Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-08 14:35:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Small fix for #615

Browse Source
This commit is contained in:
Naoki Takezoe
2015-02-01 12:55:37 +09:00
parent 0d81a9a9b6
commit 6a758902ef
5 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/scala/app/AccountController.scala
View File

@@ -135,9 +135,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
get("/:userName/_avatar"){ get("/:userName/_avatar"){
val userName = params("userName") val userName = params("userName")
getAccountByUserName(userName).flatMap(_.image).map { image => getAccountByUserName(userName).flatMap(_.image).map { image =>
outputUploadedRawData( RawData(FileUtil.getMimeType(image), new java.io.File(getUserUploadDir(userName), image))
FileUtil.getMimeType(image),
new java.io.File(getUserUploadDir(userName), image))
} getOrElse { } getOrElse {
contentType = "image/png" contentType = "image/png"
Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png") Thread.currentThread.getContextClassLoader.getResourceAsStream("noimage.png")

6
src/main/scala/app/ControllerBase.scala
View File

@@ -134,8 +134,10 @@ abstract class ControllerBase extends ScalatraFilter
if (path.startsWith("http")) path if (path.startsWith("http")) path
else baseUrl + super.url(path, params, false, false, false) else baseUrl + super.url(path, params, false, false, false)
/** against XSS */ /**
def outputUploadedRawData[DATATYPE](contentType: String, rawData: DATATYPE): DATATYPE = { * Use this method to response the raw data against XSS.
*/
protected def RawData[T](contentType: String, rawData: T): T = {
if(contentType.split(";").head.trim.toLowerCase.startsWith("text/html")){ if(contentType.split(";").head.trim.toLowerCase.startsWith("text/html")){
this.contentType = "text/plain" this.contentType = "text/plain"
} else { } else {

2
src/main/scala/app/IssuesController.scala
View File

@@ -292,7 +292,7 @@ trait IssuesControllerBase extends ControllerBase {
(Directory.getAttachedDir(repository.owner, repository.name) match { (Directory.getAttachedDir(repository.owner, repository.name) match {
case dir if(dir.exists && dir.isDirectory) => case dir if(dir.exists && dir.isDirectory) =>
dir.listFiles.find(_.getName.startsWith(params("file") + ".")).map { file => dir.listFiles.find(_.getName.startsWith(params("file") + ".")).map { file =>
outputUploadedRawData(FileUtil.getMimeType(file.getName), file) RawData(FileUtil.getMimeType(file.getName), file)
} }
case _ => None case _ => None
}) getOrElse NotFound }) getOrElse NotFound

2
src/main/scala/app/RepositoryViewerController.scala
View File

@@ -214,7 +214,7 @@ trait RepositoryViewerControllerBase extends ControllerBase {
if(raw){ if(raw){
// Download // Download
defining(JGitUtil.getContentFromId(git, objectId, false).get){ bytes => defining(JGitUtil.getContentFromId(git, objectId, false).get){ bytes =>
outputUploadedRawData(FileUtil.getContentType(path, bytes), bytes) RawData(FileUtil.getContentType(path, bytes), bytes)
} }
} else { } else {
repo.html.blob(id, repository, path.split("/").toList, JGitUtil.getContentInfo(git, path, objectId), repo.html.blob(id, repository, path.split("/").toList, JGitUtil.getContentInfo(git, path, objectId),

2
src/main/scala/app/WikiController.scala
View File

@@ -164,7 +164,7 @@ trait WikiControllerBase extends ControllerBase {
val path = multiParams("splat").head val path = multiParams("splat").head
getFileContent(repository.owner, repository.name, path).map { bytes => getFileContent(repository.owner, repository.name, path).map { bytes =>
outputUploadedRawData(FileUtil.getContentType(path, bytes), bytes) RawData(FileUtil.getContentType(path, bytes), bytes)
} getOrElse NotFound } getOrElse NotFound
}) })