##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
security: fix self xss on repo downloads picker for svn case.
ergo -
r2234:8f4440a2 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -1,136 +1,137 b''
1 <%inherit file="/summary/summary_base.mako"/>
1 <%inherit file="/summary/summary_base.mako"/>
2
2
3 <%namespace name="components" file="/summary/components.mako"/>
3 <%namespace name="components" file="/summary/components.mako"/>
4
4
5
5
6 <%def name="menu_bar_subnav()">
6 <%def name="menu_bar_subnav()">
7 ${self.repo_menu(active='summary')}
7 ${self.repo_menu(active='summary')}
8 </%def>
8 </%def>
9
9
10 <%def name="main()">
10 <%def name="main()">
11
11
12 <div class="title">
12 <div class="title">
13 ${self.repo_page_title(c.rhodecode_db_repo)}
13 ${self.repo_page_title(c.rhodecode_db_repo)}
14 <ul class="links icon-only-links block-right">
14 <ul class="links icon-only-links block-right">
15 <li>
15 <li>
16 %if c.rhodecode_user.username != h.DEFAULT_USER:
16 %if c.rhodecode_user.username != h.DEFAULT_USER:
17 <a href="${h.route_path('atom_feed_home', repo_name=c.rhodecode_db_repo.repo_name, _query=dict(auth_token=c.rhodecode_user.feed_token))}" title="${_('RSS Feed')}"><i class="icon-rss-sign"></i></a>
17 <a href="${h.route_path('atom_feed_home', repo_name=c.rhodecode_db_repo.repo_name, _query=dict(auth_token=c.rhodecode_user.feed_token))}" title="${_('RSS Feed')}"><i class="icon-rss-sign"></i></a>
18 %else:
18 %else:
19 <a href="${h.route_path('atom_feed_home', repo_name=c.rhodecode_db_repo.repo_name)}" title="${_('RSS Feed')}"><i class="icon-rss-sign"></i></a>
19 <a href="${h.route_path('atom_feed_home', repo_name=c.rhodecode_db_repo.repo_name)}" title="${_('RSS Feed')}"><i class="icon-rss-sign"></i></a>
20 %endif
20 %endif
21 </li>
21 </li>
22 </ul>
22 </ul>
23 </div>
23 </div>
24
24
25 <div id="repo-summary" class="summary">
25 <div id="repo-summary" class="summary">
26 ${components.summary_detail(breadcrumbs_links=self.breadcrumbs_links(), show_downloads=True)}
26 ${components.summary_detail(breadcrumbs_links=self.breadcrumbs_links(), show_downloads=True)}
27 ${components.summary_stats(gravatar_function=self.gravatar_with_user)}
27 ${components.summary_stats(gravatar_function=self.gravatar_with_user)}
28 </div><!--end repo-summary-->
28 </div><!--end repo-summary-->
29
29
30
30
31 <div class="box" >
31 <div class="box" >
32 %if not c.repo_commits:
32 %if not c.repo_commits:
33 <div class="title">
33 <div class="title">
34 <h3>${_('Quick start')}</h3>
34 <h3>${_('Quick start')}</h3>
35 </div>
35 </div>
36 %endif
36 %endif
37 <div class="table">
37 <div class="table">
38 <div id="shortlog_data">
38 <div id="shortlog_data">
39 <%include file='summary_commits.mako'/>
39 <%include file='summary_commits.mako'/>
40 </div>
40 </div>
41 </div>
41 </div>
42 </div>
42 </div>
43
43
44 %if c.readme_data:
44 %if c.readme_data:
45 <div id="readme" class="anchor">
45 <div id="readme" class="anchor">
46 <div class="box" >
46 <div class="box" >
47 <div class="title" title="${h.tooltip(_('Readme file from commit %s:%s') % (c.rhodecode_db_repo.landing_rev[0], c.rhodecode_db_repo.landing_rev[1]))}">
47 <div class="title" title="${h.tooltip(_('Readme file from commit %s:%s') % (c.rhodecode_db_repo.landing_rev[0], c.rhodecode_db_repo.landing_rev[1]))}">
48 <h3 class="breadcrumbs">
48 <h3 class="breadcrumbs">
49 <a href="${h.route_path('repo_files',repo_name=c.repo_name,commit_id=c.rhodecode_db_repo.landing_rev[1],f_path=c.readme_file)}">${c.readme_file}</a>
49 <a href="${h.route_path('repo_files',repo_name=c.repo_name,commit_id=c.rhodecode_db_repo.landing_rev[1],f_path=c.readme_file)}">${c.readme_file}</a>
50 </h3>
50 </h3>
51 </div>
51 </div>
52 <div class="readme codeblock">
52 <div class="readme codeblock">
53 <div class="readme_box">
53 <div class="readme_box">
54 ${c.readme_data|n}
54 ${c.readme_data|n}
55 </div>
55 </div>
56 </div>
56 </div>
57 </div>
57 </div>
58 </div>
58 </div>
