Code Vault

xaizek / rocketgit (License: AGPLv3+) (since 2018-12-09)

Light and fast Git hosting solution suitable to serve both as a hub or as a personal code storage with its tickets, pull requests, API and much more.

Clone URLs: https://code.reversed.top/user/xaizek/rocketgit ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

Commit 553d3374edc1c93cb5af6d5807ead7d862fc5b61

Checkpoint: apply xss protection only on output
Author: Catalin(ux) M. BOIE
Author date (UTC): 2015-03-05 22:14
Committer name: Catalin(ux) M. BOIE
Committer date (UTC): 2015-03-05 22:14
Parent(s): 823f8f1ff43c8db148d2b642da87ac10dc67543e
Signing key:
Tree: 994f09f94b985b69961e6383970878a646b920fa

File	Lines added	Lines deleted
History.txt	2	0
TODO	46	14
inc/admin.inc.php	159	0
inc/admin/admin.php	4	0
inc/admin/plans/plans.php	3	1
inc/admin/repos/repos.php	8	14
inc/admin/users/users.php	8	18
inc/bug.inc.php	9	7
inc/cache.inc.php	1	0
inc/events.inc.php	1	1
inc/git.inc.php	1	2
inc/keys.inc.php	2	1
inc/mr.inc.php	1	0
inc/plan.inc.php	16	11
inc/repo.inc.php	13	39
inc/rights.inc.php	3	2
inc/sql.inc.php	1	0
inc/user.inc.php	16	12
inc/util.inc.php	27	44
inc/watch.inc.php	1	0
root/index.php	1	0
root/themes/default/admin/invites/invites.html	29	0
root/themes/default/admin/invites/sent.html	1	1
root/themes/default/admin/menu.html	5	4
root/themes/default/admin/plans/add_edit.html	21	21
root/themes/default/admin/plans/list/line.html	1	1
root/themes/default/admin/plans/menu.html	3	3
root/themes/default/admin/repos/menu.html	6	0
root/themes/default/admin/users/menu.html	6	0
root/themes/default/index.html	33	45
root/themes/default/mail/user/repo/bug/new.body.txt	7	7
root/themes/default/mail/user/repo/bug/new.subj.txt	1	1
root/themes/default/mail/user/repo/bug/new_note.body.txt	4	4
root/themes/default/mail/user/repo/bug/new_note.subj.txt	1	1
root/themes/default/main.css	74	43
root/themes/default/repo/add_edit.html	9	9
root/themes/default/repo/bug/b_close.html	1	1
root/themes/default/repo/bug/b_edit.html	1	1
root/themes/default/repo/bug/b_reopen.html	1	1
root/themes/default/repo/bug/b_unwatch.html	1	1
root/themes/default/repo/bug/b_watch.html	1	1
root/themes/default/repo/bug/bug_add_edit.html	9	9
root/themes/default/repo/bug/list/line.html	7	7
root/themes/default/repo/bug/not_found.html	1	1
root/themes/default/repo/bug/note_add.html	1	1
root/themes/default/repo/bug/show.html	12	12
root/themes/default/repo/create_ok.html	1	1
root/themes/default/repo/edit_ok.html	1	1
root/themes/default/repo/main.html	8	8
root/themes/default/repo/menu.html	5	5
root/themes/default/suggestion.html	1	1
root/themes/default/user/add_edit.html	2	1
root/themes/default/user/repo/menu.html	5	5
root/themes/default/user/repo/rights/list_repo/line.html	1	1
root/themes/default/user/repo/rights/list_repo_path/line.html	1	1
root/themes/default/user/repo/rights/list_repo_refs/line.html	1	1
root/themes/default/user/settings/menu.html	4	4
samples/rg.conf	3	7
scripts/cron.php	6	3
scripts/events.php	1	0
tests/Makefile	14	1
tests/bug.php	4	15
tests/config.php	2	2
tests/email.php	1	1
tests/helpers.inc.php	113	0
tests/hook_update_help.php	5	28
tests/http.inc.php	20	6
tests/http_admin.php	85	0
tests/http_bug.php	146	0
tests/http_create_account.php	5	7
tests/http_csrf.php	1	3
tests/http_settings.php	6	6
tests/keys.php	2	1
tests/repo.php	9	17
tests/util.php	2	2

File History.txt changed (mode: 100644) (index f4b3527..46759b7)
	1		History from RocketGit point-of-view
1	2
2	3	2015-01-24 - Created first official RocketGit server (rg2), thanks to Petre.	2015-01-24 - Created first official RocketGit server (rg2), thanks to Petre.
	4		2015-03-04 - Gitorious aquired by Gitlab

File TODO changed (mode: 100644) (index 720c2b6..56be1d1)
5	5	accounts. After this, I will remove this plan?	accounts. After this, I will remove this plan?
6	6	[ ] In mail-ul phase1, ar trebui adaugata si misiunea acestui proiect.	[ ] In mail-ul phase1, ar trebui adaugata si misiunea acestui proiect.
7	7	Eventual un FAQ care sa contina si cum vom sustine acest proiect	Eventual un FAQ care sa contina si cum vom sustine acest proiect
8		din punct de vedere financiar.
9		[ ] Admin section is not working!
10		[ ] "Running since" apare cu "?"! Rezolvat, dar se pare ca cache-uim raspunsuri
11		negative de la cache daemon. Vrem asta?!
12		[ ] Nu pot sa adaug bug-uri (nu apare form-ul si nici hint-urile)!
	8		din punct de vedere financiar. Nu uita de repo-uri privat/publice.
13	9	[ ] Se pare ca sesiunea expira, indifierent daca e activa (apas butoane)!	[ ] Se pare ca sesiunea expira, indifierent daca e activa (apas butoane)!
14		[ ] authorized_keys is missing from 'state' table. Is normal?
15		[ ] 'first_install' is not present in 'state' table.
16		[ ] Move into cron the duty for setting first_install and install_id!
17		Maybe other stuff also.
18		[ ] Seems I cache not set values: first_install is still "?"!
19		[ ] Drop OUTPUT to prevent some attacks? Document in README?
20		[ ] git_diff2array is not parsing correctly the diff --git header.
21		[ ] Fix rg_git_diff to take in consideration last flags and fields from
22		diff2array.
	10		[ ] Convert var.subvar to var::subvar because php replaces '.' with '_'!
	11		[ ] Accessing a file with '"' inside, is not working.
	12		See rocketgit.com/user/catalinux/test1/source/tree/blob/"xx\"yy"
	13		[ ] First page: our mission, how do I install it etc.?
	14		[ ] In mail trebuie sa existe un link catre site-ul principal.
	15		[ ] themes/default/repo/bug/note_add.html. @@note@@ is correct?
	16		[ ] In themes/default/mail/* are we allowed with '.'? Should be '::'?
	17		[ ] Seems we are stuck processing events in events.php daemon because we are
	18		stuck in 'accept'. We should keep processing the events queue.
	19		[ ] phase1: add in mail a text like: "...any info ... reply to this e-mail"
	20		[ ] Check 'description_nice' and apply this everywhere. Maybe we should unset
	21		'description', so people will not be tempted to use it.
	22		Maybe just overwrite 'description'. And then continue with 'note'
	23		unit testing.
	24		Planul este sa auditez peste tot dca folosesc variabile luate cu
	25		rg_var_str, rg_var_re & rg_var_cookie_re. si le trintesc pe
	26		output fara a le trece prin template sau rg_xss_safe.
	27		Apoi, ar trebui sa fac si nl2br pe toate textele, just in case.
	28		Nu e OK. Trebuie doar pentru anumite cazuri: la o descriere pe pagina
	29		proiectului, e nevoie. Dar intr-un form, in textarea, nu e nevoie.
	30		Apoi as putea elimina description_nice.
	31		Am o idee. Sa introduc un string de forma '<xss>' in toate cimpurile
	32		folosite la unit testing si apoi sa testez prezenta acestor cimpuri
	33		in output-ul curl-ului. Daca e prezent, buba!
	34		[ ] Test closing a bug/watch/unwatch/etc.
23	35	[ ]	[ ]
24	36
25	37	== BEFORE NEXT RELEASE ==	== BEFORE NEXT RELEASE ==
	38		[ ] Before custom hooks, allow enforcing a custom regex for a commit.
	39		[ ] rg_repo_delete trebuie sa stearga si rights si bugs si notes si bug files
	40		si watch-uri.
	41		[ ] For unit testing, we need to pass a debug para in http requests and the
	42		mails to be saved in a folder, so we can parse them and verify them.
	43		[ ] Expose "git reflog".
	44		[ ] Should I allow state select when adding a bug? Better to consider it open?
	45		[ ] Add regex for label filtering, maybe for other fields?
	46		[ ] Add regex for search?
	47		[ ] When showing diff, for the list of files, make links to chunks inside page.
	48		[ ] php-opcache in docs?
	49		[ ] Drop OUTPUT to prevent some attacks? Document in README?
	50		[ ] Seems I cache not set values: first_install is still "?"!
	51		[ ] Move into cron the duty for setting first_install and install_id!
	52		Maybe other stuff also.
	53		[ ] 'first_install' is not present in 'state' table.
	54		[ ] authorized_keys is missing from 'state' table. Is normal?
	55		[ ] "Running since" apare cu "?"! Rezolvat, dar se pare ca cache-uim raspunsuri
	56		negative de la cache daemon. Vrem asta?!
	57		[ ] Admin section is not working!
26	58	[ ] Replace -=ROCKETGIT=- with a random generated code.	[ ] Replace -=ROCKETGIT=- with a random generated code.
27	59	[ ] La mail-ul de creare repo, las prea mult spatiu intre "Hello!" si "Repo is".	[ ] La mail-ul de creare repo, las prea mult spatiu intre "Hello!" si "Repo is".
28	60	[ ] Seems I cannot reliable kill cache.php. It becomes a zombie!	[ ] Seems I cannot reliable kill cache.php. It becomes a zombie!

File inc/admin.inc.php added (mode: 100644) (index 0000000..81381f6)
	1	<?php
	2	$INC = isset($INC) ? $INC : dirname(__FILE__);
	3	require_once($INC . "/user.inc.php");
	4
	5	/*
	6	* Event functions
	7	*/
	8	$rg_admin_functions = array(
	9	6000 => "rg_admin_invite",
	10	6001 => "rg_admin_invite_one"
	11	);
	12	rg_event_register_functions($rg_admin_functions);
	13
	14	/*
	15	* Event for invites
	16	*/
	17	function rg_admin_invite($db, $event)
	18	{
	19	$ret = array();
	20
	21	rg_log_ml("DEBUG: event[list]=" . print_r($event['list'], TRUE));
	22	foreach ($event['list'] as $line) {
	23	$line = trim($line);
	24	if (empty($line))
	25	continue;
	26
	27	$t = explode('\|', $line, 2);
	28
	29	$ret[] = array_merge($event,
	30	array(
	31	'category' => 6001,
	32	'prio' => 100,
	33	'email' => trim($t[0]),
	34	'name' => trim($t[1])
	35	)
	36	);
	37	}
	38
	39	return $ret;
	40	}
	41
	42	/*
	43	* Event for invites (one e-mail version)
	44	*/
	45	function rg_admin_invite_one($db, $event)
	46	{
	47	global $rg_admin_email;
	48
	49	$rg = array();
	50	$subject = preg_replace('/{NAME}/', $event['name'], $event['subject']);
	51	$subject = "=?UTF-8?B?" . base64_encode(trim($subject)) . "?=";
	52	$header = rg_template("mail/common.head.txt", $rg);
	53	$body = preg_replace('/{NAME}/', $event['name'], $event['body']);
	54
	55	$r = mail($event['email'], $subject, $body, $header,
	56	"-f $rg_admin_email");
	57
	58	if ($r === FALSE)
	59	return FALSE;
	60
	61	return array();
	62	}
	63
	64	/*
	65	* Deals with invites
	66	*/
	67	function rg_admin_invites_high_level($db, $rg)
	68	{
	69	rg_log_enter("rg_admin_invites_high_level");
	70
	71	$ret = "";
	72
	73	$inv = array();
	74	$inv['list'] = "";
	75	$inv['subject'] = "";
	76	$inv['body'] = "";
	77
	78	$errmsg = array();
	79	$show_form = TRUE;
	80	while (1) {
	81	if (rg_var_int("doit") == 0)
	82	break;
	83
	84	$inv['list'] = rg_var_str("inv::list");
	85	$inv['subject'] = rg_var_str("inv::subject");
	86	$inv['body'] = rg_var_str("inv::body");
	87
	88	if (!rg_valid_referer()) {
	89	$errmsg[] = "invalid referer; try again";
	90	break;
	91	}
	92
	93	if (!rg_token_valid($db, $rg, FALSE)) {
	94	$errmsg[] = "invalid token; try again";
	95	break;
	96	}
	97
	98	if (empty($inv['list'])) {
	99	$errmsg[] = "list is empty";
	100	break;
	101	}
	102
	103	if (empty($inv['subject'])) {
	104	$errmsg[] = "subject is empty";
	105	break;
	106	}
	107
	108	if (empty($inv['body'])) {
	109	$errmsg[] = "body is empty";
	110	break;
	111	}
	112
	113	$list = explode("\n", trim($inv['list']));
	114	foreach ($list as $line) {
	115	$line = trim($line);
	116	if (empty($line))
	117	continue;
	118
	119	$t = explode('\|', $line, 2);
	120	if (count($t) != 2) {
	121	$errmsg[] = 'invalid line: ' . rg_xss_safe($line);
	122	} else {
	123	if (!strstr($t[0], '@'))
	124	$errmsg[] = 'invalid e-mail in line: ' . rg_xss_safe($line);
	125	}
	126	}
	127	if (!empty($errmsg))
	128	break;
	129
	130	$event = array(
	131	'category' => 6000,
	132	'prio' => 50);
	133	$event = array_merge($event, $inv);
	134	$event['list'] = $list;
	135	$r = rg_event_add($db, $event);
	136	if ($r !== TRUE) {
	137	$errmsg[] = "cannot add event (" . rg_event_error() . ")";
	138	break;
	139	}
	140
	141	rg_event_signal_daemon("", 0);
	142
	143	$ret .= rg_template("admin/invites/sent.html", $rg);
	144	$show_form = FALSE;
	145	break;
	146	}
	147
	148	if ($show_form) {
	149	$rg['inv'] = $inv;
	150	$rg['HTML:errmsg'] = rg_template_errmsg($errmsg);
	151	$rg['rg_form_token'] = rg_token_get($db, $rg);
	152	$ret .= rg_template("admin/invites/invites.html", $rg);
	153	}
	154
	155	rg_log_exit();
	156	return $ret;
	157	}
	158
	159	?>

File inc/admin/admin.php changed (mode: 100644) (index 5e31f9d..da00594)
...	...	case 'repos': // repos
25	25	include($INC . "/admin/repos/repos.php");	include($INC . "/admin/repos/repos.php");
26	26	$_admin .= $_admin_repos;	$_admin .= $_admin_repos;
27	27	break;	break;
	28
	29		case 'invites': // invites
	30		$_admin = rg_admin_invites_high_level($db, $rg);
	31		break;
28	32	}	}
29	33
30	34	$rg['menu']['sub1'][$_subop] = 1;	$rg['menu']['sub1'][$_subop] = 1;

File inc/admin/plans/plans.php changed (mode: 100644) (index e35fd30..0b5ae6c)
...	...	rg_log("FILE: /inc/admin/plans/plans");
4	4	$_admin_plans = "";	$_admin_plans = "";
5	5
6	6	$_op = empty($paras) ? "list" : array_shift($paras);	$_op = empty($paras) ? "list" : array_shift($paras);
	7		rg_log("DEBUG: _op=$_op sparas=" . rg_array2string($paras));
7	8	switch ($_op) {	switch ($_op) {
8	9	case 'list': // list	case 'list': // list
9	10	$_admin_plans .= rg_plan_list_high_level($db, $rg);	$_admin_plans .= rg_plan_list_high_level($db, $rg);
10	11	break;	break;
11	12
12	13	case 'edit': // edit	case 'edit': // edit
13		$rg['id'] = empty($paras) ? 0 : array_shift($paras);
	14		$rg['pi'] = array();
	15		$rg['pi']['id'] = empty($paras) ? 0 : array_shift($paras);
14	16	// no break here	// no break here
15	17	case 'add': // add	case 'add': // add
16	18	$_admin_plans .= rg_plan_edit_high_level($db, $rg);	$_admin_plans .= rg_plan_edit_high_level($db, $rg);

File inc/admin/repos/repos.php changed (mode: 100644) (index 3c1288c..e1bce41)
...	...	$_admin_repos = "";
5	5
6	6	$_op = empty($paras) ? "list" : array_shift($paras);	$_op = empty($paras) ? "list" : array_shift($paras);
7	7
8		// menu
9		$_m = array(
10		"list" => array(
11		"text" => "List repositories",
12		"op" => "list"
13		),
14		"add" => array(
15		"text" => "Add repository",
16		"op" => "add"
17		)
18		);
19		rg_menu_add($rg_menu, $_m, $_op);
20
21	8	switch ($_op) {	switch ($_op) {
22		case 'list': // list
	9		case 'add':
	10		$_admin_repos .= "Not yet implemented";
	11		break;
	12
	13		default: // list
23	14	$_uid = 0;	$_uid = 0;
24	15	$_admin_repos .= rg_repo_list($db, $rg, "TODO: fix url", $_uid);	$_admin_repos .= rg_repo_list($db, $rg, "TODO: fix url", $_uid);
25	16	break;	break;
26	17	}	}
27	18
	19		$rg['menu']['sub2'][$_op] = 1;
	20		$rg['HTML:submenu2'] = rg_template("admin/repos/menu.html", $rg);
	21
28	22	?>	?>

