000000..b58d1184a9 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/commit-msg.sample @@ -0,0 +1,24 @@ +#!/bin/sh +# +# An example hook script to check the commit log message. +# Called by "git commit" with one argument, the name of the file +# that has the commit message. The hook should exit with non-zero +# status after issuing an appropriate message if it wants to stop the +# commit. The hook is allowed to edit the commit message file. +# +# To enable this hook, rename this file to "commit-msg". + +# Uncomment the below to add a Signed-off-by line to the message. +# Doing this in a hook is a bad idea in general, but the prepare-commit-msg +# hook is more suited to it. +# +# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') +# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" + +# This example catches duplicate Signed-off-by lines. + +test "" = "$(grep '^Signed-off-by: ' "$1" | + sort | uniq -c | sed -e '/^[ ]*1[ ]/d')" || { + echo >&2 Duplicate Signed-off-by lines. + exit 1 +} diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/post-update.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/post-update.sample new file mode 100755 index 0000000000..ec17ec1939 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/post-update.sample @@ -0,0 +1,8 @@ +#!/bin/sh +# +# An example hook script to prepare a packed repository for use over +# dumb transports. +# +# To enable this hook, rename this file to "post-update". + +exec git update-server-info diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-applypatch.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-applypatch.sample new file mode 100755 index 0000000000..4142082bcb --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-applypatch.sample @@ -0,0 +1,14 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed +# by applypatch from an e-mail message. +# +# The hook should exit with non-zero status after issuing an +# appropriate message if it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-applypatch". + +. git-sh-setup +precommit="$(git rev-parse --git-path hooks/pre-commit)" +test -x "$precommit" && exec "$precommit" ${1+"$@"} +: diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-commit.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-commit.sample new file mode 100755 index 0000000000..68d62d5446 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-commit.sample @@ -0,0 +1,49 @@ +#!/bin/sh +# +# An example hook script to verify what is about to be committed. +# Called by "git commit" with no arguments. The hook should +# exit with non-zero status after issuing an appropriate message if +# it wants to stop the commit. +# +# To enable this hook, rename this file to "pre-commit". + +if git rev-parse --verify HEAD >/dev/null 2>&1 +then + against=HEAD +else + # Initial commit: diff against an empty tree object + against=4b825dc642cb6eb9a060e54bf8d69288fbee4904 +fi + +# If you want to allow non-ASCII filenames set this variable to true. +allownonascii=$(git config --bool hooks.allownonascii) + +# Redirect output to stderr. +exec 1>&2 + +# Cross platform projects tend to avoid non-ASCII filenames; prevent +# them from being added to the repository. We exploit the fact that the +# printable range starts at the space character and ends with tilde. +if [ "$allownonascii" != "true" ] && + # Note that the use of brackets around a tr range is ok here, (it's + # even required, for portability to Solaris 10's /usr/bin/tr), since + # the square bracket bytes happen to fall in the designated range. + test $(git diff --cached --name-only --diff-filter=A -z $against | + LC_ALL=C tr -d '[ -~]\0' | wc -c) != 0 +then + cat <<\EOF +Error: Attempt to add a non-ASCII file name. + +This can cause problems if you want to work with people on other platforms. + +To be portable it is advisable to rename the file. + +If you know what you are doing you can disable this check using: + + git config hooks.allownonascii true +EOF + exit 1 +fi + +# If there are whitespace errors, print the offending file names and fail. +exec git diff-index --check --cached $against -- diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-push.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-push.sample new file mode 100755 index 0000000000..6187dbf439 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-push.sample @@ -0,0 +1,53 @@ +#!