From 0e44acbb2fec928a1606dc60f427a148fff405c9 Mon Sep 17 00:00:00 2001
From: Mohamed Ragab <moragab@gmail.com>
Date: Wed, 02 May 2012 11:15:01 -0400
Subject: [PATCH] Added a script to facilitate setting the proxy host and port and no proxy hosts, and then it concatenates all the java system properties for setting the java proxy configurations and puts the resulting string in an environment variable JAVA_PROXY_CONFIG, modified the scirpts gitblit,  gitblit-ubuntu, and gitblit-centos to source the java-proxy-config.sh script and then include the resulting java proxy configuration in the java command

---
 src/com/gitblit/wicket/pages/BasePage.java |   69 ++++++++++++++++++++++++++--------
 1 files changed, 52 insertions(+), 17 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 0169c8e..94ed633 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -22,6 +22,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.wicket.Application;
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.RestartResponseAtInterceptPageException;
@@ -29,6 +30,7 @@
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
+import org.apache.wicket.markup.html.link.ExternalLink;
 import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.markup.html.panel.Fragment;
 import org.apache.wicket.protocol.http.WebRequest;
@@ -42,6 +44,7 @@
 import com.gitblit.Constants.FederationStrategy;
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.wicket.GitBlitWebSession;
 import com.gitblit.wicket.WicketUtils;
@@ -62,6 +65,24 @@
 		logger = LoggerFactory.getLogger(getClass());
 		loginByCookie();
 	}
+	
+	@Override
+	protected void onBeforeRender() {
+		if (GitBlit.isDebugMode()) {
+			// strip Wicket tags in debug mode for jQuery DOM traversal
+			Application.get().getMarkupSettings().setStripWicketTags(true);
+		}
+		super.onBeforeRender();
+	}
+
+	@Override
+	protected void onAfterRender() {
+		if (GitBlit.isDebugMode()) {
+			// restore Wicket debug tags
+			Application.get().getMarkupSettings().setStripWicketTags(false);
+		}
+		super.onAfterRender();
+	}	
 
 	private void loginByCookie() {
 		if (!GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
@@ -78,30 +99,28 @@
 		// Login the user
 		if (user != null) {
 			// Set the user into the session
-			GitBlitWebSession.get().setUser(user);
+			GitBlitWebSession session = GitBlitWebSession.get();
+			// issue 62: fix session fixation vulnerability
+			session.replaceSession();
+			session.setUser(user);
 
 			// Set Cookie
 			WebResponse response = (WebResponse) getRequestCycle().getResponse();
 			GitBlit.self().setCookie(response, user);
+			continueToOriginalDestination();
 		}
 	}
 
 	protected void setupPage(String repositoryName, String pageName) {
-
 		if (repositoryName != null && repositoryName.trim().length() > 0) {
 			add(new Label("title", getServerName() + " - " + repositoryName));
 		} else {
 			add(new Label("title", getServerName()));
 		}
-		// header
-		String siteName = GitBlit.getString(Keys.web.siteName, Constants.NAME);
-		if (siteName == null || siteName.trim().length() == 0) {
-			siteName = Constants.NAME;
-		}
-		add(new LinkPanel("siteName", null, siteName, RepositoriesPage.class, null));
-		add(new LinkPanel("repositoryName", null, repositoryName, SummaryPage.class,
-				WicketUtils.newRepositoryParameter(repositoryName)));
-		add(new Label("pageName", pageName));
+
+		ExternalLink rootLink = new ExternalLink("rootLink", urlFor(RepositoriesPage.class, null).toString());
+		WicketUtils.setHtmlTooltip(rootLink, GitBlit.getString(Keys.web.siteName, Constants.NAME));
+		add(rootLink);
 
 		// Feedback panel for info, warning, and non-fatal error messages
 		add(new FeedbackPanel("feedback"));
@@ -162,13 +181,28 @@
 
 	protected TimeZone getTimeZone() {
 		return GitBlit.getBoolean(Keys.web.useClientTimezone, false) ? GitBlitWebSession.get()
-				.getTimezone() : TimeZone.getDefault();
+				.getTimezone() : GitBlit.getTimezone();
 	}
 
 	protected String getServerName() {
 		ServletWebRequest servletWebRequest = (ServletWebRequest) getRequest();
 		HttpServletRequest req = servletWebRequest.getHttpServletRequest();
 		return req.getServerName();
+	}
+	
+	protected String getRepositoryUrl(RepositoryModel repository) {
+		StringBuilder sb = new StringBuilder();
+		sb.append(WicketUtils.getGitblitURL(getRequestCycle().getRequest()));
+		sb.append(Constants.GIT_PATH);
+		sb.append(repository.name);
+		
+		// inject username into repository url if authentication is required
+		if (repository.accessRestriction.exceeds(AccessRestrictionType.NONE)
+				&& GitBlitWebSession.get().isLoggedIn()) {
+			String username = GitBlitWebSession.get().getUser().username;
+			sb.insert(sb.indexOf("://") + 3, username + "@");
+		}
+		return sb.toString();
 	}
 
 	public void warn(String message, Throwable t) {
@@ -200,7 +234,7 @@
 		if (GitBlitWebSession.get().isLoggedIn()) {
 			error(message, true);
 		} else {
-			throw new RestartResponseAtInterceptPageException(LoginPage.class);
+			throw new RestartResponseAtInterceptPageException(RepositoriesPage.class);
 		}
 	}
 
@@ -220,14 +254,15 @@
 				add(new Label("username", GitBlitWebSession.get().getUser().toString() + ":"));
 				add(new LinkPanel("loginLink", null, markupProvider.getString("gb.logout"),
 						LogoutPage.class));
+				boolean editCredentials = GitBlit.self().supportsCredentialChanges();
 				// quick and dirty hack for showing a separator
-				add(new Label("separator", "|"));
-				add(new BookmarkablePageLink<Void>("changePasswordLink", ChangePasswordPage.class));
+				add(new Label("separator", "|").setVisible(editCredentials));
+				add(new BookmarkablePageLink<Void>("changePasswordLink", 
+						ChangePasswordPage.class).setVisible(editCredentials));
 			} else {
 				// login
 				add(new Label("username").setVisible(false));
-				add(new LinkPanel("loginLink", null, markupProvider.getString("gb.login"),
-						LoginPage.class));
+				add(new Label("loginLink").setVisible(false));
 				add(new Label("separator").setVisible(false));
 				add(new Label("changePasswordLink").setVisible(false));
 			}

--
Gitblit v1.9.1