File inc/admin/users/users.php changed (mode: 100644) (index f43d53f..e5db139)
...	...	$_op = empty($paras) ? "list" : array_shift($paras);
7	7	$target = empty($paras) ? "" : array_shift($paras);	$target = empty($paras) ? "" : array_shift($paras);
8	8	$target_ui = rg_user_info($db, 0, $target, "");	$target_ui = rg_user_info($db, 0, $target, "");
9	9
10		// menu
11		$_m = array(
12		"list" => array(
13		"text" => "List users",
14		"op" => "list"
15		),
16		"add" => array(
17		"text" => "Add user",
18		"op" => "add"
19		)
20		);
21		rg_menu_add($rg_menu, $_m, $_op);
22
23	10	// TODO: security: CSRF!	// TODO: security: CSRF!
24	11	$_show_list = 1;	$_show_list = 1;
25	12	switch ($_op) {	switch ($_op) {

...	...	case 'edit': // edit
32	19
33	20	case 'suspend':	case 'suspend':
34	21	if (!rg_user_suspend($db, $rg, $target_ui, 1))	if (!rg_user_suspend($db, $rg, $target_ui, 1))
35		$_admin_users .= rg_template("admin/users/bad_suspend.html");
	22		$_admin_users .= rg_template("admin/users/bad_suspend.html", $rg);
36	23	break;	break;
37	24
38	25	case 'unsuspend':	case 'unsuspend':
39	26	if (!rg_user_suspend($db, $rg, $target_ui, 0))	if (!rg_user_suspend($db, $rg, $target_ui, 0))
40		$_admin_users .= rg_template("admin/users/bad_unsuspend.html");
	27		$_admin_users .= rg_template("admin/users/bad_unsuspend.html", $rg);
41	28	break;	break;
42	29
43	30	case 'make_admin':	case 'make_admin':
44	31	if (!rg_user_make_admin($db, $rg, $target_ui, 1))	if (!rg_user_make_admin($db, $rg, $target_ui, 1))
45		$_admin_users .= rg_template("admin/users/bad_admin.html");
	32		$_admin_users .= rg_template("admin/users/bad_admin.html", $rg);
46	33	break;	break;
47	34
48	35	case 'remove_admin':	case 'remove_admin':
49	36	if (!rg_user_make_admin($db, $rg, $target_ui, 0))	if (!rg_user_make_admin($db, $rg, $target_ui, 0))
50		$_admin_users .= rg_template("admin/users/bad_unadmin.html");
	37		$_admin_users .= rg_template("admin/users/bad_unadmin.html", $rg);
51	38	break;	break;
52	39
53	40	case 'remove':	case 'remove':
54	41	if (!rg_user_remove($db, $rg, $target_ui))	if (!rg_user_remove($db, $rg, $target_ui))
55		$_admin_users .= rg_template("admin/users/bad_remove.html");
	42		$_admin_users .= rg_template("admin/users/bad_remove.html", $rg);
56	43	break;	break;
57	44	}	}
58	45
	46		$rg['menu']['sub2'][$_op] = 1;
	47		$rg['HTML:submenu2'] = rg_template("admin/users/menu.html", $rg);
	48
59	49	if ($_show_list == 1)	if ($_show_list == 1)
60	50	$_admin_users .= rg_user_list($db);	$_admin_users .= rg_user_list($db);
61	51

File inc/bug.inc.php changed (mode: 100644) (index c06caed..16a0f44)
...	...	function rg_bug_set_error($str)
14	14	{	{
15	15	global $rg_bug_error;	global $rg_bug_error;
16	16	$rg_bug_error = $str;	$rg_bug_error = $str;
	17		rg_log('set_error: ' . $str);
17	18	}	}
18	19
19	20	function rg_bug_error()	function rg_bug_error()

...	...	function rg_bug_event_add_one($db, $event)
64	65
65	66	// send e-mail	// send e-mail
66	67	$event['ui.email'] = $ui['email'];	$event['ui.email'] = $ui['email'];
67		$r = rg_mail("mail/user/repo/bug/new", $event);
	68		$r = rg_mail_template("mail/user/repo/bug/new", $event);
68	69	if ($r === FALSE)	if ($r === FALSE)
69	70	break;	break;
70	71

...	...	function rg_bug_event_note_add_one($db, $event)
139	140
140	141	// send e-mail	// send e-mail
141	142	$event['ui.email'] = $ui['email'];	$event['ui.email'] = $ui['email'];
142		$r = rg_mail("mail/user/repo/bug/new_note", $event);
	143		$r = rg_mail_template("mail/user/repo/bug/new_note", $event);
143	144	if ($r === FALSE)	if ($r === FALSE)
144	145	break;	break;
145	146

...	...	function rg_bug_cosmetic($db, &$row)
296	297	}	}
297	298
298	299	if (isset($row['body']))	if (isset($row['body']))
299		$row['HTML:body'] = nl2br($row['body']);
	300		$row['HTML:body'] = nl2br(rg_xss_safe($row['body']));
300	301
301	302	if (isset($row['itime']))	if (isset($row['itime']))
302	303	$row['creation'] = gmdate("Y-m-d H:i", $row['itime']);	$row['creation'] = gmdate("Y-m-d H:i", $row['itime']);

...	...	function rg_bug_note_list($db, $repo_id, $bug_id, $offset)
1079	1080	else	else
1080	1081	$row['owner'] = "?";	$row['owner'] = "?";
1081	1082
1082		$row['HTML:note'] = nl2br($row['note']);
	1083		$row['HTML:note'] = nl2br(rg_xss_safe($row['note']));
1083	1084	unset($row['note']);	unset($row['note']);
1084	1085
1085	1086	$ret[] = $row;	$ret[] = $row;

...	...	function rg_bug_label_html($db, $labels)
1242	1243	$a = array();	$a = array();
1243	1244	if (!empty($labels)) {	if (!empty($labels)) {
1244	1245	foreach ($labels as $label)	foreach ($labels as $label)
1245		$a[] = array("HTML:label" => $label);
	1246		$a[] = array("HTML:label" => rg_xss_safe($label));
1246	1247	}	}
1247	1248
1248	1249	$ret = rg_template_table("repo/bug/list_labels", $a, array());	$ret = rg_template_table("repo/bug/list_labels", $a, array());

...	...	function rg_bug_label_html($db, $labels)
1259	1260	function rg_bug_edit_high_level($db, &$rg)	function rg_bug_edit_high_level($db, &$rg)
1260	1261	{	{
1261	1262	rg_log_enter("rg_bug_edit_high_level");	rg_log_enter("rg_bug_edit_high_level");
	1263		rg_log_ml("DEBUG: rg: " . print_r($rg, TRUE));
1262	1264
1263	1265	$ret = "";	$ret = "";
1264	1266

...	...	function rg_bug_edit_high_level($db, &$rg)
1280	1282	break;	break;
1281	1283	}	}
1282	1284
	1285		$rg['bug'] = rg_array_merge($rg['bug'], "", rg_bug_vars());
	1286
1283	1287	if (!rg_valid_referer()) {	if (!rg_valid_referer()) {
1284	1288	$errmsg[] = "invalid referer; try again";	$errmsg[] = "invalid referer; try again";
1285	1289	break;	break;

...	...	function rg_bug_edit_high_level($db, &$rg)
1290	1294	break;	break;
1291	1295	}	}
1292	1296
1293		$rg['bug'] = rg_array_merge($rg['bug'], "", rg_bug_vars());
1294
1295	1297	$bug_id = rg_bug_edit($db, $rg['login_ui'], $rg['ri'],	$bug_id = rg_bug_edit($db, $rg['login_ui'], $rg['ri'],
1296	1298	$rg['bug']);	$rg['bug']);
1297	1299	if ($bug_id === FALSE) {	if ($bug_id === FALSE) {

File inc/cache.inc.php changed (mode: 100644) (index 63c3373..64df4a3)
...	...	function rg_cache_set_error($str)
27	27	{	{
28	28	global $rg_cache_error;	global $rg_cache_error;
29	29	$rg_cache_error = $str;	$rg_cache_error = $str;
	30		rg_log($str);
30	31	}	}
31	32
32	33	function rg_cache_error()	function rg_cache_error()

File inc/events.inc.php changed (mode: 100644) (index 8d75c78..fd65dda)
...	...	function rg_event_process_queue($db, &$notify_list)
238	238	. " FOR UPDATE"	. " FOR UPDATE"
239	239	. " LIMIT 100";	. " LIMIT 100";
240	240	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
241		$no_of_events = rg_sql_num_rows($res);
242	241	if ($res === FALSE) {	if ($res === FALSE) {
243	242	rg_event_set_error("Cannot load job list"	rg_event_set_error("Cannot load job list"
244	243	. " (" . rg_sql_error() . ")");	. " (" . rg_sql_error() . ")");
245	244	break;	break;
246	245	}	}
247	246
	247		$no_of_events = rg_sql_num_rows($res);
248	248	while (($row = rg_sql_fetch_array($res))) {	while (($row = rg_sql_fetch_array($res))) {
249	249	$params = array("id" => $row['id']);	$params = array("id" => $row['id']);
250	250

File inc/git.inc.php changed (mode: 100644) (index cd78d8e..363ea10)
...	...	$rg_git_error = "";
11	11	function rg_git_set_error($str)	function rg_git_set_error($str)
12	12	{	{
13	13	global $rg_git_error;	global $rg_git_error;
14
15		rg_log($str);
16	14	$rg_git_error = $str;	$rg_git_error = $str;
	15		rg_log($str);
17	16	}	}
18	17
19	18	function rg_git_error()	function rg_git_error()

File inc/keys.inc.php changed (mode: 100644) (index d47956d..f8a01cf)
...	...	function rg_keys_set_error($str)
10	10	{	{
11	11	global $rg_keys_error;	global $rg_keys_error;
12	12	$rg_keys_error = $str;	$rg_keys_error = $str;
	13		rg_log($str);
13	14	}	}
14	15
15	16	function rg_keys_error()	function rg_keys_error()

...	...	function rg_keys_event_notify_user($db, $event)
102	103	// TODO: Take care: we already deleted the keys. We cannot inspect	// TODO: Take care: we already deleted the keys. We cannot inspect
103	104	// them anymore! Maybe put info in the event.	// them anymore! Maybe put info in the event.
104	105
105		$r = rg_mail("mail/user/key/" . $event['op'], $event);
	106		$r = rg_mail_template("mail/user/key/" . $event['op'], $event);
106	107	if ($r === FALSE)	if ($r === FALSE)
107	108	return FALSE;	return FALSE;
108	109

File inc/mr.inc.php changed (mode: 100644) (index 6363762..55c15ea)
...	...	function rg_mr_set_error($str)
16	16	{	{
17	17	global $rg_mr_error;	global $rg_mr_error;
18	18	$rg_mr_error = $str;	$rg_mr_error = $str;
	19		rg_log($str);
19	20	}	}
20	21
21	22	function rg_mr_error()	function rg_mr_error()

File inc/plan.inc.php changed (mode: 100644) (index eac55df..25cafb8)
...	...	function rg_plan_set_error($str)
11	11	{	{
12	12	global $rg_plan_error;	global $rg_plan_error;
13	13	$rg_plan_error = $str;	$rg_plan_error = $str;
	14		rg_log($str);
14	15	}	}
15	16
16	17	function rg_plan_error()	function rg_plan_error()

...	...	function rg_plan_list($db)
155	156	$id = $row['id'];	$id = $row['id'];
156	157
157	158	// fixes	// fixes
158		$row['HTML:description'] = nl2br($row['description']);
	159		$row['HTML:description'] = nl2br(rg_xss_safe($row['description']));
159	160	unset($row['description']);	unset($row['description']);
160	161
161	162	$ret[$id] = $row;	$ret[$id] = $row;

...	...	function rg_plan_list_high_level($db, $rg)
256	257	}	}
257	258
258	259	$list = rg_var_str("delete_list");	$list = rg_var_str("delete_list");
	260
259	261	$r = rg_plan_remove($db, $list);	$r = rg_plan_remove($db, $list);
260	262	if ($r !== TRUE) {	if ($r !== TRUE) {
261	263	$rg['errmsg'] = rg_plan_error();	$rg['errmsg'] = rg_plan_error();

...	...	function rg_plan_edit_high_level($db, &$rg)
284	286	{	{
285	287	rg_log("plan_edit_high_level rg:" . rg_array2string($rg));	rg_log("plan_edit_high_level rg:" . rg_array2string($rg));
286	288
287		$id = rg_var_uint("pi.id");
	289		if (isset($rg['pi']['id']))
	290		$id = $rg['pi']['id'];
	291		else
	292		$id = 0;
288	293
289	294	$ret = "";	$ret = "";
290	295	$pi = array();	$pi = array();

...	...	function rg_plan_edit_high_level($db, &$rg)
319	324
320	325	$pi = array();	$pi = array();
321	326	$pi['id'] = $id;	$pi['id'] = $id;
322		$pi['name'] = rg_var_str("pi.name");
323		$pi['description'] = rg_var_str("pi.description");
324		$pi['disk_mb'] = rg_var_uint("pi.disk_mb");
325		$pi['users'] = rg_var_uint("pi.users");
326		$pi['bw'] = rg_var_uint("pi.bw");
327		$pi['speed'] = rg_var_uint("pi.speed");
328		$pi['position'] = rg_var_uint("pi.position");
329		$pi['max_public_repos'] = rg_var_uint("pi.max_public_repos");
330		$pi['max_private_repos'] = rg_var_uint("pi.max_private_repos");
	327		$pi['name'] = rg_var_str("pi::name");
	328		$pi['description'] = rg_var_str("pi::description");
	329		$pi['disk_mb'] = rg_var_uint("pi::disk_mb");
	330		$pi['users'] = rg_var_uint("pi::users");
	331		$pi['bw'] = rg_var_uint("pi::bw");
	332		$pi['speed'] = rg_var_uint("pi::speed");
	333		$pi['position'] = rg_var_uint("pi::position");
	334		$pi['max_public_repos'] = rg_var_uint("pi::max_public_repos");
	335		$pi['max_private_repos'] = rg_var_uint("pi::max_private_repos");
331	336
332	337	if (!rg_valid_referer()) {	if (!rg_valid_referer()) {
333	338	$errmsg[] = "invalid referer; try again";	$errmsg[] = "invalid referer; try again";

File inc/repo.inc.php changed (mode: 100644) (index dfb5451..0f698c4)
...	...	function rg_repo_event_notify_user($db, $event)
424	424	{	{
425	425	rg_prof_start("repo_event_notify_user");	rg_prof_start("repo_event_notify_user");
426	426
427		$r = rg_mail("mail/user/repo/" . $event['op'], $event);
	427		$r = rg_mail_template("mail/user/repo/" . $event['op'], $event);
428	428	if ($r === FALSE)	if ($r === FALSE)
429	429	return FALSE;	return FALSE;
430	430

...	...	function rg_repo_lookup_by_old_name($db, $uid, $old_name)
744	744
745	745	$ret = FALSE;	$ret = FALSE;
746	746	while (1) {	while (1) {
747		$c = rg_cache_get("repo_by_name::$uid::$old_name");
	747		$c = rg_cache_get("repo_by_old_name::$uid::$old_name");
748	748	if ($c !== FALSE) {	if ($c !== FALSE) {
749	749	$ret = $c;	$ret = $c;
750	750	break;	break;

...	...	function rg_repo_lookup_by_old_name($db, $uid, $old_name)
769	769	else	else
770	770	$ret = $row['repo_id'];	$ret = $row['repo_id'];
771	771
772		rg_cache_set("repo_by_name::$uid::$old_name", $ret);
	772		rg_cache_set("repo_by_old_name::$uid::$old_name", $ret);
773	773	break;	break;
774	774	}	}
775	775

...	...	function rg_repo_git_done($db, $repo_id)
1164	1164	return $ret;	return $ret;
1165	1165	}	}
1166	1166
1167		/*
1168		* High level function to delete rights ids
1169		*/
1170		function rg_repo_admin_delete_rights($db, $rg, $obj_id, &$errmsg)
1171		{
1172		$errmsg = array();
1173
1174		$list = rg_var_str("rights_delete_ids");
1175
1176		if (!rg_valid_referer()) {
1177		$errmsg[] = "invalid referer; try again";
1178		return;
1179		}
1180
1181		if (!rg_token_valid($db, $rg, FALSE)) {
1182		$errmsg[] = "invalid token; try again";
1183		return;
1184		}
1185
1186		$r = rg_repo_rights_delete_list($db, $obj_id, $list);
1187		if ($r === FALSE) {
1188		$errmsg[] = rg_rights_error();
1189		return;
1190		}
1191		}
1192
1193	1167	/*	/*
1194	1168	* High level function for Repo -> Admin -> Rights -> Repo/Refs/Path rights menu.	* High level function for Repo -> Admin -> Rights -> Repo/Refs/Path rights menu.
1195	1169	*/	*/

...	...	function rg_repo_admin_rights($db, $rg, $type)
1210	1184	$a['edit_id'] = rg_var_uint("edit_id");	$a['edit_id'] = rg_var_uint("edit_id");
1211	1185	$a['username'] = rg_var_str("username");	$a['username'] = rg_var_str("username");
1212	1186	$a['rights'] = rg_rights_a2s(rg_var_str("rights"));	$a['rights'] = rg_rights_a2s(rg_var_str("rights"));
1213		$a['misc'] = rg_var_str_core("misc");
	1187		$a['misc'] = rg_var_str("misc");
1214	1188	$a['ip'] = rg_var_str("ip");	$a['ip'] = rg_var_str("ip");
1215	1189	$a['prio'] = rg_var_uint("prio");	$a['prio'] = rg_var_uint("prio");
1216	1190	$a['description'] = rg_var_str("description");	$a['description'] = rg_var_str("description");

