From fc3a39d464b1303f0b7d01d0160f81cbbb80a98b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Sun, 07 Sep 2014 11:42:40 -0400
Subject: [PATCH] Create infrastructure for XSS sanitization

---
 src/main/java/com/gitblit/manager/GitblitManager.java |   49 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 49 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/manager/GitblitManager.java b/src/main/java/com/gitblit/manager/GitblitManager.java
index 790445a..2ed52d6 100644
--- a/src/main/java/com/gitblit/manager/GitblitManager.java
+++ b/src/main/java/com/gitblit/manager/GitblitManager.java
@@ -27,6 +27,7 @@
 import java.util.Collection;
 import java.util.Date;
 import java.util.List;
+import java.util.Locale;
 import java.util.Map;
 import java.util.TimeZone;
 
@@ -78,6 +79,7 @@
 import com.gitblit.transport.ssh.IPublicKeyManager;
 import com.gitblit.transport.ssh.SshKey;
 import com.gitblit.utils.ArrayUtils;
+import com.gitblit.utils.XssFilter;
 import com.gitblit.utils.HttpUtils;
 import com.gitblit.utils.JsonUtils;
 import com.gitblit.utils.ObjectCache;
@@ -215,6 +217,13 @@
 		RepositoryModel cloneModel = repository.cloneAs(cloneName);
 		// owner has REWIND/RW+ permissions
 		cloneModel.addOwner(user.username);
+
+		// ensure initial access restriction of the fork
+		// is not lower than the source repository  (issue-495/ticket-167)
+		if (repository.accessRestriction.exceeds(cloneModel.accessRestriction)) {
+			cloneModel.accessRestriction = repository.accessRestriction;
+		}
+
 		repositoryManager.updateRepositoryModel(cloneName, cloneModel, false);
 
 		// add the owner of the source repository to the clone's access list
@@ -601,8 +610,28 @@
 	}
 
 	@Override
+	public boolean isServingHTTP() {
+		return runtimeManager.isServingHTTP();
+	}
+
+	@Override
+	public boolean isServingGIT() {
+		return runtimeManager.isServingGIT();
+	}
+
+	@Override
+	public boolean isServingSSH() {
+		return runtimeManager.isServingSSH();
+	}
+
+	@Override
 	public TimeZone getTimezone() {
 		return runtimeManager.getTimezone();
+	}
+
+	@Override
+	public Locale getLocale() {
+		return runtimeManager.getLocale();
 	}
 
 	@Override
@@ -635,9 +664,19 @@
 		return runtimeManager.getStatus();
 	}
 
+	@Override
+	public XssFilter getXssFilter() {
+		return runtimeManager.getXssFilter();
+	}
+
 	/*
 	 * NOTIFICATION MANAGER
 	 */
+
+	@Override
+	public boolean isSendingMail() {
+		return notificationManager.isSendingMail();
+	}
 
 	@Override
 	public void sendMailToAdministrators(String subject, String message) {
@@ -923,6 +962,11 @@
 	}
 
 	@Override
+	public void resetRepositoryCache(String repositoryName) {
+		repositoryManager.resetRepositoryCache(repositoryName);
+	}
+
+	@Override
 	public List<String> getRepositoryList() {
 		return repositoryManager.getRepositoryList();
 	}
@@ -1004,6 +1048,11 @@
 	}
 
 	@Override
+	public boolean canDelete(RepositoryModel model) {
+		return repositoryManager.canDelete(model);
+	}
+
+	@Override
 	public boolean deleteRepositoryModel(RepositoryModel model) {
 		return repositoryManager.deleteRepositoryModel(model);
 	}

--
Gitblit v1.9.1