[Codestriker-commits] CVS update: codestriker/template/en/default createtopic.html.tmpl
Brought to you by:
sits
Menu
▾
▴
[Codestriker-commits] CVS update: codestriker/template/en/default createtopic.html.tmpl
|
From: <si...@us...> - 2004-11-17 10:05:05
|
Created Codestriker topic at: http://codestriker.sourceforge.net/cgi-bin/codestriker.pl?topic=6999444&action=view&brmode=1&fview=-1 User: sits Date: 04/11/17 02:04:41 Modified: . CHANGELOG codestriker.conf lib/Codestriker/Action SubmitNewTopic.pm lib/Codestriker/Repository RepositoryFactory.pm Subversion.pm lib/Codestriker/TopicListeners Email.pm template/en/default createtopic.html.tmpl Log: The following changes are from Jason Remillard: * Fixed a security problem with the repository not being checked against the actual configured list. A user could send in any well formed repository string and Codestriker would just take it, even if it was not configured. * Fixed a bug preventing create topic from working when the user had just one repository working. The cookie was overriding it because it was missing from the html code. * Subversion repositories can now be configured with a username and password in the configuration file if authentication is required. Any errors from accessing subversion are written to STDERR. Index: CHANGELOG =================================================================== RCS file: /cvsroot/codestriker/codestriker/CHANGELOG,v retrieving revision 1.153 retrieving revision 1.154 diff -u -r1.153 -r1.154 --- CHANGELOG 9 Nov 2004 21:01:03 -0000 1.153 +++ CHANGELOG 17 Nov 2004 10:04:34 -0000 1.154 @@ -38,6 +38,21 @@ status bar or in a tool-tip when hovering over a commented line in the view topic window. + The following changes are from Jason Remillard: + +* Fixed a security problem with the repository not being checked + against the actual configured list. A user could send in any well + formed repository string and Codestriker would just take it, even if + it was not configured. + +* Fixed a bug preventing create topic from working when the user had + just one repository working. The cookie was overriding it because it + was missing from the html code. + +* Subversion repositories can now be configured with a username and + password in the configuration file if authentication is required. + Any errors from accessing subversion are written to STDERR. + Version 1.8.4 * The topic properties page now displays the start tag, end tag and Index: codestriker.conf =================================================================== RCS file: /cvsroot/codestriker/codestriker/codestriker.conf,v retrieving revision 1.65 retrieving revision 1.66 diff -u -r1.65 -r1.66 --- codestriker.conf 1 Nov 2004 09:04:24 -0000 1.65 +++ codestriker.conf 17 Nov 2004 10:04:34 -0000 1.66 @@ -73,7 +73,9 @@ # repository which contains the URL to a viewcvs installation (CVS web # is also supported), followed by the CVSROOT of the repository. The # next example is the syntax used for specifying a Subversion repository, -# which is simple the subversion repository URL prefixed by svn: +# which is simply the subversion repository URL prefixed by svn: If your +# subversion server requires authentication, then the user name and +# passwords should be added to the end and separated by semicolons. # # The next three examples are for pserver repositories. The full # username, password, hostname and repository form must be used here. @@ -104,6 +106,7 @@ '/home/sits/cvs', 'http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi /cvsroot', 'svn:http://svn.collab.net/repos/svn/trunk', + 'svn:http://svn.collab.net/repos/svn/trunk;username;password', ':pserver:sits:pas...@cv...:/cvsroot', ':pserver;proxy=abc.com;proxyport=8080:sits:pw...