...	...	function rg_repo_edit_high_level($db, &$rg)
1441	1415	break;	break;
1442	1416	}	}
1443	1417
	1418		$rg['ri']['repo_id'] = rg_var_uint("repo_id");
	1419		$rg['ri']['master'] = rg_var_uint("master");
	1420		$rg['ri']['name'] = rg_var_str("name"); // TODO: filter name!
	1421		$rg['ri']['max_commit_size'] = rg_var_uint("max_commit_size");
	1422		$rg['ri']['description'] = rg_var_str("description");
	1423		$rg['ri']['public'] = rg_var_bool("public");
	1424		rg_repo_cosmetic($rg['ri']);
	1425		//rg_log_ml("CHECK: after repo edit: rg[ri]=" . print_r($rg['ri'], TRUE));
	1426
1444	1427	if (!rg_valid_referer()) {	if (!rg_valid_referer()) {
1445	1428	$errmsg[] = "invalid referer; try again";	$errmsg[] = "invalid referer; try again";
1446	1429	break;	break;

...	...	function rg_repo_edit_high_level($db, &$rg)
1452	1435	break;	break;
1453	1436	}	}
1454	1437
1455		$rg['ri']['repo_id'] = rg_var_uint("repo_id");
1456		$rg['ri']['master'] = rg_var_uint("master");
1457		$rg['ri']['name'] = rg_var_str("name"); // TODO: filter name!
1458		$rg['ri']['max_commit_size'] = rg_var_uint("max_commit_size");
1459		$rg['ri']['description'] = rg_var_str_core("description");
1460		$rg['ri']['public'] = rg_var_bool("public");
1461		rg_repo_cosmetic($rg['ri']);
1462		//rg_log_ml("CHECK: after repo edit: rg[ri]=" . print_r($rg['ri'], TRUE));
1463
1464	1438	$r = rg_repo_edit($db, $rg['login_ui'], $rg['ri']);	$r = rg_repo_edit($db, $rg['login_ui'], $rg['ri']);
1465	1439	if ($r === FALSE) {	if ($r === FALSE) {
1466	1440	$errmsg[] = rg_repo_error();	$errmsg[] = rg_repo_error();

File inc/rights.inc.php changed (mode: 100644) (index 7c93605..1daa749)
...	...	function rg_rights_set_error($str)
16	16	{	{
17	17	global $rg_rights_error;	global $rg_rights_error;
18	18	$rg_rights_error = $str;	$rg_rights_error = $str;
	19		rg_log($str);
19	20	}	}
20	21
21	22	function rg_rights_error()	function rg_rights_error()

...	...	function rg_rights_cosmetic($db, &$row)
211	212	$row['ip'] = "";	$row['ip'] = "";
212	213
213	214	if (empty($row['ip']))	if (empty($row['ip']))
214		$row['nice.ip'] = "Any";
	215		$row['ip_nice'] = "Any";
215	216	else	else
216		$row['nice.ip'] = $row['ip'];
	217		$row['ip_nice'] = $row['ip'];
217	218
218	219	if (!isset($row['description']))	if (!isset($row['description']))
219	220	$row['description'] = "";	$row['description'] = "";

File inc/sql.inc.php changed (mode: 100644) (index 51718f6..95b424a)
...	...	function rg_sql_set_error($str)
17	17	{	{
18	18	global $rg_sql_error;	global $rg_sql_error;
19	19	$rg_sql_error = $str;	$rg_sql_error = $str;
	20		rg_log($str);
20	21	}	}
21	22
22	23	function rg_sql_error()	function rg_sql_error()

File inc/user.inc.php changed (mode: 100644) (index 45838ef..0759ac2)
1	1	<?php	<?php
	2		$INC = isset($INC) ? $INC : dirname(__FILE__);
2	3	require_once($INC . "/util.inc.php");	require_once($INC . "/util.inc.php");
3	4	require_once($INC . "/log.inc.php");	require_once($INC . "/log.inc.php");
4	5	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");

...	...	function rg_user_set_error($str)
27	28	{	{
28	29	global $rg_user_error;	global $rg_user_error;
29	30	$rg_user_error = $str;	$rg_user_error = $str;
	31		rg_log($str);
30	32	}	}
31	33
32	34	function rg_user_error()	function rg_user_error()

...	...	function rg_user_event_notify_user($db, $event)
70	72	rg_log("user_event_notify_user: event=" . rg_array2string($event));	rg_log("user_event_notify_user: event=" . rg_array2string($event));
71	73
72	74	if (strcmp($event['op'], "rename") == 0) {	if (strcmp($event['op'], "rename") == 0) {
73		$r = rg_mail("mail/user/rename", $event);
	75		$r = rg_mail_template("mail/user/rename", $event);
74	76	} else {	} else {
75		$r = rg_mail("mail/user/welcome", $event);
	77		$r = rg_mail_template("mail/user/welcome", $event);
76	78	}	}
77	79	// TODO: we may want to return here an error?	// TODO: we may want to return here an error?
78	80

...	...	function rg_user_link_by_name($db, $event)
115	117	}	}
116	118
117	119	$by_id_rel = rg_user_path_by_id_rel($event['ui.uid']);	$by_id_rel = rg_user_path_by_id_rel($event['ui.uid']);
	120		if (is_link($by_name))
	121		unlink($by_name);
118	122	if (symlink($by_id_rel, $by_name) === FALSE) {	if (symlink($by_id_rel, $by_name) === FALSE) {
119	123	rg_user_set_error("cannot symlink $by_id_rel <- $by_name ($php_errormsg)!");	rg_user_set_error("cannot symlink $by_id_rel <- $by_name ($php_errormsg)!");
120	124	return FALSE;	return FALSE;

...	...	function rg_user_edit_high_level($db, &$rg)
1426	1430	if ($rg['doit'] != 1)	if ($rg['doit'] != 1)
1427	1431	break;	break;
1428	1432
1429		if (!rg_valid_referer()) {
1430		$errmsg[] = "invalid referer; try again";
1431		break;
1432		}
1433
1434		if (!rg_token_valid($db, $rg, FALSE)) {
1435		$errmsg[] = "invalid token; try again";
1436		break;
1437		}
1438
1439	1433	$ui = array();	$ui = array();
1440	1434	$ui['uid'] = $rg['target_ui']['uid'];	$ui['uid'] = $rg['target_ui']['uid'];
1441	1435	$ui['username'] = rg_var_str("username");	$ui['username'] = rg_var_str("username");

...	...	function rg_user_edit_high_level($db, &$rg)
1449	1443	$ui['session_time'] = rg_var_uint("session_time");	$ui['session_time'] = rg_var_uint("session_time");
1450	1444	$ui['confirm_token'] = rg_id(20);	$ui['confirm_token'] = rg_id(20);
1451	1445
	1446		if (!rg_valid_referer()) {
	1447		$errmsg[] = "invalid referer; try again";
	1448		break;
	1449		}
	1450
	1451		if (!rg_token_valid($db, $rg, FALSE)) {
	1452		$errmsg[] = "invalid token; try again";
	1453		break;
	1454		}
	1455
1452	1456	if (($rg['login_ui']['is_admin'] != 1) && ($ui['is_admin'] != 0)) {	if (($rg['login_ui']['is_admin'] != 1) && ($ui['is_admin'] != 0)) {
1453	1457	$errmsg[] = "you are not admin, you cannot give admin rights";	$errmsg[] = "you are not admin, you cannot give admin rights";
1454	1458	break;	break;

File inc/util.inc.php changed (mode: 100644) (index 2012982..a2710a5)
...	...	function rg_load()
144	144	return intval(file_get_contents("/proc/loadavg"));	return intval(file_get_contents("/proc/loadavg"));
145	145	}	}
146	146
	147		/*
	148		* Outputs a string to browser, XSS safe
	149		* Thanks OWASP!
	150		*/
	151		function rg_xss_safe($str)
	152		{
	153		return htmlspecialchars($str, ENT_QUOTES \| ENT_HTML401, 'UTF-8');
	154		}
	155
147	156	/*	/*
148	157	* Builds URLs	* Builds URLs
149	158	*/	*/

...	...	function rg_re_userpage($ui)
171	180	if ($ui['organization'] == 0)	if ($ui['organization'] == 0)
172	181	$prefix = "/user";	$prefix = "/user";
173	182
174		$s = $prefix . "/" . $ui['username'];
	183		$s = $prefix . "/" . rg_xss_safe($ui['username']);
175	184
176	185	return rg_re_url($s);	return rg_re_url($s);
177	186	}	}

...	...	function rg_re_repopage($ui, $repo_name)
185	194	exit(1);	exit(1);
186	195	}	}
187	196
188		$s = rg_re_userpage($ui) . "/" . $repo_name;
	197		$s = rg_re_userpage($ui) . "/" . rg_xss_safe($repo_name);
189	198
190	199	return rg_re_url($s);	return rg_re_url($s);
191	200	}	}

...	...	function rg_re_repo_ssh($organization, $user, $repo)
229	238	$prefix = "/user";	$prefix = "/user";
230	239
231	240	return "ssh://rocketgit@" . $rg_ssh_host . $port	return "ssh://rocketgit@" . $rg_ssh_host . $port
232		. $prefix . "/" . $user . "/" . $repo;
	241		. $prefix . "/" . rg_xss_safe($user) . "/" . rg_xss_safe($repo);
233	242	}	}
234	243
235	244	function rg_re_repo_git($organization, $user, $repo)	function rg_re_repo_git($organization, $user, $repo)

...	...	function rg_re_repo_git($organization, $user, $repo)
247	256	$prefix = "/user";	$prefix = "/user";
248	257
249	258	return "git://" . $rg_git_host . $port	return "git://" . $rg_git_host . $port
250		. $prefix . "/" . $user . "/" . $repo;
	259		. $prefix . "/" . rg_xss_safe($user) . "/" . rg_xss_safe($repo);
251	260	}	}
252	261
253		function rg_var_str_core($name)
	262		function rg_var_str($name)
254	263	{	{
255	264	$ret = "";	$ret = "";
256	265

...	...	function rg_var_str_core($name)
264	273	return $ret;	return $ret;
265	274	}	}
266	275
267		/*
268		* Outputs a string to browser, XSS safe
269		* Thanks OWASP!
270		*/
271		function rg_xss_safe($str)
272		{
273		return htmlspecialchars($str, ENT_QUOTES \| ENT_HTML401, 'UTF-8');
274		}
275
276		function rg_var_str($name)
277		{
278		$ret = rg_var_str_core($name);
279
280		if (is_string($ret))
281		return rg_xss_safe($ret);
282
283		if (is_array($ret)) {
284		$ret2 = array();
285		foreach ($ret as $k => $v)
286		$ret2[$k] = rg_xss_safe($v);
287		return $ret;
288		}
289
290		return "";
291		}
292
293	276	function rg_var_int($name)	function rg_var_int($name)
294	277	{	{
295	278	$r = rg_var_str($name);	$r = rg_var_str($name);

...	...	function rg_var_uint($name)
319	302	function rg_var_bool($name)	function rg_var_bool($name)
320	303	{	{
321	304	$r = rg_var_str($name);	$r = rg_var_str($name);
322		if (strcmp($r, "1") == 0)
	305		if (strcmp($r, '1') == 0)
323	306	return 1;	return 1;
324	307
325	308	return 0;	return 0;

...	...	function rg_var_bool($name)
328	311	function rg_var_re($name, $re)	function rg_var_re($name, $re)
329	312	{	{
330	313	$a = rg_var_str($name);	$a = rg_var_str($name);
331		return preg_replace($re, "", $a);
	314		return preg_replace($re, '', $a);
332	315	}	}
333	316
334	317	/*	/*

...	...	function rg_var_cookie_re($name, $re)
339	322	if (!isset($_COOKIE[$name]))	if (!isset($_COOKIE[$name]))
340	323	return "";	return "";
341	324
342		return preg_replace($re, "", $_COOKIE[$name]);
	325		return preg_replace($re, '', $_COOKIE[$name]);
343	326	}	}
344	327
345	328	/*	/*

...	...	function rg_prepare_replace_helper($a, $prefix, &$what, &$values)
464	447	if (empty($prefix))	if (empty($prefix))
465	448	$add = "";	$add = "";
466	449	else	else
467		$add = ".";
	450		$add = "::";
468	451
469	452	$new_prefix = $prefix . $add . $k;	$new_prefix = $prefix . $add . $k;
470	453

...	...	function rg_replace_conditionals($block, &$data)
658	641	*/	*/
659	642	function rg_file_get_contents($f)	function rg_file_get_contents($f)
660	643	{	{
661		if (!file_exists($f)) {
662		rg_log("CHECK: file $f does not exists. cwd=" . getcwd());
	644		if (!file_exists($f))
663	645	return "";	return "";
664		}
665	646
666	647	$c = file_get_contents($f);	$c = file_get_contents($f);
667	648	if ($c === FALSE) {	if ($c === FALSE) {

...	...	function rg_date2ts_last_second($s)
1172	1153	* Function to send e-mails	* Function to send e-mails
1173	1154	* TODO: Replace mail() with rg_mail everywhere.	* TODO: Replace mail() with rg_mail everywhere.
1174	1155	*/	*/
1175		function rg_mail($template, $more)
	1156		function rg_mail_template($template, $more)
1176	1157	{	{
1177	1158	global $rg_admin_name, $rg_admin_email;	global $rg_admin_name, $rg_admin_email;
1178	1159
1179		rg_prof_start("mail");
1180		rg_log("mail: $template, more=" . rg_array2string($more));
	1160		rg_prof_start("mail_template");
	1161		rg_log("mail_template: $template, more=" . rg_array2string($more));
1181	1162
1182	1163	// Account was not confirmed, so do not send mail	// Account was not confirmed, so do not send mail
1183	1164	if (empty($more['ui.email']))	if (empty($more['ui.email']))

...	...	function rg_mail($template, $more)
1194	1175	$header = trim($header);	$header = trim($header);
1195	1176	$body = rg_template($template . ".body.txt", $more);	$body = rg_template($template . ".body.txt", $more);
1196	1177
1197		rg_log("CHECK: mail(" . $more['ui.email'] . ", $subject, $body, $header, -f $rg_admin_email");
1198		$ret = mail($more['ui.email'], $subject, $body, $header, "-f $rg_admin_email");
	1178		rg_log("CHECK: mail_template(" . $more['ui.email'] . ",
	1179		$subject, $body, $header, -f $rg_admin_email");
	1180		$ret = mail($more['ui.email'], $subject, $body, $header,
	1181		"-f $rg_admin_email");
1199	1182	if ($ret === FALSE)	if ($ret === FALSE)
1200	1183	rg_log("Sending mail failed to=" . $more['ui.email'] . " subject=$subject!");	rg_log("Sending mail failed to=" . $more['ui.email'] . " subject=$subject!");
1201	1184
1202		rg_prof_end("mail");
	1185		rg_prof_end("mail_template");
1203	1186	return $ret;	return $ret;
1204	1187	}	}
1205	1188

File inc/watch.inc.php changed (mode: 100644) (index 93c52d8..0dc1937)
...	...	function rg_watch_set_error($str)
11	11	{	{
12	12	global $rg_watch_error;	global $rg_watch_error;
13	13	$rg_watch_error = $str;	$rg_watch_error = $str;
	14		rg_log($str);
14	15	}	}
15	16
16	17	function rg_watch_error()	function rg_watch_error()

File root/index.php changed (mode: 100644) (index cfc3b5e..0ce3e3b)
...	...	include_once($INC . "/mr.inc.php");
20	20	include_once($INC . "/bug.inc.php");	include_once($INC . "/bug.inc.php");
21	21	include_once($INC . "/fixes.inc.php");	include_once($INC . "/fixes.inc.php");
22	22	include_once($INC . "/plan.inc.php");	include_once($INC . "/plan.inc.php");
	23		include_once($INC . "/admin.inc.php");
23	24	include_once($INC . "/ver.php");	include_once($INC . "/ver.php");
24	25
25	26	rg_prof_start("MAIN");	rg_prof_start("MAIN");

File root/themes/default/admin/invites/invites.html added (mode: 100644) (index 0000000..64ead77)
	1	<div class="formarea">
	2
	3	<div class="formarea_title">Send invites</div><br />
	4
	5	@@errmsg@@
	6
	7	<form method="post" action="/op/admin/invites">
	8	<input type="hidden" name="doit" value="1" />
	9	<input type="hidden" name="token" value="@@rg_form_token@@" />
	10
	11	<label for="inv::list" class="form_item_title">People list (email\|name pairs)</label><br />
	12	<textarea name="inv::list" rows="20" cols="100">@@inv::list@@</textarea>
	13	<br />
	14	<br />
	15
	16	<label for="inv::subject" class="form_item_title">Subject</label><br />
	17	<input type="text" name="inv::subject" size="100" value="@@inv::subject@@" />
	18	<br />
	19	<br />
	20
	21	<label for="inv::body" class="form_item_title">Body of e-mail ({NAME} will be replaced with the name defined above)</label><br />
	22	<textarea name="inv::body" rows="20" cols="100">@@inv::body@@</textarea>
	23	<br />
	24	<br />
	25
	26	<input type="submit" name="button" value="Send" />
	27
	28	</form>
	29	</div>

File root/themes/default/admin/invites/sent.html copied from file root/themes/default/repo/tree/nodata.html (similarity 63%) (mode: 100644) (index fa1a030..05cb590)
1	1	<div class="ok">	<div class="ok">
2		Empty tree.
	2		Invites sent.
3	3	</div>	</div>

File root/themes/default/admin/menu.html changed (mode: 100644) (index 63ce6e3..ad92539)
1		<div class="menu">
	1		<div class="menu menu2">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.sub1.plans@@ == 1){{class="selected"}}{{}} href="@@url@@/plans">Plans</a></li>
4		<li><a @@if(@@menu.sub1.users@@ == 1){{class="selected"}}{{}} href="@@url@@/users">Users</a></li>
5		<li><a @@if(@@menu.sub1.repos@@ == 1){{class="selected"}}{{}} href="@@url@@/repos">Repos</a></li>
	3		<li><a @@if(@@menu::sub1::plans@@ == 1){{class="selected"}}{{}} href="/op/admin/plans">Plans</a></li>
	4		<li><a @@if(@@menu::sub1::users@@ == 1){{class="selected"}}{{}} href="/op/admin/users">Users</a></li>
	5		<li><a @@if(@@menu::sub1::repos@@ == 1){{class="selected"}}{{}} href="/op/admin/repos">Repos</a></li>
	6		<li><a @@if(@@menu::sub1::invites@@ == 1){{class="selected"}}{{}} href="/op/admin/invites">Invites</a></li>
6	7	</ul>	</ul>
7	8	</div>	</div>

