From 58a1e415ff0cda6884cf004766b603e3763b0ac0 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 20 Mar 2012 19:45:20 -0400
Subject: [PATCH] Added protect-refs.groovy to the GO and WAR builds

---
 src/com/gitblit/wicket/pages/RootPage.java |   25 ++++++++++++++++++-------
 1 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/RootPage.java b/src/com/gitblit/wicket/pages/RootPage.java
index 686fc72..bf811f9 100644
--- a/src/com/gitblit/wicket/pages/RootPage.java
+++ b/src/com/gitblit/wicket/pages/RootPage.java
@@ -101,6 +101,7 @@
 		pages.add(new PageRegistration("gb.repositories", RepositoriesPage.class,
 				getRootPageParameters()));
 		pages.add(new PageRegistration("gb.activity", ActivityPage.class, getRootPageParameters()));
+		pages.add(new PageRegistration("gb.search", LuceneSearchPage.class));
 		if (showAdmin) {
 			pages.add(new PageRegistration("gb.users", UsersPage.class));
 		}
@@ -171,12 +172,19 @@
 
 	private PageParameters getRootPageParameters() {
 		if (reusePageParameters()) {
-			PageParameters params = getPageParameters();
-			if (params != null) {
+			PageParameters pp = getPageParameters();
+			if (pp != null) {
+				PageParameters params = new PageParameters(pp);
 				// remove named repository parameter
 				params.remove("r");
-			}
-			return params;
+
+				// remove days back parameter if it is the default value
+				if (params.containsKey("db")
+						&& params.getInt("db") == GitBlit.getInteger(Keys.web.activityDuration, 14)) {
+					params.remove("db");
+				}
+				return params;
+			}			
 		}
 		return null;
 	}
@@ -188,7 +196,10 @@
 	private void loginUser(UserModel user) {
 		if (user != null) {
 			// Set the user into the session
-			GitBlitWebSession.get().setUser(user);
+			GitBlitWebSession session = GitBlitWebSession.get();
+			// issue 62: fix session fixation vulnerability
+			session.replaceSession();
+			session.setUser(user);
 
 			// Set Cookie
 			if (GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
@@ -262,7 +273,7 @@
 			if (addedExpression) {
 				filters.add(new DropDownMenuItem());
 			}
-		}		
+		}
 		return new ArrayList<DropDownMenuItem>(filters);
 	}
 
@@ -362,7 +373,7 @@
 		if (!hasParameter) {
 			models.addAll(availableModels);
 		}
-		
+
 		// time-filter the list
 		if (daysBack > 0) {
 			Calendar cal = Calendar.getInstance();

--
Gitblit v1.9.1