Commits

Alessio Caiazza committed cc14b7a Merge

flow: Merged <release> '2.0.0' to <master> ('default').

Comments (0)

Files changed (2)

 
 == Basic Install ==
 
-See http://dev.9thsoft.com/projects/show/hgredmine for detailed installation
+See https://bitbucket.org/nolith/hgredmine/wiki/Home for detailed installation
 instructions, platform-specific notes, and HgRedmine user information.
 
 == License ==

hgredmine/hgweb.py

     
     @return True / False
     """
-    return req.env.get('REMOTE_USER_ADMIN', 'f') == 't'
+    return req.env.get('REMOTE_USER_ADMIN', 'False') == 'True'
+
+def _sanitize_db_boolean(data):
+    """
+    Try to convert possible DB value to True or False
+    @param data: the data returned from the DB
+    @return: data interpreted as boolean
+    """
+    if type(data) == int:
+        if data == 0:
+            return False
+        else:
+            return True
+    elif type(data) == bool:
+        return data
+    else:
+        return  data == 't'
+
+def _sanitize_db_string(data):
+    """
+    Sanitize DB string removing encoding
+    @param data: a string
+    @return: the string sanitized
+    """
+    try:
+        return data.encode('ascii', 'backslashreplace')
+    except:
+        return data
 
 class HgRedmine(hgwebdir):
     """A simple HTTP basic authentication implementation (RFC 2617) usable
         Find repos from Redmine database.
         """
         dbcur = db.cursor()
-        dbcur.execute('SELECT projects.identifier, repositories.url FROM projects, repositories '
-                            'WHERE repositories.type=\'Mercurial\' AND projects.id = repositories.project_id'
+        dbcur.execute('SELECT projects.identifier, repositories.url, repositories.is_default ' +
+                            'FROM projects, repositories '
+                            'WHERE repositories.type=\'Repository::Mercurial\' ' +
+                            'AND projects.id = repositories.project_id '
                        )
         
         repos = {}
         row = dbcur.fetchone()
         
         while row:
-            repos[row[0]] = row[1]
+            if _sanitize_db_boolean(row[2]):
+                project_id = _sanitize_db_string(row[0])
+                repo_url = _sanitize_db_string(row[1])
+                repos[project_id] = repo_url
             row = dbcur.fetchone()
             
         self.repos = repos.items()
         
     def _send_challenge(self, req):
-        req.header([('WWW-Authenticate', 'Basic realm="%s"' % self.realm)])
+        req.headers.extend([('WWW-Authenticate', 'Basic realm="%s"' % self.realm)])
         raise ErrorResponse(HTTP_UNAUTHORIZED, 'List Redmine repositories is unauthorized')
     
     def _user_login(self, db, req):
         req.env['REMOTE_USER'] = None
-        req.env['REMOTE_USER_ADMIN'] = 'f'
+        req.env['REMOTE_USER_ADMIN'] = 'False'
         
         header = req.env.get('HTTP_AUTHORIZATION')
         if not header or not header.startswith('Basic'):
 
         req.env['AUTH_TYPE'] = 'Basic'
         req.env['REMOTE_USER'] = username
-        is_admin = row[0]
-        if type(is_admin) == int:
-            if is_admin == 0:
-                is_admin = 'f'
-            else:
-                is_admin = 't'
-        req.env['REMOTE_USER_ADMIN'] = is_admin
+        is_admin = _sanitize_db_boolean(row[0])
+        req.env['REMOTE_USER_ADMIN'] = str(is_admin)
         
         return True
         
         if not row:
             return
         
-        repo.ui.setconfig('web', 'name', row[0])
-        repo.ui.setconfig('web', 'description', row[1])
+        repo.ui.setconfig('web', 'name', _sanitize_db_string(row[0]))
+        repo.ui.setconfig('web', 'description', _sanitize_db_string(row[1]))
         repo.ui.setconfig('web', 'contact', 'Project Owner')
-    
+
     def run_wsgi(self, req):
         try:
             try:
         hgweb.__init__(self, repo, name)
     
     def _send_challenge(self, req, msg):
-        req.header([('WWW-Authenticate', 'Basic realm="%s"' % self.realm)])
+        req.headers.extend([('WWW-Authenticate', 'Basic realm="%s"' % self.realm)])
         raise ErrorResponse(HTTP_UNAUTHORIZED, msg)
         
     def _get_perms(self, user, project_id):
             # user doesn't have any permits
             return (False, False, False)
         
-        perms = row[0].splitlines()
+        perms = [_sanitize_db_string(line) for line in row[0].splitlines()]
         
         if '- :manage_repository' in perms or '- :commit_access' in perms :
             return (True, True, True)
         if not row:
             return False
             
-        return row[0] == 't'
+        return _sanitize_db_boolean(row[0])
     
     def check_perm(self, req, op):
         '''Check permission for operation based on request data (including