/bin/sh + +# An example hook script to verify what is about to be pushed. Called by "git +# push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +# This sample shows how to prevent push of commits where the log message starts +# with "WIP" (work in progress). + +remote="$1" +url="$2" + +z40=0000000000000000000000000000000000000000 + +while read local_ref local_sha remote_ref remote_sha +do + if [ "$local_sha" = $z40 ] + then + # Handle delete + : + else + if [ "$remote_sha" = $z40 ] + then + # New branch, examine all commits + range="$local_sha" + else + # Update to existing branch, examine new commits + range="$remote_sha..$local_sha" + fi + + # Check for WIP commit + commit=`git rev-list -n 1 --grep '^WIP' "$range"` + if [ -n "$commit" ] + then + echo >&2 "Found WIP commit in $local_ref, not pushing" + exit 1 + fi + fi +done + +exit 0 diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-rebase.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-rebase.sample new file mode 100755 index 0000000000..33730ca647 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/pre-rebase.sample @@ -0,0 +1,169 @@ +#!/bin/sh +# +# Copyright (c) 2006, 2008 Junio C Hamano +# +# The "pre-rebase" hook is run just before "git rebase" starts doing +# its job, and can prevent the command from running by exiting with +# non-zero status. +# +# The hook is called with the following parameters: +# +# $1 -- the upstream the series was forked from. +# $2 -- the branch being rebased (or empty when rebasing the current branch). +# +# This sample shows how to prevent topic branches that are already +# merged to 'next' branch from getting rebased, because allowing it +# would result in rebasing already published history. + +publish=next +basebranch="$1" +if test "$#" = 2 +then + topic="refs/heads/$2" +else + topic=`git symbolic-ref HEAD` || + exit 0 ;# we do not interrupt rebasing detached HEAD +fi + +case "$topic" in +refs/heads/??/*) + ;; +*) + exit 0 ;# we do not interrupt others. + ;; +esac + +# Now we are dealing with a topic branch being rebased +# on top of master. Is it OK to rebase it? + +# Does the topic really exist? +git show-ref -q "$topic" || { + echo >&2 "No such branch $topic" + exit 1 +} + +# Is topic fully merged to master? +not_in_master=`git rev-list --pretty=oneline ^master "$topic"` +if test -z "$not_in_master" +then + echo >&2 "$topic is fully merged to master; better remove it." + exit 1 ;# we could allow it, but there is no point. +fi + +# Is topic ever merged to next? If so you should not be rebasing it. +only_next_1=`git rev-list ^master "^$topic" ${publish} | sort` +only_next_2=`git rev-list ^master ${publish} | sort` +if test "$only_next_1" = "$only_next_2" +then + not_in_topic=`git rev-list "^$topic" master` + if test -z "$not_in_topic" + then + echo >&2 "$topic is already up-to-date with master" + exit 1 ;# we could allow it, but there is no point. + else + exit 0 + fi +else + not_in_next=`git rev-list --pretty=oneline ^${publish} "$topic"` + /usr/bin/perl -e ' + my $topic = $ARGV[0]; + my $msg = "* $topic has commits already merged to public branch:\n"; + my (%not_in_next) = map { + /^([0-9a-f]+) /; + ($1 => 1); + } split(/\n/, $ARGV[1]); + for my $elem (map { + /^([0-9a-f]+) (.*)$/; + [$1 => $2]; + } split(/\n/, $ARGV[2])) { + if (!exists $not_in_next{$elem->[0]}) { + if ($msg) { + print STDERR $msg; + undef $msg; + } + print STDERR " $elem->[1]\n"; + } + } + ' "$topic" "$not_in_next" "$not_in_master" + exit 1 +fi + +<<\DOC_END + +This sample hook safeguards topic branches that have been +published from being rewound. + +The workflow assumed here is: + + * Once a topic branch forks from "master", "master" is never + merged into it again (either directly or indirectly). + + * Once a topic branch is fully cooked and merged into "master", + it is deleted. If you need to build on top of it to correct + earlier mistakes, a new topic branch is created by forking at + the tip of the "master". This is not strictly necessary, but + it makes it easier to keep your history simple. + + * Whenever you need to test or publish your changes to topic + branches, merge them into "next" branch. + +The script, being an example, hardcodes the publish branch name +to be "next", but it is trivial to make it