cgi/tagproj.cgi

   1 #!/usr/bin/perl
   2 # (c) Petr Baudis <pasky@suse.cz>
   3 # GPLv2
   4
   5 use strict;
   6 use warnings;
   7
   8 use lib "__BASEDIR__";
   9 use Girocco::Config;
  10 use Girocco::CGI;
  11 use Girocco::Project;
  12 use Girocco::Util;
  13 use CGI;
  14
  15 our $cgi = CGI->new;
  16 $cgi->charset('UTF-8');
  17
  18 my $pname = to_utf8($cgi->param('p'), 1);
  19 my $ctags = to_utf8($cgi->param('t'), 1);
  20 defined $pname or $pname = '';
  21 defined $ctags or $ctags = '';
  22 $pname =~ s/\.git$//;
  23
  24 if ($cgi->request_method ne 'POST' || $pname eq '') {
  25         print $cgi->header(-status=>403);
  26         print "<p>Invalid data. Go away, sorcerer.</p>\n";
  27         exit;
  28 }
  29
  30 my $proj = Girocco::Project::does_exist($pname, 1) && Girocco::Project->load($pname);
  31 if (not $proj) {
  32         print $cgi->header(-status=>404);
  33         print "<p>Project \"".html_esc($pname)."\" does not exist.</p>";
  34         exit;
  35 }
  36
  37 my $refproj = $ENV{'HTTP_REFERER'};
  38 defined($refproj) or $refproj = "";
  39 $refproj = url_path($refproj);
  40 $refproj =~ s{^/w/}{/};
  41 my $projurl = url_path($Girocco::Config::gitweburl, 1) . $pname . ".git";
  42 $projurl =~ s{^/w/}{/};
  43 if ($refproj ne $projurl) {
  44         print $cgi->header(-status=>403);
  45         print "<p>Invalid request. Go away, sorcerer.</p>\n";
  46         exit;
  47 }
  48
  49 if ($ctags =~ /[^ a-zA-Z0-9:.+#_-]/) {
  50         print $cgi->header(-status=>403);
  51         print "<p>Content tag(s) '".html_esc($ctags)."' contain evil characters.</p>";
  52         exit;
  53 }
  54
  55 my $oldmask = umask();
  56 umask($oldmask & ~0060);
  57 my $changed;
  58 foreach my $ctag (split(/ /, $ctags)) {
  59         $changed = 1 if $proj->add_ctag($ctag, 1);
  60 }
  61 if ($changed) {
  62         $proj->_set_changed;
  63         $proj->_set_forkchange;
  64 }
  65 umask($oldmask);
  66
  67 print $cgi->header(-status=>303, -location=>"@{[url_path($Girocco::Config::gitweburl)]}/$pname.git");