(refs #35)Fixed.

2025-11-01 19:15:59 +01:00 · 2013-07-12 02:14:27 +09:00
parent 991f60ce44
commit 28cafbcad2
8 changed files with 43 additions and 24 deletions
--- a/src/main/scala/app/WikiController.scala
+++ b/src/main/scala/app/WikiController.scala
@@ -1,7 +1,7 @@
 package app

 import service._
-import util.{CollaboratorsAuthenticator, ReferrerAuthenticator, JGitUtil}
+import util.{CollaboratorsAuthenticator, ReferrerAuthenticator, JGitUtil, StringUtil}
 import util.Directory._
 import jp.sf.amateras.scalatra.forms._

@@ -16,14 +16,14 @@ trait WikiControllerBase extends ControllerBase {
  case class WikiPageEditForm(pageName: String, content: String, message: Option[String], currentPageName: String)
  
  val newForm = mapping(
-    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), identifier, unique))),
+    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), pagename, unique))),
    "content"         -> trim(label("Content"            , text(required))),
    "message"         -> trim(label("Message"            , optional(text()))),
    "currentPageName" -> trim(label("Current page name"  , text()))
  )(WikiPageEditForm.apply)
  
  val editForm = mapping(
-    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), identifier))),
+    "pageName"        -> trim(label("Page name"          , text(required, maxlength(40), pagename))),
    "content"         -> trim(label("Content"            , text(required))),
    "message"         -> trim(label("Message"            , optional(text()))),
    "currentPageName" -> trim(label("Current page name"  , text(required)))
@@ -36,7 +36,7 @@ trait WikiControllerBase extends ControllerBase {
  })
  
  get("/:owner/:repository/wiki/:page")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))

    getWikiPage(repository.owner, repository.name, pageName).map { page =>
      wiki.html.page(pageName, page, repository, hasWritePermission(repository.owner, repository.name, context.loginAccount))
@@ -44,7 +44,7 @@ trait WikiControllerBase extends ControllerBase {
  })
  
  get("/:owner/:repository/wiki/:page/_history")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))

    JGitUtil.withGit(getWikiRepositoryDir(repository.owner, repository.name)){ git =>
      JGitUtil.getCommitLog(git, "master", path = pageName + ".md") match {
@@ -55,7 +55,7 @@ trait WikiControllerBase extends ControllerBase {
  })
  
  get("/:owner/:repository/wiki/:page/_compare/:commitId")(referrersOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
    val commitId = params("commitId").split("\\.\\.\\.")

    JGitUtil.withGit(getWikiRepositoryDir(repository.owner, repository.name)){ git =>
@@ -72,7 +72,7 @@ trait WikiControllerBase extends ControllerBase {
  })
  
  get("/:owner/:repository/wiki/:page/_edit")(collaboratorsOnly { repository =>
-    val pageName = params("page")
+    val pageName = StringUtil.urlDecode(params("page"))
    wiki.html.edit(pageName, getWikiPage(repository.owner, repository.name, pageName), repository)
  })
  
@@ -85,7 +85,7 @@ trait WikiControllerBase extends ControllerBase {
    updateLastActivityDate(repository.owner, repository.name)
    recordEditWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)

-    redirect(s"/${repository.owner}/${repository.name}/wiki/${form.pageName}")
+    redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
  })
  
  get("/:owner/:repository/wiki/_new")(collaboratorsOnly {
@@ -101,11 +101,11 @@ trait WikiControllerBase extends ControllerBase {
    updateLastActivityDate(repository.owner, repository.name)
    recordCreateWikiPageActivity(repository.owner, repository.name, loginAccount.userName, form.pageName)

-    redirect(s"/${repository.owner}/${repository.name}/wiki/${form.pageName}")
+    redirect(s"/${repository.owner}/${repository.name}/wiki/${StringUtil.urlEncode(form.pageName)}")
  })
  
  get("/:owner/:repository/wiki/:page/_delete")(collaboratorsOnly { repository =>
-    val pageName = params("page")
+      val pageName = StringUtil.urlDecode(params("page"))
    
    deleteWikiPage(repository.owner, repository.name, pageName, context.loginAccount.get.userName, s"Delete ${pageName}")
    updateLastActivityDate(repository.owner, repository.name)
@@ -139,4 +139,16 @@ trait WikiControllerBase extends ControllerBase {
      getWikiPageList(params("owner"), params("repository")).find(_ == value).map(_ => "Page already exists.")
  }