configurable via +$GIT_DIR/config mechanism. + +With this workflow, you would want to know: + +(1) ... if a topic branch has ever been merged to "next". Young + topic branches can have stupid mistakes you would rather + clean up before publishing, and things that have not been + merged into other branches can be easily rebased without + affecting other people. But once it is published, you would + not want to rewind it. + +(2) ... if a topic branch has been fully merged to "master". + Then you can delete it. More importantly, you should not + build on top of it -- other people may already want to + change things related to the topic as patches against your + "master", so if you need further changes, it is better to + fork the topic (perhaps with the same name) afresh from the + tip of "master". + +Let's look at this example: + + o---o---o---o---o---o---o---o---o---o "next" + / / / / + / a---a---b A / / + / / / / + / / c---c---c---c B / + / / / \ / + / / / b---b C \ / + / / / / \ / + ---o---o---o---o---o---o---o---o---o---o---o "master" + + +A, B and C are topic branches. + + * A has one fix since it was merged up to "next". + + * B has finished. It has been fully merged up to "master" and "next", + and is ready to be deleted. + + * C has not merged to "next" at all. + +We would want to allow C to be rebased, refuse A, and encourage +B to be deleted. + +To compute (1): + + git rev-list ^master ^topic next + git rev-list ^master next + + if these match, topic has not merged in next at all. + +To compute (2): + + git rev-list master..topic + + if this is empty, it is fully merged to "master". + +DOC_END diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/prepare-commit-msg.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/prepare-commit-msg.sample new file mode 100755 index 0000000000..f093a02ec4 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/prepare-commit-msg.sample @@ -0,0 +1,36 @@ +#!/bin/sh +# +# An example hook script to prepare the commit log message. +# Called by "git commit" with the name of the file that has the +# commit message, followed by the description of the commit +# message's source. The hook's purpose is to edit the commit +# message file. If the hook fails with a non-zero status, +# the commit is aborted. +# +# To enable this hook, rename this file to "prepare-commit-msg". + +# This hook includes three examples. The first comments out the +# "Conflicts:" part of a merge commit. +# +# The second includes the output of "git diff --name-status -r" +# into the message, just before the "git status" output. It is +# commented because it doesn't cope with --amend or with squashed +# commits. +# +# The third example adds a Signed-off-by line to the message, that can +# still be edited. This is rarely a good idea. + +case "$2,$3" in + merge,) + /usr/bin/perl -i.bak -ne 's/^/# /, s/^# #/#/ if /^Conflicts/ .. /#/; print' "$1" ;; + +# ,|template,) +# /usr/bin/perl -i.bak -pe ' +# print "\n" . `git diff --cached --name-status -r` +# if /^#/ && $first++ == 0' "$1" ;; + + *) ;; +esac + +# SOB=$(git var GIT_AUTHOR_IDENT | sed -n 's/^\(.*>\).*$/Signed-off-by: \1/p') +# grep -qs "^$SOB" "$1" || echo "$SOB" >> "$1" diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/hooks/update.sample b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/update.sample new file mode 100755 index 0000000000..80ba94135c --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/hooks/update.sample @@ -0,0 +1,128 @@ +#!/bin/sh +# +# An example hook script to block unannotated tags from entering. +# Called by "git receive-pack" with arguments: refname sha1-old sha1-new +# +# To enable this hook, rename this file to "update". +# +# Config +# ------ +# hooks.allowunannotated +# This boolean sets whether unannotated tags will be allowed into the +# repository. By default they won't be. +# hooks.allowdeletetag +# This boolean sets whether deleting tags will be allowed in the +# repository. By default they won't be. +# hooks.allowmodifytag +# This boolean sets whether a tag may be modified after creation. By default +# it won't be. +# hooks.allowdeletebranch +# This boolean sets whether deleting branches will be allowed in the +# repository. By default they won't be. +# hooks.denycreatebranch +# This boolean sets whether remotely creating branches will be denied +# in the repository. By default this is allowed. +# + +# --- Command line +refname="$1" +oldrev="$2" +newrev="$3" + +# --- Safety check +if [ -z "$GIT_DIR" ]; then + echo "Don't run this script from the command line." >&2 + echo " (if you want, you could supply GIT_DIR then run" >&2 + echo " $0 )" >&2 + exit 1 +fi + +if [ -z "$refname" -o -z "$oldrev" -o -z "$newrev" ]; then + echo "usage: $0 " >&2 + exit 1 +fi + +# --- Config +allowunannotated=$(git config --bool hooks.allowunannotated) +allowdeletebranch=$(git config --bool hooks.allowdeletebranch) +denycreatebranch=$(git config --bool hooks.denycreatebranch) +allowdeletetag=$(git config --bool hooks.allowdeletetag) +allowmodifytag=$(git config --bool hooks.allowmodifytag) + +# check for no description +projectdesc=$(sed -e '1q' "$GIT_DIR/description") +case "$projectdesc" in +"Unnamed repository"* | "") + echo "*** Project description file hasn't been set" >&2 + exit 1 + ;; +esac + +# --- Check types +# if $newrev is 0000...0000, it's a commit to delete a ref. +zero="0000000000000000000000000000000000000000" +if [ "$newrev" = "$zero" ]; then + newrev_type=delete +else + newrev_type=$(git cat-file -t $newrev) +fi + +case "$refname","$newrev_type" in + refs/tags/*,commit) + # un-annotated tag + short_refname=${refname##refs/tags/} + if [ "$allowunannotated" != "true" ]; then + echo "*** The un-annotated tag, $short_refname, is not allowed in this repository" >&2 + echo "*** Use 'git tag [ -a | -s ]' for tags you want to propagate." >&2 + exit 1 + fi + ;; + refs/tags/*,delete) + # delete tag + if [ "$allowdeletetag" != "true" ]; then + echo "*** Deleting a tag is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/tags/*,tag) + # annotated tag + if [ "$allowmodifytag" != "true" ] && git rev-parse $refname > /dev/null 2>&1 + then + echo "*** Tag '$refname' already exists." >&2 + echo "*** Modifying a tag is not allowed in this repository." >&2 + exit 1 + fi + ;; + refs/heads/*,commit) + # branch + if [ "$oldrev" = "$zero" -a "$denycreatebranch" = "true" ]; then + echo "*** Creating a branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/heads/*,delete) + # delete branch + if [ "$allowdeletebranch" != "true" ]; then + echo "*** Deleting a branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + refs/remotes/*,commit) + # tracking branch + ;; + refs/remotes/*,delete) + # delete tracking branch + if [ "$allowdeletebranch" != "true" ]; then + echo "*** Deleting a tracking branch is not allowed in this repository" >&2 + exit 1 + fi + ;; + *) + # Anything else (is there anything else?) + echo "*** Update hook: unknown type of update to ref $refname of type $newrev_type" >&2 + exit 1 + ;; +esac + +# --- Finished +exit 0 diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/info/exclude b/integrations/gitea-repositories-meta/user2/repo2.git/info/exclude new file mode 100644 index 0000000000..a5196d1be8 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/info/exclude @@ -0,0 +1,6 @@ +# git ls-files --others --exclude-from=.git/info/exclude +# Lines that start with '#' are comments. +# For a project mostly in C, the following would be a good set of +# exclude patterns (uncomment them if you want to use them): +# *.[oa] +# *~ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/info/refs b/integrations/gitea-repositories-meta/user2/repo2.git/info/refs new file mode 100644 index 0000000000..044e52e0f9 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/info/refs @@ -0,0 +1 @@ +205ac761f3326a7ebe416e8673760016450b5cec refs/heads/master diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/0a/7d8b41ae9763e9a1743917396839d1791d49d0 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/0a/7d8b41ae9763e9a1743917396839d1791d49d0 new file mode 100644 index 0000000000..d62e3c623e Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/0a/7d8b41ae9763e9a1743917396839d1791d49d0 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/0c/f15c3f66ec8384480ed9c3cf87c9e97fbb0ec3 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/0c/f15c3f66ec8384480ed9c3cf87c9e97fbb0ec3 new file mode 100644 index 0000000000..c0314c5584 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/objects/0c/f15c3f66ec8384480ed9c3cf87c9e97fbb0ec3 @@ -0,0 +1,2 @@ +xm DMY(J`5ɜ-K*Ki,Hi!?K_sq/]09MHpѤk_d-%풇۞ v_]^/I[t \ No newline at