Fixed Gravatar image security exception with Wicket 1.4.20

2 files changed, 37 insertions, 5 deletions

diff --git a/src/com/gitblit/wicket/ExternalImage.java b/src/com/gitblit/wicket/ExternalImage.java
new file mode 100644
index 00000000..33257740
--- /dev/null
+++ b/src/com/gitblit/wicket/ExternalImage.java
@@ -0,0 +1,35 @@
+/*

+ * Copyright 2012 gitblit.com.

+ *

+ * Licensed under the Apache License, Version 2.0 (the "License");

+ * you may not use this file except in compliance with the License.

+ * You may obtain a copy of the License at

+ *

+ *     http://www.apache.org/licenses/LICENSE-2.0

+ *

+ * Unless required by applicable law or agreed to in writing, software

+ * distributed under the License is distributed on an "AS IS" BASIS,

+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

+ * See the License for the specific language governing permissions and

+ * limitations under the License.

+ */

+package com.gitblit.wicket;

+

+import org.apache.wicket.markup.ComponentTag;

+import org.apache.wicket.markup.html.WebComponent;

+import org.apache.wicket.model.Model;

+

+public class ExternalImage extends WebComponent {

+

+	private static final long serialVersionUID = 1L;

+

+	public ExternalImage(String id, String url) {

+		super(id, new Model<String>(url));

+	}

+

+	protected void onComponentTag(ComponentTag tag) {

+		super.onComponentTag(tag);

+		checkComponentTag(tag, "img");

+		tag.put("src", getDefaultModelObjectAsString());

+	}

+}
\ No newline at end of file
diff --git a/src/com/gitblit/wicket/panels/GravatarImage.java b/src/com/gitblit/wicket/panels/GravatarImage.java
index 0dc05021..b1c7b65c 100644
--- a/src/com/gitblit/wicket/panels/GravatarImage.java
+++ b/src/com/gitblit/wicket/panels/GravatarImage.java
@@ -17,19 +17,17 @@ package com.gitblit.wicket.panels;
 

 import java.text.MessageFormat;

 

-import org.apache.wicket.AttributeModifier;

 import org.apache.wicket.behavior.SimpleAttributeModifier;

-import org.apache.wicket.markup.html.image.Image;

 import org.apache.wicket.markup.html.link.BookmarkablePageLink;

 import org.apache.wicket.markup.html.link.Link;

 import org.apache.wicket.markup.html.panel.Panel;

-import org.apache.wicket.model.Model;

 import org.eclipse.jgit.lib.PersonIdent;

 

 import com.gitblit.GitBlit;

 import com.gitblit.Keys;

 import com.gitblit.utils.ActivityUtils;

 import com.gitblit.utils.StringUtils;

+import com.gitblit.wicket.ExternalImage;

 import com.gitblit.wicket.WicketUtils;

 import com.gitblit.wicket.pages.GravatarProfilePage;

 

@@ -56,8 +54,7 @@ public class GravatarImage extends Panel {
 				WicketUtils.newObjectParameter(hash));

 		link.add(new SimpleAttributeModifier("target", "_blank"));

 		String url = ActivityUtils.getGravatarThumbnailUrl(email, width);

-		Image image = new Image("image");

-		image.add(new AttributeModifier("src", true, new Model<String>(url)));

+		ExternalImage image = new ExternalImage("image", url);

 		WicketUtils.setCssClass(image, "gravatar");

 		link.add(image);

 		WicketUtils.setHtmlTooltip(link,