| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
| |
To help with analysis, try to detect if the instance is running inside
a container. Some containers are detected, but this is probably not
exhaustive. At least a Docker container should be detectable.
Report in the runtime manager to the log if a container was detected.
|
| |
|
|
|
|
|
|
| |
As with explicit links, also for reference links in markdown documents
which point to repository-relative files the links are broken. They do
not take the path to the repository into account.
This fix is related to commit b23269 which fixed issue #1358
for explicit links.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
When parsing Markdown or Wiki pages, links get URL encoded. This happened
twice for links to other documents. Once explicitly and once by Wicket
when it creates a `urlFor` the page. That results in multi-byte
characters getting percent escaped, and then the percent character again
getting percent escaped.
The explicit encoding looks like a forgotten left over, so it gets
removed from the code. The Wicket encoding is smarter anyways, knowing
what is path and what is parameter.
This fixes #864.
|
| |
|
|
|
| |
* This commit fixes what was broken in commit
https://github.com/gitblit/gitblit/commit/b23269acc0f460f583311c679d751925b8402563
due to #1358 issue
|
| |
|
|
|
|
|
|
| |
Although it seems strange to have a RefModel with a referenced object
but a null Ref, Gitblit uses such RefModels for instance in
JGitUtils.getNotesOnCommit().
Be careful to do something sensible when that Ref is null.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
JGit commit objects are a recursive data structure; they have links to
their parent commits. Serializing a JGit commit will try to recursively
serialize all reachable ancestors as faras they have been loaded. If
that ancestor chain is too long, a StackOverflowError is thrown during
Wicket's page serialization if a page has a reference to sucha JGit
commit.
Fixed by making sure that pages o not contain references to JGit
commits. Use the (existing) wrapper object RepositoryCommit instead.
* RepositoryCommit has a transient reference to the JGit commit and
reads the commit from the repository upon de-serialization.
* RefModel is a similar case (JGit tags/branches may also have links
to the commits they point to). Solved a bit differently by making it
a pure data object by transferring the interesting data from the JGit
object in the constructor.
* Change DataViews instantiated with RevCommit to use RepositoryCommit
instead.
* Change inner anonymous DataViews to ensure they do not have a
synthesized field referencing the "allRefs" map. Such a synthesized
field would also get serialized, and then serialize JGit commits
again.
Finally, remove non-transient logger instances in Wicket classes. Those
might lead to NotSerializableException.
These StackOverflowErrors have been reported in several places since
2014:
* https://groups.google.com/forum/#!topic/gitblit/GH1d8WSlR6Q
* https://bugs.chromium.org/p/gerrit/issues/detail?id=3316
* https://groups.google.com/d/msg/repo-discuss/Kcl0JIGNiGk/0DjH4mO8hA8J
* https://groups.google.com/d/msg/repo-discuss/0_P6A3fjTec/2kcpVPIUAQAJ
* https://github.com/gitblit/gitblit/issues/1011
* https://github.com/tomaswolf/gerrit-gitblit-plugin/issues/21
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
So far links to raw view were not encoded. The browser did some encoding
of spaces on its own, which the servlet would unescape, since it uses
the `HttpServletRequest.getPathInfo` method. That decodes the path
before returning it.
A problem arises when a bracket is in the file (or folder) name. The
brackets are the characters that are not allowed in the path, according
to the `URI.parse` method. (Which is a bit harsh, because brackets
actually are only reserved for the host part since IPv6.) That means
that the decoding fails when a bracket character is encountered.
This went unnoticed since the failed decoding will return the path
as it got it. But once there is a space in the file name, which the
browser helpfully encoded for us, the failed decoding will now leave the
encoded space in there. And that will result in a path that does not
exist, e.g. `file%20[a]`.
To be on the safe side, we simply encode the path in the links that we
generate, so that it complies with the rules that are used in `getPathInfo`.
This fixes #1375.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The `daysAgo` method seemed to want to normalize on a calendar day? I
can't really tell what it was trying to do, but the problem is that it
does not take into account any time shift due to time zones so it never
really worked outside of GMT.
So instead a new `calendarDaysAgo` method is added (because I am unsure
on what the `daysAgo` method is trying to do. It can probably be removed).