end of file diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/1c/887eaa8d81fa86da7695d8f635cf17813eb422 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/1c/887eaa8d81fa86da7695d8f635cf17813eb422 new file mode 100644 index 0000000000..34fa593277 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/objects/1c/887eaa8d81fa86da7695d8f635cf17813eb422 @@ -0,0 +1 @@ +x+)JMU07b040031Q*HM*Hg((=AvNA6K+.KgHOn9jًҳ4l \ No newline at end of file diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/32/5dc4f8e9344e6668f21536a69d5f1d4ed53ca3 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/32/5dc4f8e9344e6668f21536a69d5f1d4ed53ca3 new file mode 100644 index 0000000000..d52aa8e1ff Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/32/5dc4f8e9344e6668f21536a69d5f1d4ed53ca3 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/36/fff01c8c9f722d49d53186abd27b5be8d85338 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/36/fff01c8c9f722d49d53186abd27b5be8d85338 new file mode 100644 index 0000000000..fc0c8654b5 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/36/fff01c8c9f722d49d53186abd27b5be8d85338 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/42/3313fbd38093bb10d0c8387db9105409c6f196 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/42/3313fbd38093bb10d0c8387db9105409c6f196 new file mode 100644 index 0000000000..bf4ae859f6 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/42/3313fbd38093bb10d0c8387db9105409c6f196 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/71/911bf48766c7181518c1070911019fbb00b1fc b/integrations/gitea-repositories-meta/user2/repo2.git/objects/71/911bf48766c7181518c1070911019fbb00b1fc new file mode 100644 index 0000000000..84ade81980 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/objects/71/911bf48766c7181518c1070911019fbb00b1fc @@ -0,0 +1 @@ +xM@ Mr›6&&&9Leśwt<#͡mv-0wbjy̖ڗ~݋[=H ."ǁ= \ No newline at end of file diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/72/fc6251cc648e914c10009d31431fa2e38b9a20 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/72/fc6251cc648e914c10009d31431fa2e38b9a20 new file mode 100644 index 0000000000..052fdf35a5 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/72/fc6251cc648e914c10009d31431fa2e38b9a20 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/74/d5a0d73db9b9ef7aa9978eb7a099b08f54d45e b/integrations/gitea-repositories-meta/user2/repo2.git/objects/74/d5a0d73db9b9ef7aa9978eb7a099b08f54d45e new file mode 100644 index 0000000000..bcb0e0075c Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/74/d5a0d73db9b9ef7aa9978eb7a099b08f54d45e differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/7c/d7c8fa852973c72c66eb120a6677c54a8697f7 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/7c/d7c8fa852973c72c66eb120a6677c54a8697f7 new file mode 100644 index 0000000000..9c26495605 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/7c/d7c8fa852973c72c66eb120a6677c54a8697f7 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/c1/0d10b7e655b3dab1f53176db57c8219a5488d6 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/c1/0d10b7e655b3dab1f53176db57c8219a5488d6 new file mode 100644 index 0000000000..8a6345dfa5 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/objects/c1/0d10b7e655b3dab1f53176db57c8219a5488d6 @@ -0,0 +1,2 @@ +xm0)nt2S`ņe,VY/H#[)E@Nq툎r2)D0jCLaC&4Bv]$EIӑePrIsez˳~_ +[yvWV=헛˘H vZ~s@݉%?TZH \ No newline at end of file diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/c4/b38c3e1395393f75bbbc2ed10c7eeb577d3b64 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/c4/b38c3e1395393f75bbbc2ed10c7eeb577d3b64 new file mode 100644 index 0000000000..6dcfc96676 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/c4/b38c3e1395393f75bbbc2ed10c7eeb577d3b64 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/f5/05ec9b5c7a45a10259c1dda7f18434e5d55940 b/integrations/gitea-repositories-meta/user2/repo2.git/objects/f5/05ec9b5c7a45a10259c1dda7f18434e5d55940 new file mode 100644 index 0000000000..eaeadaeaee Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/f5/05ec9b5c7a45a10259c1dda7f18434e5d55940 differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/commit-graph b/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/commit-graph new file mode 100644 index 0000000000..67dae50e83 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/commit-graph differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/packs b/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/packs new file mode 100644 index 0000000000..9eb91c8e0e --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/objects/info/packs @@ -0,0 +1,2 @@ +P pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.pack + diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.bitmap b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.bitmap new file mode 100644 index 0000000000..8ecce324f4 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.bitmap differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.idx b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.idx new file mode 100644 index 0000000000..c4f319811e Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.idx differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.pack b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.pack new file mode 100644 index 0000000000..9d10156ca7 Binary files /dev/null and b/integrations/gitea-repositories-meta/user2/repo2.git/objects/pack/pack-a2f7ad943b3d857eb3ebdb4b35eeef38f63cf5d2.pack differ diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/packed-refs b/integrations/gitea-repositories-meta/user2/repo2.git/packed-refs new file mode 100644 index 0000000000..f785d91022 --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/packed-refs @@ -0,0 +1,2 @@ +# pack-refs with: peeled fully-peeled sorted +205ac761f3326a7ebe416e8673760016450b5cec refs/heads/master diff --git a/integrations/gitea-repositories-meta/user2/repo2.git/refs/heads/master b/integrations/gitea-repositories-meta/user2/repo2.git/refs/heads/master new file mode 100644 index 0000000000..10967a9b8a --- /dev/null +++ b/integrations/gitea-repositories-meta/user2/repo2.git/refs/heads/master @@ -0,0 +1 @@ +205ac761f3326a7ebe416e8673760016450b5cec diff --git a/integrations/view_test.go b/integrations/view_test.go new file mode 100644 index 0000000000..180cf2e50a --- /dev/null +++ b/integrations/view_test.go @@ -0,0 +1,26 @@ +// Copyright 2020 The Gitea Authors. All rights reserved. +// Use of this source code is governed by a MIT-style +// license that can be found in the LICENSE file. + +package integrations + +import ( + "net/http" + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestRenderFileSVGIsInImgTag(t *testing.T) { + defer prepareTestEnv(t)() + + session := loginUser(t, "user2") + + req := NewRequest(t, "GET", "/user2/repo2/src/branch/master/line.svg") + resp := session.MakeRequest(t, req, http.StatusOK) + + doc := NewHTMLParser(t, resp.Body) + src, exists := doc.doc.Find(".file-view img").Attr("src") + assert.True(t, exists, "The SVG image should be in an tag so that scripts in the SVG are not run") + assert.Equal(t, "/user2/repo2/raw/branch/master/line.svg", src) +} diff --git a/modules/base/tool.go b/modules/base/tool.go index 7ac572b85b..c497bee44a 100644 --- a/modules/base/tool.go +++ b/modules/base/tool.go @@ -15,6 +15,7 @@ import ( "net/http" "os" "path/filepath" + "regexp" "runtime" "strconv" "strings" @@ -28,6 +29,15 @@ import ( "github.com/dustin/go-humanize" ) +// Use at most this many bytes to determine Content Type. +const sniffLen = 512 + +// SVGMimeType MIME type of SVG images. +const SVGMimeType = "image/svg+xml" + +var svgTagRegex = regexp.MustCompile(`(?s)\A\s*(?:\s*)*\s*(?:\s*)*= 0x80 && unicode.IsLetter(ch) } +// DetectContentType extends http.DetectContentType with more content types. +func DetectContentType(data []byte) string { + ct := http.DetectContentType(data) + + if len(data) > sniffLen { + data = data[:sniffLen] + } + + if setting.UI.SVG.Enabled && + ((strings.Contains(ct, "text/plain") || strings.Contains(ct, "text/html")) && svgTagRegex.Match(data) || + strings.Contains(ct, "text/xml") && svgTagInXMLRegex.Match(data)) { + + // SVG is unsupported. https://github.com/golang/go/issues/15888 + return SVGMimeType + } + return ct +} + +// IsRepresentableAsText returns true if file content can be represented as +// plain text or is empty. +func IsRepresentableAsText(data []byte) bool { + return IsTextFile(data) || IsSVGImageFile(data) +} + // IsTextFile returns true if file content format is plain text or empty. func IsTextFile(data []byte) bool { if len(data) == 0 { return true } - return