File root/themes/default/admin/plans/add_edit.html changed (mode: 100644) (index 605a96a..ca17966)
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url@@">
8		<input type="hidden" name="pi.id" value="@@pi.id@@" />
	7		<form method="post" action="/op/admin/plans/add">
	8		<input type="hidden" name="pi::id" value="@@pi::id@@" />
9	9	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
11	11
12		<label for="pi.position" class="form_item_title">Position in the list</label><br />
13		<input type="text" name="pi.position" value="@@pi.position@@" />
	12		<label for="pi::position" class="form_item_title">Position in the list</label><br />
	13		<input type="text" name="pi::position" value="@@pi::position@@" />
14	14	<br />	<br />
15	15	<br />	<br />
16	16
17		<label for="pi.name" class="form_item_title">Name</label><br />
18		<input type="text" name="pi.name" value="@@pi.name@@" />
	17		<label for="pi::name" class="form_item_title">Name</label><br />
	18		<input type="text" name="pi::name" value="@@pi::name@@" />
19	19	<br />	<br />
20	20	<br />	<br />
21	21
22		<label for="pi.description" class="form_item_title">Description</label><br />
23		<textarea name="pi.description" rows="4" cols="50">@@pi.description@@</textarea>
	22		<label for="pi::description" class="form_item_title">Description</label><br />
	23		<textarea name="pi::description" rows="4" cols="50">@@pi::description@@</textarea>
24	24	<br />	<br />
25	25	<br />	<br />
26	26
27		<label for="pi.disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
28		<input type="text" name="pi.disk_mb" value="@@pi.disk_mb@@" />
	27		<label for="pi::disk_mb" class="form_item_title">Maximum disk space (MiB, 0 = unlimited)</label><br />
	28		<input type="text" name="pi::disk_mb" value="@@pi::disk_mb@@" />
29	29	<br />	<br />
30	30	<br />	<br />
31	31
32		<label for="pi.users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
33		<input type="text" name="pi.users" value="@@pi.users@@" />
	32		<label for="pi::users" class="form_item_title">Maximum number of co-workers (0 = unlimited)</label><br />
	33		<input type="text" name="pi::users" value="@@pi::users@@" />
34	34	<br />	<br />
35	35	<br />	<br />
36	36
37		<label for="pi.speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
38		<input type="text" name="pi.speed" value="@@pi.speed@@" />
	37		<label for="pi::speed" class="form_item_title">Maximum speed (kbit/s, 0 = unlimited)</label><br />
	38		<input type="text" name="pi::speed" value="@@pi::speed@@" />
39	39	<br />	<br />
40	40	<br />	<br />
41	41
42		<label for="pi.bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
43		<input type="text" name="pi.bw" value="@@pi.bw@@" />
	42		<label for="pi::bw" class="form_item_title">Maximum bandwidth (MiB/month, 0 = unlimited)</label><br />
	43		<input type="text" name="pi::bw" value="@@pi::bw@@" />
44	44	<br />	<br />
45	45	<br />	<br />
46	46
47		<label for="pi.max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
48		<input type="text" name="pi.max_public_repos" value="@@pi.max_public_repos@@" />
	47		<label for="pi::max_public_repos" class="form_item_title">Maximum number of public repos (0 = unlimited)</label><br />
	48		<input type="text" name="pi::max_public_repos" value="@@pi::max_public_repos@@" />
49	49	<br />	<br />
50	50	<br />	<br />
51	51
52		<label for="pi.max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
53		<input type="text" name="pi.max_private_repos" value="@@pi.max_private_repos@@" />
	52		<label for="pi::max_private_repos" class="form_item_title">Maximum number of private repos (0 = unlimited)</label><br />
	53		<input type="text" name="pi::max_private_repos" value="@@pi::max_private_repos@@" />
54	54	<br />	<br />
55	55	<br />	<br />
56	56
57		<input type="submit" name="button" value="@@if(@@pi.id@@ == 0){{Add}}{{Edit}}" />
	57		<input type="submit" name="button" value="@@if(@@pi::id@@ == 0){{Add}}{{Edit}}" />
58	58
59	59	</form>	</form>
60	60	</div>	</div>

File root/themes/default/admin/plans/list/line.html changed (mode: 100644) (index 34d0261..2247ad3)
10	10	<td>@@if(@@disk_mb@@ == 0){{Unlimited}}{{@@disk_mb@@}}</td>	<td>@@if(@@disk_mb@@ == 0){{Unlimited}}{{@@disk_mb@@}}</td>
11	11	<td>@@if(@@max_public_repos@@ == 0){{Unlimited}}{{@@max_public_repos@@}}</td>	<td>@@if(@@max_public_repos@@ == 0){{Unlimited}}{{@@max_public_repos@@}}</td>
12	12	<td>@@if(@@max_private_repos@@ == 0){{Unlimited}}{{@@max_private_repos@@}}</td>	<td>@@if(@@max_private_repos@@ == 0){{Unlimited}}{{@@max_private_repos@@}}</td>
13		<td><a href="@@url@@/edit/@@id@@">[Edit]</a></td>
	13		<td><a href="/op/admin/plans/edit/@@id@@">[Edit]</a></td>
14	14	</tr>	</tr>
15	15

File root/themes/default/admin/plans/menu.html changed (mode: 100644) (index ee13f0b..52181d0)
1		<div class="menu">
	1		<div class="menu menu2">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.sub2.list@@ == 1){{class="selected"}}{{}} href="@@url@@/list">List</a></li>
4		<li><a @@if(@@menu.sub2.add@@ == 1){{class="selected"}}{{}} href="@@url@@/add">Add</a></li>
	3		<li><a @@if(@@menu::sub2::list@@ == 1){{class="selected"}}{{}} href="/op/admin/plans/list">List</a></li>
	4		<li><a @@if(@@menu::sub2::add@@ == 1){{class="selected"}}{{}} href="/op/admin/plans/add">Add</a></li>
5	5	</ul>	</ul>
6	6	</div>	</div>

File root/themes/default/admin/repos/menu.html added (mode: 100644) (index 0000000..58c3889)
	1	<div class="menu menu2">
	2	<ul>
	3	<li><a @@if(@@menu::sub2::list@@ == 1){{class="selected"}}{{}} href="/op/admin/repos/list">List</a></li>
	4	<li><a @@if(@@menu::sub2::add@@ == 1){{class="selected"}}{{}} href="/op/admin/repos/add">Add</a></li>
	5	</ul>
	6	</div>

File root/themes/default/admin/users/menu.html added (mode: 100644) (index 0000000..6675e94)
	1	<div class="menu menu2">
	2	<ul>
	3	<li><a @@if(@@menu::sub2::list@@ == 1){{class="selected"}}{{}} href="/op/admin/users/list">List</a></li>
	4	<li><a @@if(@@menu::sub2::add@@ == 1){{class="selected"}}{{}} href="/op/admin/users/add">Add</a></li>
	5	</ul>
	6	</div>

File root/themes/default/index.html changed (mode: 100644) (index 99c6856..1b584b5)
12	12	<div id="container">	<div id="container">
13	13
14	14	<div id="header">	<div id="header">
15		<table>
16		<tbody>
17		<tr>
18		<td>
19		<div class="logo"><a href="/">RocketGit</a></div>
20		</td>
	15		<a class="logo" href="/">RocketGit</a>
21	16
22		@@if("@@login_ui.username@@" != ""){{
23		<td>
24		<div class="user"><a href="@@login_ui.homepage@@">@@login_ui.username@@</a></div>
25		</td>
26		}}{{}}
	17		<div id="menus">
	18		<!-- main menu -->
	19		<div class="menu">
	20		<ul>
	21		@@if(@@login_ui::uid@@ != 0){{<li><a @@if(@@menu::settings@@ == 1){{class="selected"}}{{}} href="/op/settings">Settings</a></li>}}{{}}
	22		<li><a @@if(@@menu::repo@@ == 1){{class="selected"}}{{}} href="/op/repo">Repositories</a></li>
	23		@@if(@@login_ui::is_admin@@ == 1){{<li><a @@if(@@menu::admin@@ == 1){{class="selected"}}{{}} href="/op/admin">Admin</a></li>}}{{}}
	24		@@if(@@login_ui::uid@@ != 0){{<li><a @@if(@@menu::suggestion@@ == 1){{class="selected"}}{{}} href="/op/suggestion">Suggestion</a></li>}}{{}}
	25		@@if(@@login_ui::uid@@ != 0){{<li><a @@if(@@menu::logout@@ == 1){{class="selected"}}{{}} href="/op/logout?token=@@logout_token@@">Logout</a></li>}}{{}}
	26		</ul>
	27		</div>
	28		</div>
27	29
28		<td>
29		<div id="menus">
30		<!-- main menu -->
31		<div class="menu">
32		<ul>
33		@@if(@@login_ui.uid@@ == 0){{<li><a @@if(@@menu.login@@ == 1){{class="selected"}}{{}} href="/op/login">Login</a></li>}}{{}}
34		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.settings@@ == 1){{class="selected"}}{{}} href="/op/settings">Settings</a></li>}}{{}}
35		<li><a @@if(@@menu.repo@@ == 1){{class="selected"}}{{}} href="/op/repo">Repositories</a></li>
36		@@if(@@login_ui.is_admin@@ == 1){{<li><a @@if(@@menu.admin@@ == 1){{class="selected"}}{{}} href="/op/admin">Admin</a></li>}}{{}}
37		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.suggestion@@ == 1){{class="selected"}}{{}} href="/op/suggestion">Suggestion</a></li>}}{{}}
38		@@if(@@login_ui.uid@@ != 0){{<li><a @@if(@@menu.logout@@ == 1){{class="selected"}}{{}} href="/op/logout?token=@@logout_token@@">Logout</a></li>}}{{}}
39		</ul>
40		</div>
41		<!-- submenus -->
42		@@submenu1@@
43		@@submenu2@@
44		</div>
45		</td>
46		</tr>
47		</tbody>
48		</table>
	30		<div class="user">
	31		@@if("@@login_ui::username@@" != ""){{
	32		<a href="@@login_ui::homepage@@">@@login_ui::username@@</a>
	33		}}{{
	34		<a href="/op/login">Sign in</a>
	35		}}
	36		</div>
49	37	</div> <!-- header -->	</div> <!-- header -->
	38		<!-- submenus -->
	39		@@submenu1@@
	40		@@submenu2@@
	41
50	42
51	43	<div id="main_container">	<div id="main_container">
52	44	<div id="main">	<div id="main">

55	47	</div> <!-- main_container -->	</div> <!-- main_container -->
56	48
57	49	<div id="footer">	<div id="footer">
58		<table>
59		<tbody>
60		<tr>
61		<td>
62		<img src="@@IMG:logo/rg4.png@@" alt="RocketGit" /><br />
63		<b>RocketGit</b>
64		</td>
	50		<div id="footer_logo">
	51		<img src="@@IMG:logo/rg4.png@@" alt="RocketGit logo" /><br />
	52		<a class="logo" href="/">RocketGit</a>
	53		</div>
65	54
66		<td>
	55		<div id="footer_info">
	56		For any information, please contact us at in@rocketgit.com.<br />
67	57	Copyright: <a href="http://kernel.embedromix.ro/">Catalin(ux) M. BOIE</a><br />	Copyright: <a href="http://kernel.embedromix.ro/">Catalin(ux) M. BOIE</a><br />
68	58	Version: @@rg_version@@<br />	Version: @@rg_version@@<br />
69		Running since: @@first_install_text@@
70		</td>
71		</tr>
72		</tbody>
73		</table>
	59		Running since: @@first_install_text@@<br />
	60		<i>Git was created by Linus Torvalds.</i>
	61		</div>
74	62	</div> <!-- footer -->	</div> <!-- footer -->
75	63
76	64	</div> <!-- container -->	</div> <!-- container -->

File root/themes/default/mail/user/repo/bug/new.body.txt changed (mode: 100644) (index a7395e9..87b151d)
1	1	Hello!	Hello!
2	2
3		A new bug was added to repo '@@repo.name@@':
4		'@@bug.title@@'.
	3		A new bug was added to repo '@@repo::name@@':
	4		'@@bug::title@@'.
5	5
6	6	Description:	Description:
7		@@bug.body@@
	7		@@bug::body@@
8	8
9		The bug was added by '@@bug.who_added_text@@'.
10		It is assigned to '@@bug.assigned_to_text@@'.
11		State: @@bug.state_text@@
	9		The bug was added by '@@bug::who_added_text@@'.
	10		It is assigned to '@@bug::assigned_to_text@@'.
	11		State: @@bug::state_text@@
12	12
13		Link to bug: @@bug.url@@
	13		Link to bug: @@bug::url@@
14	14
15	15	--	--
16	16	RocketGit Team	RocketGit Team

File root/themes/default/mail/user/repo/bug/new.subj.txt changed (mode: 100644) (index 846e469..e610874)
1		New bug: '@@bug.title@@' (@@repo.name@@)
	1		New bug: '@@bug::title@@' (@@repo::name@@)

File root/themes/default/mail/user/repo/bug/new_note.body.txt changed (mode: 100644) (index ecb9c56..c452da7)
1	1	Hello!	Hello!
2	2
3	3	A new note was added to bug	A new note was added to bug
4		'@@bug.title@@',
5		repo '@@repo.name@@'.
6		The note was added by '@@note.who_added_text@@'.
	4		'@@bug::title@@',
	5		repo '@@repo::name@@'.
	6		The note was added by '@@note::who_added_text@@'.
7	7
8	8	@@note@@	@@note@@
9	9
10		Link to bug: @@bug.url@@
	10		Link to bug: @@bug::url@@
11	11
12	12	--	--
13	13	RocketGit Team	RocketGit Team

File root/themes/default/mail/user/repo/bug/new_note.subj.txt changed (mode: 100644) (index 7099617..524b277)
1		New note for '@@bug.title@@' (@@repo.name@@)
	1		New note for '@@bug::title@@' (@@repo::name@@)

File root/themes/default/main.css changed (mode: 100644) (index c37097c..a86ff11)
3	3	padding: 0;	padding: 0;
4	4	}	}
5	5
	6		html {
	7		height: 100%;
	8		}
	9
6	10	body {	body {
7		font-family: helvetica, sans-serif;
8		font-size: 10pt;
	11		font-family: Arial, sans-serif;
	12		font-size: 11pt;
9	13	line-height: 105%;	line-height: 105%;
10		background-color: #DDDDDD;
	14		background-color: #CCCCCC;
	15		height: 100%;
11	16	}	}
12	17
13	18	table {	table {

...	...	th, td {
29	34	}	}
30	35
31	36	code {	code {
32		font-size: 8pt;
	37		font-size: 9pt;
33	38	font-weight: bold;	font-weight: bold;
34	39	}	}
35	40
36	41	form input[type="text"], form input[type="password"], form textarea, form select, form checkbox {	form input[type="text"], form input[type="password"], form textarea, form select, form checkbox {
37		border: 1px solid #CCCCCC;
38		font-size: 10pt;
39		padding: 1px;
	42		border: 1px solid #999998;
	43		font-size: 11pt;
	44		padding: 2px;
	45		margin: 2px 0px;
40	46	}	}
41	47	form select option { padding: 1px 4px 1px 4px; }	form select option { padding: 1px 4px 1px 4px; }
42	48	form input[type="submit"] {	form input[type="submit"] {
43	49	color: #FF0000;	color: #FF0000;
44	50	display: inline-block;	display: inline-block;
45	51	font-weight: bold;	font-weight: bold;
46		font-size: 10pt;
47		padding: 1px 4px 1px 4px;
	52		font-size: 11pt;
	53		padding: 2px 4px 2px 4px;
48	54	cursor: pointer;	cursor: pointer;
49		border: 1px solid #CCCCCC;
	55		border: 1px solid #999998;
50	56	background-image: -moz-linear-gradient(top, #EEEEEE, #DDDDDD);	background-image: -moz-linear-gradient(top, #EEEEEE, #DDDDDD);
51	57	margin-top: 2px;	margin-top: 2px;
52	58	margin-bottom: 2px;	margin-bottom: 2px;
53	59	}	}
54	60
55		#container { }
	61		#container {
	62		width: 100%;
	63		height: 100%;
	64		display: table;
	65		}
56	66
57	67	.logo {	.logo {
58		padding: 3px 0px;
59		}
60		.logo a {
61		font-size: 11pt;
	68		display: inline;
	69		float: left;
	70		font-size: 15pt;
62	71	font-weight: bold;	font-weight: bold;
63	72	text-decoration: none;	text-decoration: none;
	73		text-shadow: 0 0 2px yellow;
64	74	color: red;	color: red;
65		padding: 3px 12px 3px 0px;
	75		padding: 6px 12px 6px 0px;
66	76	}	}
67	77
68	78	.user {	.user {
69		padding: 3px 0px;
	79		padding: 6px 0px;
	80		display: inline;
	81		float: right;
70	82	}	}
71	83	.user a {	.user a {
72	84	font-size: 11pt;	font-size: 11pt;
73	85	font-weight: bold;	font-weight: bold;
74	86	text-decoration: none;	text-decoration: none;
75		color: #0000FF;
76		padding: 3px 12px 3px 0px;
	87		color: #000000;
	88		text-shadow: 0 0 3px #ffffff;
	89		xxx-padding: 3px 12px 3px 0px;
	90		xxx-padding: 3px 0px 3px 0px;
77	91	}	}
78	92
79	93	#menus {	#menus {
80	94	display: inline-block;	display: inline-block;
81	95	padding-left: 10px;	padding-left: 10px;
	96		display: inline;
	97		float: left;
82	98	}	}
83	99
84		.menu { padding: 3px 0px; }
	100		.menu { padding: 6px 0px; }
85	101	.menu ul { list-style-type: none; }	.menu ul { list-style-type: none; }
86	102	.menu ul li { display: inline; }	.menu ul li { display: inline; }
87	103	.menu ul li a {	.menu ul li a {
88	104	text-decoration: none;	text-decoration: none;
89	105	color: #FFFFFF;	color: #FFFFFF;
90		font-size: 11pt;
	106		font-size: 12pt;
91	107	font-weight: bold;	font-weight: bold;
92		padding: 3px 12px 3px 0px;
	108		padding: 3px 12px 3px 12px;
93	109	}	}
94	110	.menu ul li a:hover { color: #FF0000; }	.menu ul li a:hover { color: #FF0000; }
95		.menu ul li a.selected { color: #BBBBBB; }
	111		.menu ul li a.selected { background-color: #BBBBBB; }
96	112	.menu ul li a.selected:hover { color: #CCCCCC; }	.menu ul li a.selected:hover { color: #CCCCCC; }
97	113
	114		.menu2 { background-color: #BBBBBB; }
	115
98	116	.junk {}	.junk {}
99	117
100	118	.branches_and_tags { padding: 3px 0px; margin: 3px 0px; }	.branches_and_tags { padding: 3px 0px; margin: 3px 0px; }

