From 91780e2e17a8020872c8da2d8941114e098ef2a4 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 16 Feb 2012 07:39:48 -0500
Subject: [PATCH] Merge pull request #7 from plm/protect_refs_hook

---
 src/com/gitblit/wicket/pages/EditUserPage.java |   14 ++++++++++----
 1 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java
index 799cf01..62d955e 100644
--- a/src/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/com/gitblit/wicket/pages/EditUserPage.java
@@ -22,6 +22,7 @@
 import java.util.List;
 
 import org.apache.wicket.PageParameters;
+import org.apache.wicket.behavior.SimpleAttributeModifier;
 import org.apache.wicket.extensions.markup.html.form.palette.Palette;
 import org.apache.wicket.markup.html.form.Button;
 import org.apache.wicket.markup.html.form.CheckBox;
@@ -108,11 +109,13 @@
 			 */
 			@Override
 			protected void onSubmit() {
-				String username = userModel.username;
-				if (StringUtils.isEmpty(username)) {
+				if (StringUtils.isEmpty(userModel.username)) {
 					error("Please enter a username!");
 					return;
 				}
+				// force username to lower-case
+				userModel.username = userModel.username.toLowerCase();
+				String username = userModel.username;
 				if (isCreate) {
 					UserModel model = GitBlit.self().getUserModel(username);
 					if (model != null) {
@@ -151,7 +154,7 @@
 					} else if (type.equalsIgnoreCase("combined-md5")) {
 						// store MD5 digest of username+password
 						userModel.password = StringUtils.COMBINED_MD5_TYPE
-								+ StringUtils.getMD5(username.toLowerCase() + userModel.password);
+								+ StringUtils.getMD5(username + userModel.password);
 					}
 				} else if (rename
 						&& password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
@@ -177,7 +180,7 @@
 					userModel.teams.add(team);
 				}
 
-				try {
+				try {					
 					GitBlit.self().updateUserModel(oldName, userModel, isCreate);
 				} catch (GitBlitException e) {
 					error(e.getMessage());
@@ -195,6 +198,9 @@
 				}
 			}
 		};
+		
+		// do not let the browser pre-populate these fields
+		form.add(new SimpleAttributeModifier("autocomplete", "off"));
 
 		// field names reflective match UserModel fields
 		form.add(new TextField<String>("username"));

--
Gitblit v1.9.1