| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The page shown for an empty repository lists suggestions for Git clients,
mostly GUI ones, and links to their web pages.
The TortoiseGit client entry is removed since the URL is no longer valid.
The excellent client Fork is added to the closed source clients
section.
This commit also cleans up some other entries, fixing broken tags,
escaping ampersands and removing outdated or wrong information.
|
| |
|
|
|
|
|
| |
The currently used translation of "fork" is ambiguous, using the same
word as for "branch".
Fixes #1448
|
| |
|
|
|
| |
Adjust other references to the old 'gitblit' organisation on Github to
point to the new 'gitblit-org' organisation.
|
| |
|
|
|
|
|
| |
The update of JGit broke pushes to tickets. The ReceiveCommand now
requires all three arguments, oldId, newId and name, to be not null.
The ticket code handling pushes to tickets left name and old id as
null in certain cases. This is fixed by always providing values.
|
| |
|
|
| |
The merge step for using `pt` added the wrong text to the copy button.
|
| |
|
|
| |
Donated by @piradix
|
| |
|
|
|
| |
This fixes incorrect encodings in the _de language file which makes
the pages crash.
|
| |
|
|
|
|
| |
Adding style element `max-width:inherit` as suggested by @piradix, which
makes the access restriction icon be part of the URL box again.
This fixes #1437
|
| |
|
|
|
| |
The ticket page also has some copy-to-clipboard buttons, which get
updated to work with JS instead of SWF.
|
| |
|
|
|
|
|
| |
This is not the ideal version, since the height is too low for the tooltip
used for the drop-down menus. Probably has something to do with the
container or something. But at least something is there now, even if
not the most beautiful.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Shockwave Flash is dead. But Gitblit still uses it to copy the repository
URLs to the clip board. Which doesn't work anymore since no browser uses
Flash anymore, so this has degraded disgracefully.
Instead, we can use JavaScript to copy directly to the clipboard, now
that there are APIs for it. So replace the use of clippy.swf on the
repository page with clipboard.js[1]. This right now only has the
functionality to copy to clipboard but now visual feedback, yet.
This addresses GH issue #1241.
[1] https://clipboardjs.com
|
| |
|
|
|
|
|
|
|
| |
Adding Ed25519 keys brings the problem that with the library currently
used, the PublicKey instance of that key is not serialisable. This
results in an exception when wicket tries to cache the UsersPage.
So change the SshKeysPanel so that the PublicKey object is removed
from the `SshKey` when the panel is detached. It can be regenerated from
the raw key data.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This updates Jetty to the latest 9.x version as of writing. The 9.x is
still running on Java 8. The update needs two code changes.
`SessionManager` was replaced with `SessionHandler`. This was documented
in the Jetty documentation.
Adding the `GitblitContext` to the `WebAppContext` will result in two
instances getting created, because the code was changed that prevents
instantiation the same listener class multiple times. (The second time
is when the web.xml is read.) Instead, it must be added to the servlet
handler of the `WebAppContext`. This results in properly adhering to the
changed internal startup flow.
Updating Jetty also resolves #1409.
|
| |
|
|
|
|
|
|
|
| |
Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no
longer automatically detect SecurityHandler, SessionHandler, etc. It
simply passes on the setHandler request to the ContextHandler class
(with a warning logged). So make sure to explicitly use the method
`setSecurityHandler` to set the ContraintSecurityHandler responsible
for the http -> https redirection.
|
| |
|
|
|
|
|
| |
Catch all exceptions, and not just IOExceptions, from bugtraq formatter.
If an exception is caught, ignore the bugtraq handling of the commit
message and show the plain message. Way better then not showing anything
just because something broke in bugtraq.
|
| |
|
|
|
|
|
| |
Updating JGit fixed the issue that a commit in a repo with an unknown
character set throws an exception. This would crash the RepositoryManager.
