From 2bfc887835c8364daf33e1c290c80ec18e4d82db Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 25 Mar 2012 18:01:59 -0400
Subject: [PATCH] Fixed Gravatar image security exception with Wicket 1.4.20

---
 src/com/gitblit/wicket/panels/GravatarImage.java |    7 ++-----
 src/com/gitblit/wicket/ExternalImage.java        |   35 +++++++++++++++++++++++++++++++++++
 2 files changed, 37 insertions(+), 5 deletions(-)

diff --git a/src/com/gitblit/wicket/ExternalImage.java b/src/com/gitblit/wicket/ExternalImage.java
new file mode 100644
index 0000000..3325774
--- /dev/null
+++ b/src/com/gitblit/wicket/ExternalImage.java
@@ -0,0 +1,35 @@
+/*
+ * Copyright 2012 gitblit.com.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package com.gitblit.wicket;
+
+import org.apache.wicket.markup.ComponentTag;
+import org.apache.wicket.markup.html.WebComponent;
+import org.apache.wicket.model.Model;
+
+public class ExternalImage extends WebComponent {
+
+	private static final long serialVersionUID = 1L;
+
+	public ExternalImage(String id, String url) {
+		super(id, new Model<String>(url));
+	}
+
+	protected void onComponentTag(ComponentTag tag) {
+		super.onComponentTag(tag);
+		checkComponentTag(tag, "img");
+		tag.put("src", getDefaultModelObjectAsString());
+	}
+}
\ No newline at end of file
diff --git a/src/com/gitblit/wicket/panels/GravatarImage.java b/src/com/gitblit/wicket/panels/GravatarImage.java
index 0dc0502..b1c7b65 100644
--- a/src/com/gitblit/wicket/panels/GravatarImage.java
+++ b/src/com/gitblit/wicket/panels/GravatarImage.java
@@ -17,19 +17,17 @@
 
 import java.text.MessageFormat;
 
-import org.apache.wicket.AttributeModifier;
 import org.apache.wicket.behavior.SimpleAttributeModifier;
-import org.apache.wicket.markup.html.image.Image;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
 import org.apache.wicket.markup.html.link.Link;
 import org.apache.wicket.markup.html.panel.Panel;
-import org.apache.wicket.model.Model;
 import org.eclipse.jgit.lib.PersonIdent;
 
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
 import com.gitblit.utils.ActivityUtils;
 import com.gitblit.utils.StringUtils;
+import com.gitblit.wicket.ExternalImage;
 import com.gitblit.wicket.WicketUtils;
 import com.gitblit.wicket.pages.GravatarProfilePage;
 
@@ -56,8 +54,7 @@
 				WicketUtils.newObjectParameter(hash));
 		link.add(new SimpleAttributeModifier("target", "_blank"));
 		String url = ActivityUtils.getGravatarThumbnailUrl(email, width);
-		Image image = new Image("image");
-		image.add(new AttributeModifier("src", true, new Model<String>(url)));
+		ExternalImage image = new ExternalImage("image", url);
 		WicketUtils.setCssClass(image, "gravatar");
 		link.add(image);
 		WicketUtils.setHtmlTooltip(link,

--
Gitblit v1.9.1