strings.Contains(http.DetectContentType(data), "text/") + return strings.Contains(DetectContentType(data), "text/") } // IsImageFile detects if data is an image format func IsImageFile(data []byte) bool { - return strings.Contains(http.DetectContentType(data), "image/") + return strings.Contains(DetectContentType(data), "image/") +} + +// IsSVGImageFile detects if data is an SVG image format +func IsSVGImageFile(data []byte) bool { + return strings.Contains(DetectContentType(data), SVGMimeType) } // IsPDFFile detects if data is a pdf format func IsPDFFile(data []byte) bool { - return strings.Contains(http.DetectContentType(data), "application/pdf") + return strings.Contains(DetectContentType(data), "application/pdf") } // IsVideoFile detects if data is an video format func IsVideoFile(data []byte) bool { - return strings.Contains(http.DetectContentType(data), "video/") + return strings.Contains(DetectContentType(data), "video/") } // IsAudioFile detects if data is an video format func IsAudioFile(data []byte) bool { - return strings.Contains(http.DetectContentType(data), "audio/") + return strings.Contains(DetectContentType(data), "audio/") } // EntryIcon returns the octicon class for displaying files/directories diff --git a/modules/base/tool_test.go b/modules/base/tool_test.go index 0b708dafdb..cda1685da7 100644 --- a/modules/base/tool_test.go +++ b/modules/base/tool_test.go @@ -183,11 +183,63 @@ func TestIsLetter(t *testing.T) { assert.False(t, IsLetter('$')) } +func TestDetectContentTypeLongerThanSniffLen(t *testing.T) { + // Pre-condition: Shorter than sniffLen detects SVG. + assert.Equal(t, "image/svg+xml", DetectContentType([]byte(``))) + // Longer than sniffLen detects something else. + assert.Equal(t, "text/plain; charset=utf-8", DetectContentType([]byte(``))) +} + func TestIsTextFile(t *testing.T) { assert.True(t, IsTextFile([]byte{})) assert.True(t, IsTextFile([]byte("lorem ipsum"))) } +func TestIsSVGImageFile(t *testing.T) { + assert.True(t, IsSVGImageFile([]byte(""))) + assert.True(t, IsSVGImageFile([]byte(" "))) + assert.True(t, IsSVGImageFile([]byte(``))) + assert.True(t, IsSVGImageFile([]byte(""))) + assert.True(t, IsSVGImageFile([]byte(``))) + assert.True(t, IsSVGImageFile([]byte(` + `))) + assert.True(t, IsSVGImageFile([]byte(` + + `))) + assert.True(t, IsSVGImageFile([]byte(` + `))) + assert.True(t, IsSVGImageFile([]byte(` + + `))) + assert.True(t, IsSVGImageFile([]byte(` + + + `))) + assert.True(t, IsSVGImageFile([]byte(` + + `))) + assert.False(t, IsSVGImageFile([]byte{})) + assert.False(t, IsSVGImageFile([]byte("svg"))) + assert.False(t, IsSVGImageFile([]byte(""))) + assert.False(t, IsSVGImageFile([]byte("text"))) + assert.False(t, IsSVGImageFile([]byte(""))) + assert.False(t, IsSVGImageFile([]byte(``))) + assert.False(t, IsSVGImageFile([]byte(` + `))) + assert.False(t, IsSVGImageFile([]byte(` + + `))) +} + func TestFormatNumberSI(t *testing.T) { assert.Equal(t, "125", FormatNumberSI(int(125))) assert.Equal(t, "1.3k", FormatNumberSI(int64(1317))) diff --git a/modules/setting/setting.go b/modules/setting/setting.go index a98a97950b..8ab4508ce5 100644 --- a/modules/setting/setting.go +++ b/modules/setting/setting.go @@ -190,6 +190,10 @@ var ( EventSourceUpdateTime time.Duration } `ini:"ui.notification"` + SVG struct { + Enabled bool `ini:"ENABLE_RENDER"` + } `ini:"ui.svg"` + Admin struct { UserPagingNum int RepoPagingNum int @@ -230,6 +234,11 @@ var ( MaxTimeout: 60 * time.Second, EventSourceUpdateTime: 10 * time.Second, }, + SVG: struct { + Enabled bool `ini:"ENABLE_RENDER"` + }{ + Enabled: true, + }, Admin: struct { UserPagingNum int RepoPagingNum int diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 5f21c75f76..48a43aa901 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -823,6 +823,8 @@ tag = Tag released_this = released this file_raw = Raw file_history = History +file_view_source = View Source +file_view_rendered = View Rendered file_view_raw = View Raw file_permalink = Permalink file_too_large = The file is too large to be shown. diff --git a/routers/repo/download.go b/routers/repo/download.go index 2f1f2d3c47..f04dac6aa5 100644 --- a/routers/repo/download.go +++ b/routers/repo/download.go @@ -46,6 +46,11 @@ func ServeData(ctx *context.Context, name string, reader io.Reader) error { } else if base.IsImageFile(buf) || base.IsPDFFile(buf) { ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`inline; filename="%s"`, name)) ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition") + if base.IsSVGImageFile(buf) { + ctx.Resp.Header().Set("Content-Security-Policy", "default-src 'none'; style-src 'unsafe-inline'; sandbox") + ctx.Resp.Header().Set("X-Content-Type-Options", "nosniff") + ctx.Resp.Header().Set("Content-Type", base.SVGMimeType) + } } else { ctx.Resp.Header().Set("Content-Disposition", fmt.Sprintf(`attachment; filename="%s"`, name)) ctx.Resp.Header().Set("Access-Control-Expose-Headers", "Content-Disposition") diff --git a/routers/repo/editor.go b/routers/repo/editor.go index 1ee557a4fd..7538c4cdaa 100644 --- a/routers/repo/editor.go +++ b/routers/repo/editor.go @@ -114,9 +114,9 @@ func editFile(ctx *context.Context, isNewFile bool) { n, _ := dataRc.Read(buf) buf = buf[:n] - // Only text file are editable online. - if !base.IsTextFile(buf) { - ctx.NotFound("base.IsTextFile", nil) + // Only some file types are editable online as text. + if !base.IsRepresentableAsText(buf) { + ctx.NotFound("base.IsRepresentableAsText", nil) return } diff --git a/routers/repo/lfs.go b/routers/repo/lfs.go index 01bbd192bc..fb0e3b10ea 100644 --- a/routers/repo/lfs.go +++ b/routers/repo/lfs.go @@ -279,14 +279,19 @@ func LFSFileGet(ctx *context.Context) { } buf = buf[:n] - isTextFile := base.IsTextFile(buf) - ctx.Data["IsTextFile"] = isTextFile + ctx.Data["IsTextFile"] = base.IsTextFile(buf) + isRepresentableAsText := base.IsRepresentableAsText(buf) fileSize := meta.Size ctx.Data["FileSize"] = meta.Size ctx.Data["RawFileLink"] = fmt.Sprintf("%s%s.git/info/lfs/objects/%s/%s", setting.AppURL, ctx.Repo.Repository.FullName(), meta.Oid, "direct") switch { - case isTextFile: + case isRepresentableAsText: + // This will be true for SVGs. + if base.IsImageFile(buf) { + ctx.Data["IsImageFile"] = true + } + if fileSize >= setting.UI.MaxDisplayFileSize { ctx.Data["IsFileTooLarge"] = true break diff --git a/routers/repo/view.go b/routers/repo/view.go index 8f010490c3..fdb8d5f136 100644 --- a/routers/repo/view.go +++ b/routers/repo/view.go @@ -396,6 +396,20 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st isLFSFile := false ctx.Data["IsTextFile"] = isTextFile + isDisplayingSource := ctx.Query("display") == "source" + isDisplayingRendered := !isDisplayingSource + isRepresentableAsText := base.IsRepresentableAsText(buf) + ctx.Data["IsRepresentableAsText"] = isRepresentableAsText + if !isRepresentableAsText { + // If we can't show plain text, always try to render. + isDisplayingSource = false + isDisplayingRendered = true + } + ctx.Data["IsDisplayingSource"] = isDisplayingSource + ctx.Data["IsDisplayingRendered"] = isDisplayingRendered + + ctx.Data["IsTextSource"] = isTextFile || isDisplayingSource + //Check for LFS meta file if isTextFile && setting.LFS.StartServer { meta := lfs.IsPointerFile(&buf) @@ -451,12 +465,18 @@ func renderFile(ctx *context.Context, entry *git.TreeEntry, treeLink, rawLink st // Assume file is not editable first. if isLFSFile { ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.cannot_edit_lfs_files") - } else if !isTextFile { + } else if !isRepresentableAsText { ctx.Data["EditFileTooltip"] = ctx.Tr("repo.editor.cannot_edit_non_text_files") } switch { - case isTextFile: + case isRepresentableAsText: + // This will be true for SVGs. + if base.IsImageFile(buf) { + ctx.Data["IsImageFile"] = true + ctx.Data["HasSourceRenderedToggle"] = true + } + if fileSize >= setting.UI.MaxDisplayFileSize { ctx.Data["IsFileTooLarge"] = true break diff --git a/templates/repo/view_file.tmpl b/templates/repo/view_file.tmpl index 86de599fb2..15a8a589f1 100644 --- a/templates/repo/view_file.tmpl +++ b/templates/repo/view_file.tmpl @@ -32,12 +32,18 @@ {{if not .ReadmeInList}}
+ {{if .HasSourceRenderedToggle}} + + {{end}}
{{.i18n.Tr "repo.file_raw"}} {{if not .IsViewCommit}} {{.i18n.Tr "repo.file_permalink"}} {{end}} - {{if .IsTextFile}} + {{if .IsRepresentableAsText}} {{.i18n.Tr "repo.blame"}} {{end}} {{.i18n.Tr "repo.file_history"}} @@ -58,12 +64,12 @@ {{end}}
-
+
{{if .IsMarkup}} {{if .FileContent}}{{.FileContent | Safe}}{{end}} {{else if .IsRenderedHTML}}
{{if .FileContent}}{{.FileContent | Str2html}}{{end}}
- {{else if not .IsTextFile}} + {{else if not .IsTextSource}}
{{if .IsImageFile}}