The new method cleanly calculates difference in calendar days because it
normalizes the two given time stamps on the same time zone.
The `timeAgo` method now used the new method. This fixes #1248.
|
| |
|
|
|
|
|
|
|
|
| |
For some reason the `TimeUtilsTest` class is, like almost all tests, in
the `com.gitblit.tests` package. But this way all methods in classes
which we might predominately need for tests have to be public.
So move the unit test class `TimeUtilsTest` to the same package as the
class it is testing, i.e. `com.gitblit.utils.TimeUtils`.
This way we ca set the new added methods which get the current time
passed in to be at least not public.
|
| |
|
|
|
|
|
|
|
| |
Add tests for `timeAgo` to analyse issue #1248.
The tests are dependent on when they run as they time functions use the
current date and time. To make them testable in a reproducible way, we
need the ability to pass in what we think is "now". So add overloaded
methods that take a `now` parameter so that we can pass in the current
time.
|
| |\
| |
| | |
Fix mirrored http(s) with a username and password
|
| | |
| |
| |
| | |
This fixes #1059
|
| | | |
|
| | |
| |
| |
| |
| | |
Double escaped backslashes, wrongly escaped unicode codes, broken escaped
newlines.
|
| | |
| |
| |
| |
| |
| |
| | |
Some property keys had typos.
There is a `gb.ticketStatus` and a `gb.ticketState`. Neither is used
anywhere in the code, but only the former is defined in the default file.
So only use `gb.ticketStatus`.
|
| | |
| |
| |
| | |
If keeps acting up when trying to stage parts of it. I hope this fixes that.
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
| |
Some property keys were duplicated, mostly `status`, `permission` and
`comment`.
The problem with `gb.comment` is, that it is used in two different
locations in two different meanings. One as a verb, the second as a
noun. Which makes no difference in English, but other languages.
The solution is that the second key is renamed to `gb.sshKeyComment`.
The code is adjusted accordingly.
|
| |
|
|
|
|
|
|
|
| |
To prevent that we have a resource file in a resource bundle broken and
not loading undiscovered for years, add a unit test that will load the
resource properties file for each of the languages.
In order to check if the file was loaded and the bundle mechanism
didn't fall back on the default, a new property key is added to each
language file, solely for the purpose to be checked in the unit test.
|
| |
|
|
| |
This fixes #834
|
| |
|
|
|
|
|
|
| |
The last fix for the stored config merged from Curly060 used Java8-isms.
In order to be able to include this fix in the next release, which will
be for 1.9, I have converted this to be compatible with Java 7.
Also, a file header was added to place it under APL.
|
| | |
|
| |
|
| |
Updated simplified Chinese translation and added missing entries. This translation is now 100% completed.
|
| |
|
|
|
|
| |
Add a link parser also for `ExpLinks` because we need to escape paths
to files in subfolders.
This closes #1358
|
| |
|
|
|
|
|
|
|
| |
When a branch has a slash in the name, the raw servlet was not able
to find the path under that branch. This is due to the replacement of
the forward slash character for URLs. It was not taken into account
when comparing the branch name later.
This fixes #1290 and its duplicates #1234 and #813.
|
| |
|
|
|
|
|
|
|
| |
While this may be an unlikely scenario, let's still prevent this.
When a link was created for a path that ends in a trailing slash,
that trailing slash would be replaced with the `forwardSlashCharacter`.
But in getPath that final slash would be transformed back *after* the
check to chop off trailing slashes. This is now switched so that such a
trailing slash is also chopped off.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Refactor the `getBranch` and `getPath` methods to take a String as
second parameter, which is the already sanitised path info. Don't get
the path info from a passed in request anymore.
The methods are only ever called from within `processRequest`, which
already does some checks on the path info, like removing a leading
slash character. So no need to do that every time again the methods
and passing a request for that.
|
| | |
|
| |
|
|
|
|
| |
When creating a link for raw display, a trailing slash is stripped from
the end of the base URL. Also do this for the repository, as well as
stripping leading slashes from the repository and the path values.
|
| |
|
|
|
|
| |
Zero out the password to remove it from memory after use.