...	...	form input[type="submit"] {
104	122	color: black;	color: black;
105	123	border: 1px solid #cccccc;	border: 1px solid #cccccc;
106	124	border-radius: 4px 4px 4px 4px;	border-radius: 4px 4px 4px 4px;
107		font-size: 9pt;
	125		font-size: 10pt;
108	126	}	}
109	127	.branch a { background-color: #a0ffa0; }	.branch a { background-color: #a0ffa0; }
110	128	.tag a { background-color: #ffffa0; }	.tag a { background-color: #ffffa0; }

...	...	form input[type="submit"] {
130	148
131	149	#main_container {	#main_container {
132	150	min-height: 400px;	min-height: 400px;
133		background-color: #EEEEEE;
134	151	width: 100%;	width: 100%;
135	152	}	}
136	153

...	...	form input[type="submit"] {
140	157	}	}
141	158
142	159	#footer {	#footer {
	160		width: 100%;
143	161	overflow: hidden;	overflow: hidden;
144	162	border-top: 1px solid #CCCCCC;	border-top: 1px solid #CCCCCC;
145		padding: 5px 15px 5px 15px;
146		}
147		#footer table {
148		border-collapse: collapse;
149		border: 0;
150		border-spacing: 0;
	163		background-color: #888888;
	164		padding: 0 15px;
	165		display: table-row;
	166		vertical-align: bottom;
	167		}
	168		#footer_logo {
	169		padding: 10px 0;
	170		float: left;
	171		margin-left: 12px;
	172		display: block;
	173		border: 1px white;
151	174	}	}
152		#footer table td {
153		padding: 3px 40px 3px 0;
154		border: 0;
155		font-size: 10pt;
	175		#footer_info {
	176		color: #ffffff;
	177		background-color: #888888;
	178		padding: 5px;
	179		font-size: 11pt;
156	180	line-height: 120%;	line-height: 120%;
157		background-color: #DDDDDD;
	181		float: left;
	182		margin-left: 20px;
	183		display: block;
	184		border: 1px white;
158	185	}	}
159	186
160	187	.horizontal_buttons {	.horizontal_buttons {

...	...	form input[type="submit"] {
166	193	border: 0;	border: 0;
167	194	border-spacing: 0;	border-spacing: 0;
168	195	}	}
	196		.horizontal_buttons table tbody {
	197		background-color: #cccccc;
	198		}
169	199	.horizontal_buttons table td {	.horizontal_buttons table td {
170	200	padding: 0;	padding: 0;
	201		padding-right: 2px;
171	202	border: 0;	border: 0;
172	203	}	}
173	204
174	205	.formarea {	.formarea {
175	206	margin-top: 5px;	margin-top: 5px;
176		border: 1px solid #CCCCCC;
	207		border: 1px solid #999998;
177	208	padding: 5px;	padding: 5px;
178	209	border-radius: 4px 4px 4px 4px;	border-radius: 4px 4px 4px 4px;
179	210	display: table;	display: table;

...	...	form input[type="submit"] {
183	214	font-weight: bold;	font-weight: bold;
184	215	font-size: 13pt;	font-size: 13pt;
185	216	border: 0;	border: 0;
186		border-bottom: 2px solid #CCCCCC;
	217		border-bottom: 2px solid #999998;
187	218	}	}
188	219
189	220	#profiling {	#profiling {

...	...	form input[type="submit"] {
208	239	.rg_plans_list {}	.rg_plans_list {}
209	240
210	241	.blob_title {	.blob_title {
211		font-size: 10pt;
	242		font-size: 11pt;
212	243	color: red;	color: red;
213	244	}	}
214	245

...	...	form input[type="submit"] {
230	261	.submenu {	.submenu {
231	262	border: 1px solid #CCCCCC;	border: 1px solid #CCCCCC;
232	263	border-bottom: 1px solid #CCCCCC;	border-bottom: 1px solid #CCCCCC;
233		background-color: #888888;
	264		background-color: #999999;
234	265	margin-bottom: 3px;	margin-bottom: 3px;
235	266	display: block;	display: block;
236	267	padding-left: 5px;	padding-left: 5px;

...	...	form input[type="submit"] {
252	283	}	}
253	284
254	285	.repo_desc {	.repo_desc {
255		font-size: 9pt;
	286		font-size: 10pt;
256	287	color: #888888;	color: #888888;
257	288	margin: 3px 0px;	margin: 3px 0px;
258	289	}	}

...	...	form input[type="submit"] {
265	296	display: inline;	display: inline;
266	297	border: 1px solid #cccccc;	border: 1px solid #cccccc;
267	298	border-radius: 4px 4px 4px 4px;	border-radius: 4px 4px 4px 4px;
268		font-size: 8pt;
	299		font-size: 9pt;
269	300	padding: 3px 3px;	padding: 3px 3px;
270	301	background-color: #E5E5FF;	background-color: #E5E5FF;
271	302	}	}

...	...	form input[type="submit"] {
289	320	color: black;	color: black;
290	321	border: 1px solid #cccccc;	border: 1px solid #cccccc;
291	322	border-radius: 4px 4px 4px 4px;	border-radius: 4px 4px 4px 4px;
292		font-size: 9pt;
	323		font-size: 10pt;
293	324	background-color: #a0d0ff;	background-color: #a0d0ff;
294	325	}	}
295	326

File root/themes/default/repo/add_edit.html changed (mode: 100644) (index 4715d89..e2b56be)
5	5	@@errmsg@@	@@errmsg@@
6	6
7	7	<form method="post" action="@@form_url@@/@@if(@@ri.repo_id@@ == 0){{create}}{{edit}}">	<form method="post" action="@@form_url@@/@@if(@@ri.repo_id@@ == 0){{create}}{{edit}}">
8		<input type="hidden" name="repo_id" value="@@ri.repo_id@@" />
9		<input type="hidden" name="master" value="@@ri.master@@" />
	8		<input type="hidden" name="repo_id" value="@@ri::repo_id@@" />
	9		<input type="hidden" name="master" value="@@ri::master@@" />
10	10	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
11	11	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
12	12
13		@@if("@@ri.master_name@@" != ""){{Master repo: @@ri.master_name@@<br />}}{{}}
	13		@@if("@@ri::master_name@@" != ""){{Master repo: @@ri::master_name@@<br />}}{{}}
14	14
15	15	<label for="name" class="form_item_title">Name</label><br />	<label for="name" class="form_item_title">Name</label><br />
16		<input type="text" name="name" value="@@ri.name@@" />
	16		<input type="text" name="name" value="@@ri::name@@" />
17	17	<br />	<br />
18	18	<br />	<br />
19	19
20	20	<label for="max_commit_size" class="form_item_title">Max commit size (bytes, 0 = unlimited)</label><br />	<label for="max_commit_size" class="form_item_title">Max commit size (bytes, 0 = unlimited)</label><br />
21		<input type="text" name="max_commit_size" value="@@ri.max_commit_size@@" />
	21		<input type="text" name="max_commit_size" value="@@ri::max_commit_size@@" />
22	22	<br />	<br />
23	23	<br />	<br />
24	24
25	25	<label for="description" class="form_item_title">Description</label><br />	<label for="description" class="form_item_title">Description</label><br />
26		<textarea name="description" rows="4" cols="30">@@ri.description@@</textarea>
	26		<textarea name="description" rows="4" cols="30">@@ri::description@@</textarea>
27	27	<br />	<br />
28	28	<br />	<br />
29	29
30	30	<label for="public" class="form_item_title">Public or private</label><br />	<label for="public" class="form_item_title">Public or private</label><br />
31	31	<select name="public">	<select name="public">
32		<option value="0"@@if(@@ri.public@@ == 0){{ selected="selected"}}{{}}>Private</option>
33		<option value="1"@@if(@@ri.public@@ == 1){{ selected="selected"}}{{}}>Public</option>
	32		<option value="0"@@if(@@ri::public@@ == 0){{ selected="selected"}}{{}}>Private</option>
	33		<option value="1"@@if(@@ri::public@@ == 1){{ selected="selected"}}{{}}>Public</option>
34	34	</select>	</select>
35	35	<br />	<br />
36	36
37		<input type="submit" name="button" value="@@if(@@ri.repo_id@@ == 0){{Create}}{{Update}}" />
	37		<input type="submit" name="button" value="@@if(@@ri::repo_id@@ == 0){{Create}}{{Update}}" />
38	38
39	39	</form>	</form>
40	40	</div>	</div>

File root/themes/default/repo/bug/b_close.html changed (mode: 100644) (index c7415ad..c57de52)
1		<form method="post" action="@@bug.url@@">
	1		<form method="post" action="@@bug::url@@">
2	2	<input type="hidden" name="close_reopen" value="1" />	<input type="hidden" name="close_reopen" value="1" />
3	3	<input type="hidden" name="state" value="2" />	<input type="hidden" name="state" value="2" />
4	4	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />

File root/themes/default/repo/bug/b_edit.html changed (mode: 100644) (index ee5c4b2..1fb238d)
1		<form method="post" action="@@bug.url@@">
	1		<form method="post" action="@@bug::url@@">
2	2	<input type="hidden" name="edit" value="1" />	<input type="hidden" name="edit" value="1" />
3	3	<!-- no need for token -->	<!-- no need for token -->
4	4

File root/themes/default/repo/bug/b_reopen.html changed (mode: 100644) (index d4b2497..a0645e9)
1		<form method="post" action="@@bug.url@@">
	1		<form method="post" action="@@bug::url@@">
2	2	<input type="hidden" name="close_reopen" value="1" />	<input type="hidden" name="close_reopen" value="1" />
3	3	<input type="hidden" name="state" value="1" />	<input type="hidden" name="state" value="1" />
4	4	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />

File root/themes/default/repo/bug/b_unwatch.html changed (mode: 100644) (index a3e1789..1ba3d8d)
1		<form method="post" action="@@bug.url@@">
	1		<form method="post" action="@@bug::url@@">
2	2	<input type="hidden" name="unwatch" value="1" />	<input type="hidden" name="unwatch" value="1" />
3	3	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
4	4

File root/themes/default/repo/bug/b_watch.html changed (mode: 100644) (index 6178b85..f6a97fa)
1		<form method="post" action="@@bug.url@@">
	1		<form method="post" action="@@bug::url@@">
2	2	<input type="hidden" name="watch" value="1" />	<input type="hidden" name="watch" value="1" />
3	3	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
4	4

File root/themes/default/repo/bug/bug_add_edit.html changed (mode: 100644) (index 952fec6..dfd3140)
1	1	<div class="formarea">	<div class="formarea">
2	2
3		<div class="formarea_title">@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
	3		<div class="formarea_title">@@if(@@bug::bug_id@@ == 0){{Add bug}}{{Edit bug}}</div><br />
4	4
5	5	@@errmsg@@	@@errmsg@@
6	6
7		<form method="post" action="@@url_repo@@/bug/@@if(@@bug.bug_id@@ == 0){{add}}{{@@bug.bug_id@@}}">
8		<input type="hidden" name="edit" value="@@if(@@bug.bug_id@@ == 0){{0}}{{1}}" />
	7		<form method="post" action="@@url_repo@@/bug/@@if(@@bug::bug_id@@ == 0){{add}}{{@@bug::bug_id@@}}">
	8		<input type="hidden" name="edit" value="@@if(@@bug::bug_id@@ == 0){{0}}{{1}}" />
9	9	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
10	10	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
11	11
12	12	<label for="title" class="form_item_title">Title</label><br />	<label for="title" class="form_item_title">Title</label><br />
13		<input type="text" name="title" value="@@bug.title@@" size="80" />
	13		<input type="text" name="title" value="@@bug::title@@" size="80" />
14	14	<br />	<br />
15	15	<br />	<br />
16	16
17	17	<label for="body" class="form_item_title">Description</label><br />	<label for="body" class="form_item_title">Description</label><br />
18		<textarea name="body" rows="5" cols="80">@@bug.body@@</textarea>
	18		<textarea name="body" rows="5" cols="80">@@bug::body@@</textarea>
19	19	<br />	<br />
20	20	<br />	<br />
21	21
22	22	<label for="state" class="form_item_title">State</label><br />	<label for="state" class="form_item_title">State</label><br />
23		@@bug.state_select@@
	23		@@bug::state_select@@
24	24	<br />	<br />
25	25	<br />	<br />
26	26
27	27	<label for="assigned_to" class="form_item_title">Assign to</label><br />	<label for="assigned_to" class="form_item_title">Assign to</label><br />
28		<input type="text" name="assigned_to" value="@@bug.assigned_to@@" size="80" />
	28		<input type="text" name="assigned_to" value="@@bug::assigned_to@@" size="80" />
29	29	<br />	<br />
30	30	<br />	<br />
31	31
32	32	<label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br />	<label for="labels" class="form_item_title">Labels (comma or Enter separated)</label><br />
33		<textarea name="labels" rows="3" cols="80">@@bug.labels@@</textarea>
	33		<textarea name="labels" rows="3" cols="80">@@bug::labels@@</textarea>
34	34	<br />	<br />
35	35	<br />	<br />
36	36
37		<input type="submit" name="button" value="@@if(@@bug.bug_id@@ == 0){{Add bug}}{{Update}}" />
	37		<input type="submit" name="button" value="@@if(@@bug::bug_id@@ == 0){{Add bug}}{{Update}}" />
38	38
39	39	</form>	</form>
40	40	</div>	</div>

File root/themes/default/repo/bug/list/line.html changed (mode: 100644) (index 8437433..ca58293)
1	1	<tr>	<tr>
2		<td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.bug_id@@</a></td>
3		<td>@@bug.creation@@</td>
4		<td><a href="@@url_repo@@/bug/@@bug.bug_id@@">@@bug.title@@</a></td>
5		<td>@@bug.state_text@@</td>
6		<td>@@bug.owner@@</td>
7		<td>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</td>
8		<td>@@bug.updated@@</td>
	2		<td><a href="@@url_repo@@/bug/@@bug::bug_id@@">@@bug::bug_id@@</a></td>
	3		<td>@@bug::creation@@</td>
	4		<td><a href="@@url_repo@@/bug/@@bug::bug_id@@">@@bug::title@@</a></td>
	5		<td>@@bug::state_text@@</td>
	6		<td>@@bug::owner@@</td>
	7		<td>@@if("@@bug::assigned_to@@" == ""){{-}}{{@@bug::assigned_to@@}}</td>
	8		<td>@@bug::updated@@</td>
9	9	</tr>	</tr>
10	10

File root/themes/default/repo/bug/not_found.html changed (mode: 100644) (index 121db38..f794458)
1	1	<div class="warning">	<div class="warning">
2		Bug <b>@@bug.bug_id@@</b> not found.
	2		Bug <b>@@bug::bug_id@@</b> not found.
3	3	</div>	</div>

File root/themes/default/repo/bug/note_add.html changed (mode: 100644) (index dd3163e..28dbf9a)
4	4
5	5	@@note_errmsg@@	@@note_errmsg@@
6	6
7		<form method="post" action="@@bug.url@@">
	7		<form method="post" action="@@bug::url@@">
8	8	<input type="hidden" name="note_add_doit" value="1" />	<input type="hidden" name="note_add_doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10

File root/themes/default/repo/bug/show.html changed (mode: 100644) (index ecf8fd8..ac91cd5)
8	8	<td>@@watch_form@@</td>	<td>@@watch_form@@</td>
9	9	<td>@@close_form@@</td>	<td>@@close_form@@</td>
10	10	<td>	<td>
11		<form method="post" action="@@bug.url@@">
12		<input type="hidden" name="del_undel" value="@@if(@@bug.deleted@@ == 0){{1}}{{2}}" />
	11		<form method="post" action="@@bug::url@@">
	12		<input type="hidden" name="del_undel" value="@@if(@@bug::deleted@@ == 0){{1}}{{2}}" />
13	13	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
14		<input type="submit" name="button" value="@@if(@@bug.deleted@@ == 0){{Delete}}{{Undelete}}" />
	14		<input type="submit" name="button" value="@@if(@@bug::deleted@@ == 0){{Delete}}{{Undelete}}" />
15	15	</form>	</form>
16	16	</td>	</td>
17	17	</tr>	</tr>

