by roundabout, Sunday, 4 January 2026, 21:31:04 (1767562264), pushed by roundabout, Sunday, 4 January 2026, 21:31:07 (1767562267)
Author identity: vlad <vlad.muntoiu@gmail.com>
201f5178db929f1f357ecb10b5c38449b2dd6d56
app.py
@@ -774,6 +774,8 @@ def repository_raw(username, repository, branch, subpath):
server_repo_location = os.path.join(config.REPOS_PATH, username, repository)
if not os.path.exists(server_repo_location):
flask.abort(404)
if os.path.commonpath([os.path.realpath(os.path.join(server_repo_location, subpath)), os.path.realpath(server_repo_location)]) != os.path.realpath(server_repo_location):
flask.abort(404)
if not (get_visibility(username, repository) or get_permission_level(
flask.session.get("username"), username,
repository) is not None):
@@ -863,6 +865,9 @@ def repository_tree(username, repository, branch, subpath):
for ref in repo.tags:
all_refs.append((ref, "tag"))
if os.path.isdir(os.path.join(server_repo_location, subpath)):
files = []
blobs = []
@@ -934,6 +939,9 @@ def repository_tree(username, repository, branch, subpath):
if not os.path.exists(path):
return flask.render_template("errors/not-found.html"), 404
mimetype = guess_mime(path)
mode = mimetype.split("/", 1)[0]
size = human_size(os.path.getsize(path))
templates/tree-view.html
@@ -21,16 +21,12 @@
<td>{{ file.mimetype }}</td>
<td style="text-align: right;">{{ file.size }}</td>
<td>
{% if file.commit %}
<a href="/{{ username }}/{{ repository }}/commit/{{ file.commit.sha }}" class="file-link">
<x-hbox style="align-items: baseline; gap: 0.5ch;">
<code>{{ file.commit.sha[:file.shaSize] }}</code>
<span class="commit-message">{{ file.commit.message }}</span>
</x-hbox>
</a>
{% else %}
???
{% endif %}
<a href="/{{ username }}/{{ repository }}/commit/{{ file.commit.sha }}" class="file-link">
<x-hbox style="align-items: baseline; gap: 0.5ch;">
<code>{{ file.commit.sha[:file.shaSize] }}</code>
<span class="commit-message">{{ file.commit.message }}</span>
</x-hbox>
</a>
</td>
</tr>
{% endfor %}