This is only a first step, implementing it for one method:
`AuthenticationManager.authenticate(String, char[], String)`.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade of a MD5 stored password hash to a PBKDF password hash
destroys the stored password. The has check zeroes out the password that
is tested, so that the new hash is built over the zeroed out value.
This fix prevents that an also adds a check to the test.
Fixes #1335
|
| |
|
|
|
|
|
|
|
|
|
| |
Due to a wrong comparison, when loading the preferred locale in the
user preferences page, in cases like `zh_CN` or `de_DE` the wrong
locale would be chosen.
As with too many things, the code is duplicated on the `UserPage`
and the `EditUserPage`. And they differ. So extract the choosing of
the preferred language for display into a method in the (more up-to-date)
`UserPage` and call that from the `EditUserPage`.
|
| |
|
|
|
|
|
|
| |
If, for example, an external site links to a docs page or a specific
doc page, and the branch that link points to is no longer existing,
an internal error happens due to a NPE.
The NPE is guarded against and a No Docs page is returned.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Renames `static final` variables according to convention to be in all
upper case. That makes it easier to see that in an `equals` comparison
the final variable should come first as it will not trigger a NPE.
Also strip parameters from the URL when extracting the repository
name from it. Parameters can not be part of a repository name, and
this way an empty repository name can be detected.
Fixes #1092
|
| | |
|
| | |
|
| |
|
|
|
| |
They will need to be called with the classpath and main class now,
instead of simply using the Jar.
|
| |
|
|
|
|
|
|
| |
When GitBlit server did not start properly, is running but couldn't
start the `PluginManager`, then stopping the server via the `--stop`
argument on the command line resulted in a NullpointerException.
Which left the server running. Now this is prevented and the server
will actually shut down.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The (moxie and other) Launcher do not work with Java 9 and later anymore.
It used to dynamically extend the classpath, misusing an internal
interface of the `URLClassLoader`. This is no longer possible since Java 9,
which closed that path and does not offer any way to dynamically extend
the classpath during runtime.
So the choice is between providing one large Jar with everything in it,
providing a Jar that has the Jars in `ext` listed explicitly in its
manifest, and specifying the classpath on the command line where
the `ext` directory can be added and all contained jar files will
be put on the classpath.
The motivation for the Launcher class was to be able to simply drop
new jar files into a directory and they will be picked up at the
application start, without having to specify a classpath. We opt
for solution three here. This way jar files can still be dropped
into the ext directory, albeit the directory needs to be added to
the classpath on the command line. Unfortunately using a wildcard
is not possible in the manifest file. We change the calls in the
script files accordingly. This seems like a good compromise,
since no one will run the application manually typing the whole
commandline anyway.
This also does away with the splash screen, by the way. Again,
doesn't seem like a big loss, as I don't think it was ever shown
for the Authority.
Personally, I am not convinced that it is the best way, because
I don't really think that the use case of dropping whatever jar
files into the `ext` directory is a valid one that happened a lot.
This does not yet fix the client programs, which still use a
Launcher. Maybe for them a all-in-one Jar is a better solution.
Fixes #1262
Fixes #1294
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With three versions about to be supported right now
it is getting more important to know which Java version is
used when building and testing Gitblit, and which Java
version is used to run Gitblit.
So have the Moxie build report the javac version, and the
JVM version that Moxie is running on. These might be
different.
The `GitBlitServer` will print the Java version and vendor,
so that it gets visible if a user would paste a log output
for analysis.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Integrate the `PasswordHash` class and subclass in the user
and password editing and authentication. Replaces the old code and
the previous `SecurePasswordHashingUtils` class.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Integrate the work of pingunaut to add support for PBKDF2 password
hashing. A new class `PasswordHashPbkdf2` is added, which builds
on his `SecurePasswordHashUtils` class, but makes it a subclass
of `PasswordHash`. This will replace the original class when
integrating the new PasswordHash way into GitBlit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of having to deal with the implementation details of hashing
and verifying passwords in multiple places, have a central unit
be responsible for it. Otherwise we need to edit three different places
when adding a new hashing scheme.
With this class adding a new hashing scheme just requires creating a
new subclass of `PasswordHash` and registering its type in the enum
`PasswordHash.Type`.
The rest of the code will use a common interface for all hashing
schemes and doesn't need to be changed when a new one is added.
|
| | | |
|