23	23	@@bug_edit@@	@@bug_edit@@
24	24
25	25	<div class="bug_description">	<div class="bug_description">
26		<div class="bug_title">#@@bug.bug_id@@ - @@bug.title@@</div>
27		State: @@bug.state_text@@<br />
28		Insertion date (UTC): @@bug.creation@@<br />
29		Last update (UTC): @@bug.updated@@<br />
30		Reporter: <b>@@bug.owner@@</b><br />
31		Assigned to: <b>@@if("@@bug.assigned_to@@" == ""){{-}}{{@@bug.assigned_to@@}}</b><br />
32		@@if(@@bug.deleted@@ != 0){{
33		<font color="red">Deleted by: @@bug.deleted_who_name@@ (@@bug.deleted_text@@ UTC)</font><br />
	26		<div class="bug_title">#@@bug::bug_id@@ - @@bug::title@@</div>
	27		State: @@bug::state_text@@<br />
	28		Insertion date (UTC): @@bug::creation@@<br />
	29		Last update (UTC): @@bug::updated@@<br />
	30		Reporter: <b>@@bug::owner@@</b><br />
	31		Assigned to: <b>@@if("@@bug::assigned_to@@" == ""){{-}}{{@@bug::assigned_to@@}}</b><br />
	32		@@if(@@bug::deleted@@ != 0){{
	33		<font color="red">Deleted by: @@bug::deleted_who_name@@ (@@bug::deleted_text@@ UTC)</font><br />
34	34	}}{{}}	}}{{}}
35	35	</div>	</div>
36	36
37	37	<div class="bug_body">	<div class="bug_body">
38		@@bug.body@@
	38		@@bug::body@@
39	39	</div>	</div>
40	40
41	41	@@labels_html@@	@@labels_html@@

File root/themes/default/repo/create_ok.html changed (mode: 100644) (index 15e118c..6c59536)
1	1	<div class="ok">	<div class="ok">
2	2	Repository was created with success.	Repository was created with success.
3		Click <a href="@@ri.home@@">here</a> to go to the repository home.
	3		Click <a href="@@ri::home@@">here</a> to go to the repository home.
4	4	</div>	</div>

File root/themes/default/repo/edit_ok.html changed (mode: 100644) (index ae8743b..ad9792e)
1	1	<div class="ok">	<div class="ok">
2	2	Repository was updated with success.	Repository was updated with success.
3		@@if(@@ri.renamed@@ == 1){{Go to new home <a href="@@ri.home@@">here</a>}}{{}}
	3		@@if(@@ri::renamed@@ == 1){{Go to new home <a href="@@ri::home@@">here</a>}}{{}}
4	4	</div>	</div>

File root/themes/default/repo/main.html changed (mode: 100644) (index e3b3bf1..5b41e3b)
2	2	<div class="repo_header">	<div class="repo_header">
3	3	<div>	<div>
4	4	<div class="repo_title">	<div class="repo_title">
5		<a href="@@url_user@@">@@page_ui.username@@</a> / <a href="@@url_repo@@">@@ri.name@@</a>
6		(@@if(@@ri.public@@ == 1){{public}}{{private}})
	5		<a href="@@url_user@@">@@page_ui::username@@</a> / <a href="@@url_repo@@">@@ri::name@@</a>
	6		(@@if(@@ri::public@@ == 1){{public}}{{private}})
7	7	</div>	</div>
8	8	<div class="repo_desc">	<div class="repo_desc">
9		@@ri.description_nice@@
	9		@@ri::description_nice@@
10	10	</div>	</div>
11	11
12	12	@@urls@@	@@urls@@

14	14
15	15	<div class="menu submenu">	<div class="menu submenu">
16	16	<ul>	<ul>
17		<li><a @@if(@@per_repo_menu.history@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/history">Last events</a></li>
18		<li><a @@if(@@per_repo_menu.source@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/source">Source</a></li>
19		<li><a @@if(@@per_repo_menu.mr@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/mr">Merge requests</a></li>
20		<li><a @@if(@@per_repo_menu.bug@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/bug">Bugs</a></li>
21		@@if(@@can_admin@@ == 1){{<li><a @@if(@@per_repo_menu.admin@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin">Admin</a></li>}}{{}}
	17		<li><a @@if(@@per_repo_menu::history@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/history">Last events</a></li>
	18		<li><a @@if(@@per_repo_menu::source@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/source">Source</a></li>
	19		<li><a @@if(@@per_repo_menu::mr@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/mr">Merge requests</a></li>
	20		<li><a @@if(@@per_repo_menu::bug@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/bug">Bugs</a></li>
	21		@@if(@@can_admin@@ == 1){{<li><a @@if(@@per_repo_menu::admin@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin">Admin</a></li>}}{{}}
22	22	</ul>	</ul>
23	23	</div>	</div>
24	24	@@repo_submenu@@	@@repo_submenu@@

File root/themes/default/repo/menu.html changed (mode: 100644) (index 624a850..f8cd2f3)
1		<div class="menu">
	1		<div class="menu menu2">
2	2	<ul>	<ul>
3	3	<li>	<li>
4		<a @@if(@@menu.sub1.list@@ == 1){{class="selected"}}{{}} href="/op/repo/list">List</a>
	4		<a @@if(@@menu::sub1::list@@ == 1){{class="selected"}}{{}} href="/op/repo/list">List</a>
5	5	</li>	</li>
6	6	<li>	<li>
7		@@if(@@login_ui.uid@@ != 0){{
8		<a @@if(@@menu.sub1.create@@ == 1){{class="selected"}}{{}} href="/op/repo/create">Create</a>
	7		@@if(@@login_ui::uid@@ != 0){{
	8		<a @@if(@@menu::sub1::create@@ == 1){{class="selected"}}{{}} href="/op/repo/create">Create</a>
9	9	}}{{	}}{{
10	10	}}	}}
11	11	</li>	</li>
12	12	<li>	<li>
13		<a @@if(@@menu.sub1.search@@ == 1){{class="selected"}}{{}} href="/op/repo/search">Search</a>
	13		<a @@if(@@menu::sub1::search@@ == 1){{class="selected"}}{{}} href="/op/repo/search">Search</a>
14	14	</li>	</li>
15	15	</ul>	</ul>
16	16	</div>	</div>

File root/themes/default/suggestion.html changed (mode: 100644) (index be7dc80..dde9b37)
8	8	<input type="hidden" name="doit" value="1" />	<input type="hidden" name="doit" value="1" />
9	9	<input type="hidden" name="token" value="@@rg_form_token@@" />	<input type="hidden" name="token" value="@@rg_form_token@@" />
10	10
11		@@if(login_ui.uid == 0){{
	11		@@if(login_ui::uid == 0){{
12	12	<label for="suggestion" class="form_item_title">Suggestion</label><br />	<label for="suggestion" class="form_item_title">Suggestion</label><br />
13	13	<input type="text" name="email">@@email@@ />	<input type="text" name="email">@@email@@ />
14	14	<br />	<br />

File root/themes/default/user/add_edit.html changed (mode: 100644) (index 7969027..97701ff)
37	37	}}{{	}}{{
38	38	}}	}}
39	39
40		@@if(@@login_ui.is_admin@@ == 1){{
	40		@@if(@@login_ui::is_admin@@ == 1){{
41	41	<label for="is_admin" class="form_item_title">Admin?</label><br />	<label for="is_admin" class="form_item_title">Admin?</label><br />
42	42	<select name="is_admin">	<select name="is_admin">
43	43	<option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option>	<option value="0"@@if(@@is_admin@@ == 0){{ selected="selected"}}{{}}>No, I will give rights later</option>

45	45	</select>	</select>
46	46	<br />	<br />
47	47	<br />	<br />
	48		}}{{
48	49	}}	}}
49	50
50	51	<label for="plan_id" class="form_item_title">Plan</label><br />	<label for="plan_id" class="form_item_title">Plan</label><br />

File root/themes/default/user/repo/menu.html changed (mode: 100644) (index fa41462..2762ce6)
1	1	<div class="menu submenu">	<div class="menu submenu">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.repo.edit@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/edit">Edit</a></li>
4		<li><a @@if(@@menu.repo.repo_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/repo_rights">Repo rights</a></li>
5		<li><a @@if(@@menu.repo.refs_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/refs_rights">Refs rights</a></li>
6		<li><a @@if(@@menu.repo.path_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/path_rights">Path rights</a></li>
7		<li><a @@if(@@menu.repo.delete@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/delete">Delete</a></li>
	3		<li><a @@if(@@menu::repo::edit@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/edit">Edit</a></li>
	4		<li><a @@if(@@menu::repo::repo_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/repo_rights">Repo rights</a></li>
	5		<li><a @@if(@@menu::repo::refs_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/refs_rights">Refs rights</a></li>
	6		<li><a @@if(@@menu::repo::path_rights@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/path_rights">Path rights</a></li>
	7		<li><a @@if(@@menu::repo::delete@@ == 1){{class="selected"}}{{}} href="@@url_repo@@/admin/delete">Delete</a></li>
8	8	</ul>	</ul>
9	9	</div>	</div>

File root/themes/default/user/repo/rights/list_repo/line.html changed (mode: 100644) (index a227605..5b68566)
4	4	<td>@@who_name@@</td>	<td>@@who_name@@</td>
5	5	<td>@@itime_text@@</td>	<td>@@itime_text@@</td>
6	6	<td>@@username@@</td>	<td>@@username@@</td>
7		<td>@@nice.ip@@</td>
	7		<td>@@ip_nice@@</td>
8	8	<td>@@rights_text@@</td>	<td>@@rights_text@@</td>
9	9	<td>@@description@@</td>	<td>@@description@@</td>
10	10	<td>@@if(@@can_be_deleted@@ == 1){{<a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a>}}{{N/A}}</td>	<td>@@if(@@can_be_deleted@@ == 1){{<a href="@@url_repo@@/admin/repo_rights?edit_id=@@right_id@@">Edit</a>}}{{N/A}}</td>

File root/themes/default/user/repo/rights/list_repo_path/line.html changed (mode: 100644) (index 6637dde..2aa9dff)
4	4	<td>@@who_name@@</td>	<td>@@who_name@@</td>
5	5	<td>@@itime_text@@</td>	<td>@@itime_text@@</td>
6	6	<td>@@username@@</td>	<td>@@username@@</td>
7		<td>@@nice.ip@@</td>
	7		<td>@@ip_nice@@</td>
8	8	<td>@@misc@@</td>	<td>@@misc@@</td>
9	9	<td>@@rights_text@@</td>	<td>@@rights_text@@</td>
10	10	<td>@@description@@</td>	<td>@@description@@</td>

File root/themes/default/user/repo/rights/list_repo_refs/line.html changed (mode: 100644) (index 75c334d..a28f7f5)
4	4	<td>@@who_name@@</td>	<td>@@who_name@@</td>
5	5	<td>@@itime_text@@</td>	<td>@@itime_text@@</td>
6	6	<td>@@username@@</td>	<td>@@username@@</td>
7		<td>@@nice.ip@@</td>
	7		<td>@@ip_nice@@</td>
8	8	<td>@@misc@@</td>	<td>@@misc@@</td>
9	9	<td>@@rights_text@@</td>	<td>@@rights_text@@</td>
10	10	<td>@@description@@</td>	<td>@@description@@</td>

File root/themes/default/user/settings/menu.html changed (mode: 100644) (index 27a4339..f0ee360)
1		<div class="menu">
	1		<div class="menu menu2">
2	2	<ul>	<ul>
3		<li><a @@if(@@menu.sub1.edit_info@@ == 1){{class="selected"}}{{}} href="/op/settings/edit_info">Edit info</a></li>
4		<li><a @@if(@@menu.sub1.change_pass@@ == 1){{class="selected"}}{{}} href="/op/settings/change_pass">Change password</a></li>
5		<li><a @@if(@@menu.sub1.keys@@ == 1){{class="selected"}}{{}} href="/op/settings/keys">SSH keys</a></li>
	3		<li><a @@if(@@menu::sub1::edit_info@@ == 1){{class="selected"}}{{}} href="/op/settings/edit_info">Edit info</a></li>
	4		<li><a @@if(@@menu::sub1::change_pass@@ == 1){{class="selected"}}{{}} href="/op/settings/change_pass">Change password</a></li>
	5		<li><a @@if(@@menu::sub1::keys@@ == 1){{class="selected"}}{{}} href="/op/settings/keys">SSH keys</a></li>
6	6	</ul>	</ul>
7	7	</div>	</div>

File samples/rg.conf changed (mode: 100644) (index f0f4010..a600ac6)
17	17	#RewriteLog /var/log/httpd/rg-Rewrite.log	#RewriteLog /var/log/httpd/rg-Rewrite.log
18	18	#RewriteLogLevel 3	#RewriteLogLevel 3
19	19
20		# index.php is special
21		RewriteCond %{REQUEST_URI} ^/index\.php
22		RewriteRule .* /index.php?rwe=1 [L,QSA]
23
24	20	# Allow .ico, 'themes' folder and any txt file (think robots.txt)	# Allow .ico, 'themes' folder and any txt file (think robots.txt)
25	21	# Also, avoid scripts that are looking for exploits	# Also, avoid scripts that are looking for exploits
26		RewriteCond %{REQUEST_URI} ^/(favicon\.ico\|themes\|.\.txt\|.\.php)
27		RewriteRule .* - [L]
	22		RewriteCond %{REQUEST_URI} ^/(favicon\.ico\|themes/.\|robots\.txt\|.\.php.*)$
	23		RewriteRule .* - [last]
28	24
29	25	# all rest	# all rest
30		RewriteRule (.*) /index.php?rwe=1&vv=$1 [L,QSA]
	26		RewriteRule (.*) /index.php?rwe=1&vv=$1 [last,qsappend]
31	27
32	28
33	29	# Security	# Security

File scripts/cron.php changed (mode: 100644) (index 31e5202..aef77a3)
...	...	if ((gmdate("H") == 0) && (gmdate("i") == 3)) {
45	45	while (1) {	while (1) {
46	46	rg_log("Compute repository sizes if dirty...");	rg_log("Compute repository sizes if dirty...");
47	47	// delete 'dirty' files	// delete 'dirty' files
48		$sql = "SELECT uid, repo_id, master FROM repos";
	48		$sql = "SELECT uid, repo_id, master, disk_used_mb FROM repos";
49	49	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
50	50	if ($res === FALSE) {	if ($res === FALSE) {
51	51	// TODO: rg_internal_error? it must notify me in case of problems	// TODO: rg_internal_error? it must notify me in case of problems

...	...	if ((gmdate("H") == 0) && (gmdate("i") == 3)) {
59	59
60	60	$all_files = $row['master'] == 0 ? TRUE : FALSE;	$all_files = $row['master'] == 0 ? TRUE : FALSE;
61	61	$disk_used = rg_repo_size($repo_path, $all_files);	$disk_used = rg_repo_size($repo_path, $all_files);
	62		$disk_used_mb = $disk_used === FALSE ? 0 : intval($disk_used / 1024 / 1024);
62	63	if ($disk_used === FALSE) {	if ($disk_used === FALSE) {
63	64	rg_log("Could not open dir!");	rg_log("Could not open dir!");
	65		} else if ($disk_used == $row['disk_used_mb']) {
	66		// do nothing
64	67	} else {	} else {
65		$disk_used_mb = intval($disk_used / 1024 / 1024);
66	68	$sql = "UPDATE repos SET disk_used_mb = $disk_used_mb"	$sql = "UPDATE repos SET disk_used_mb = $disk_used_mb"
67	69	. " WHERE repo_id = " . $row['repo_id'];	. " WHERE repo_id = " . $row['repo_id'];
68	70	$res2 = rg_sql_query($db, $sql);	$res2 = rg_sql_query($db, $sql);

...	...	if ((gmdate("H") == 0) && (gmdate("i") == 3)) {
92	94	while (($row = rg_sql_fetch_array($res))) {	while (($row = rg_sql_fetch_array($res))) {
93	95	$sql = "UPDATE users"	$sql = "UPDATE users"
94	96	. " SET disk_used_mb = " . $row['disk_used_mb']	. " SET disk_used_mb = " . $row['disk_used_mb']
95		. " WHERE uid = " . $row['uid'];
	97		. " WHERE uid = " . $row['uid']
	98		. " AND disk_used_mb != " . $row['disk_used_mb'];
96	99	$res2 = rg_sql_query($db, $sql);	$res2 = rg_sql_query($db, $sql);
97	100	rg_sql_free_result($res2);	rg_sql_free_result($res2);
98	101	}	}

File scripts/events.php changed (mode: 100644) (index 15b038c..2d97904)
...	...	require_once($INC . "/user.inc.php");
26	26	require_once($INC . "/bug.inc.php");	require_once($INC . "/bug.inc.php");
27	27	require_once($INC . "/fixes.inc.php");	require_once($INC . "/fixes.inc.php");
28	28	require_once($INC . "/plan.inc.php");	require_once($INC . "/plan.inc.php");
	29		require_once($INC . "/admin.inc.php");
29	30	require_once($INC . "/ver.php");	require_once($INC . "/ver.php");
30	31
31	32	rg_prof_start("MAIN");	rg_prof_start("MAIN");

File tests/Makefile changed (mode: 100644) (index 9ed0791..f1a7992)
1		tests := token util log state cache prof db event rights keys user repo git bug \
	1		tests := git_log1.sh \
	2		http_admin http_bug \
	3		token util log state cache prof db event rights keys user repo git bug \
2	4	hook_update http_create_account http_login http_settings http_csrf	hook_update http_create_account http_login http_settings http_csrf
3	5	.PHONY: $(tests)	.PHONY: $(tests)
4	6
5	7	all: $(tests)	all: $(tests)
	8		@echo "All OK. Good work!"
	9		@ls -l err-*
	10
	11		git_log1.sh:
	12		./git_log1.sh
6	13
7	14	token:	token:
8	15	php token.php	php token.php

...	...	http_settings:
61	68	http_csrf:	http_csrf:
62	69	php http_csrf.php	php http_csrf.php
63	70
	71		http_bug:
	72		php http_bug.php
	73
	74		http_admin:
	75		php http_admin.php
	76
64	77	.PHONY: clean	.PHONY: clean
65	78	clean:	clean:
66	79	@rm -f .log .strace .strace. .out .lock err-*	@rm -f .log .strace .strace. .out .lock err-*

