githubFork/gitblit.git - Solinfo Gitblit

			@@ -15,8 +15,12 @@
			*/
			package com.gitblit;

			import java.io.IOException;
			import java.text.MessageFormat;
			import java.text.ParseException;
			import java.util.Date;

			import javax.servlet.ServletException;
			import javax.servlet.http.HttpServlet;
			import javax.servlet.http.HttpServletResponse;

			@@ -25,20 +29,13 @@
			import org.slf4j.Logger;
			import org.slf4j.LoggerFactory;

			import com.gitblit.Constants.AccessRestrictionType;
			import com.gitblit.models.RepositoryModel;
			import com.gitblit.utils.JGitUtils;
			import com.gitblit.utils.MarkdownUtils;
			import com.gitblit.utils.StringUtils;

			/**
			* Streams out a zip file from the specified repository for any tree path at any
			* revision.
			*
			* Unlike the GitServlet and the SyndicationServlet, this servlet is not
			* protected by an AccessRestrictionFilter. It performs its own authorization
			* check, but it does not perform any authentication. The assumption is that
			* requests to this servlet are made via the web ui and not by direct url
			* access. Unauthorized requests fail with a standard 403 (FORBIDDEN) code.
			*
			* @author James Moger
			*
			@@ -72,7 +69,7 @@
			}

			/**
			* Performs the authorization and zip streaming of the specified elements.
			* Creates a zip stream from the repository of the requested data.
			*
			* @param request
			* @param response
			@@ -86,8 +83,8 @@
			logger.warn("Zip downloads are disabled");
			response.sendError(HttpServletResponse.SC_FORBIDDEN);
			return;

			}

			String repository = request.getParameter("r");
			String basePath = request.getParameter("p");
			String objectId = request.getParameter("h");
			@@ -98,28 +95,31 @@
			name = name.substring(name.lastIndexOf('/') + 1);
			}

			// check roles first
			boolean authorized = request.isUserInRole(Constants.ADMIN_ROLE);
			authorized \|= request.isUserInRole(repository);

			if (!authorized) {
			RepositoryModel model = GitBlit.self().getRepositoryModel(repository);
			if (model.accessRestriction.atLeast(AccessRestrictionType.VIEW)) {
			logger.warn("Unauthorized access via zip servlet for " + model.name);
			response.sendError(HttpServletResponse.SC_FORBIDDEN);
			return;
			}
			}
			if (!StringUtils.isEmpty(basePath)) {
			name += "-" + basePath.replace('/', '_');
			}
			if (!StringUtils.isEmpty(objectId)) {
			name += "-" + objectId;
			}


			Repository r = GitBlit.self().getRepository(repository);
			if (r == null) {
			if (GitBlit.self().isCollectingGarbage(repository)) {
			error(response, MessageFormat.format("# Error\nGitblit is busy collecting garbage in {0}", repository));
			return;
			} else {
			error(response, MessageFormat.format("# Error\nFailed to find repository {0}", repository));
			return;
			}
			}
			RevCommit commit = JGitUtils.getCommit(r, objectId);
			if (commit == null) {
			error(response, MessageFormat.format("# Error\nFailed to find commit {0}", objectId));
			r.close();
			return;
			}
			Date date = JGitUtils.getCommitDate(commit);

			String contentType = "application/octet-stream";
			response.setContentType(contentType + "; charset=" + response.getCharacterEncoding());
			response.setHeader("Content-Disposition", "attachment; filename=\"" + name + ".zip"
			@@ -135,11 +135,21 @@
			} catch (Throwable t) {
			logger.error("Failed to write attachment to client", t);
			}

			// close the repository
			r.close();
			} catch (Throwable t) {
			logger.error("Failed to write attachment to client", t);
			}
			}

			private void error(HttpServletResponse response, String mkd) throws ServletException,
			IOException, ParseException {
			String content = MarkdownUtils.transformMarkdown(mkd);
			response.setContentType("text/html; charset=" + Constants.ENCODING);
			response.getWriter().write(content);
			}

			@Override
			protected void doPost(javax.servlet.http.HttpServletRequest request,
			javax.servlet.http.HttpServletResponse response) throws javax.servlet.ServletException,