| releases.moxie | ●●●●● patch | view | raw | blame | history | |
| src/main/java/com/gitblit/wicket/GitBlitWebApp.properties | ●●●●● patch | view | raw | blame | history | |
| src/main/java/com/gitblit/wicket/pages/BlobPage.java | ●●●●● patch | view | raw | blame | history | |
| src/main/java/com/gitblit/wicket/panels/CommitHeaderPanel.java | ●●●●● patch | view | raw | blame | history |
releases.moxie
@@ -9,6 +9,7 @@ - Raw servlet was insecure. If someone knew the exact repository name and path to a file, the raw blob could be retrieved bypassing security constraints. (issue 198) fixes: - Could not reset settings with $ or { characters through Gitblit Manager because they are not properly escaped - Added more error checking to blob page - Fix NPE when getting user's fork without repository list caching (issue 182) - Fix internal error on folder history links (issue 192) - Fixed incorrect icon file name for .doc files (issue 200) src/main/java/com/gitblit/wicket/GitBlitWebApp.properties
@@ -445,3 +445,4 @@ gb.owners = owners gb.sessionEnded = Session has been closed gb.closeBrowser = Please close the browser to properly end the session. gb.doesNotExistInTree = {0} does not exist in tree {1} src/main/java/com/gitblit/wicket/pages/BlobPage.java
@@ -124,20 +124,39 @@ default: // plain text String source = JGitUtils.getStringContent(r, commit.getTree(), blobPath, encodings); String table = generateSourceView(source, type == 1); String table; if (source == null) { table = missingBlob(blobPath, commit); } else { table = generateSourceView(source, type == 1); } add(new Label("blobText", table).setEscapeModelStrings(false)); add(new Image("blobImage").setVisible(false)); } } else { // plain text String source = JGitUtils.getStringContent(r, commit.getTree(), blobPath, encodings); String table = generateSourceView(source, false); String table; if (source == null) { table = missingBlob(blobPath, commit); } else { table = generateSourceView(source, false); } add(new Label("blobText", table).setEscapeModelStrings(false)); add(new Image("blobImage").setVisible(false)); } } } protected String missingBlob(String blobPath, RevCommit commit) { StringBuilder sb = new StringBuilder(); sb.append("<div class=\"alert alert-error\">"); String pattern = getString("gb.doesNotExistInTree").replace("{0}", "<b>{0}</b>").replace("{1}", "<b>{1}</b>"); sb.append(MessageFormat.format(pattern, blobPath, commit.getTree().getId().getName())); sb.append("</div>"); return sb.toString(); } protected String generateSourceView(String source, boolean prettyPrint) { String [] lines = source.split("\n");
@@ -33,6 +33,7 @@ add(new Label("commitid")); add(new Label("author")); add(new Label("date")); add(new Label("authorAvatar")); } public CommitHeaderPanel(String id, String repositoryName, RevCommit c) {