File tests/bug.php changed (mode: 100644) (index a80f5b4..d694270)
...	...	require_once("common.php");
16	16
17	17	// defaults	// defaults
18	18	$uid = 1;	$uid = 1;
19		$ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro");
	19		$ui = array("uid" => $uid, "username" => "userX", "organization" => 0, "email" => "test@embedromix.ro",
	20		"confirmed" => 1);
20	21	$repo_name = "bug-A";	$repo_name = "bug-A";
21	22
22		rg_log("Creating a repo");
23		$new = array();
24		$new['repo_id'] = 0;
25		$new['master'] = 0;
26		$new['name'] = $repo_name;
27		$new['max_commit_size'] = 0;
28		$new['description'] = "desc";
29		$new['git_dir_done'] = 0;
30		$new['public'] = 1;
31		$r = rg_repo_edit($db, $ui, $new);
32		if ($r === FALSE) {
33		rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
34		exit(1);
35		}
	23
	24		rg_test_repo_create($db, $ui, $new);
36	25
37	26	$data = array("bug_id" => 0,	$data = array("bug_id" => 0,
38	27	"title" => "Bug title",	"title" => "Bug title",

File tests/config.php changed (mode: 100644) (index 48971f8..213185a)
...	...	$rg_sql_debug = 1;
7	7	$rg_session_time = 3600;	$rg_session_time = 3600;
8	8	$rg_keys_file = "afile.txt";	$rg_keys_file = "afile.txt";
9	9	$rg_scripts = dirname(dirname(__FILE__));	$rg_scripts = dirname(dirname(__FILE__));
10		$rg_repo_allow = '/^[\pL\pN\pP_]*$/uUD';
	10		$rg_repo_allow = '/^[\pL\pN\pP_<>]*$/uUD';
11	11	$rg_repo_min_len = 1;	$rg_repo_min_len = 1;
12	12	$rg_repo_max_len = 100;	$rg_repo_max_len = 100;
13		$rg_user_allow = '/^[\pL\pN\pP_]*$/uUD';
	13		$rg_user_allow = '/^[\pL\pN\pP_<>]*$/uUD';
14	14	$rg_user_min_len = 1;	$rg_user_min_len = 1;
15	15	$rg_user_max_len = 20;	$rg_user_max_len = 20;
16	16	$rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";	$rg_ssh_paras = "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty";

File tests/email.php changed (mode: 100644) (index f6aba01..6cd2534)
...	...	$more = array(
21	21	"to" => "xxx@embedromix.ro"	"to" => "xxx@embedromix.ro"
22	22	);	);
23	23
24		$r = rg_mail("mail/user/key/new", $more);
	24		$r = rg_mail_template("mail/user/key/new", $more);
25	25	print_r($r);	print_r($r);
26	26	?>	?>

File tests/helpers.inc.php added (mode: 100644) (index 0000000..5f070ef)
	1	<?php
	2	// Some helper functions dealing with users/repos/bugs/etc.
	3
	4	/*
	5	* Creating a user
	6	*/
	7	$_user_id = 1;
	8	$_testns = 'main';
	9	function rg_test_create_user($db, &$rg_ui)
	10	{
	11	global $_testns;
	12	global $_user_id;
	13
	14	if (!is_array($rg_ui))
	15	$rg_ui = array();
	16
	17	$username = $_testns . '-user-' . $_user_id . '<xss>';
	18
	19	$new = array();
	20	$new['uid'] = 0;
	21	$new['organization'] = 0;
	22	$new['username'] = $username;
	23	$new['realname'] = 'realname-' . $_user_id . '<xss>';
	24	$new['email'] = 'email-' . $_user_id . '<xss>@embedromix.ro';
	25	$new['is_admin'] = 0;
	26	$new['rights'] = '';
	27	$new['session_time'] = 3600;
	28	$new['confirm_token'] = '';
	29	$new['confirmed'] = 0;
	30	$new['plan_id'] = 0;
	31	$new['pass'] = 'pass-' . $_user_id;
	32	$new['pass2'] = 'pass-' . $_user_id;
	33	$_user_id++;
	34
	35	// Delete old user
	36	$sql = 'DELETE FROM users WHERE username = \'' . $new['username'] . '\'';
	37	$res = rg_sql_query($db, $sql);
	38	if ($res === FALSE) {
	39	rg_log("Cannot delete old user: " . rg_sql_error());
	40	exit(1);
	41	}
	42	rg_sql_free_result($res);
	43
	44	rg_cache_unset('username_to_uid::' . $username);
	45
	46	$rg_ui = array_merge($new, $rg_ui);
	47	$r = rg_user_edit($db, $rg_ui);
	48	if ($r === FALSE) {
	49	rg_log("Cannot create user (" . rg_user_error() . ")!");
	50	exit(1);
	51	}
	52	$rg_ui['uid'] = $r;
	53
	54	return TRUE;
	55	}
	56
	57	/*
	58	* Creating a repo helper
	59	* You can enforce a repo-id by setting extra['repo_id'].
	60	*/
	61	$_repo_id = 1;
	62	function rg_test_create_repo($db, $rg_ui, &$extra)
	63	{
	64	global $_testns;
	65	global $_repo_id;
	66
	67	if (!is_array($extra))
	68	$extra = array();
	69
	70	$repo_id = isset($extra['repo_id']) ? $extra['repo_id'] : 0;
	71
	72	rg_log("Creating a repo");
	73	$new = array();
	74	$new['master'] = 0;
	75	$new['name'] = $_testns . '-repo-' . $_repo_id . '<xss>';
	76	$new['max_commit_size'] = 0;
	77	$new['description'] = 'desc line1\ndesc line2' . '<xss>';
	78	$new['git_dir_done'] = 0;
	79	$new['public'] = 1;
	80	$_repo_id++;
	81
	82	rg_log("Deleting repo " . $repo_id);
	83	$sql = 'DELETE FROM repos WHERE repo_id = ' . $repo_id
	84	. ' OR name = \'' . $new['name'] . '\'';
	85	$res = rg_sql_query($db, $sql);
	86	if ($res === FALSE) {
	87	rg_log("Cannot delete old repo: " . rg_sql_error());
	88	exit(1);
	89	}
	90	rg_sql_free_result($res);
	91
	92	$extra = array_merge($new, $extra);
	93	$extra['repo_id'] = 0;
	94
	95	$r = rg_repo_edit($db, $rg_ui, $extra);
	96	if ($r === FALSE) {
	97	rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
	98	exit(1);
	99	}
	100
	101	if ($repo_id > 0) {
	102	$sql = "UPDATE repos SET repo_id = $repo_id"
	103	. " WHERE repo_id = " . $extra['repo_id'];
	104	$res = rg_sql_query($db, $sql);
	105	rg_sql_free_result($res);
	106	$new['repo_id'] = $repo_id;
	107	rg_cache_unset('repo_by_name::' . $rg_ui['uid']);
	108	}
	109
	110	return TRUE;
	111	}
	112
	113	?>

File tests/hook_update_help.php changed (mode: 100644) (index 688b407..a8f9bc8)
...	...	require_once($INC . "/repo.inc.php");
11	11	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");
12	12	require_once($INC . "/struct.inc.php");	require_once($INC . "/struct.inc.php");
13	13	require_once($INC . "/fixes.inc.php");	require_once($INC . "/fixes.inc.php");
	14		require_once("helpers.inc.php");
14	15
15	16	rg_log_set_file(dirname(__FILE__) . "/hook_update_help.log");	rg_log_set_file(dirname(__FILE__) . "/hook_update_help.log");
16	17

...	...	rg_log("repo_id=$repo_id repo_uid=$repo_uid uid=$uid rights=$rights");
38	39	$rg_ui = array("uid" => $uid,	$rg_ui = array("uid" => $uid,
39	40	"username" => "user-hook-update",	"username" => "user-hook-update",
40	41	"email" => "hook_update_help@embedromix.ro",	"email" => "hook_update_help@embedromix.ro",
41		"organization" => 0);
	42		"organization" => 0,
	43		"confirmed" => 1);
42	44
43	45	$a = array();	$a = array();
44	46	$a['right_id'] = 100;	$a['right_id'] = 100;

...	...	if (strcmp($op, "init") == 0) {
57	59	$sql = "DELETE FROM users WHERE uid = $uid";	$sql = "DELETE FROM users WHERE uid = $uid";
58	60	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
59	61	rg_sql_free_result($res);	rg_sql_free_result($res);
60		$sql = "DELETE FROM repos WHERE repo_id = $repo_id";
61		$res = rg_sql_query($db, $sql);
62		rg_sql_free_result($res);
63	62	$sql = "DELETE FROM rights WHERE obj_id = $repo_id";	$sql = "DELETE FROM rights WHERE obj_id = $repo_id";
64	63	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
65	64	rg_sql_free_result($res);	rg_sql_free_result($res);

...	...	if (strcmp($op, "init") == 0) {
84	83	}	}
85	84	rg_sql_free_result($res);	rg_sql_free_result($res);
86	85
87		rg_log("Creating a repo");
88		$new = array();
89		$new['uid'] = $repo_uid;
90		$new['repo_id'] = 0;
91		$new['master'] = 0;
92		$new['name'] = "A";
93		$new['max_commit_size'] = 0;
94		$new['description'] = "desc";
95		$new['git_dir_done'] = 0;
96		$new['public'] = 0;
97		$r = rg_repo_edit($db, $rg_ui, $new);
98		if ($r === FALSE) {
99		rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
100		exit(1);
101		}
102
103		$sql = "UPDATE repos SET repo_id = $repo_id"
104		. " WHERE repo_id = " . $new['repo_id'];
105		$res = rg_sql_query($db, $sql);
106		if ($res === FALSE) {
107		rg_log("Cannot switch repo_id (" . rg_sql_error() . ")!");
108		exit(1);
109		}
110		rg_sql_free_result($res);
	86		$new = array('repo_id' => $repo_id, 'uid' => $repo_uid, 'public' => 0);
	87		rg_test_create_repo($db, $rg_ui, $new);
111	88	} else if (strcmp($op, "repo") == 0) {	} else if (strcmp($op, "repo") == 0) {
112	89	$v = rg_rights_set($db, "repo", $a);	$v = rg_rights_set($db, "repo", $a);
113	90	if ($v === FALSE) {	if ($v === FALSE) {

File tests/http.inc.php changed (mode: 100644) (index 5d3d08d..f422f51)
...	...	if (!isset($test_ua))
6	6	/*	/*
7	7	* Data is an array	* Data is an array
8	8	*/	*/
9		function do_req($url, $data, $headers)
	9		function do_req($url, &$data, &$headers)
10	10	{	{
11	11	global $test_ua, $test_referer;	global $test_ua, $test_referer;
12	12
13		//rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
14		// . "headers=" . print_r($headers, TRUE));
	13		if (!is_array($data))
	14		$data = array();
	15
	16		if (!is_array($headers)) {
	17		rg_log("Headers is not an array, reset it.");
	18		$headers = array();
	19		}
15	20
16		//$sdata = http_build_query($data);
	21		rg_log_ml("do_req url[$url] data=" . print_r($data, TRUE)
	22		. "headers=" . print_r($headers, TRUE));
17	23
18	24	$c = curl_init($url);	$c = curl_init($url);
19	25	if (count($data) > 0) {	if (count($data) > 0) {

...	...	function do_req($url, $data, $headers)
49	55	$ret['sid'] = $matches[1];	$ret['sid'] = $matches[1];
50	56	}	}
51	57
	58		// Check for XSS
	59		if (strstr($ret['body'], '<xss>')) {
	60		file_put_contents('http_xss.out', $ret['body']);
	61		rg_log("Found <xss> token! Check http_xss.out. Not good!");
	62		exit(1);
	63		}
	64
52	65	// find token	// find token
53	66	$x = preg_match('/ name="token" value="([a-zA-Z0-9]*)"/', $ret['body'], $matches);	$x = preg_match('/ name="token" value="([a-zA-Z0-9]*)"/', $ret['body'], $matches);
54	67	if (($x === FALSE) \|\| (!isset($matches[1]))) {	if (($x === FALSE) \|\| (!isset($matches[1]))) {

...	...	function do_req($url, $data, $headers)
70	83	if ($x > 0) {	if ($x > 0) {
71	84	if (strncmp($url, "http://", 7) == 0)	if (strncmp($url, "http://", 7) == 0)
72	85	$url = substr($url, 7);	$url = substr($url, 7);
73		//rg_log("url=$url");
	86		rg_log("redirect to url=$url");
74	87	$t = explode("/", $url, 2);	$t = explode("/", $url, 2);
75	88	$new = "http://" . $t[0] . trim($matches[1]);	$new = "http://" . $t[0] . trim($matches[1]);
76	89	//rg_log("Redirecting to $new...");	//rg_log("Redirecting to $new...");
77	90	$data = array();	$data = array();
78		$headers = array("Cookie: sid=" . $ret['sid']);
	91		if (!empty($ret['sid']))
	92		$headers = array("Cookie: sid=" . $ret['sid']);
79	93	$f = do_req($new, $data, $headers);	$f = do_req($new, $data, $headers);
80	94	if (empty($f['sid']))	if (empty($f['sid']))
81	95	$f['sid'] = $ret['sid'];	$f['sid'] = $ret['sid'];

File tests/http_admin.php added (mode: 100644) (index 0000000..a097976)
	1	<?php
	2	error_reporting(E_ALL \| E_STRICT);
	3	ini_set("track_errors", "On");
	4
	5	$INC = dirname(__FILE__) . "/../inc";
	6	require_once(dirname(__FILE__) . "/config.php");
	7	require_once($INC . "/init.inc.php");
	8	require_once($INC . "/util.inc.php");
	9	require_once("helpers.inc.php");
	10	require_once("http.inc.php");
	11
	12	rg_log_set_file("http_admin.log");
	13
	14	$rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
	15	$rg_no_db = TRUE;
	16	require_once("common.php");
	17
	18	$_testns = 'http_admin';
	19	$rg_cache_enable = TRUE;
	20
	21	$rg_user_max_len = 60;
	22
	23	$rg_ui = array('is_admin' => 1);
	24	rg_test_create_user($db, $rg_ui);
	25
	26	// First we need to load the form so we can get the token
	27	// We provide an old cookie to test if we generate a new pre-login one
	28	$r = do_req($test_url . "/op/login", $data, $headers);
	29	if ($r === FALSE) {
	30	rg_log("Cannot load login form.");
	31	exit(1);
	32	}
	33	$good_sid = $r['sid'];
	34	$good_token = $r['token'];
	35
	36
	37	rg_log("Do the login (sid=$good_sid token=$good_token)...");
	38	$data = array(
	39	"doit" => 1,
	40	"token" => $good_token,
	41	"user" => $rg_ui['username'],
	42	"pass" => $rg_ui['pass'],
	43	"lock_ip" => 0);
	44	$headers = array("Cookie: sid=" . $good_sid);
	45	$r = do_req($test_url . "/op/login", $data, $headers);
	46	if ($r === FALSE) {
	47	rg_log_ml("Cannot login: " . print_r($r, TRUE));
	48	exit(1);
	49	}
	50	if (strstr($r['body'], "invalid user or pass")) {
	51	rg_log_ml("Login invalid. r=" . print_r($r, TRUE));
	52	exit(1);
	53	}
	54
	55	rg_log("Loading invites form...");
	56	$url = "/op/admin/invites";
	57	$data = array();
	58	$r = do_req($test_url . $url, $data, $headers);
	59	if ($r === FALSE) {
	60	rg_log("Cannot load add bug form.");
	61	exit(1);
	62	}
	63	$token = $r['token'];
	64
	65	rg_log("Posting invites form (token=$token)...");
	66	$data = array('doit' => 1, 'token' => $token,
	67	'inv::list' => "a@embedromix.ro\|a\nb@embedromix.ro\|b b2 b3<xss>\n",
	68	'inv::subject' => 'Invite 1 - hello {NAME}<xss>',
	69	'inv::body' => "Hello {NAME}!\n\nYou are invited, {NAME}!<xss>");
	70	$r = do_req($test_url . $url, $data, $headers);
	71	if ($r === FALSE) {
	72	rg_log("Cannot post bug request.");
	73	exit(1);
	74	}
	75	// test invites here
	76	/*
	77	if ($row['state'] != 1) {
	78	rg_log("State is not 1 but " . $row['state']);
	79	exit(1);
	80	}
	81	*/
	82
	83	rg_prof_log();
	84	rg_log("Done!");
	85	?>

