jacknudt
/
socialforge
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'xss-bug' into dev-homepage-revision

This commit is contained in:
Jasder 2019-10-25 22:27:20 +08:00
parent dca1515830 7ed3df6738
commit 62f38402f7
18 changed files with 108 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
app/controllers/repositories_controller.rb
View File

@ -37,13 +37,13 @@ class RepositoriesController < ApplicationController
before_filter :find_repository, :only => [:edit, :update, :destroy, :committers]
before_filter :find_project_repository, :except => [:new, :create, :newcreate, :edit, :update, :destroy, :committers, :newrepo,
:to_gitlab, :forked, :export_rep_static, :training_project_extend, :che_request]
:to_gitlab, :forked, :export_rep_static, :training_project_extend, :che_request, :build_socks_shop]
# 连接gitlab
# before_filter :connect_gitlab, :only => [:quality_analysis, :commit_diff]
before_filter :find_changeset, :only => [:revision, :add_related_issue, :remove_related_issue]
# before_filter :authorize , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff]
before_filter :authorize_visible , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff, :che_request]
before_filter :authorize_visible , :except => [:newrepo,:newcreate,:fork, :to_gitlab, :forked, :project_archive, :quality_analysis, :commit_diff, :che_request, :build_socks_shop]
# 版本库新增权限
# before_filter :show_rep, :only => [:show, :stats, :revisions, :revision, :diff, :commit_diff ]
accept_rss_auth :revisions
@ -75,6 +75,37 @@ class RepositoriesController < ApplicationController
end
def build_socks_shop
begin
# r = RestClient::Request.execute(method: :get, url: 'http://106.75.6.173:8080/job/socks-shop/build?token=socks-shop&j_username=jenkins&j_password=12', max_redirects: 0)
# logger.info "socks shop request success-===========> #{r.response}"
RestClient.get('http://106.75.6.173:8080/job/socks-shop/build?token=socks-shop&j_username=jenkins&j_password=12') { |response, request, result|
case response.code
when 200, 201
logger.info "socks shop request success-===========> #{response}"
render :json => {:result => "succuss", :message => "ok"}
when 423
logger.info "socks shop request failed---------> #{response}"
render :json => {:result => "fail", :message => "SomeCustomExceptionIfYouWant"}
raise SomeCustomExceptionIfYouWant
else
logger.info "return else ======> #{response}"
render :json => {:result => "fail", :message => "...."}
end
}
rescue RestClient::ExceptionWithResponse => err
render :json => {:result => "failed", :message => "fail"}
logger.info "socks shop request failed---------> #{err}"
rescue RestClient::Unauthorized, RestClient::Forbidden => err
render :json => {:result => "failed", :message => "Access denied"}
logger.info "Access denied======> #{err.response}"
rescue RestClient::ImATeapot => err
render :json => {:result => "failed", :message => "The server is a teapot! # RFC 2324"}
logger.info "The server is a teapot! # RFC 2324 ==> #{err.response}"
return err.response
end
end
def export_rep_static
# 管理员界面导出所有项目
@project = Project.find(params[:id])

2
app/views/boards/_course_show.html.erb
View File

@ -24,7 +24,7 @@
<div class="homepageRight mt0 ml10">
<div class="homepageRightBanner">
<div class="NewsBannerName break_word" style="width: 600px;">
<%= @board.parent_id.nil? ? "班级讨论区" : "#{@board.name}" %>
<%= @board.parent_id.nil? ? "班级讨论区" : "#{h @board.name}" %>
</div>
<% is_teacher = User.current.logged? && (User.current.admin? || User.current.allowed_to?(:as_teacher,@board.course)) %>

6
app/views/boards/_sy_board_history.html.erb
View File

@ -18,9 +18,9 @@
<div class="list-file">
<div><span class="item_list fl"></span>
<% if activity.parent_id.nil? %> <!--+"(帖子标题)"-->
<%= link_to activity.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :target => '_blank', :class => "list-title-normal fl" %>
<%= link_to h(activity.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :target => '_blank', :class => "list-title-normal fl" %>
<% else %>
<%= link_to activity.parent.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :target => '_blank', :class => "list-title-normal f1" %>
<%= link_to h(activity.parent.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :target => '_blank', :class => "list-title-normal f1" %>
<% end %>
<% if activity.sticky == 1 %>
<span class="fl ml10 red-cir-btn">顶</span>
@ -58,4 +58,4 @@
<p class="sy_tab_con_p">没有数据可以显示!</p>
<% end %>
</div>
</div>
</div>