+  private def pagename: Constraint = new Constraint(){
+    def validate(name: String, value: String): Option[String] =
+      if(value.exists("\\/:*?\"<>|".contains(_))){
+        Some(s"${name} contains invalid character.")
+      } else if(value.startsWith("_") || value.startsWith("-")){
+        Some(s"${name} starts with invalid character.")
+      } else {
+        None
+      }
+  }
+
+
 }
--- a/src/main/scala/util/StringUtil.scala
+++ b/src/main/scala/util/StringUtil.scala
@@ -1,5 +1,7 @@
 package util

+import java.net.{URLDecoder, URLEncoder}
+
 object StringUtil {

  def sha1(value: String): String = {
@@ -14,4 +16,8 @@ object StringUtil {
    md.digest.map(b => "%02x".format(b)).mkString
  }

+  def urlEncode(value: String): String = URLEncoder.encode(value, "UTF-8")
+
+  def urlDecode(value: String): String = URLDecoder.decode(value, "UTF-8")
+
 }
--- a/src/main/scala/view/helpers.scala
+++ b/src/main/scala/view/helpers.scala
@@ -44,6 +44,10 @@ object helpers {
      .replaceAll("\\[user:([^\\s]+?)\\]"                        , s"""<a href="${context.path}/$$1">$$1</a>""")
    )

+  def urlEncode(value: String): String = StringUtil.urlEncode(value)
+
+  def urlEncode(value: Option[String]): String = value.map(urlEncode).getOrElse("")
+
  /**
   * Generates the url to the repository.
   */
--- a/src/main/twirl/wiki/compare.scala.html
+++ b/src/main/twirl/wiki/compare.scala.html
@@ -14,8 +14,8 @@
    <li class="pull-right">
      <div class="btn-group">
      @if(pageName.isDefined){
-        <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Back to Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Back to Page History</a>
      } else {
        <a class="btn" href="@url(repository)/wiki/_history">Back to Wiki History</a>
      }
--- a/src/main/twirl/wiki/edit.scala.html
+++ b/src/main/twirl/wiki/edit.scala.html
@@ -13,9 +13,9 @@
    <li class="pull-right">
      <div class="btn-group">
      @if(pageName != ""){
-        <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_delete" id="delete">Delete Page</a>
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_delete" id="delete">Delete Page</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Page History</a>
      }
      </div>
    </li>
--- a/src/main/twirl/wiki/history.scala.html
+++ b/src/main/twirl/wiki/history.scala.html
@@ -23,9 +23,9 @@
            <a class="btn" href="@url(repository)/wiki/_new">New Page</a>
          }
        } else {
-          <a class="btn" href="@url(repository)/wiki/@pageName">View Page</a>
+          <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)">View Page</a>
          @if(loginAccount.isDefined){
-            <a class="btn" href="@url(repository)/wiki/@pageName/_edit">Edit Page</a>
+            <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_edit">Edit Page</a>
          }
        }
      </div>
@@ -58,7 +58,7 @@
          location.href = '@url(repository)/wiki/_compare/' +
            $(e.get(1)).attr('value') + '...' + $(e.get(0)).attr('value');
        } else {
-          location.href = '@url(repository)/wiki/@pageName.get/_compare/' +
+          location.href = '@url(repository)/wiki/@urlEncode(pageName.get)/_compare/' +
            $(e.get(1)).attr('value') + '...' + $(e.get(0)).attr('value');
        }
      }
--- a/src/main/twirl/wiki/page.scala.html
+++ b/src/main/twirl/wiki/page.scala.html
@@ -15,9 +15,9 @@
      <div class="btn-group">
        @if(hasWritePermission){
          <a class="btn" href="@url(repository)/wiki/_new">New Page</a>
-          <a class="btn" href="@url(repository)/wiki/@pageName/_edit">Edit Page</a>
+          <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_edit">Edit Page</a>
        }
-        <a class="btn" href="@url(repository)/wiki/@pageName/_history">Page History</a>
+        <a class="btn" href="@url(repository)/wiki/@urlEncode(pageName)/_history">Page History</a>
      </div>
    </li>
  </ul>
@@ -28,6 +28,3 @@
    <span class="muted">Last edited by @page.committer at @datetime(page.time)</span>
  </div>
 }
-<script>
-  $(function(){ prettyPrint(); });
-</script>
--- a/src/main/twirl/wiki/pages.scala.html
+++ b/src/main/twirl/wiki/pages.scala.html
@@ -18,7 +18,7 @@
  </ul>
  <ul>
    @pages.map { page =>
-      <li><a href="@url(repository)/wiki/@page">@page</a></li>
+      <li><a href="@url(repository)/wiki/@urlEncode(page)">@page</a></li>
    }
  </ul>