(refs #35)Fixed.

gitbucket · Jul 11, 2013 · 28cafbc · 28cafbc
1 parent 991f60c
commit 28cafbc
Show file tree

Hide file tree

Showing 8 changed files with 43 additions and 24 deletions.
diff --git a/src/main/scala/app/WikiController.scala b/src/main/scala/app/WikiController.scala
@@ -1,7 +1,7 @@
 package app
 
 import service._
-import util.{CollaboratorsAuthenticator, ReferrerAuthenticator, JGitUtil}
+import util.{CollaboratorsAuthenticator, ReferrerAuthenticator, JGitUtil, StringUtil}
 import util.Directory._
 import jp.sf.amateras.scalatra.forms._
 
@@ -16,14 +16,14 @@ trait WikiControllerBase extends ControllerBase {
   case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String)
 
   val newForm = mapping(
-    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), identifier, unique))),
+    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), pagename, unique))),
     "content"         -> trim(label("Content"            , text(required))),
     "message"         -> trim(label("Message"            , optional(text()))),
     "currentPageName" -> trim(label("Current page name"  , text()))
   )(WikiPageEditForm.apply)
 
   val editForm = mapping(
-    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), identifier))),
+    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), pagename))),
     "content"         -> trim(label("Content"            , text(required))),
     "message"         -> trim(label("Message"            , optional(text()))),
     "currentPageName" -> trim(label("Current page name"  , text(required)))
@@ -36,15 +36,15 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
 
     getWikiPage(repository.owner, repository.name, pageName).map { page =>
       wiki.html.page(pageName, page, repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
     } getOrElse redirect(s"/${repository.owner}/${repository.name}/wiki/${pageName}/_edit") // TODO URLEncode
   })
 
   get("/:owner/:repository/wiki/:page/_history")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
 
     JGitUtil.withGit(getWikiRepositoryDir(repository.owner, repository.name)){ git =>
       JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
@@ -55,7 +55,7 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page/_compare/:commitId")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
     val commitId = params("commitId").split("\\.\\.\\.")
 
     JGitUtil.withGit(getWikiRepositoryDir(repository.owner, repository.name)){ git =>
@@ -72,7 +72,7 @@ trait WikiControllerBase extends ControllerBase {
   })
 
   get("/:owner/:repository/wiki/:page/_edit")(collaboratorsOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
     wiki.html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
   })
 
@@ -85,7 +85,7 @@ trait WikiControllerBase extends ControllerBase {
     updateLastActivityDate(repository.owner, repository.name)
     recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
 
-    redirect(s"/${repository.owner}/${repository.name}/wiki/${form.pageName}")
+    redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
   })
 
   get("/:owner/:repository/wiki/_new")(collaboratorsOnly {
@@ -101,11 +101,11 @@ trait WikiControllerBase extends ControllerBase {
     updateLastActivityDate(repository.owner, repository.name)
     recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)
 
-    redirect(s"/${repository.owner}/${repository.name}/wiki/${form.pageName}")
+    redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
   })
 
   get("/:owner/:repository/wiki/:page/_delete")(collaboratorsOnly { repository =>
-    val pageName = params("page")
+      val pageName = StringUtil.urlDecode(params("page"))
 
     deleteWikiPage(repository.owner, repository.name, pageName, context.loginAccount.get.userName, s"Delete ${pageName}")
     updateLastActivityDate(repository.owner, repository.name)
@@ -139,4 +139,16 @@ trait WikiControllerBase extends ControllerBase {
       getWikiPageList(params("owner"), params("repository")).find(_ == value).map(_ => "Page already exists.")
   }
 
+  private def pagename: Constraint = new Constraint(){
+    def validate(name: String, value: String): Option[String] =
+      if(value.exists("\\/:*?\"<>|".contains(_))){
+        Some(s"${name} contains invalid character.")
+      } else if(value.startsWith("_") || value.startsWith("-")){
+        Some(s"${name} starts with invalid character.")
+      } else {
+        None
+      }
+  }
+
+
 }
diff --git a/src/main/scala/util/StringUtil.scala b/src/main/scala/util/StringUtil.scala
@@ -1,5 +1,7 @@
 package util
 
