From 682adbc0cad2baa1a6119013b166f52de3ee3352 Mon Sep 17 00:00:00 2001
From: Johan Herland <johan@herland.net>
Date: Mon, 15 Nov 2010 20:40:43 +0100
Subject: scan_path(): Improve handling of inaccessible directories

When scanning a tree containing inaccessible directories (e.g. '.ssh'
directories in users' homedirs, or repos with explicitly restricted access),
scan_path() currently causes three lines of "Permissions denied" errors to be
printed to the CGI error log per inaccessible directory:

  Error checking path /home/foo/.ssh: Permission denied (13)
  Error checking path /home/foo/.ssh/.git: Permission denied (13)
  Error opening directory /home/foo/.ssh: Permission denied (13)

This is a side-effect of calling is_git_dir(path) and
is_git_dir(fmt("%s/.git", path) _before_ we try to opendir(path).

By placing the opendir(path) before the two is_git_dir() calls, we reduce the
noise to a single line per inaccessible directory:

  Error opening directory /home/foo/.ssh: Permission denied (13)

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
---
 scan-tree.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

(limited to 'scan-tree.c')

diff --git a/scan-tree.c b/scan-tree.c
index a0e09ce..eda8c67 100644
--- a/scan-tree.c
+++ b/scan-tree.c
@@ -159,24 +159,23 @@ static void add_repo(const char *base, const char *path, repo_config_fn fn)
 
 static void scan_path(const char *base, const char *path, repo_config_fn fn)
 {
-	DIR *dir;
+	DIR *dir = opendir(path);
 	struct dirent *ent;
 	char *buf;
 	struct stat st;
 
+	if (!dir) {
+		fprintf(stderr, "Error opening directory %s: %s (%d)\n",
+			path, strerror(errno), errno);
+		return;
+	}
 	if (is_git_dir(path)) {
 		add_repo(base, path, fn);
-		return;
+		goto end;
 	}
 	if (is_git_dir(fmt("%s/.git", path))) {
 		add_repo(base, fmt("%s/.git", path), fn);
-		return;
-	}
-	dir = opendir(path);
-	if (!dir) {
-		fprintf(stderr, "Error opening directory %s: %s (%d)\n",
-			path, strerror(errno), errno);
-		return;
+		goto end;
 	}
 	while((ent = readdir(dir)) != NULL) {
 		if (ent->d_name[0] == '.') {
@@ -202,6 +201,7 @@ static void scan_path(const char *base, const char *path, repo_config_fn fn)
 			scan_path(base, buf, fn);
 		free(buf);
 	}
+end:
 	closedir(dir);
 }
 
-- 
cgit v1.2.3-54-g00ecf


From df522794c38934be3229a11e0e2432a1f2a3bc8d Mon Sep 17 00:00:00 2001
From: Johan Herland <johan@herland.net>
Date: Mon, 15 Nov 2010 20:41:00 +0100
Subject: scan_path(): Do not recurse into hidden directories by default

Paths that start with a period ('.') are considered hidden in the Unix world.
scan_path() should arguably not recurse into these directories by default.
This patch makes it so, and introduces the "scan-hidden-path" config variable
for overriding the new default and revert to the old behaviour (scanning _all_
directories, including hidden .directories).

Signed-off-by: Johan Herland <johan@herland.net>
Signed-off-by: Lars Hjemli <larsh@prediktor.no>
---
 cgit.c       | 3 +++
 cgit.h       | 1 +
 cgitrc.5.txt | 8 ++++++++
 scan-tree.c  | 2 ++
 4 files changed, 14 insertions(+)

(limited to 'scan-tree.c')

diff --git a/cgit.c b/cgit.c
index 412fbf0..6a76281 100644
--- a/cgit.c
+++ b/cgit.c
@@ -195,6 +195,8 @@ void config_cb(const char *name, const char *value)
 				      ctx.cfg.project_list, repo_config);
 		else
 			scan_tree(expand_macros(value), repo_config);
+	else if (!strcmp(name, "scan-hidden-path"))
+		ctx.cfg.scan_hidden_path = atoi(value);
 	else if (!strcmp(name, "section-from-path"))
 		ctx.cfg.section_from_path = atoi(value);
 	else if (!strcmp(name, "source-filter"))
@@ -315,6 +317,7 @@ static void prepare_context(struct cgit_context *ctx)
 	ctx->cfg.robots = "index, nofollow";
 	ctx->cfg.root_title = "Git repository browser";
 	ctx->cfg.root_desc = "a fast webinterface for the git dscm";
+	ctx->cfg.scan_hidden_path = 0;
 	ctx->cfg.script_name = CGIT_SCRIPT_NAME;
 	ctx->cfg.section = "";
 	ctx->cfg.summary_branches = 10;
diff --git a/cgit.h b/cgit.h
index f5f68ac..ad94905 100644
--- a/cgit.h
+++ b/cgit.h
@@ -207,6 +207,7 @@ struct cgit_config {
 	int noheader;
 	int renamelimit;
 	int remove_suffix;
+	int scan_hidden_path;
 	int section_from_path;
 	int snapshots;
 	int summary_branches;
diff --git a/cgitrc.5.txt b/cgitrc.5.txt
index 8e51ca5..1dc3cce 100644
--- a/cgitrc.5.txt
+++ b/cgitrc.5.txt
@@ -269,6 +269,14 @@ root-title::
 	Text printed as heading on the repository index page. Default value:
 	"Git Repository Browser".
 
+scan-hidden-path::
+	If set to "1" and scan-path is enabled, scan-path will recurse into
+	directories whose name starts with a period ('.'). Otherwise,
+	scan-path will stay away from such directories (considered as
+	"hidden"). Note that this does not apply to the ".git" directory in
+	non-bare repos. This must be defined prior to scan-path.
+	Default value: 0. See also: scan-path.
+
 scan-path::
 	A path which will be scanned for repositories. If caching is enabled,
 	the result will be cached as a cgitrc include-file in the cache
diff --git a/scan-tree.c b/scan-tree.c
index eda8c67..627af1b 100644
--- a/scan-tree.c
+++ b/scan-tree.c
@@ -183,6 +183,8 @@ static void scan_path(const char *base, const char *path, repo_config_fn fn)
 				continue;
 			if (ent->d_name[1] == '.' && ent->d_name[2] == '\0')
 				continue;
+			if (!ctx.cfg.scan_hidden_path)
+				continue;
 		}
 		buf = malloc(strlen(path) + strlen(ent->d_name) + 2);
 		if (!buf) {
-- 
cgit v1.2.3-54-g00ecf