Merge branch 'ticket/169' into develop

author: James Moger <james.moger@gitblit.com> 2014-09-08 14:38:25 -0400
committer: James Moger <james.moger@gitblit.com> 2014-09-08 14:38:25 -0400
commit: aa8708a66f854f206f0bddd174887728a888b630 (patch)
tree: 67475a1104e54795f0853ff62ead2f500a514c9e /src/main/java/com/gitblit/servlet
parent: 0ff8437e4af58a4e75b42248610a486986acfa93 (diff)
parent: 2916cfd79848ef555226b5d2a5179f540ffc428d (diff)
download: gitblit-aa8708a66f854f206f0bddd174887728a888b630.tar.gz
gitblit-aa8708a66f854f206f0bddd174887728a888b630.zip
4 files changed, 46 insertions, 8 deletions
diff --git a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
index 6d2efa4f..ee4a91aa 100644
--- a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
+++ b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
@@ -143,6 +143,10 @@ public abstract class AccessRestrictionFilter extends AuthenticationFilter {
 
 		String fullUrl = getFullUrl(httpRequest);
 		String repository = extractRepositoryName(fullUrl);
+		if (StringUtils.isEmpty(repository)) {
+			httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
 
 		if (repositoryManager.isCollectingGarbage(repository)) {
 			logger.info(MessageFormat.format("ARF: Rejecting request for {0}, busy collecting garbage!", repository));
diff --git a/src/main/java/com/gitblit/servlet/BranchGraphServlet.java b/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
index 2c77553a..85fbb745 100644
--- a/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
+++ b/src/main/java/com/gitblit/servlet/BranchGraphServlet.java
@@ -43,6 +43,7 @@ import javax.servlet.http.HttpServlet;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.eclipse.jgit.lib.ObjectId;
 import org.eclipse.jgit.lib.Ref;
 import org.eclipse.jgit.lib.Repository;
 import org.eclipse.jgit.revplot.AbstractPlotRenderer;
@@ -51,6 +52,8 @@ import org.eclipse.jgit.revplot.PlotCommitList;
 import org.eclipse.jgit.revplot.PlotLane;
 import org.eclipse.jgit.revplot.PlotWalk;
 import org.eclipse.jgit.revwalk.RevCommit;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 
 import com.gitblit.Constants;
 import com.gitblit.IStoredSettings;
@@ -77,6 +80,8 @@ public class BranchGraphServlet extends HttpServlet {
 
 	private static final int RIGHT_PAD = 2;
 
+	private final Logger log = LoggerFactory.getLogger(getClass());
+
 	private final Stroke[] strokeCache;
 
 	private IStoredSettings settings;
@@ -118,6 +123,9 @@ public class BranchGraphServlet extends HttpServlet {
 	@Override
 	protected long getLastModified(HttpServletRequest req) {
 		String repository = req.getParameter("r");
+		if (StringUtils.isEmpty(repository)) {
+			return 0;
+		}
 		String objectId = req.getParameter("h");
 		Repository r = null;
 		try {
@@ -125,8 +133,15 @@ public class BranchGraphServlet extends HttpServlet {
 			if (StringUtils.isEmpty(objectId)) {
 				objectId = JGitUtils.getHEADRef(r);
 			}
+			ObjectId id = r.resolve(objectId);
+			if (id == null) {
+				return 0;
+			}
 			RevCommit commit = JGitUtils.getCommit(r, objectId);
 			return JGitUtils.getCommitDate(commit).getTime();
+		} catch (Exception e) {
+			log.error("Failed to determine last modified", e);
+			return 0;
 		} finally {
 			if (r != null) {
 				r.close();
@@ -142,17 +157,33 @@ public class BranchGraphServlet extends HttpServlet {
 		PlotWalk rw = null;
 		try {
 			String repository = request.getParameter("r");
+			if (StringUtils.isEmpty(repository)) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
 			String objectId = request.getParameter("h");
 			String length = request.getParameter("l");
 
 			r = repositoryManager.getRepository(repository);
+			if (r == null) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
 
 			rw = new PlotWalk(r);
 			if (StringUtils.isEmpty(objectId)) {
 				objectId = JGitUtils.getHEADRef(r);
 			}
 