@cv...', ':pserver:anonymous:@cvs.sourceforge.net:/cvsroot', Index: SubmitNewTopic.pm =================================================================== RCS file: /cvsroot/codestriker/codestriker/lib/Codestriker/Action/SubmitNewTopic.pm,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- SubmitNewTopic.pm 3 Nov 2004 20:48:33 -0000 1.18 +++ SubmitNewTopic.pm 17 Nov 2004 10:04:38 -0000 1.19 @@ -112,13 +112,22 @@ my $repository = undef; if (scalar(@Codestriker::valid_repositories)) { # Set the repository to the default if it is not entered. - if ($repository_url eq "") { + if ($repository_url eq "" || scalar(@Codestriker::valid_repositories) == 1) { $repository_url = $Codestriker::valid_repositories[0]; } - # Check if the repository argument is valid. + # Check if the repository argument is in fact a configured + # repository. + my $configured = 0; + foreach my $rep ( @Codestriker::valid_repositories ) { + $configured = 1 if $repository_url eq $rep; + } + + if ($configured) { $repository = Codestriker::Repository::RepositoryFactory->get($repository_url); + } + if (! defined $repository) { $feedback .= "The repository value \"$repository_url\" is invalid.\n" . Index: RepositoryFactory.pm =================================================================== RCS file: /cvsroot/codestriker/codestriker/lib/Codestriker/Repository/RepositoryFactory.pm,v retrieving revision 1.18 retrieving revision 1.19 diff -u -r1.18 -r1.19 --- RepositoryFactory.pm 28 Oct 2004 03:49:46 -0000 1.18 +++ RepositoryFactory.pm 17 Nov 2004 10:04:39 -0000 1.19 @@ -30,42 +30,59 @@ if ($repository =~ /^\s*(\/.*?)\/*\s*$/) { # CVS repository on the local machine. return Codestriker::Repository::Cvs->build_local($1, ''); + } elsif ($repository =~ /^\s*:local:([A-z]:[\\\/].*?)\\*\s*$/) { # Windoze "local" CVS repository. return Codestriker::Repository::Cvs->build_local($1, ':local:'); + } elsif ($repository =~ /^\s*([A-z]:[\\\/].*?)\\*\s*$/) { # Windoze CVS repository. return Codestriker::Repository::Cvs->build_local($1, ''); + } elsif ($repository =~ /^\s*:pserver(.*):(.*):(.*)@(.*):(.*)\s*$/i) { # Pserver repository. return Codestriker::Repository::Cvs->build_pserver($1, $2, $3, $4, $5); + } elsif ($repository =~ /^\s*:ext(.*):(.*)@(.*):(.*)\s*$/i) { # Pserver repository. return Codestriker::Repository::Cvs->build_ext($1, $2, $3, $4); + } elsif ($repository =~ /^\s*(https?:\/\/.*viewcvs\.cgi)\/*\s+(.*?)\/*\s*$/i) { # View CVS repository. return Codestriker::Repository::ViewCvs->new($1, $2); + } elsif ($repository =~ /^\s*(https?:\/\/.*cvsweb\.cgi)\/*\s+(.*?)\/*\s*$/i) { # CVS web repository. return Codestriker::Repository::CvsWeb->new($1, $2); + + } elsif ($repository =~ /^\s*svn:(.*)\s*;(.*);(.*)$/i) { + # Subversion repository with username and password + return Codestriker::Repository::Subversion->new($1, $2, $3); + } elsif ($repository =~ /^\s*svn:(.*)\s*$/i) { - # native Subversion repository. + # Subversion repository. return Codestriker::Repository::Subversion->new($1); + } elsif ($repository =~ /^\s*perforce:(.*):(.*)@(.*):(.*)\s*$/i) { # Perforce repository. return Codestriker::Repository::Perforce->new($1, $2, $3, $4); + } elsif ($repository =~ /^\s*vss:(.*);(.*);(.*)$/i) { # Visual Source Safe repository spec with SSDIR, user and password. return Codestriker::Repository::Vss->new($2,$3,$1); + } elsif ($repository =~ /^\s*vss:(.*);(.*)$/i) { # Visual Source Safe repository spec with user and password. return Codestriker::Repository::Vss->new($1,$2); + } elsif ($repository =~ /^\s*vss:(.*):(.*)$/i) { # Older-style Visual Source Safe (VSS) repository spec. return Codestriker::Repository::Vss->new($1,$2); + } elsif ($repository =~ /^\s*clearcase:(.*)$/i) { # ClearCase Snapshot repository. return Codestriker::Repository::ClearCaseSnapshot->new($1); + } else { # Unknown repository type. print STDERR "Codestriker: Couldn't match repository: \"$repository\"\n"; Index: Subversion.pm =================================================================== RCS file: /cvsroot/codestriker/codestriker/lib/Codestriker/Repository/Subversion.pm,v retrieving revision 1.7 retrieving revision 1.8 diff -u -r1.7 -r1.8 --- Subversion.pm 18 Oct 2004 23:43:57 -0000 1.7 +++ Subversion.pm 17 Nov 2004 10:04:39 -0000 1.8 @@ -14,10 +14,25 @@ # Constructor, which takes as a parameter the