4
app/views/layouts/_contest_board_children_list.html.erb
View File

@ -5,7 +5,7 @@
<li id="board_children_<%=board.id %>">
<% count = board ? board.messages.count : 0 %>
<a href="<%=contest_boards_path(@contest, :board_id =>board.id) %>">
<font class="hidden dis" style="max-width: 120px;"><%=board.name %></font>
<font class="hidden dis" style="max-width: 120px;"><%= h board.name %></font>
<span style="vertical-align: top;"><%=count %></span>
</a>
<% if User.current.logged? && is_admin %>
@ -14,4 +14,4 @@
</li>
<% end %>
</ul>
<% end %>
<% end %>

2
app/views/layouts/base_projects.html.erb
View File

@ -41,6 +41,7 @@
<div id="ajax-indicator" style="display:none;">
<span><%= l(:label_loading) %></span>
</div>
<div id="deploy-loading" style="display:none;"><span>部署中...</span></div>
<div id="ajax-modal" style="display:none;"></div>
<div id="nh_tx_dialog_html" class="white_content" style="display:none;">
<%=render :partial => 'layouts/upload_avatar', :locals => {:source => @project} %>
@ -59,4 +60,3 @@
</script>
<%= javascript_include_tag 'cookie','project',"avatars", 'header','prettify','select_list_move','attachments' %>
</html>

4
app/views/messages/_course_show.html.erb
View File

@ -65,7 +65,7 @@
</div>
<%end%>
<div class="postDetailTitle fl break_full_word">
<a href="javascript:void(0);" class="f14 linkGrey4 fb" style="overflow:hidden;">主题: <%= @topic.subject%></a>
<a href="javascript:void(0);" class="f14 linkGrey4 fb" style="overflow:hidden;">主题: <%= h @topic.subject%></a>
</div>
<div class="cl"></div>
<div class="postDetailCreater">
@ -74,7 +74,7 @@
<div class="postDetailDate mb5"><%= format_time( @topic.created_on)%></div>
<div class="cl"></div>
<div class="homepagePostIntro memo-content upload_img break_full_word ke-block" id="message_description_<%= @topic.id %>" >
<%= @topic.content.html_safe%>
<%= h @topic.content %>
</div>
<div class="cl"></div>
<div class="mt10" style="font-weight:normal;">

4
app/views/messages/_course_show_replies.html.erb
View File

@ -13,7 +13,7 @@
<%= render :partial => 'users/message_contents', :locals => {:comment => reply, :type => 'Message', :user_activity_id => @topic.id}%>
<div class="homepagePostReplyContent upload_img break_word table_maxWidth" id="reply_message_description_<%= reply.id %>">
<%= reply.content.html_safe%>
<%= h reply.content %>
</div>
<div class="orig_reply mb10 mt-10">
<div class="reply">
@ -57,4 +57,4 @@
<%= link_to '点击展开更多回复', board_message_path(@topic.board_id, @topic, :page => @page),:remote=>true %>
</div>
</div>
<% end %>
<% end %>

4
app/views/organizations/_org_course_homework.html.erb
View File

@ -352,7 +352,7 @@
</div>
<% end %>
<div class="homepagePostReplyContent break_word list_style upload_img table_maxWidth" id="reply_content_<%= comment.id %>">
<%= comment.notes.html_safe %></div>
<%= sanitize comment.notes %></div>
<div class="orig_reply mb10 mt-10">
<div class="reply">
<span class="reply-right">
@ -423,4 +423,4 @@
$(function(){
user_card_show_hide();
});
</script>
</script>

