From c30c2b332cf498efef9a01609ff4aa5bd7f8cc14 Mon Sep 17 00:00:00 2001
From: Jani Averbach <jaa@jaa.iki.fi>
Date: Sun, 30 Mar 2014 17:55:43 -0400
Subject: [PATCH] LDAP: Escape username in case we are using userbased bind.

---
 src/main/java/com/gitblit/git/PatchsetReceivePack.java |   23 ++++++++++++++++-------
 1 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/main/java/com/gitblit/git/PatchsetReceivePack.java b/src/main/java/com/gitblit/git/PatchsetReceivePack.java
index d3d0b1d..1d3312a 100644
--- a/src/main/java/com/gitblit/git/PatchsetReceivePack.java
+++ b/src/main/java/com/gitblit/git/PatchsetReceivePack.java
@@ -163,11 +163,11 @@
 
 	/** Extracts the ticket id from the ref name */
 	private long getTicketId(String refName) {
+		if (refName.indexOf('%') > -1) {
+			refName = refName.substring(0, refName.indexOf('%'));
+		}
 		if (refName.startsWith(Constants.R_FOR)) {
 			String ref = refName.substring(Constants.R_FOR.length());
-			if (ref.indexOf('%') > -1) {
-				ref = ref.substring(0, ref.indexOf('%'));
-			}
 			try {
 				return Long.parseLong(ref);
 			} catch (Exception e) {
@@ -350,6 +350,9 @@
 					continue;
 				}
 
+				LOGGER.info(MessageFormat.format("Verifying {0} push ref \"{1}\" received from {2}",
+						repository.name, cmd.getRefName(), user.username));
+
 				// responsible verification
 				String responsible = PatchsetCommand.getSingleOption(cmd, PatchsetCommand.RESPONSIBLE);
 				if (!StringUtils.isEmpty(responsible)) {
@@ -380,13 +383,18 @@
 				// watcher verification
 				List<String> watchers = PatchsetCommand.getOptions(cmd, PatchsetCommand.WATCH);
 				if (!ArrayUtils.isEmpty(watchers)) {
+					boolean verified = true;
 					for (String watcher : watchers) {
 						UserModel user = gitblit.getUserModel(watcher);
 						if (user == null) {
 							// watcher does not exist
 							sendRejection(cmd, "Sorry, \"{0}\" is not a valid username for the watch list!", watcher);
-							continue;
+							verified = false;
+							break;
 						}
+					}
+					if (!verified) {
+						continue;
 					}
 				}
 
@@ -484,8 +492,6 @@
 	 * @return the patchset command
 	 */
 	private PatchsetCommand preparePatchset(ReceiveCommand cmd) {
-		LOGGER.info(MessageFormat.format("Preparing {0} patchset command for \"{1}\" received from {2}",
-				repository.name, cmd.getRefName(), user.username));
 		String branch = getIntegrationBranch(cmd.getRefName());
 		long number = getTicketId(cmd.getRefName());
 
@@ -769,6 +775,9 @@
 				}
 
 				TicketModel ticket = ticketService.getTicket(repository, ticketNumber);
+				if (ticket == null) {
+					continue;
+				}
 				String integrationBranch;
 				if (StringUtils.isEmpty(ticket.mergeTo)) {
 					// unspecified integration branch
@@ -891,7 +900,7 @@
 			Pattern p = Pattern.compile("(?:fixes|closes)[\\s-]+#?(\\d+)", Pattern.CASE_INSENSITIVE);
 			Matcher m = p.matcher(commit.getFullMessage());
 			while (m.find()) {
-				String val = m.group();
+				String val = m.group(1);
 				return Long.parseLong(val);
 			}
 		}

--
Gitblit v1.9.1