From ae9e157ef4e6a3708489725d4436cc15d273308f Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 07 Jun 2012 17:30:18 -0400
Subject: [PATCH] Try multiple encodings when working with string blobs (issue 97)

---
 src/com/gitblit/wicket/pages/BasePage.java |   55 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 files changed, 51 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/BasePage.java b/src/com/gitblit/wicket/pages/BasePage.java
index 0cb91d5..94ed633 100644
--- a/src/com/gitblit/wicket/pages/BasePage.java
+++ b/src/com/gitblit/wicket/pages/BasePage.java
@@ -22,6 +22,7 @@
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.wicket.Application;
 import org.apache.wicket.MarkupContainer;
 import org.apache.wicket.PageParameters;
 import org.apache.wicket.RestartResponseAtInterceptPageException;
@@ -29,6 +30,7 @@
 import org.apache.wicket.markup.html.WebPage;
 import org.apache.wicket.markup.html.basic.Label;
 import org.apache.wicket.markup.html.link.BookmarkablePageLink;
+import org.apache.wicket.markup.html.link.ExternalLink;
 import org.apache.wicket.markup.html.panel.FeedbackPanel;
 import org.apache.wicket.markup.html.panel.Fragment;
 import org.apache.wicket.protocol.http.WebRequest;
@@ -42,8 +44,10 @@
 import com.gitblit.Constants.FederationStrategy;
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
+import com.gitblit.models.RepositoryModel;
 import com.gitblit.models.UserModel;
 import com.gitblit.wicket.GitBlitWebSession;
+import com.gitblit.wicket.WicketUtils;
 import com.gitblit.wicket.panels.LinkPanel;
 
 public abstract class BasePage extends WebPage {
@@ -61,6 +65,24 @@
 		logger = LoggerFactory.getLogger(getClass());
 		loginByCookie();
 	}
+	
+	@Override
+	protected void onBeforeRender() {
+		if (GitBlit.isDebugMode()) {
+			// strip Wicket tags in debug mode for jQuery DOM traversal
+			Application.get().getMarkupSettings().setStripWicketTags(true);
+		}
+		super.onBeforeRender();
+	}
+
+	@Override
+	protected void onAfterRender() {
+		if (GitBlit.isDebugMode()) {
+			// restore Wicket debug tags
+			Application.get().getMarkupSettings().setStripWicketTags(false);
+		}
+		super.onAfterRender();
+	}	
 
 	private void loginByCookie() {
 		if (!GitBlit.getBoolean(Keys.web.allowCookieAuthentication, false)) {
@@ -77,11 +99,15 @@
 		// Login the user
 		if (user != null) {
 			// Set the user into the session
-			GitBlitWebSession.get().setUser(user);
+			GitBlitWebSession session = GitBlitWebSession.get();
+			// issue 62: fix session fixation vulnerability
+			session.replaceSession();
+			session.setUser(user);
 
 			// Set Cookie
 			WebResponse response = (WebResponse) getRequestCycle().getResponse();
 			GitBlit.self().setCookie(response, user);
+			continueToOriginalDestination();
 		}
 	}
 
@@ -91,6 +117,10 @@
 		} else {
 			add(new Label("title", getServerName()));
 		}
+
+		ExternalLink rootLink = new ExternalLink("rootLink", urlFor(RepositoriesPage.class, null).toString());
+		WicketUtils.setHtmlTooltip(rootLink, GitBlit.getString(Keys.web.siteName, Constants.NAME));
+		add(rootLink);
 
 		// Feedback panel for info, warning, and non-fatal error messages
 		add(new FeedbackPanel("feedback"));
@@ -151,13 +181,28 @@
 
 	protected TimeZone getTimeZone() {
 		return GitBlit.getBoolean(Keys.web.useClientTimezone, false) ? GitBlitWebSession.get()
-				.getTimezone() : TimeZone.getDefault();
+				.getTimezone() : GitBlit.getTimezone();
 	}
 
 	protected String getServerName() {
 		ServletWebRequest servletWebRequest = (ServletWebRequest) getRequest();
 		HttpServletRequest req = servletWebRequest.getHttpServletRequest();
 		return req.getServerName();
+	}
+	
+	protected String getRepositoryUrl(RepositoryModel repository) {
+		StringBuilder sb = new StringBuilder();
+		sb.append(WicketUtils.getGitblitURL(getRequestCycle().getRequest()));
+		sb.append(Constants.GIT_PATH);
+		sb.append(repository.name);
+		
+		// inject username into repository url if authentication is required
+		if (repository.accessRestriction.exceeds(AccessRestrictionType.NONE)
+				&& GitBlitWebSession.get().isLoggedIn()) {
+			String username = GitBlitWebSession.get().getUser().username;
+			sb.insert(sb.indexOf("://") + 3, username + "@");
+		}
+		return sb.toString();
 	}
 
 	public void warn(String message, Throwable t) {
@@ -209,9 +254,11 @@
 				add(new Label("username", GitBlitWebSession.get().getUser().toString() + ":"));
 				add(new LinkPanel("loginLink", null, markupProvider.getString("gb.logout"),
 						LogoutPage.class));
+				boolean editCredentials = GitBlit.self().supportsCredentialChanges();
 				// quick and dirty hack for showing a separator
-				add(new Label("separator", "|"));
-				add(new BookmarkablePageLink<Void>("changePasswordLink", ChangePasswordPage.class));
+				add(new Label("separator", "|").setVisible(editCredentials));
+				add(new BookmarkablePageLink<Void>("changePasswordLink", 
+						ChangePasswordPage.class).setVisible(editCredentials));
 			} else {
 				// login
 				add(new Label("username").setVisible(false));

--
Gitblit v1.9.1