From 072bbe1b223c6f6c7a80ee86e00a41e15913b4ee Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Wed, 20 Jul 2011 15:50:54 -0400
Subject: [PATCH] Updated to Jetty 7.4.4
---
src/com/gitblit/wicket/pages/EditRepositoryPage.java | 81 +++++++++++++++++++++++++++++-----------
1 files changed, 59 insertions(+), 22 deletions(-)
diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 20a9c73..af9358e 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -1,10 +1,24 @@
+/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package com.gitblit.wicket.pages;
import java.text.MessageFormat;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
-import java.util.Date;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -25,24 +39,23 @@
import com.gitblit.GitBlit;
import com.gitblit.GitBlitException;
import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
import com.gitblit.utils.StringUtils;
-import com.gitblit.wicket.BasePage;
import com.gitblit.wicket.GitBlitWebSession;
import com.gitblit.wicket.WicketUtils;
-import com.gitblit.wicket.models.RepositoryModel;
-import com.gitblit.wicket.models.UserModel;
public class EditRepositoryPage extends BasePage {
private final boolean isCreate;
- private boolean isAdmin = false;
-
+ private boolean isAdmin;
+
public EditRepositoryPage() {
// create constructor
super();
isCreate = true;
- setupPage(new RepositoryModel("", "", "", new Date()));
+ setupPage(new RepositoryModel());
}
public EditRepositoryPage(PageParameters params) {
@@ -57,7 +70,7 @@
protected void setupPage(final RepositoryModel repositoryModel) {
// ensure this user can create or edit this repository
checkPermissions(repositoryModel);
-
+
List<String> repositoryUsers = new ArrayList<String>();
if (isCreate) {
super.setupPage("", getString("gb.newRepository"));
@@ -70,8 +83,11 @@
}
final String oldName = repositoryModel.name;
- final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()), new ChoiceRenderer<String>("", ""), 10, false);
- CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(repositoryModel);
+ final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
+ repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
+ new ChoiceRenderer<String>("", ""), 10, false);
+ CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(
+ repositoryModel);
Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", model) {
private static final long serialVersionUID = 1L;
@@ -87,6 +103,22 @@
// automatically convert backslashes to forward slashes
repositoryModel.name = repositoryModel.name.replace('\\', '/');
+ // Automatically replace // with /
+ repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+ // prohibit folder paths
+ if (repositoryModel.name.startsWith("/")) {
+ error("Leading root folder references (/) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.startsWith("../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
+ if (repositoryModel.name.contains("/../")) {
+ error("Relative folder references (../) are prohibited.");
+ return;
+ }
// confirm valid characters in repository name
char[] validChars = { '/', '.', '_', '-' };
@@ -97,7 +129,8 @@
ok |= c == vc;
}
if (!ok) {
- error(MessageFormat.format("Illegal character ''{0}'' in repository name!", c));
+ error(MessageFormat.format(
+ "Illegal character ''{0}'' in repository name!", c));
return;
}
}
@@ -110,7 +143,7 @@
}
// save the repository
- GitBlit.self().editRepositoryModel(oldName, repositoryModel, isCreate);
+ GitBlit.self().updateRepositoryModel(oldName, repositoryModel, isCreate);
// save the repository access list
if (repositoryModel.accessRestriction.exceeds(AccessRestrictionType.NONE)) {
@@ -120,7 +153,8 @@
repositoryUsers.add(users.next());
}
// ensure the owner is added to the user list
- if (repositoryModel.owner != null && !repositoryUsers.contains(repositoryModel.owner)) {
+ if (repositoryModel.owner != null
+ && !repositoryUsers.contains(repositoryModel.owner)) {
repositoryUsers.add(repositoryModel.owner);
}
GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
@@ -137,17 +171,20 @@
// field names reflective match RepositoryModel fields
form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
form.add(new TextField<String>("description"));
- form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames()).setEnabled(GitBlitWebSession.get().canAdmin()));
- form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+ form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
+ .setEnabled(GitBlitWebSession.get().canAdmin()));
+ form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
+ .asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
form.add(new CheckBox("isFrozen"));
form.add(new CheckBox("useTickets"));
form.add(new CheckBox("useDocs"));
form.add(new CheckBox("showRemoteBranches"));
+ form.add(new CheckBox("showReadme"));
form.add(usersPalette);
add(form);
}
-
+
/**
* Unfortunately must repeat part of AuthorizaitonStrategy here because that
* mechanism does not take PageParameters into consideration, only page
@@ -156,8 +193,8 @@
* Repository Owners should be able to edit their repository.
*/
private void checkPermissions(RepositoryModel model) {
- boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
- boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
+ boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
+ boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
GitBlitWebSession session = GitBlitWebSession.get();
UserModel user = session.getUser();
@@ -170,22 +207,22 @@
}
if (isCreate) {
// Create Repository
- if (!user.canAdmin()) {
+ if (!user.canAdmin) {
// Only Administrators May Create
error("Only an administrator may create a repository", true);
}
} else {
// Edit Repository
- if (user.canAdmin()) {
+ if (user.canAdmin) {
// Admins can edit everything
isAdmin = true;
return;
} else {
- if (!model.owner.equalsIgnoreCase(user.getUsername())) {
+ if (!model.owner.equalsIgnoreCase(user.username)) {
// User is not an Admin nor Owner
error("Only an administrator or the owner may edit a repository", true);
}
- }
+ }
}
}
} else {
--
Gitblit v1.9.1