From 4e84166db5c5538e3984d9d2d6bb1f9902e65ee0 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:38:17 -0500
Subject: [PATCH] Merged #217 "Exclude SSLv3 from Gitblit GO https protocols"

---
 src/main/java/com/gitblit/wicket/GitBlitWebApp.java |   37 +++++++++++++++++++++++++++----------
 1 files changed, 27 insertions(+), 10 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/GitBlitWebApp.java b/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
index 24468c0..359040b 100644
--- a/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
+++ b/src/main/java/com/gitblit/wicket/GitBlitWebApp.java
@@ -47,6 +47,7 @@
 import com.gitblit.manager.IUserManager;
 import com.gitblit.tickets.ITicketService;
 import com.gitblit.transport.ssh.IPublicKeyManager;
+import com.gitblit.utils.XssFilter;
 import com.gitblit.wicket.pages.ActivityPage;
 import com.gitblit.wicket.pages.BlamePage;
 import com.gitblit.wicket.pages.BlobDiffPage;
@@ -91,6 +92,7 @@
 import com.gitblit.wicket.pages.UserPage;
 import com.gitblit.wicket.pages.UsersPage;
 import com.google.inject.Inject;
+import com.google.inject.Provider;
 import com.google.inject.Singleton;
 
 @Singleton
@@ -102,7 +104,13 @@
 
 	private final Map<String, CacheControl> cacheablePages = new HashMap<String, CacheControl>();
 
+	private final Provider<IPublicKeyManager> publicKeyManagerProvider;
+
+	private final Provider<ITicketService> ticketServiceProvider;
+
 	private final IStoredSettings settings;
+
+	private final XssFilter xssFilter;
 
 	private final IRuntimeManager runtimeManager;
 
@@ -113,8 +121,6 @@
 	private final IUserManager userManager;
 
 	private final IAuthenticationManager authenticationManager;
-
-	private final IPublicKeyManager publicKeyManager;
 
 	private final IRepositoryManager repositoryManager;
 
@@ -128,12 +134,13 @@
 
 	@Inject
 	public GitBlitWebApp(
+			Provider<IPublicKeyManager> publicKeyManagerProvider,
+			Provider<ITicketService> ticketServiceProvider,
 			IRuntimeManager runtimeManager,
 			IPluginManager pluginManager,
 			INotificationManager notificationManager,
 			IUserManager userManager,
 			IAuthenticationManager authenticationManager,
-			IPublicKeyManager publicKeyManager,
 			IRepositoryManager repositoryManager,
 			IProjectManager projectManager,
 			IFederationManager federationManager,
@@ -141,13 +148,15 @@
 			IServicesManager services) {
 
 		super();
+		this.publicKeyManagerProvider = publicKeyManagerProvider;
+		this.ticketServiceProvider = ticketServiceProvider;
 		this.settings = runtimeManager.getSettings();
+		this.xssFilter = runtimeManager.getXssFilter();
 		this.runtimeManager = runtimeManager;
 		this.pluginManager = pluginManager;
 		this.notificationManager = notificationManager;
 		this.userManager = userManager;
 		this.authenticationManager = authenticationManager;
-		this.publicKeyManager = publicKeyManager;
 		this.repositoryManager = repositoryManager;
 		this.projectManager = projectManager;
 		this.federationManager = federationManager;
@@ -180,9 +189,9 @@
 
 		// setup the standard gitweb-ish urls
 		mount("/repositories", RepositoriesPage.class);
-		mount("/overview", OverviewPage.class, "r", "h");
+		mount("/overview", OverviewPage.class, "r");
 		mount("/summary", SummaryPage.class, "r");
-		mount("/reflog", ReflogPage.class, "r", "h");
+		mount("/reflog", ReflogPage.class, "r");
 		mount("/commits", LogPage.class, "r", "h");
 		mount("/log", LogPage.class, "r", "h");
 		mount("/tags", TagsPage.class, "r");
@@ -213,7 +222,7 @@
 		mount("/mytickets", MyTicketsPage.class, "r", "h");
 
 		// setup the markup document urls
-		mount("/docs", DocsPage.class, "r");
+		mount("/docs", DocsPage.class, "r", "h");
 		mount("/doc", DocPage.class, "r", "h", "f");
 
 		// federation urls
@@ -260,7 +269,7 @@
 		if (!settings.getBoolean(Keys.web.mountParameters, true)) {
 			parameters = new String[] {};
 		}
-		mount(new GitblitParamUrlCodingStrategy(settings, location, clazz, parameters));
+		mount(new GitblitParamUrlCodingStrategy(settings, xssFilter, location, clazz, parameters));
 
 		// map the mount point to the cache control definition
 		if (clazz.isAnnotationPresent(CacheControl.class)) {
@@ -314,6 +323,14 @@
 	@Override
 	public IStoredSettings settings() {
 		return settings;
+	}
+
+	/* (non-Javadoc)
+	 * @see com.gitblit.wicket.Webapp#xssFilter()
+	 */
+	@Override
+	public XssFilter xssFilter() {
+		return xssFilter;
 	}
 
 	/* (non-Javadoc)
@@ -389,7 +406,7 @@
 	 */
 	@Override
 	public IPublicKeyManager keys() {
-		return publicKeyManager;
+		return publicKeyManagerProvider.get();
 	}
 
 	/* (non-Javadoc)
@@ -437,7 +454,7 @@
 	 */
 	@Override
 	public ITicketService tickets() {
-		return gitblit.getTicketService();
+		return ticketServiceProvider.get();
 	}
 
 	/* (non-Javadoc)

--
Gitblit v1.9.1