The extra handling, which patches JGit classes during runtime is completely
removed.
|
| |
|
|
|
| |
Unknown encodings may cause gitblit to fail to start. This modification
injects a wrapper class in the JGit internal to fake a valid return value.
|
| |
|
|
|
|
| |
Since it is a pest to get rid of a Wicket FeedbackMessage in an AJAX target,
change the code to use an extra label that can provide feedback if the
key could not be parsed or was empty.
|
| |
|
|
|
| |
if key is empty of can not be parsed, form did provide any feedback to
user before
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When a user had a certificate, i.e. an entry in the Gitblit Authority
database, but the user was deleted from the Gitblit database, then the
Authority application crashes upon loading. This patch prevents the
crash. The deleted user is no longer shown in the Authority. But the
database entry still is kept. This should be improved to show deleted
users and give the possibility to delete them from the Authority's
database.
This fixes #1359
|
| |
|
|
|
| |
Fix a null pointer access in the `toString` method for a freshly created
`FileSettings`.
|
| |
|
|
|
|
|
|
|
|
| |
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
|
| |
|
|
|
|
|
|
|
| |
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.
No DSA key is generated anymore, but we still support existing ones.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
(cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master)
# Conflicts:
# .classpath
# build.moxie
# src/test/java/com/gitblit/tests/SshUnitTest.java
|
| |
|
|
|
|
|
|
|
|
|
| |
Instead of adding another setting and having to explain how the new one
and the existing `requireClientCertificates` setting are interdependent,
let's use the existing setting and add new values.
It is changed from a boolean to a string, with the values `required`,
`optional` and `disabled`. To keep backward compatibility with the old
values, the `true` value is mapped to `required` and the `false` value
is mapped to `optional`.
|
| |\
| |
| |
| | |
oddeirik-disable-client-certs
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This also removes the additional Set. What changes is that the order of
the repositories is kept, but the resulting list will have user and team
permissions intertwined.
|
| | |
| |
| |
| | |
different permissions
|
| | | |
|
| | |
| |
| |
| |
| | |
Tabs are not always 4 spaces large. It completes the line to the 4th
character.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `StoredUserConfig` only escaped the escape character, i.e. backslash.
But it does not escape control characters like tab or newline. This
introduces a vulnerability where an attacker can create new entries
in their user account and create new accounts.
In addition, other characters are also not properly handled. Field values
with a comment character need to be quoted. This only happens for the
`#` character and only when the value starts with it. Also the quote
is note escaped in values.
This change completely rewrites the `escape` method of `StoredUserConfig`.
It takes care of properly escaping characters that need escaping for the
git configuration file format.
This fixes #1410
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Te `StoredUserConfig` did not handle sections without a subsection.
When the subsection did not exist, i.e. was `null`, then the subsection
name would be set to the string "null". This is not how the config file
format works. It should create a `[SECTIONNAME]` entry instead.
This fix handles a `null` subsection correctly, by handling it as a
section without a subsection.
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
To help with analysis, try to detect if the instance is running inside
a container. Some containers are detected, but this is probably not
exhaustive. At least a Docker container should be detectable.
Report in the runtime manager to the log if a container was detected.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
As with explicit links, also for reference links in markdown documents
which point to repository-relative files the links are broken. They do
not take the path to the repository into account.
This fix is related to commit b23269 which fixed issue #1358
for explicit links.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When parsing Markdown or Wiki pages, links get URL encoded. This happened
twice for links to other documents. Once explicitly and once by Wicket
when it creates a `urlFor` the page. That results in multi-byte
characters getting percent escaped, and then the percent character again
getting percent escaped.
The explicit encoding looks like a forgotten left over, so it gets
removed from the code. The Wicket encoding is smarter anyways, knowing
what is path and what is parameter.
This fixes #864.
|
| | |
| |
| |
| |
| | |
* This commit fixes what was broken in commit
https://github.com/gitblit/gitblit/commit/b23269acc0f460f583311c679d751925b8402563
due to #1358 issue
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Although it seems strange to have a RefModel with a referenced object
but a null Ref, Gitblit uses such RefModels for instance in
JGitUtils.getNotesOnCommit().
