From d6b70ab47bc5be26a9671dfd3a0a3dd9fa044eb4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 20 Oct 2014 16:17:39 -0400
Subject: [PATCH] Prepare 1.6.1 release

---
 src/main/java/com/gitblit/wicket/pages/BasePage.java |   21 +++++++++++++++++++++
 1 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/BasePage.java b/src/main/java/com/gitblit/wicket/pages/BasePage.java
index 3e3de53..b696700 100644
--- a/src/main/java/com/gitblit/wicket/pages/BasePage.java
+++ b/src/main/java/com/gitblit/wicket/pages/BasePage.java
@@ -45,6 +45,7 @@
 import org.apache.wicket.protocol.http.RequestUtils;
 import org.apache.wicket.protocol.http.WebResponse;
 import org.apache.wicket.protocol.http.servlet.ServletWebRequest;
+import org.apache.wicket.request.target.basic.RedirectRequestTarget;
 import org.apache.wicket.util.time.Duration;
 import org.apache.wicket.util.time.Time;
 import org.slf4j.Logger;
@@ -93,6 +94,13 @@
 		if (app().settings().getBoolean(Keys.web.useResponsiveLayout, true)) {
 			add(CSSPackageResource.getHeaderContribution("bootstrap/css/bootstrap-responsive.css"));
 		}
+		if (app().settings().getBoolean(Keys.web.hideHeader, false)) {
+			add(CSSPackageResource.getHeaderContribution("hideheader.css"));
+		}
+	}
+
+	protected String getContextUrl() {
+		return getRequest().getRelativePathPrefixToContextRoot();
 	}
 
 	protected String getCanonicalUrl() {
@@ -103,6 +111,15 @@
 		String relativeUrl = urlFor(clazz, params).toString();
 		String canonicalUrl = RequestUtils.toAbsolutePath(relativeUrl);
 		return canonicalUrl;
+	}
+
+	protected void redirectTo(Class<? extends BasePage> pageClass) {
+		redirectTo(pageClass, null);
+	}
+
+	protected void redirectTo(Class<? extends BasePage> pageClass, PageParameters parameters) {
+		String absoluteUrl = getCanonicalUrl(pageClass, parameters);
+		getRequestCycle().setRequestTarget(new RedirectRequestTarget(absoluteUrl));
 	}
 
 	protected String getLanguageCode() {
@@ -159,6 +176,9 @@
 			// use default Wicket caching behavior
 			super.setHeaders(response);
 		}
+
+		// XRF vulnerability. issue-500 / ticket-166
+		response.setHeader("X-Frame-Options", "SAMEORIGIN");
 	}
 
 	/**
@@ -485,4 +505,5 @@
 		}
 		return sb.toString();
 	}
+
 }

--
Gitblit v1.9.1