From e7883877a98dfcae3f75f1c1a562120d89aed22a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 09 Feb 2012 08:33:16 -0500
Subject: [PATCH] Fixed session fixation vulnerability (issue 62)

---
 src/com/gitblit/wicket/pages/RepositoryPage.java |   29 +++++++++++++++++++++++------
 1 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/RepositoryPage.java b/src/com/gitblit/wicket/pages/RepositoryPage.java
index 85719f1..77918ea 100644
--- a/src/com/gitblit/wicket/pages/RepositoryPage.java
+++ b/src/com/gitblit/wicket/pages/RepositoryPage.java
@@ -41,6 +41,7 @@
 import com.gitblit.Constants;
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
+import com.gitblit.PagesServlet;
 import com.gitblit.SyndicationServlet;
 import com.gitblit.models.RepositoryModel;
 import com.gitblit.utils.JGitUtils;
@@ -48,6 +49,7 @@
 import com.gitblit.utils.TicgitUtils;
 import com.gitblit.wicket.GitBlitWebSession;
 import com.gitblit.wicket.PageRegistration;
+import com.gitblit.wicket.PageRegistration.OtherPageLink;
 import com.gitblit.wicket.WicketUtils;
 import com.gitblit.wicket.panels.LinkPanel;
 import com.gitblit.wicket.panels.NavigationPanel;
@@ -123,6 +125,12 @@
 		if (model.useDocs) {
 			pages.put("docs", new PageRegistration("gb.docs", DocsPage.class, params));
 		}
+		if (JGitUtils.getPagesBranch(r) != null) {
+			OtherPageLink pagesLink = new OtherPageLink("gb.pages", PagesServlet.asLink(
+					getRequest().getRelativePathPrefixToContextRoot(), repositoryName, null));
+			pages.put("pages", pagesLink);
+		}
+
 		// Conditionally add edit link
 		final boolean showAdmin;
 		if (GitBlit.getBoolean(Keys.web.authenticateAdminPages, true)) {
@@ -142,9 +150,16 @@
 
 	@Override
 	protected void setupPage(String repositoryName, String pageName) {
-		add(new LinkPanel("repositoryName", null, repositoryName, SummaryPage.class,
-				WicketUtils.newRepositoryParameter(repositoryName)));
+		add(new LinkPanel("repositoryName", null, StringUtils.stripDotGit(repositoryName),
+				SummaryPage.class, WicketUtils.newRepositoryParameter(repositoryName)));
 		add(new Label("pageName", pageName));
+		if (getRepositoryModel().isBare) {
+			add(new Label("workingCopy").setVisible(false));
+		} else {
+			Label lbl = new Label("workingCopy", getString("gb.workingCopy"));
+			WicketUtils.setHtmlTooltip(lbl,  getString("gb.workingCopyWarning"));
+			add(lbl);
+		}
 
 		super.setupPage(repositoryName, pageName);
 	}
@@ -245,7 +260,8 @@
 		}
 	}
 
-	protected void setPersonSearchTooltip(Component component, String value, Constants.SearchType searchType) {
+	protected void setPersonSearchTooltip(Component component, String value,
+			Constants.SearchType searchType) {
 		if (searchType.equals(Constants.SearchType.AUTHOR)) {
 			WicketUtils.setHtmlTooltip(component, getString("gb.searchForAuthor") + " " + value);
 		} else if (searchType.equals(Constants.SearchType.COMMITTER)) {
@@ -302,13 +318,14 @@
 
 		private final IModel<String> searchBoxModel = new Model<String>("");
 
-		private final IModel<Constants.SearchType> searchTypeModel = new Model<Constants.SearchType>(Constants.SearchType.COMMIT);
+		private final IModel<Constants.SearchType> searchTypeModel = new Model<Constants.SearchType>(
+				Constants.SearchType.COMMIT);
 
 		public SearchForm(String id, String repositoryName) {
 			super(id);
 			this.repositoryName = repositoryName;
-			DropDownChoice<Constants.SearchType> searchType = new DropDownChoice<Constants.SearchType>("searchType",
-					Arrays.asList(Constants.SearchType.values()));
+			DropDownChoice<Constants.SearchType> searchType = new DropDownChoice<Constants.SearchType>(
+					"searchType", Arrays.asList(Constants.SearchType.values()));
 			searchType.setModel(searchTypeModel);
 			add(searchType.setVisible(GitBlit.getBoolean(Keys.web.showSearchTypeSelection, false)));
 			TextField<String> searchBox = new TextField<String>("searchBox", searchBoxModel);

--
Gitblit v1.9.1