This release fixes a major security hole; upgrading is recommended as soon as possible.

Changes:

• Security fix: A user could perform a directory traversal using a crafted relative path (using .. and a null byte) to read an arbitrary file on the server
• Allow display of clone/push urls for projects

Release is on the GitPHP page, and bugs can be reported on Mantis.

This release does not have many major changes for end users. However, there are a number of significant changes under the hood:

Major features:
Caching
By request… GitPHP now makes use of Smarty caching to cache the output of any action – this includes all pages, blobs, diffs, searches, and even snapshots. There are new cache options in the example config, so make sure you copy them into your existing config to turn on caching and choose your desired cache lifetime.
GitPHP will attempt to automatically expire the cache appropriately. When a page is loaded for a project, it will expire any cached pages that are older than the most recent commit to the project, on any head. This ensures that users are always seeing the proper information for the project, and not seeing outdated information due to cached pages that have been hanging around too long. This check is a tiny performance hit, but is trivial compared to the gain of caching. You can turn this off if you want to skip the check, but you should beware that users could be seeing mixes of old and new data depending on what has and hasn’t been cached. You can also turn this off if commits are coming in so quickly that the cache is constantly being expired, but if you’re doing your git workflow properly (occasionally pushing groups of commits from a private to a public repository) this should not be the case.
If you ever run into cache issues, you can go to

http://yourserver.com/gitphp/index.php?a=expire

to forcefully expire everything in the cache. You will also need to do this if you change any config options. This is not linked anywhere from the interface since it’s an administrative action; you have to type it in yourself.

Unified templates
I realized that the way I was handling templates previously was hampering customizability. I had template pieces that got displayed in order… for example, the header template, then the nav template, then the paging prev/next template, then the log template, then the footer template… you get the idea. While each of those templates was customizable, I was still enforcing the order of elements – eg the nav always had to be first, before the content.
Now, each page’s template is a single file that displays everything. This allows full flexibility to customize the template any way you want – anything can now be moved anywhere on the page. (It also made implementing caching easier)
This is a very slight performance degradation compared to previous versions, because there are times where the code will have to loop twice – once to parse data, then another time to output it in the template. However, caching completely eliminates this difference (and then some).

Minor features:

• Debugging can be turned on with a new config option. This is probably not useful for most users. However, this will display the execution time of a given page at the bottom, so it can be useful for checking how much time a particular action on a repository takes – although naturally, this is influenced by the cache

Bugfixes:

• The “performance fix” introduced in version 0.0.6 made use of the –skip parameter for revision lists. This parameter was introduced in git 1.5.0, which means that revision browsing was effectively broken for any version of git lower than that. (It was broken on this site… dreamhost runs git 1.4.4.4). I have now made it backwards compatible; gitphp will use the faster –skip parameter if it detects you are running git 1.5.0 or greater, and transparently fall back to the old method if you are not. I refuse to be like gitweb and require the gitweb and git versions to both be the most current; I’ll always support old versions to the best of my ability, so please report bugs on Mantis if you have any issues with old versions.
• Whitespace is preserved on non-html pages (such as opml and rss) for readability
• The blob page now properly displays ref tags for HEAD
• Pages now properly report their charset to the browser as UTF-8
• Pages do not use the output buffer anymore. It is unnecessary if you are using caching, and avoids issues where the snapshot is larger than the output buffer and gets truncated

Internationalization is not in this release. Technically it is done, but no one showed interest in translating into another language. Abstracted and tokenized strings, without any other languages besides English, are just an unnecessary performance hit. The code still exists in the branch i18n-manual, but I’m not going to merge the feature until there’s a reason to, meaning there’s at least one other language to offer.

As always, the release is on the GitPHP page, and bugs can be reported on Mantis.