From bca8c5c52554b6aac65b8e2300675ae8f6af1d6d Mon Sep 17 00:00:00 2001 From: James Moger <james.moger@gitblit.com> Date: Wed, 15 May 2013 17:21:03 -0400 Subject: [PATCH] Fix message escaping when combined with regex substitutions (issue 242) --- src/main/java/com/gitblit/wicket/pages/CommitPage.html | 2 +- src/main/java/com/gitblit/wicket/pages/RepositoryPage.java | 4 ++-- releases.moxie | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/releases.moxie b/releases.moxie index fa6e8b6..ea547f5 100644 --- a/releases.moxie +++ b/releases.moxie @@ -26,6 +26,7 @@ - Fixed extracting Groovy scripts on Express installs (issue 220) - Ensure Redmine url is properly formatted (issue 223) - Use standard ServletRequestWrapper instead of custom wrapper (issue 224) + - Switch commit message back to a pre and ensure that it is properly escaped when combined with commit message regex substitution (issue 242) changes: - Improved error logging for servlet containers which provide a null contextFolder (issue 199) diff --git a/src/main/java/com/gitblit/wicket/pages/CommitPage.html b/src/main/java/com/gitblit/wicket/pages/CommitPage.html index 79a038c..d63a393 100644 --- a/src/main/java/com/gitblit/wicket/pages/CommitPage.html +++ b/src/main/java/com/gitblit/wicket/pages/CommitPage.html @@ -49,7 +49,7 @@ </div> <!-- full message --> - <div class="commit_message" wicket:id="fullMessage">[commit message]</div> + <pre class="commit_message" wicket:id="fullMessage">[commit message]</pre> <!-- git notes --> <table class="gitnotes"> diff --git a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java index 9a806f4..8314617 100644 --- a/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java +++ b/src/main/java/com/gitblit/wicket/pages/RepositoryPage.java @@ -431,9 +431,9 @@ } protected void addFullText(String wicketId, String text, boolean substituteRegex) { - String html = StringUtils.escapeForHtml(text, true); + String html = StringUtils.escapeForHtml(text, false); if (substituteRegex) { - html = GitBlit.self().processCommitMessage(repositoryName, text); + html = GitBlit.self().processCommitMessage(repositoryName, html); } else { html = StringUtils.breakLinesForHtml(html); } -- Gitblit v1.9.1