The last fix for the stored config merged from Curly060 used Java8-isms.
In order to be able to include this fix in the next release, which will
be for 1.9, I have converted this to be compatible with Java 7.
Also, a file header was added to place it under APL.
raw: Fix raw links to branches with a slash in their name
When a branch has a slash in the name, the raw servlet was not able
to find the path under that branch. This is due to the replacement of
the forward slash character for URLs. It was not taken into account
when comparing the branch name later.
This fixes #1290 and its duplicates #1234 and #813.
raw: Fix getPath with trailing slash that was escaped
While this may be an unlikely scenario, let's still prevent this.
When a link was created for a path that ends in a trailing slash,
that trailing slash would be replaced with the `forwardSlashCharacter`.
But in getPath that final slash would be transformed back *after* the
check to chop off trailing slashes. This is now switched so that such a
trailing slash is also chopped off.
raw: Refactor RawServlet:getBranch and :getPath parameters
Refactor the `getBranch` and `getPath` methods to take a String as
second parameter, which is the already sanitised path info. Don't get
the path info from a passed in request anymore.
The methods are only ever called from within `processRequest`, which
already does some checks on the path info, like removing a leading
slash character. So no need to do that every time again the methods
and passing a request for that.
raw: Strip leading and trailing slash from repo and path names for link
When creating a link for raw display, a trailing slash is stripped from
the end of the base URL. Also do this for the repository, as well as
stripping leading slashes from the repository and the path values.
Fix 1150: Use external link instead of internal wiki link for tickets_setup
The `tickets_overview` page links to the `tickets_setup` page using a
wiki style internal link: `[[tickets setup]]`. Whatever library is
interpreting that is creating a link under the assumption that the
resulting page will be called `tickets-setup.html`. But that is not the
convention used by Moxie, which will use the source file name and thus
create a file called `tickets_setup.html`.
I was not able to find out which of the many libraries included is the
one that parses this file and creates the link. Messy.
There are two solutions. One is to configure the Moxie site build to
generate the file as `tickets-setup.html`. But this would break any
links to that page that might exist somewhere on the Interweb. So I
opted for the other option, which is to not use wiki syntax for the
reference to the local page but normal markdown syntax. This is not
a wiki, afterall.
When building with Ant, instead of Moxie, JaCoCo is not included in the
classpath. So explicitly initialise the full `jacocoant.jar` from the
`.moxie` repository.
For this we had to switch the dependency to use the `nodeps` jar which
includes all dependencies.
While most systems will not need the class path passed to the JVM with
the `-cp` parameter to be in quotes, apparently some exist where that
will not work without the quotes, e.g. FreeBSD.
So always use quotes for the class path in all scripts.
Issue #1333
Delete password from memory in AuthenticationManager
Zero out the password to remove it from memory after use.
This is only a first step, implementing it for one method:
`AuthenticationManager.authenticate(String, char[], String)`.
The upgrade of a MD5 stored password hash to a PBKDF password hash
destroys the stored password. The has check zeroes out the password that
is tested, so that the new hash is built over the zeroed out value.
This fix prevents that an also adds a check to the test.
Fixes #1335
The Eclipse maven repositories changed to only allow HTTPS and not
serve HTTP anymore. HTTP will redirect to HTTPS, which moxie does
not handle well and fails.
So the registered Eclipse repositories are changed to 'https://'
transport.
Fixes #1334
If requested, by setting a file name in the `versionInfo`
property, store release version and tag in a file, for
other scripts and programs to pick up.
Moxie does have these defined by default, but with transport HTTP.
Since January 2020, Maven Central only accepts HTTPS, no HTTP
anymore. So we add them here explicitly, with `https://`.
We add it to the `build.moxie` file, instead of keeping it in a
local `settings.moxie`, so that a CI server can immediately use it.
Doc: Update built-in docs with missing pages and links
Add pages for `fail2ban` and GFS to the `generateDocs` target, so that
they also show up in the documentation on GO etc.
Also adjust the links to issues and commits.
Add the replacement of the download base URL.