Be careful to do something sensible when that Ref is null.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
JGit commit objects are a recursive data structure; they have links to
their parent commits. Serializing a JGit commit will try to recursively
serialize all reachable ancestors as faras they have been loaded. If
that ancestor chain is too long, a StackOverflowError is thrown during
Wicket's page serialization if a page has a reference to sucha JGit
commit.
Fixed by making sure that pages o not contain references to JGit
commits. Use the (existing) wrapper object RepositoryCommit instead.
* RepositoryCommit has a transient reference to the JGit commit and
reads the commit from the repository upon de-serialization.
* RefModel is a similar case (JGit tags/branches may also have links
to the commits they point to). Solved a bit differently by making it
a pure data object by transferring the interesting data from the JGit
object in the constructor.
* Change DataViews instantiated with RevCommit to use RepositoryCommit
instead.
* Change inner anonymous DataViews to ensure they do not have a
synthesized field referencing the "allRefs" map. Such a synthesized
field would also get serialized, and then serialize JGit commits
again.
Finally, remove non-transient logger instances in Wicket classes. Those
might lead to NotSerializableException.
These StackOverflowErrors have been reported in several places since
2014:
* https://groups.google.com/forum/#!topic/gitblit/GH1d8WSlR6Q
* https://bugs.chromium.org/p/gerrit/issues/detail?id=3316
* https://groups.google.com/d/msg/repo-discuss/Kcl0JIGNiGk/0DjH4mO8hA8J
* https://groups.google.com/d/msg/repo-discuss/0_P6A3fjTec/2kcpVPIUAQAJ
* https://github.com/gitblit/gitblit/issues/1011
* https://github.com/tomaswolf/gerrit-gitblit-plugin/issues/21
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
So far links to raw view were not encoded. The browser did some encoding
of spaces on its own, which the servlet would unescape, since it uses
the `HttpServletRequest.getPathInfo` method. That decodes the path
before returning it.
A problem arises when a bracket is in the file (or folder) name. The
brackets are the characters that are not allowed in the path, according
to the `URI.parse` method. (Which is a bit harsh, because brackets
actually are only reserved for the host part since IPv6.) That means
that the decoding fails when a bracket character is encountered.
This went unnoticed since the failed decoding will return the path
as it got it. But once there is a space in the file name, which the
browser helpfully encoded for us, the failed decoding will now leave the
encoded space in there. And that will result in a path that does not
exist, e.g. `file%20[a]`.
To be on the safe side, we simply encode the path in the links that we
generate, so that it complies with the rules that are used in `getPathInfo`.
This fixes #1375.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The `daysAgo` method seemed to want to normalize on a calendar day? I
can't really tell what it was trying to do, but the problem is that it
does not take into account any time shift due to time zones so it never
really worked outside of GMT.
So instead a new `calendarDaysAgo` method is added (because I am unsure
on what the `daysAgo` method is trying to do. It can probably be removed).
The new method cleanly calculates difference in calendar days because it
normalizes the two given time stamps on the same time zone.
The `timeAgo` method now used the new method. This fixes #1248.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
For some reason the `TimeUtilsTest` class is, like almost all tests, in
the `com.gitblit.tests` package. But this way all methods in classes
which we might predominately need for tests have to be public.
So move the unit test class `TimeUtilsTest` to the same package as the
class it is testing, i.e. `com.gitblit.utils.TimeUtils`.
This way we ca set the new added methods which get the current time
passed in to be at least not public.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Add tests for `timeAgo` to analyse issue #1248.
The tests are dependent on when they run as they time functions use the
current date and time. To make them testable in a reproducible way, we
need the ability to pass in what we think is "now". So add overloaded
methods that take a `now` parameter so that we can pass in the current
time.
|