32
app/views/repositories/show.html.erb
View File

@ -25,6 +25,10 @@
<% else %>
<%= link_to "重新分析", quality_analysis_path(:id => @project.id, :repository_id => @repository.identifier, :rev => @rev, :default_branch => @g_default_branch, :type => "2"), :remote => true, :class => "btn_zipdown fl ml10" %>
<% end %>
<% if @project.id == 5787 %>
<%= link_to '云端编程', "http://106.75.119.131:8080/dashboard/#/ide/che/trustie_che_demo", :class => "btn_zipdown fl ml10"%>
<%= link_to '云端部署', "javascript:void(0)", :class => "btn_zipdown fl ml10", :onclick => "deploy()", :remote => true%>
<% end %>
<% end %>
<% unless QualityAnalysis.where(:project_id => @project.id).first.nil? %>
<%= link_to "代码分析结果", project_quality_analysis_path(:project_id => @project.id), :class => "btn_zipdown fl ml10" %>
@ -72,3 +76,31 @@
<%# end %>
<% html_title(l(:label_repository)) -%>
<script type="text/javascript">
var i=0;
function deploy(){
if (i == 0) {
$.ajax({
url: "<%= build_socks_shop_project_repositories_path(@project) %>",
type:'post',
contentType: "application/json; charset=utf-8",
success: function(){
console.log('request success!')
},
beforeSend: function(){ },
complete: function(){ }
});
}
i++;
if(i<11) {
$("#deploy-loading").show()
setTimeout("deploy()",1000);
}else {
i = 0
$("#deploy-loading").hide()
}
}
</script>

6
app/views/users/_comment_reply_detail.html.erb
View File

@ -17,9 +17,9 @@
<p><%= string %></p>
<% end %>
<% end %>
<P><%= comment.content_detail.html_safe %></P>
<P><%= h comment.content_detail %></P>
<% else %>
<%= comment.content_detail.html_safe %>
<%= h comment.content_detail %>
<% end %>
</div>
<div class="orig_reply mt-10 pr" style="height: 18px;">
@ -66,4 +66,4 @@
</div>
<p id="reply_message_<%= comment.id%>"></p>
</div>
<div class="cl"></div>
<div class="cl"></div>

6
app/views/users/_course_boardlist.html.erb
View File

@ -24,9 +24,9 @@
<div class="list-file">
<div><span class="item_list fl"></span>
<% if activity.parent_id.nil? %> <!--+"(帖子标题)"-->
<%= link_to activity.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class => "list-title-normal fl" %>
<%= link_to h(activity.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class => "list-title-normal fl" %>
<% else %>
<%= link_to activity.parent.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class => "list-title-normal f1" %>
<%= link_to h(activity.parent.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class => "list-title-normal f1" %>
<% end %>
<% if activity.sticky == 1 %>
<span class="fl ml10 red-cir-btn">顶</span>
@ -81,4 +81,4 @@
$(".listbox").css("height",tmpHeight);
}
});
</script>
</script>

8
app/views/users/_course_message.html.erb
View File

@ -13,9 +13,9 @@
</div>
<div class="homepagePostTitle hidden m_w530 fl">
<% if activity.parent_id.nil? %> <!--+"(帖子标题)"-->
<%= link_to activity.subject.to_s.html_safe, board_message_path(activity.board_id, activity), :class=> "postGrey" %>
<%= link_to h(activity.subject.to_s), board_message_path(activity.board_id, activity), :class=> "postGrey" %>
<% else %>
<%= link_to activity.parent.subject.to_s.html_safe, board_message_path(activity.board_id, activity), :class=> "postGrey" %>
<%= link_to h(activity.parent.subject.to_s), board_message_path(activity.board_id, activity), :class=> "postGrey" %>
<% end %>
</div>
<% if activity.sticky == 1 %>
@ -33,9 +33,9 @@
</div>
<div class="cl"></div>
<% if activity.parent_id.nil? %>
<% content = activity.content %>
<% content = h activity.content %>
<% else %>
<% content = activity.parent.content %>
<% content = h activity.parent.content %>
<% end %>
<%=render :partial =>"users/intro_content", :locals=>{:user_activity_id =>user_activity_id, :content=>content} %>
<div class="cl"></div>

4
app/views/users/_message_replies.html.erb
View File

@ -15,7 +15,7 @@
<% if !comment.content_detail.blank? %>
<div class="homepagePostReplyContent break_word list_style upload_img table_maxWidth" id="reply_content_<%= comment.id %>">
<%= comment.content_detail.html_safe %>
<%= h comment.content_detail %>
</div>
<div class="orig_reply mb10 mt-10">
<div class="reply">
@ -115,4 +115,4 @@
<div class="cl"></div>
</li>
<% end %>
</ul>
</ul>

