From e7883877a98dfcae3f75f1c1a562120d89aed22a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 09 Feb 2012 08:33:16 -0500
Subject: [PATCH] Fixed session fixation vulnerability (issue 62)

---
 src/com/gitblit/wicket/pages/SummaryPage.java |   13 +++++--------
 1 files changed, 5 insertions(+), 8 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/SummaryPage.java b/src/com/gitblit/wicket/pages/SummaryPage.java
index ed90a84..627fc5d 100644
--- a/src/com/gitblit/wicket/pages/SummaryPage.java
+++ b/src/com/gitblit/wicket/pages/SummaryPage.java
@@ -37,13 +37,13 @@
 import org.wicketstuff.googlecharts.MarkerType;
 import org.wicketstuff.googlecharts.ShapeMarker;
 
-import com.gitblit.Constants;
 import com.gitblit.Constants.AccessRestrictionType;
 import com.gitblit.GitBlit;
 import com.gitblit.Keys;
 import com.gitblit.models.Metric;
 import com.gitblit.models.PathModel;
 import com.gitblit.models.RepositoryModel;
+import com.gitblit.utils.ArrayUtils;
 import com.gitblit.utils.JGitUtils;
 import com.gitblit.utils.MarkdownUtils;
 import com.gitblit.utils.StringUtils;
@@ -116,23 +116,20 @@
 			default:
 				add(WicketUtils.newClearPixel("accessRestrictionIcon").setVisible(false));
 			}
-			StringBuilder sb = new StringBuilder();
-			sb.append(WicketUtils.getGitblitURL(getRequestCycle().getRequest()));
-			sb.append(Constants.GIT_PATH);
-			sb.append(repositoryName);
-			repositoryUrls.add(sb.toString());
+			// add the Gitblit repository url
+			repositoryUrls.add(getRepositoryUrl(getRepositoryModel()));
 		} else {
 			add(WicketUtils.newClearPixel("accessRestrictionIcon").setVisible(false));
 		}
 		repositoryUrls.addAll(GitBlit.self().getOtherCloneUrls(repositoryName));
 		
-		String primaryUrl = repositoryUrls.remove(0);
+		String primaryUrl = ArrayUtils.isEmpty(repositoryUrls) ? "" : repositoryUrls.remove(0);
 		add(new RepositoryUrlPanel("repositoryCloneUrl", primaryUrl));
 
 		add(new Label("otherUrls", StringUtils.flattenStrings(repositoryUrls, "<br/>"))
 		.setEscapeModelStrings(false));
 
-		add(new LogPanel("commitsPanel", repositoryName, null, r, numberCommits, 0));
+		add(new LogPanel("commitsPanel", repositoryName, getRepositoryModel().HEAD, r, numberCommits, 0));
 		add(new TagsPanel("tagsPanel", repositoryName, r, numberRefs).hideIfEmpty());
 		add(new BranchesPanel("branchesPanel", getRepositoryModel(), r, numberRefs).hideIfEmpty());
 

--
Gitblit v1.9.1