From 22fc5e48cbe050d8485f78f6165b59e4085eaeef Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sat, 25 Jun 2011 17:10:59 -0400
Subject: [PATCH] Moved Build classes to their own package

---
 src/com/gitblit/wicket/pages/EditRepositoryPage.java |   79 +++++++++++++++++++++++++++++----------
 1 files changed, 58 insertions(+), 21 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditRepositoryPage.java b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
index 20a9c73..52ed548 100644
--- a/src/com/gitblit/wicket/pages/EditRepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/EditRepositoryPage.java
@@ -1,10 +1,24 @@
+/*
+ * Copyright 2011 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
 package com.gitblit.wicket.pages;
 
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
-import java.util.Date;
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
@@ -25,24 +39,23 @@
 import com.gitblit.GitBlit;
 import com.gitblit.GitBlitException;
 import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
+import com.gitblit.models.UserModel;
 import com.gitblit.utils.StringUtils;
-import com.gitblit.wicket.BasePage;
 import com.gitblit.wicket.GitBlitWebSession;
 import com.gitblit.wicket.WicketUtils;
-import com.gitblit.wicket.models.RepositoryModel;
-import com.gitblit.wicket.models.UserModel;
 
 public class EditRepositoryPage extends BasePage {
 
 	private final boolean isCreate;
 
-	private boolean isAdmin = false;
-	
+	private boolean isAdmin;
+
 	public EditRepositoryPage() {
 		// create constructor
 		super();
 		isCreate = true;
-		setupPage(new RepositoryModel("", "", "", new Date()));
+		setupPage(new RepositoryModel());
 	}
 
 	public EditRepositoryPage(PageParameters params) {
@@ -57,7 +70,7 @@
 	protected void setupPage(final RepositoryModel repositoryModel) {
 		// ensure this user can create or edit this repository
 		checkPermissions(repositoryModel);
-		
+
 		List<String> repositoryUsers = new ArrayList<String>();
 		if (isCreate) {
 			super.setupPage("", getString("gb.newRepository"));
@@ -70,8 +83,11 @@
 		}
 
 		final String oldName = repositoryModel.name;
-		final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()), new ChoiceRenderer<String>("", ""), 10, false);
-		CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(repositoryModel);
+		final Palette<String> usersPalette = new Palette<String>("users", new ListModel<String>(
+				repositoryUsers), new CollectionModel<String>(GitBlit.self().getAllUsernames()),
+				new ChoiceRenderer<String>("", ""), 10, false);
+		CompoundPropertyModel<RepositoryModel> model = new CompoundPropertyModel<RepositoryModel>(
+				repositoryModel);
 		Form<RepositoryModel> form = new Form<RepositoryModel>("editForm", model) {
 
 			private static final long serialVersionUID = 1L;
@@ -87,6 +103,22 @@
 
 					// automatically convert backslashes to forward slashes
 					repositoryModel.name = repositoryModel.name.replace('\\', '/');
+					// Automatically replace // with /
+					repositoryModel.name = repositoryModel.name.replace("//", "/");
+
+					// prohibit folder paths
+					if (repositoryModel.name.startsWith("/")) {
+						error("Leading root folder references (/) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.startsWith("../")) {
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
+					if (repositoryModel.name.contains("/../")) {
+						error("Relative folder references (../) are prohibited.");
+						return;
+					}
 
 					// confirm valid characters in repository name
 					char[] validChars = { '/', '.', '_', '-' };
@@ -97,7 +129,8 @@
 								ok |= c == vc;
 							}
 							if (!ok) {
-								error(MessageFormat.format("Illegal character ''{0}'' in repository name!", c));
+								error(MessageFormat.format(
+										"Illegal character ''{0}'' in repository name!", c));
 								return;
 							}
 						}
@@ -120,7 +153,8 @@
 							repositoryUsers.add(users.next());
 						}
 						// ensure the owner is added to the user list
-						if (repositoryModel.owner != null && !repositoryUsers.contains(repositoryModel.owner)) {
+						if (repositoryModel.owner != null
+								&& !repositoryUsers.contains(repositoryModel.owner)) {
 							repositoryUsers.add(repositoryModel.owner);
 						}
 						GitBlit.self().setRepositoryUsers(repositoryModel, repositoryUsers);
@@ -137,17 +171,20 @@
 		// field names reflective match RepositoryModel fields
 		form.add(new TextField<String>("name").setEnabled(isCreate || isAdmin));
 		form.add(new TextField<String>("description"));
-		form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames()).setEnabled(GitBlitWebSession.get().canAdmin()));
-		form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
+		form.add(new DropDownChoice<String>("owner", GitBlit.self().getAllUsernames())
+				.setEnabled(GitBlitWebSession.get().canAdmin()));
+		form.add(new DropDownChoice<AccessRestrictionType>("accessRestriction", Arrays
+				.asList(AccessRestrictionType.values()), new AccessRestrictionRenderer()));
 		form.add(new CheckBox("isFrozen"));
 		form.add(new CheckBox("useTickets"));
 		form.add(new CheckBox("useDocs"));
 		form.add(new CheckBox("showRemoteBranches"));
+		form.add(new CheckBox("showReadme"));
 		form.add(usersPalette);
 
 		add(form);
 	}
-	
+
 	/**
 	 * Unfortunately must repeat part of AuthorizaitonStrategy here because that
 	 * mechanism does not take PageParameters into consideration, only page
@@ -156,8 +193,8 @@
 	 * Repository Owners should be able to edit their repository.
 	 */
 	private void checkPermissions(RepositoryModel model) {
-		boolean authenticateAdmin = GitBlit.self().settings().getBoolean(Keys.web.authenticateAdminPages, true);
-		boolean allowAdmin = GitBlit.self().settings().getBoolean(Keys.web.allowAdministration, true);
+		boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);
+		boolean allowAdmin = GitBlit.getBoolean(Keys.web.allowAdministration, true);
 
 		GitBlitWebSession session = GitBlitWebSession.get();
 		UserModel user = session.getUser();
@@ -170,22 +207,22 @@
 				}
 				if (isCreate) {
 					// Create Repository
-					if (!user.canAdmin()) {
+					if (!user.canAdmin) {
 						// Only Administrators May Create
 						error("Only an administrator may create a repository", true);
 					}
 				} else {
 					// Edit Repository
-					if (user.canAdmin()) {
+					if (user.canAdmin) {
 						// Admins can edit everything
 						isAdmin = true;
 						return;
 					} else {
-						if (!model.owner.equalsIgnoreCase(user.getUsername())) {
+						if (!model.owner.equalsIgnoreCase(user.username)) {
 							// User is not an Admin nor Owner
 							error("Only an administrator or the owner may edit a repository", true);
 						}
-					}					
+					}
 				}
 			}
 		} else {

--
Gitblit v1.9.1