-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathview.php
86 lines (73 loc) · 2.49 KB
/
view.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
<?php
require_once 'includes/auth.php';
require_once 'includes/database.php';
require_once 'includes/repository.php';
requireLogin();
$repo = $_GET['repo'] ?? null;
$username = $_GET['user'] ?? $_SESSION['username'];
$commit = $_GET['commit'] ?? null;
$file = $_GET['file'] ?? null;
if (!$repo || !$commit || !$file) {
header('Location: dashboard.php');
exit;
}
// Validate commit hash
if (!preg_match('/^[a-f0-9]+$/', $commit)) {
die("Invalid commit hash");
}
// Validate file path
if (!preg_match('/^[a-zA-Z0-9_\-\.\s\/]+$/', $file) || strpos($file, '..') !== false) {
die("Invalid file path");
}
// Get repository info
$repoInfo = getRepositoryInfo($username, $repo);
if (!$repoInfo || !canAccessRepository($repoInfo)) {
die("Access denied");
}
$repoPath = getRepoPath($username, $repo);
// Get file contents
$command = "cd " . escapeshellarg($repoPath) .
" && git show " . escapeshellarg($commit . ":" . $file);
$contents = shell_exec($command);
// Get file extension for syntax highlighting
$extension = pathinfo($file, PATHINFO_EXTENSION);
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo htmlspecialchars($file); ?> - <?php echo htmlspecialchars($repo); ?></title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<?php include 'includes/header.php'; ?>
<?php include 'includes/repo-header.php'; ?>
<div class="file-view">
<div class="file-info">
<h2><?php echo htmlspecialchars($file); ?></h2>
<div class="commit-info">
Showing content at commit <?php echo htmlspecialchars(substr($commit, 0, 7)); ?>
</div>
</div>
<div class="file-content">
<?php if (in_array($extension, ['png', 'jpg', 'jpeg', 'gif'])): ?>
<img src="raw.php?<?php echo http_build_query([
'repo' => $repo,
'user' => $username,
'commit' => $commit,
'file' => $file
]); ?>" alt="<?php echo htmlspecialchars($file); ?>">
<?php else: ?>
<pre><code><?php echo htmlspecialchars($contents); ?></code></pre>
<?php endif; ?>
</div>
<div class="file-actions">
<a href="files.php?<?php echo http_build_query([
'repo' => $repo,
'user' => $username,
'commit' => $commit,
'path' => dirname($file)
]); ?>">Back to file list</a>
</div>
</div>
</body>
</html>