+import java.net.{URLDecoder, URLEncoder}
+
 object StringUtil {
 
   def sha1(value: String): String = {
@@ -14,4 +16,8 @@ object StringUtil {
     md.digest.map(b => "%02x".format(b)).mkString
   }
 
+  def urlEncode(value: String): String = URLEncoder.encode(value, "UTF-8")
+
+  def urlDecode(value: String): String = URLDecoder.decode(value, "UTF-8")
+
 }
diff --git a/src/main/scala/view/helpers.scala b/src/main/scala/view/helpers.scala
@@ -44,6 +44,10 @@ object helpers {
       .replaceAll("\\[user:([^\\s]+?)\\]"                        , s"""<a href="${context.path}/$$1">$$1</a>""")
     )
 
+  def urlEncode(value: String): String = StringUtil.urlEncode(value)
+
+  def urlEncode(value: Option[String]): String = value.map(urlEncode).getOrElse("")
+
   /**
    * Generates the url to the repository.
    */

diff --git a/src/main/twirl/wiki/compare.scala.html b/src/main/twirl/wiki/compare.scala.html
@@ -14,8 +14,8 @@ <h1 class="wiki-title"><span class="muted">Compare Revisions</span></h1>
     <li class="pull-right">
       <div class="btn-group">
       @if(pageName.isDefined){
-        <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Back to Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Back to Page History</a>
       } else {
         <a class="btn" href="@url(repository)/wiki/_history">Back to Wiki History</a>
       }

diff --git a/src/main/twirl/wiki/edit.scala.html b/src/main/twirl/wiki/edit.scala.html
@@ -13,9 +13,9 @@ <h1 class="wiki-title"><span class="muted">Editing</span> @if(pageName == ""){Ne
     <li class="pull-right">
       <div class="btn-group">
       @if(pageName != ""){
-        <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_delete" id="delete">Delete Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_delete" id="delete">Delete Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Page History</a>
       }
       </div>
     </li>

diff --git a/src/main/twirl/wiki/history.scala.html b/src/main/twirl/wiki/history.scala.html
@@ -23,9 +23,9 @@ <h1 class="wiki-title">
             <a class="btn" href="@url(repository)/wiki/_new">New Page</a>
           }
         } else {
-          <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
+          <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
           @if(loginAccount.isDefined){
-            <a class="btn" href="@url(repository)/wiki/@pageName/_edit">Edit Page</a>
+            <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_edit">Edit Page</a>
           }
         }
       </div>
@@ -58,7 +58,7 @@ <h1 class="wiki-title">
           location.href = '@url(repository)/wiki/_compare/' +
             $(e.get(1)).attr('value') + '...' + $(e.get(0)).attr('value');
         } else {
-          location.href = '@url(repository)/wiki/@pageName.get/_compare/' +
+          location.href = '@url(repository)/wiki/@urlEncode(pageName.get)/_compare/' +
             $(e.get(1)).attr('value') + '...' + $(e.get(0)).attr('value');
         }
       }

diff --git a/src/main/twirl/wiki/page.scala.html b/src/main/twirl/wiki/page.scala.html
@@ -15,9 +15,9 @@ <h1 class="wiki-title">@pageName</h1>
       <div class="btn-group">
         @if(hasWritePermission){
           <a class="btn" href="@url(repository)/wiki/_new">New Page</a>
-          <a class="btn" href="@url(repository)/wiki/@pageName/_edit">Edit Page</a>
+          <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_edit">Edit Page</a>
         }
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Page History</a>
       </div>
     </li>
   </ul>
@@ -28,6 +28,3 @@ <h1 class="wiki-title">@pageName</h1>
     <span class="muted">Last edited by @page.committer at @datetime(page.time)</span>
   </div>
 }
-<script>
-  $(function(){ prettyPrint(); });
-</script>
diff --git a/src/main/twirl/wiki/pages.scala.html b/src/main/twirl/wiki/pages.scala.html
@@ -18,7 +18,7 @@ <h1 class="wiki-title"><span class="muted">Pages</span></h1>
   </ul>
   <ul>
     @pages.map { page =>
-      <li><a href="@url(repository)/wiki/@page">@page</a></li>
+      <li><a href="@url(repository)/wiki/@urlEncode(page)">@page</a></li>
     }
   </ul>