8
app/views/users/_news_replies.html.erb
View File

@ -19,12 +19,12 @@
<% if comment.class == Journal %>
<% if comment.details.any? %>
<% details_to_strings(comment.details).each do |string| %>
<p><%= string %></p>
<p><%= sanitize string %></p>
<% end %>
<% end %>
<P><%= comment.notes.html_safe %></P>
<P><%= h comment.notes %></P>
<% else %>
<%= comment.content_detail.html_safe %>
<%= h comment.content_detail %>
<% end %>
</div>
<div class="orig_reply mb10 mt-10">
@ -106,4 +106,4 @@
</li>
<% end %>
<% end %>
</ul>
</ul>

6
app/views/users/_project_boardlist.html.erb
View File

@ -20,9 +20,9 @@
<div class="list-file">
<div><span class="item_list fl"></span>
<% if activity.parent_id.nil? %> <!--+"(帖子标题)"-->
<%= link_to activity.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class=> "list-title-normal fl", :style => "max-width:950px;" %>
<%= link_to h(activity.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class=> "list-title-normal fl", :style => "max-width:950px;" %>
<% else %>
<%= link_to activity.parent.subject.to_s.html_safe, User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class=> "list-title-normal f1", :style => "max-width:950px;" %>
<%= link_to h(activity.parent.subject), User.current.logged? ? board_message_path(activity.board_id, activity) : signin_url_without_domain, :class=> "list-title-normal f1", :style => "max-width:950px;" %>
<% end %>
<% if activity.sticky == 1 %>
<span class="fl ml10 red-cir-btn">顶</span>
@ -76,4 +76,4 @@
$(".listbox").css("height", tmpHeight);
}
});
</script>
</script>

4
config/application.rb
View File

@ -18,7 +18,7 @@ module RedmineApp
# -- all .rb files in that directory are automatically loaded.
#verifier if email is real
config.generators do |g|
g.test_framework :rspec,
@ -80,7 +80,7 @@ module RedmineApp
allow do
origins '*'
# location of your API
resource '/api/*', :headers => :any, :methods => [:get, :post, :options, :put]
resource '*', :headers => :any, :methods => [:get, :post, :options, :put]
end
end

1
config/routes.rb
View File

@ -1091,6 +1091,7 @@ RedmineApp::Application.routes.draw do
member do
match 'committers', :via => [:get, :post]
end
match 'build_socks_shop', :via => :post, :on => :collection
end
resources :repositories, :except => [:index, :show] do
member do

9
public/stylesheets/css/public.css
View File

@ -99,6 +99,13 @@ a.opnionButton:hover{background: #297fb8; }
padding:0.6em; z-index:100000; opacity: 0.5;}
html>body #ajax-indicator { position: fixed; }
#ajax-indicator span { background-position: 0% 40%; background-repeat: no-repeat; background-image: url(/images/loading.gif); padding-left: 26px; vertical-align: bottom;}
#deploy-loading { position: absolute; /* fixed not supported by IE */ background-color:#eee;border: 1px solid #bbb; top:35%; left:40%; width:20%; font-weight:bold; text-align:center; color: blue;
padding:0.6em; z-index:100000; opacity: 0.5;}
html>body #deploy-loading { position: fixed; }
#deploy-loading span { background-position: 0% 40%; background-repeat: no-repeat; background-image: url(/images/loading.gif); padding-left: 26px; vertical-align: bottom;}
div.modal { border-radius: 5px; background: #fff; z-index: 50; padding: 4px;}
.ui-widget-content { border: 1px solid #ddd; color: #333;}
.ui-widget { font-family: Verdana, sans-serif; font-size: 1.1em;}
@ -1003,4 +1010,4 @@ span.down{display: block;position: absolute;top: 13px;right: 4px;width: 12px;hei
.data_showdetail .detail_part{margin-bottom: 15px;}
.data_showdetail .detail_part label{width: 13%;padding-right: 10px;box-sizing: border-box;text-align: right;display: block;float: left}
.detail_des{border:none;padding: 0px;float: left;width: 818px;word-wrap: break-word;font-size: 14px;outline: none;}
.attachment_notice{color: #888888; font-size: 12px; line-height: 20px;}
.attachment_notice{color: #888888; font-size: 12px; line-height: 20px;}