-			rw.markStart(rw.lookupCommit(r.resolve(objectId)));
+			ObjectId id = r.resolve(objectId);
+			if (id ==  null) {
+				response.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+				response.getWriter().append("Bad request");
+				return;
+			}
+			rw.markStart(rw.lookupCommit(id));
 
 			// default to the items-per-page setting, unless specified
 			int maxCommits = settings.getInteger(Keys.web.itemsPerPage, 50);
diff --git a/src/main/java/com/gitblit/servlet/DownloadZipFilter.java b/src/main/java/com/gitblit/servlet/DownloadZipFilter.java
index 13703a81..de471482 100644
--- a/src/main/java/com/gitblit/servlet/DownloadZipFilter.java
+++ b/src/main/java/com/gitblit/servlet/DownloadZipFilter.java
@@ -54,11 +54,14 @@ public class DownloadZipFilter extends AccessRestrictionFilter {
 	@Override
 	protected String extractRepositoryName(String url) {
 		int a = url.indexOf("r=");
-		String repository = url.substring(a + 2);
-		if (repository.indexOf('&') > -1) {
-			repository = repository.substring(0, repository.indexOf('&'));
+		if (a > -1) {
+			String repository = url.substring(a + 2);
+			if (repository.indexOf('&') > -1) {
+				repository = repository.substring(0, repository.indexOf('&'));
+			}
+			return repository;
 		}
-		return repository;
+		return null;
 	}
 
 	/**
diff --git a/src/main/java/com/gitblit/servlet/SyndicationServlet.java b/src/main/java/com/gitblit/servlet/SyndicationServlet.java
index 29db54d4..c6343d9f 100644
--- a/src/main/java/com/gitblit/servlet/SyndicationServlet.java
+++ b/src/main/java/com/gitblit/servlet/SyndicationServlet.java
@@ -154,7 +154,7 @@ public class SyndicationServlet extends HttpServlet {
 
 		String servletUrl = request.getContextPath() + request.getServletPath();
 		String url = request.getRequestURI().substring(servletUrl.length());
-		if (url.charAt(0) == '/' && url.length() > 1) {
+		if (url.length() > 1 && url.charAt(0) == '/') {
 			url = url.substring(1);
 		}
 		String repositoryName = url;
@@ -199,7 +199,7 @@ public class SyndicationServlet extends HttpServlet {
 		response.setContentType("application/rss+xml; charset=UTF-8");
 
 		boolean isProjectFeed = false;
-		String feedName = null;
+		String feedName = "Gitblit";
 		String feedTitle = null;
 		String feedDescription = null;
 
@@ -243,7 +243,7 @@ public class SyndicationServlet extends HttpServlet {
 			RepositoryModel model = repositoryManager.getRepositoryModel(name);
 
 			if (repository == null) {
-				if (model.isCollectingGarbage) {
+				if (model != null && model.isCollectingGarbage) {
 					logger.warn(MessageFormat.format("Temporarily excluding {0} from feed, busy collecting garbage", name));
 				}
 				continue;
author	James Moger <james.moger@gitblit.com>	2014-09-08 14:38:25 -0400
committer	James Moger <james.moger@gitblit.com>	2014-09-08 14:38:25 -0400
commit	aa8708a66f854f206f0bddd174887728a888b630 (patch)
tree	67475a1104e54795f0853ff62ead2f500a514c9e /src/main/java/com/gitblit/servlet
parent	0ff8437e4af58a4e75b42248610a486986acfa93 (diff)
parent	2916cfd79848ef555226b5d2a5179f540ffc428d (diff)
download	gitblit-aa8708a66f854f206f0bddd174887728a888b630.tar.gz gitblit-aa8708a66f854f206f0bddd174887728a888b630.zip