File tests/http_bug.php added (mode: 100644) (index 0000000..b589b16)
	1	<?php
	2	error_reporting(E_ALL \| E_STRICT);
	3	ini_set("track_errors", "On");
	4
	5	$INC = dirname(__FILE__) . "/../inc";
	6	require_once(dirname(__FILE__) . "/config.php");
	7	require_once($INC . "/init.inc.php");
	8	require_once($INC . "/util.inc.php");
	9	require_once("helpers.inc.php");
	10	require_once("http.inc.php");
	11
	12	rg_log_set_file("http_bug.log");
	13
	14	$rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
	15	$rg_no_db = TRUE;
	16	require_once("common.php");
	17
	18	$_testns = 'http_bug';
	19	$rg_cache_enable = TRUE;
	20
	21	rg_test_create_user($db, $rg_ui);
	22	rg_test_create_user($db, $rg_ui2);
	23	rg_test_create_repo($db, $rg_ui, $repo);
	24
	25	// First we need to load the form so we can get the token
	26	// We provide an old cookie to test if we generate a new pre-login one
	27	$r = do_req($test_url . "/op/login", $data, $headers);
	28	if ($r === FALSE) {
	29	rg_log('Cannot load login form.');
	30	exit(1);
	31	}
	32	$good_sid = $r['sid'];
	33	$good_token = $r['token'];
	34
	35
	36	rg_log("Do the login (sid=$good_sid token=$good_token)...");
	37	$data = array(
	38	"doit" => 1,
	39	"token" => $good_token,
	40	"user" => $rg_ui['username'],
	41	"pass" => $rg_ui['pass'],
	42	"lock_ip" => 0);
	43	$headers = array("Cookie: sid=" . $good_sid);
	44	$r = do_req($test_url . "/op/login", $data, $headers);
	45	if ($r === FALSE) {
	46	rg_log_ml('Cannot login: ' . print_r($r, TRUE));
	47	exit(1);
	48	}
	49	if (strstr($r['body'], "invalid user or pass")) {
	50	rg_log_ml('Login invalid. r=' . print_r($r, TRUE));
	51	exit(1);
	52	}
	53
	54	rg_log("Loading bug form...");
	55	$url = "/user/" . $rg_ui['username'] . "/" . $repo['name'] . "/bug/add";
	56	$data = array();
	57	$r = do_req($test_url . $url, $data, $headers);
	58	if ($r === FALSE) {
	59	rg_log('Cannot load add bug form.');
	60	exit(1);
	61	}
	62	$token = $r['token'];
	63
	64	rg_log("Posting bug form (token=$token)...");
	65	$labels = array('a/b', 'uu::bb', '<xss>'); sort($labels);
	66	$data = array('doit' => 1, 'edit' => 1, 'token' => $token,
	67	'title' => 'Title1 space<xss>',
	68	'body' => 'aasasasassa<xss>',
	69	'state' => 1,
	70	'assigned_to' => $rg_ui2['username'],
	71	'labels' => implode(' ', $labels));
	72	$r = do_req($test_url . $url, $data, $headers);
	73	if ($r === FALSE) {
	74	rg_log('Cannot post bug request.');
	75	exit(1);
	76	}
	77	rg_log_ml("CHECK: headers=" . print_r($headers, TRUE));
	78	$sql = 'SELECT * FROM bugs WHERE repo_id = ' . $repo['repo_id'];
	79	$res = rg_sql_query($db, $sql);
	80	$row = rg_sql_fetch_array($res);
	81	rg_sql_free_result($res);
	82	if ($row['assigned_uid'] != $rg_ui2['uid']) {
	83	rg_log('assigned_uid is not ' . $rg_ui2['uid']
	84	. ', but ' . $row['assigned_uid'] . '!');
	85	exit(1);
	86	}
	87	if ($row['state'] != 1) {
	88	rg_log('State is not 1 but ' . $row['state'] . '!');
	89	exit(1);
	90	}
	91	$bug_id = $row['bug_id'];
	92	$sql = 'SELECT * FROM bug_labels WHERE repo_id = ' . $repo['repo_id']
	93	. ' AND bug_id = ' . $bug_id;
	94	$res = rg_sql_query($db, $sql);
	95	$g = array();
	96	while (($row = rg_sql_fetch_array($res))) {
	97	$g[] = $row['label'];
	98	}
	99	rg_sql_free_result($res);
	100	sort($g);
	101	$p1 = implode(' ', $labels);
	102	$p2 = implode(' ', $g);
	103	if (strcmp($p1, $p2) != 0) {
	104	rg_log('Labels are different [' . $p1 . '] != [' . $p2 . ']!');
	105	exit(1);
	106	}
	107
	108
	109	rg_log("Testing adding a note");
	110
	111	rg_log("Loading note form...");
	112	$url = "/user/" . $rg_ui['username'] . "/" . $repo['name'] . "/bug/1";
	113	$data = array();
	114	$r = do_req($test_url . $url, $data, $headers);
	115	if ($r === FALSE) {
	116	rg_log("Cannot load bug page.");
	117	exit(1);
	118	}
	119	$token = $r['token'];
	120
	121	rg_log("Posting note add form (token=$token)...");
	122	$note = 'This is a note<xss>';
	123	$data = array('note_add_doit' => 1, 'token' => $token,
	124	'note' => $note);
	125	$r = do_req($test_url . $url, $data, $headers);
	126	if ($r === FALSE) {
	127	rg_log('Cannot post bug request.');
	128	exit(1);
	129	}
	130	$sql = 'SELECT * FROM bug_notes WHERE repo_id = ' . $repo['repo_id']
	131	. ' AND bug_id = ' . $bug_id;
	132	$res = rg_sql_query($db, $sql);
	133	$row = rg_sql_fetch_array($res);
	134	rg_sql_free_result($res);
	135	if ($row['note'] != $note) {
	136	rg_log('Note is not ok [' . $note . '] != [' . $row['note'] . ']!');
	137	exit(1);
	138	}
	139	if ($row['uid'] != $rg_ui['uid']) {
	140	rg_log('uid is not ok [' . $row['uid'] . '] != [' . $rg_ui['uid'] . ']!');
	141	exit(1);
	142	}
	143
	144	rg_prof_log();
	145	rg_log("Done!");
	146	?>

File tests/http_create_account.php changed (mode: 100644) (index 8760e4c..34397c7)
...	...	require_once("common.php");
16	16
17	17	rg_log("Test create account");	rg_log("Test create account");
18	18	// First we need to load the form so we can get the token	// First we need to load the form so we can get the token
19		$data = array();
20		$headers = array();
21	19	$r = do_req($test_url . "/op/create_account", $data, $headers);	$r = do_req($test_url . "/op/create_account", $data, $headers);
22	20	if ($r === FALSE) {	if ($r === FALSE) {
23	21	rg_log("Cannot load create_account page!");	rg_log("Cannot load create_account page!");

...	...	$good_token = $r['token'];
29	27	$uniq = time();	$uniq = time();
30	28
31	29	// Second, do the request	// Second, do the request
32		$username = "http1-$uniq";
	30		$username = "http1-$uniq<xss>";
33	31	$data = array(	$data = array(
34	32	"uid" => 0,	"uid" => 0,
35	33	"doit" => 1,	"doit" => 1,
36	34	"token" => $good_token,	"token" => $good_token,
37	35	"username" => $username,	"username" => $username,
38		"realname" => "http1-$uniq real name",
39		"email" => "http_create_account_$uniq@embedromix.ro",
40		"pass" => "cucurigu",
41		"pass2" => "cucurigu",
	36		"realname" => "http1-$uniq real name<xss>",
	37		"email" => "http_create_account_$uniq<xss>@embedromix.ro",
	38		"pass" => "cucurigu<xss>",
	39		"pass2" => "cucurigu<xss>",
42	40	"plan_id" => 9,	"plan_id" => 9,
43	41	"session_time" => 60	"session_time" => 60
44	42	);	);

File tests/http_csrf.php changed (mode: 100644) (index adf3de7..d3e758a)
...	...	test_set_ua("user-agent-2");
44	44	$data = array(	$data = array(
45	45	"doit" => 1,	"doit" => 1,
46	46	"token" => $good_token,	"token" => $good_token,
47		"suggestion" => "bla bla bla"
	47		"suggestion" => "bla bla bla<xss>"
48	48	);	);
49	49	$headers = array("Cookie: sid=" . $good_sid);	$headers = array("Cookie: sid=" . $good_sid);
50	50	$r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_ua", $data, $headers);	$r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_ua", $data, $headers);

...	...	if (!stristr($r['body'], "invalid referer")) {
91	91	rg_log("Testing logout CSRF (wrong token)...");	rg_log("Testing logout CSRF (wrong token)...");
92	92	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
93	93	test_set_referer($test_url);	test_set_referer($test_url);
94		$data = array();
95	94	$headers = array("Cookie: sid=" . $good_sid);	$headers = array("Cookie: sid=" . $good_sid);
96	95	$r = do_req($test_url . "/op/logout?t=wrong_token&token=0cb2c9f6e8405eadfef1ccd00c99e3ff", $data, $headers);	$r = do_req($test_url . "/op/logout?t=wrong_token&token=0cb2c9f6e8405eadfef1ccd00c99e3ff", $data, $headers);
97	96	if (stristr($r['body'], "You are now logged out")) {	if (stristr($r['body'], "You are now logged out")) {

...	...	if (stristr($r['body'], "You are now logged out")) {
104	103	rg_log("Testing logout CSRF (token passed in cookie)...");	rg_log("Testing logout CSRF (token passed in cookie)...");
105	104	test_set_ua("user-agent-1");	test_set_ua("user-agent-1");
106	105	test_set_referer($test_url);	test_set_referer($test_url);
107		$data = array();
108	106	$headers = array("Cookie: sid=" . $good_sid . "; token=" . $good_logout_token);	$headers = array("Cookie: sid=" . $good_sid . "; token=" . $good_logout_token);
109	107	$r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);	$r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);
110	108	if (stristr($r['body'], "You are now logged out")) {	if (stristr($r['body'], "You are now logged out")) {

File tests/http_settings.php changed (mode: 100644) (index 1374426..4837ef5)
...	...	if ($r === FALSE) {
116	116	}	}
117	117
118	118	rg_log("Posting edit info form");	rg_log("Posting edit info form");
119		$realname = "Catalin(ux) M. BOIE ($now)";
	119		$realname = "Catalin(ux) M. BOIE ($now)<xss>";
120	120	$session_time = intval($now / 393956);	$session_time = intval($now / 393956);
121	121	$data = array(	$data = array(
122	122	"doit" => 1,	"doit" => 1,
123	123	"token" => $r['token'],	"token" => $r['token'],
124	124	"uid" => 4,	"uid" => 4,
125		"username" => "catab",
	125		"username" => "catab<xss>",
126	126	"realname" => $realname,	"realname" => $realname,
127	127	"plan_id" => 5,	"plan_id" => 5,
128	128	"session_time" => $session_time	"session_time" => $session_time

...	...	if (!strstr($r['body'], "Information was updated with success")) {
136	136	}	}
137	137
138	138	rg_log("Verify against database");	rg_log("Verify against database");
139		$sql = "SELECT * FROM users WHERE username = 'catab'";
	139		$sql = "SELECT * FROM users WHERE username = 'catab<xss>'";
140	140	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
141	141	$row = rg_sql_fetch_array($res);	$row = rg_sql_fetch_array($res);
142	142	rg_sql_free_result($res);	rg_sql_free_result($res);

...	...	if ($r === FALSE) {
167	167	exit(1);	exit(1);
168	168	}	}
169	169	rg_log("Posting keys form");	rg_log("Posting keys form");
170		$key = "ssh-dss YWFh comment";
	170		$key = "ssh-dss YWFh comment<xss>";
171	171	$data = array("add" => 1, "token" => $r['token'], "key" => $key);	$data = array("add" => 1, "token" => $r['token'], "key" => $key);
172	172	$headers = array("Cookie: sid=" . $good_sid);	$headers = array("Cookie: sid=" . $good_sid);
173	173	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_add", $data, $headers);	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_add", $data, $headers);

...	...	if ($r === FALSE) {
176	176	rg_log_ml("Cannot upload key: " . print_r($r, TRUE));	rg_log_ml("Cannot upload key: " . print_r($r, TRUE));
177	177	exit(1);	exit(1);
178	178	}	}
179		$sql = "SELECT * FROM keys WHERE key = '$key'";
	179		$sql = "SELECT * FROM keys WHERE key = 'ssh-dss YWFh commentxss'";
180	180	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
181	181	$rows = rg_sql_num_rows($res);	$rows = rg_sql_num_rows($res);
182	182	if ($rows > 0)	if ($rows > 0)

...	...	if ($r === FALSE) {
198	198	exit(1);	exit(1);
199	199	}	}
200	200	rg_log("Posting delete keys form");	rg_log("Posting delete keys form");
201		$key = "ssh-dss YWFh comment";
	201		$key = "ssh-dss YWFh comment<xss>";
202	202	$data = array("delete" => 1, "token" => $r['token'], "key_delete_ids[$key_id]" => "on");	$data = array("delete" => 1, "token" => $r['token'], "key_delete_ids[$key_id]" => "on");
203	203	$headers = array("Cookie: sid=" . $good_sid);	$headers = array("Cookie: sid=" . $good_sid);
204	204	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);	$r = do_req($test_url . "/op/settings/keys?t=post_key_form_del", $data, $headers);

File tests/keys.php changed (mode: 100644) (index 7836276..903c351)
...	...	$rg_sql_debug = 1;
20	20	// Defaults	// Defaults
21	21	$rg_admin_email = "rg@embedromix.ro";	$rg_admin_email = "rg@embedromix.ro";
22	22
23		$rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro");
	23		$rg_ui = array("uid" => 1, "is_admin" => 0, "email" => "test@embedromix.ro",
	24		"confirmed" => 1);
24	25
25	26	$sql = "DELETE FROM keys";	$sql = "DELETE FROM keys";
26	27	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);

File tests/repo.php changed (mode: 100644) (index c3d876d..82c3003)
...	...	require_once($INC . "/repo.inc.php");
11	11	require_once($INC . "/sql.inc.php");	require_once($INC . "/sql.inc.php");
12	12	require_once($INC . "/struct.inc.php");	require_once($INC . "/struct.inc.php");
13	13	require_once($INC . "/fixes.inc.php");	require_once($INC . "/fixes.inc.php");
	14		require_once("helpers.inc.php");
14	15
15	16	rg_log_set_file("repo.log");	rg_log_set_file("repo.log");
16	17

...	...	$sql = "DELETE FROM repos";
24	25	$res = rg_sql_query($db, $sql);	$res = rg_sql_query($db, $sql);
25	26	rg_sql_free_result($res);	rg_sql_free_result($res);
26	27
	28		$sql = "DELETE FROM users WHERE uid = 12";
	29		$res = rg_sql_query($db, $sql);
	30		rg_sql_free_result($res);
	31
27	32	rg_log("rg_repo_path 1");	rg_log("rg_repo_path 1");
28	33	$e = $rg_repos . "/by_id/11/22/33/44/11223344/repos/by_id/55.git";	$e = $rg_repos . "/by_id/11/22/33/44/11223344/repos/by_id/55.git";
29	34	$c = rg_repo_path_by_id(0x11223344, 55);	$c = rg_repo_path_by_id(0x11223344, 55);

...	...	if ($res === FALSE) {
116	121	exit(1);	exit(1);
117	122	}	}
118	123
119		rg_log("Creating a repo");
120		$new = array();
121		$new['repo_id'] = 0;
122		$new['master'] = 0;
123		$new['name'] = "A";
124		$new['max_commit_size'] = 0;
125		$new['description'] = "desc";
126		$new['git_dir_done'] = 0;
127		$new['public'] = 1;
128		$r = rg_repo_edit($db, $rg_ui, $new);
129		if ($r === FALSE) {
130		rg_log("Cannot insert a repo (" . rg_repo_error() . ")!");
131		exit(1);
132		}
	124		rg_test_create_repo($db, $rg_ui, $new);
133	125	$repo_id = $new['repo_id'];	$repo_id = $new['repo_id'];
134	126
135	127	$ri = rg_repo_info($db, $repo_id, 0, "");	$ri = rg_repo_info($db, $repo_id, 0, "");

...	...	if ($r !== TRUE) {
189	181	rg_log("Cannot set rights (" . rg_rights_error() . ")!");	rg_log("Cannot set rights (" . rg_rights_error() . ")!");
190	182	exit(1);	exit(1);
191	183	}	}
192		$e = "AB"; // will not match the above right but the one injected
193		$r = rg_rights_get($db, $ri['repo_id'], "repo", $uid, $a['uid'], 0);
	184		$e = "AaB"; // will not match the above right but the one injected
	185		$r = rg_rights_get($db, $ri['repo_id'], "repo", $uid /owner /, $a['uid'] /* user */, 0);
194	186	$c = isset($r['list'][0]['rights']) ? $r['list'][0]['rights'] : "_BAD_";	$c = isset($r['list'][0]['rights']) ? $r['list'][0]['rights'] : "_BAD_";
195	187	if (strcmp($c, $e) != 0) {	if (strcmp($c, $e) != 0) {
196		rg_log("Non-owner did not get correct rights: c=$c e=$e.");
	188		rg_log("Non-owner (uid " . $a['uid']. ") did not get correct rights: c=$c e=$e.");
197	189	rg_log_ml("r=" . print_r($r, TRUE));	rg_log_ml("r=" . print_r($r, TRUE));
198	190	exit(1);	exit(1);
199	191	}	}

File tests/util.php changed (mode: 100644) (index 2f4db61..184ee4b)
...	...	$a = array("ri" => array("repo_id" => "1", "name" => "repo1"));
80	80	rg_prepare_replace_helper($a, "", $what, $values);	rg_prepare_replace_helper($a, "", $what, $values);
81	81	$w = rg_array2string($what);	$w = rg_array2string($what);
82	82	$v = rg_array2string($values);	$v = rg_array2string($values);
83		$ew = "ri.repo_id=[/@@ri.repo_id@@/uU] ri.name=[/@@ri.name@@/uU]";
84		$ev = "ri.repo_id=[1] ri.name=[repo1]";
	83		$ew = "ri::repo_id=[/@@ri\:\:repo_id@@/uU] ri::name=[/@@ri\:\:name@@/uU]";
	84		$ev = "ri::repo_id=[1] ri::name=[repo1]";
85	85	if ((strcmp($w, $ew) != 0) \|\| (strcmp($v, $ev) != 0)) {	if ((strcmp($w, $ew) != 0) \|\| (strcmp($v, $ev) != 0)) {
86	86	echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";	echo "Wrong prepare_replace: [$w] != [$ew] OR [$v] != [$ev]!\n";
87	87	exit(1);	exit(1);

Hints

Before first commit, do not forget to setup your git environment:

git config --global user.name "your_name_here"
git config --global user.email "your@email_here"

Clone this repository using HTTP(S):

git clone https://code.reversed.top/user/xaizek/rocketgit

Clone this repository using ssh (do not forget to upload a key first):

git clone ssh://rocketgit@code.reversed.top/user/xaizek/rocketgit

You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a pull request:

... clone the repository ...
... make some changes and some commits ...
git push origin master