Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Escape folder names in JGitUtils to allow special characters. #999 #1194

Closed
wants to merge 3 commits into from

Conversation

@pingunaut
Copy link
Contributor

pingunaut commented Jan 28, 2017

String.replaceFirst(String regex, String replacement) works with regex.

If a folder name contains chars which are parsed by regex, the replaceFirst will not work as expected.
E.g: if there is a pathString with value "[foo]/bar" and a path having the value "[foo]", then the expected behavior is to result in a string with value "bar".
Fortunately the path can easily be escaped using Pattern.quote()

@pingunaut pingunaut changed the title Escape folder names in JGitUtils to allow special characters. Fixes #999 Escape folder names in JGitUtils to allow special characters. #999 #1135 Jan 28, 2017
@@ -106,8 +106,21 @@ protected void setupPage(final UserModel userModel) {
final List<RegistrantAccessPermission> permissions = app().repositories().getUserAccessPermissions(userModel);

final Palette<String> teams = new Palette<String>("teams", new ListModel<String>(
new ArrayList<String>(userTeams)), new CollectionModel<String>(app().users()
.getAllTeamNames()), new StringChoiceRenderer(), 10, false);
new ArrayList<String>(userTeams)), new CollectionModel<String>(app().users().getAllTeamNames()),

This comment has been minimized.

Copy link
@gitblit

gitblit Feb 8, 2017

Owner

Assuming this change is necessary, I would expect we'd need it anywhere we use a palette for teams.

This comment has been minimized.

Copy link
@pingunaut

pingunaut Feb 8, 2017

Author Contributor

Ah, you are perfectly right! Just tested and found the same behavior like described in #1135 also on the RepositoryEditPage.

Which alternatives would you prefer:

  • add proper escaping to all occurrences of teams within a form, so the submits work like expected
  • disallow special chars for team names

I will try to check this also against my local wicket-8 build. Maybe form content is escaped properly by default with a later wicket version..

EDIT: tested with wicket 8 and lot of special chars and it seems like they are causing errors on multiple pages. I would suggest to disallow special chars in team names by adding a validator.
Maybe [a-zA-Z0-9_-] ?

@pingunaut pingunaut changed the title Escape folder names in JGitUtils to allow special characters. #999 #1135 Escape folder names in JGitUtils to allow special characters. #999 Feb 24, 2017
@pingunaut

This comment has been minimized.

Copy link
Contributor Author

pingunaut commented Feb 24, 2017

I reverted the code on UserEditPage for now, so the pull request only addresses #999
As the other issue might need further changes, it's better to handle it within a seperate PR

@fzs fzs added this to the 1.9.0 milestone Feb 27, 2017
@fzs

This comment has been minimized.

Copy link
Collaborator

fzs commented Jun 10, 2019

I cherry-picked the one commit that fixes #999. (3bff35c)
Closing this, considering it merged.

@fzs fzs closed this Jun 10, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked issues

Successfully merging this pull request may close these issues.

None yet

3 participants
You can’t perform that action at this time.