From 54cc7d7c2483d7ca100a5db47f4e1e98bd97c7fe Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 25 Sep 2014 09:27:04 -0400
Subject: [PATCH] Merged #187 "Restrict Gitblit cookie to the context path"
---
src/main/java/com/gitblit/wicket/pages/TicketPage.java | 28 ++++++++++++++++++----------
1 files changed, 18 insertions(+), 10 deletions(-)
diff --git a/src/main/java/com/gitblit/wicket/pages/TicketPage.java b/src/main/java/com/gitblit/wicket/pages/TicketPage.java
index f5f63d2..0bad8be 100644
--- a/src/main/java/com/gitblit/wicket/pages/TicketPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/TicketPage.java
@@ -249,9 +249,12 @@
add(new Label("milestone"));
} else {
// link to milestone query
- TicketMilestone milestone = app().tickets().getMilestone(repository, ticket.milestone);
+ TicketMilestone tm = app().tickets().getMilestone(repository, ticket.milestone);
+ if (tm == null) {
+ tm = new TicketMilestone(ticket.milestone);
+ }
PageParameters milestoneParameters;
- if (milestone.isOpen()) {
+ if (tm.isOpen()) {
milestoneParameters = WicketUtils.newOpenTicketsParameter(repositoryName);
} else {
milestoneParameters = WicketUtils.newRepositoryParameter(repositoryName);
@@ -260,10 +263,10 @@
int progress = 0;
int open = 0;
int closed = 0;
- if (milestone != null) {
- progress = milestone.getProgress();
- open = milestone.getOpenTickets();
- closed = milestone.getClosedTickets();
+ if (tm != null) {
+ progress = tm.getProgress();
+ open = tm.getOpenTickets();
+ closed = tm.getClosedTickets();
}
Fragment milestoneProgress = new Fragment("milestone", "milestoneProgressFragment", this);
@@ -284,7 +287,9 @@
desc = getString("gb.noDescriptionGiven");
} else {
String bugtraq = bugtraqProcessor().processText(getRepository(), repositoryName, ticket.body);
- desc = MarkdownUtils.transformGFM(app().settings(), bugtraq, ticket.repository);
+ String html = MarkdownUtils.transformGFM(app().settings(), bugtraq, ticket.repository);
+ String safeHtml = app().xssFilter().relaxed(html);
+ desc = safeHtml;
}
add(new Label("ticketDescription", desc).setEscapeModelStrings(false));
@@ -520,7 +525,8 @@
} else {
// process the topic using the bugtraq config to link things
String topic = bugtraqProcessor().processText(getRepository(), repositoryName, ticket.topic);
- add(new Label("ticketTopic", topic).setEscapeModelStrings(false));
+ String safeTopic = app().xssFilter().relaxed(topic);
+ add(new Label("ticketTopic", safeTopic).setEscapeModelStrings(false));
}
@@ -700,6 +706,7 @@
*/
String bugtraq = bugtraqProcessor().processText(getRepository(), repositoryName, entry.comment.text);
String comment = MarkdownUtils.transformGFM(app().settings(), bugtraq, repositoryName);
+ String safeComment = app().xssFilter().relaxed(comment);
Fragment frag = new Fragment("entry", "commentFragment", this);
Label commentIcon = new Label("commentIcon");
if (entry.comment.src == CommentSource.Email) {
@@ -708,7 +715,7 @@
WicketUtils.setCssClass(commentIcon, "iconic-comment-alt2-stroke");
}
frag.add(commentIcon);
- frag.add(new Label("comment", comment).setEscapeModelStrings(false));
+ frag.add(new Label("comment", safeComment).setEscapeModelStrings(false));
addUserAttributions(frag, entry, avatarWidth);
addDateAttributions(frag, entry);
item.add(frag);
@@ -969,7 +976,8 @@
sb.append("</td></tr>");
}
sb.append("</tbody></table>");
- item.add(new Label("fields", sb.toString()).setEscapeModelStrings(false));
+ String safeHtml = app().xssFilter().relaxed(sb.toString());
+ item.add(new Label("fields", safeHtml).setEscapeModelStrings(false));
} else {
item.add(new Label("fields").setVisible(false));
}
--
Gitblit v1.9.1