repository url. sub new ($$) { - my ($type, $repository_url) = @_; + my ($type, $repository_url, $user, $password) = @_; + + my $userCmdLine = ""; + if (defined($user) && defined($password)) { + $userCmdLine = "--username $user --password $password "; + } + + + # Make sure the repo url does not end in a /, the + # rest of the module assumes that it does not. + $repository_url =~ s/[\\\/]^//; + + # Replace any spaces with %20 uri friendly escapes. + $repository_url =~ s/ /%20/g; my $self = {}; $self->{repository_url} = $repository_url; + $self->{userCmdLine} = $userCmdLine; + bless $self, $type; } @@ -26,17 +41,37 @@ sub retrieve ($$$\$) { my ($self, $filename, $revision, $content_array_ref) = @_; - # Open a pipe to the local Subversion repository. - open(SVN, "svn cat --revision $revision \"" . $self->{repository_url} . - "/$filename\" 2>/dev/null |") - || die "Can't retrieve information from Subversion repository: $!"; + # Replace any spaces with %20 uri friendly escapes. + $filename =~ s/ /%20/g; + + my $cmd = "svn cat --non-interactive --no-auth-cache " . $self->{userCmdLine} . + "--revision $revision " . + "\"" . $self->{repository_url} . "/$filename\""; + + my $write_stdin_fh = new FileHandle; + my $read_stdout_fh = new FileHandle; + my $read_stderr_fh = new FileHandle; + + my $pid = open3($write_stdin_fh,$read_stdout_fh,$read_stderr_fh,$cmd); # Read the data. - for (my $i = 1; <SVN>; $i++) { + for (my $i = 1; <$read_stdout_fh>; $i++) { chop; $$content_array_ref[$i] = $_; } - close SVN; + + # Log anything on standard error to apache error log + # along with the cmd that caused the error. + + my $buf; + my $first_lines = 1; + while (read($read_stderr_fh, $buf, 16384)) { + print STDERR "$cmd\n" if $first_lines; + $first_lines = 0; + print STDERR $buf; + } + + waitpid($pid, 0); } # Retrieve the "root" of this repository. @@ -65,7 +100,8 @@ sub getDiff ($$$$$) { my ($self, $start_tag, $end_tag, $module_name, $stdout_fh, $stderr_fh) = @_; - my $cmd = "svn diff --non-interactive -r $start_tag:$end_tag " . + my $cmd = "svn diff --non-interactive --no-auth-cache " . $self->{userCmdLine} . + "-r $start_tag:$end_tag " . "--old \"$self->{repository_url}\" \"$module_name\""; my $write_stdin_fh = new FileHandle; @@ -74,7 +110,7 @@ my $pid = open3($write_stdin_fh, $read_stdout_fh, $read_stderr_fh,$cmd); - # Make sure the module does not end or start with a / + # Make sure the moduel does not end or start with a / $module_name =~ s/\\$//; $module_name =~ s/^\\//; Index: Email.pm =================================================================== RCS file: /cvsroot/codestriker/codestriker/lib/Codestriker/TopicListeners/Email.pm,v retrieving revision 1.11 retrieving revision 1.12 diff -u -r1.11 -r1.12 --- Email.pm 3 Nov 2004 20:48:33 -0000 1.11 +++ Email.pm 17 Nov 2004 10:04:40 -0000 1.12 @@ -409,9 +409,15 @@ $recipients .= ", $bcc" if $bcc ne ""; my @receiver = split /, /, $recipients; for (my $i = 0; $i <= $#receiver; $i++) { + if ($receiver[$i] ne "") { $smtp->recipient($receiver[$i]); $smtp->ok() || die "Couldn't send email to \"$receiver[$i]\" $!, " . $smtp->message(); + } else { + # Can't track down why, but sometimes an empty email address + # pops into here and kills the entire thing. This makes the + # problem go away. + } } $smtp->data(); Index: createtopic.html.tmpl =================================================================== RCS file: /cvsroot/codestriker/codestriker/template/en/default/createtopic.html.tmpl,v retrieving revision 1.37 retrieving revision 1.38 diff -u -r1.37 -r1.38 --- createtopic.html.tmpl 1 Nov 2004 10:43:55 -0000 1.37 +++ createtopic.html.tmpl 17 Nov 2004 10:04:40 -0000 1.38 @@ -150,7 +150,6 @@ [%# The repository the review is made against #%] [%# Only display the repository select if there is more than one #%] [% IF repositories.size > 1 %] -[% IF allow_repositories != 0 %] <TR> <TD>Repository: <FONT SIZE="-2"><A HREF="javascript:alert(' @@ -174,7 +173,6 @@ </TD> </TR> [% END %] -[% END %] [% IF projects_enabled != 0 %] |