59 %endif
59 %endif
60
60
61 <script type="text/javascript">
61 <script type="text/javascript">
62 $(document).ready(function(){
62 $(document).ready(function(){
63 $('#clone_by_name').on('click',function(e){
63 $('#clone_by_name').on('click',function(e){
64 // show url by name and hide name button
64 // show url by name and hide name button
65 $('#clone_url').show();
65 $('#clone_url').show();
66 $('#clone_by_name').hide();
66 $('#clone_by_name').hide();
67
67
68 // hide url by id and show name button
68 // hide url by id and show name button
69 $('#clone_by_id').show();
69 $('#clone_by_id').show();
70 $('#clone_url_id').hide();
70 $('#clone_url_id').hide();
71
71
72 // hide copy by id
72 // hide copy by id
73 $('#clone_by_name_copy').show();
73 $('#clone_by_name_copy').show();
74 $('#clone_by_id_copy').hide();
74 $('#clone_by_id_copy').hide();
75
75
76 });
76 });
77 $('#clone_by_id').on('click',function(e){
77 $('#clone_by_id').on('click',function(e){
78
78
79 // show url by id and hide id button
79 // show url by id and hide id button
80 $('#clone_by_id').hide();
80 $('#clone_by_id').hide();
81 $('#clone_url_id').show();
81 $('#clone_url_id').show();
82
82
83 // hide url by name and show id button
83 // hide url by name and show id button
84 $('#clone_by_name').show();
84 $('#clone_by_name').show();
85 $('#clone_url').hide();
85 $('#clone_url').hide();
86
86
87 // hide copy by id
87 // hide copy by id
88 $('#clone_by_id_copy').show();
88 $('#clone_by_id_copy').show();
89 $('#clone_by_name_copy').hide();
89 $('#clone_by_name_copy').hide();
90 });
90 });
91
91
92 var initialCommitData = {
92 var initialCommitData = {
93 id: null,
93 id: null,
94 text: 'tip',
94 text: 'tip',
95 type: 'tag',
95 type: 'tag',
96 raw_id: null,
96 raw_id: null,
97 files_url: null
97 files_url: null
98 };
98 };
99
99
100 select2RefSwitcher('#download_options', initialCommitData);
100 select2RefSwitcher('#download_options', initialCommitData);
101
101
102 // on change of download options
102 // on change of download options
103 $('#download_options').on('change', function(e) {
103 $('#download_options').on('change', function(e) {
104 // format of Object {text: "v0.0.3", type: "tag", id: "rev"}
104 // format of Object {text: "v0.0.3", type: "tag", id: "rev"}
105 var ext = '.zip';
105 var selected_cs = e.added;
106 var selected_cs = e.added;
106 var fname= e.added.raw_id + ".zip";
107 var fname = e.added.raw_id + ext;
107 var href = pyroutes.url('repo_archivefile', {'repo_name': templateContext.repo_name, 'fname':fname});
108 var href = pyroutes.url('repo_archivefile', {'repo_name': templateContext.repo_name, 'fname':fname});
108 // set new label
109 // set new label
109 $('#archive_link').html('<i class="icon-archive"></i> '+ e.added.text+".zip");
110 $('#archive_link').html('<i class="icon-archive"></i> {0}{1}'.format(escapeHtml(e.added.text), ext));
110
111
111 // set new url to button,
112 // set new url to button,
112 $('#archive_link').attr('href', href)
113 $('#archive_link').attr('href', href)
113 });
114 });
114
115
115
116
116 // load details on summary page expand
117 // load details on summary page expand
117 $('#summary_details_expand').on('click', function() {
118 $('#summary_details_expand').on('click', function() {
118
119
119 var callback = function (data) {
120 var callback = function (data) {
120 % if c.show_stats:
121 % if c.show_stats:
121 showRepoStats('lang_stats', data);
122 showRepoStats('lang_stats', data);
122 % endif
123 % endif
123 };
124 };
124
125
125 showRepoSize(
126 showRepoSize(
126 'repo_size_container',
127 'repo_size_container',
127 templateContext.repo_name,
128 templateContext.repo_name,
128 templateContext.repo_landing_commit,
129 templateContext.repo_landing_commit,
129 callback);
130 callback);
130
131
131 })
132 })
132
133
133 })
134 })
134 </script>
135 </script>
135
136
136 </%def>
137 </%def>
General Comments 0
You need to be logged in to leave comments. Login now