# HG changeset patch # User Mike Becker # Date 1759577673 -7200 # Node ID c0c7b4ca2946a9ab19fbd09853565b571587241f # Parent 49f68aeb1dd2b8ce9ac3b6f116ef068074d024d0 add convenience buttons for editing version, component, variant - resolves #733 diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/kotlin/de/uapcore/lightpit/AbstractServlet.kt --- a/src/main/kotlin/de/uapcore/lightpit/AbstractServlet.kt Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/kotlin/de/uapcore/lightpit/AbstractServlet.kt Sat Oct 04 13:34:33 2025 +0200 @@ -138,8 +138,19 @@ // set some internal request attributes val fullPath = req.servletPath + Optional.ofNullable(req.pathInfo).orElse("") req.setAttribute(Constants.REQ_ATTR_PATH, fullPath) - req.getHeader("Referer")?.let { - // TODO: add a sanity check to avoid link injection + req.getHeader("Referer")?.let { referer -> + val portInfo = + if ((req.scheme == "http" && req.serverPort == 80) + || (req.scheme == "https" && req.serverPort == 443) + ) "" else ":${req.serverPort}" + val baseHrefOptionalPort = "${req.scheme}://${req.serverName}$portInfo${req.contextPath}/" + val baseHrefWithPort = "${req.scheme}://${req.serverName}${req.serverPort}${req.contextPath}/" + if (referer.startsWith(baseHrefOptionalPort) || referer.startsWith(baseHrefWithPort)) { + referer + } else { + null + } + }?.let { req.setAttribute(Constants.REQ_ATTR_REFERER, it) } diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/kotlin/de/uapcore/lightpit/RequestMapping.kt --- a/src/main/kotlin/de/uapcore/lightpit/RequestMapping.kt Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/kotlin/de/uapcore/lightpit/RequestMapping.kt Sat Oct 04 13:34:33 2025 +0200 @@ -125,6 +125,8 @@ field = value if (value == null) { request.removeAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION) + } else if (value.startsWith(baseHref)) { + request.setAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION, value) } else { request.setAttribute(Constants.REQ_ATTR_REDIRECT_LOCATION, baseHref + value) } @@ -226,6 +228,19 @@ } fun i18n(key: String): String = ResourceBundle.getBundle("localization/strings", response.locale).getString(key) + + fun sanitizeReferer(referer: String?): String? { + if (referer == null) return null + // if someone really explicitly specifies the default port, we must support that, but we will remove it + val baseHrefWithPort = "${request.scheme}://${request.serverName}${request.serverPort}${request.contextPath}/" + return if (referer.startsWith(baseHref)) { + referer + } else if (referer.startsWith(baseHrefWithPort)) { + referer.replaceFirst(baseHrefWithPort, baseHref) + } else { + null + } + } } /** diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/kotlin/de/uapcore/lightpit/servlet/ProjectServlet.kt --- a/src/main/kotlin/de/uapcore/lightpit/servlet/ProjectServlet.kt Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/kotlin/de/uapcore/lightpit/servlet/ProjectServlet.kt Sat Oct 04 13:34:33 2025 +0200 @@ -262,7 +262,7 @@ dao.updateVersion(version) } - http.renderCommit("projects/${project.node}/versions/") + http.renderCommit(http.sanitizeReferer(http.param("returnLink")) ?: "projects/${project.node}/versions/") } private fun components(http: HttpRequest, dao: DataAccessObject) { @@ -322,7 +322,7 @@ dao.updateComponent(component) } - http.renderCommit("projects/${project.node}/components/") + http.renderCommit(http.sanitizeReferer(http.param("returnLink")) ?: "projects/${project.node}/components/") } private fun variants(http: HttpRequest, dao: DataAccessObject) { @@ -378,7 +378,7 @@ dao.updateVariant(variant) } - http.renderCommit("projects/${project.node}/variants/") + http.renderCommit(http.sanitizeReferer(http.param("returnLink")) ?: "projects/${project.node}/variants/") } private fun issue(http: HttpRequest, dao: DataAccessObject) { diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/resources/localization/strings.properties --- a/src/main/resources/localization/strings.properties Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/resources/localization/strings.properties Sat Oct 04 13:34:33 2025 +0200 @@ -46,6 +46,7 @@ button.save=Save button.user.create=Add Developer button.variant.create=New Variant +button.variant.edit=Edit Variant button.version.create=New Version button.version.edit=Edit Version button.whats-new=Show Changelog diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/resources/localization/strings_de.properties --- a/src/main/resources/localization/strings_de.properties Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/resources/localization/strings_de.properties Sat Oct 04 13:34:33 2025 +0200 @@ -46,6 +46,7 @@ button.save=Speichern button.user.create=Neuer Entwickler button.variant.create=Neue Variante +button.variant.edit=Variante Bearbeiten button.version.create=Neue Version button.version.edit=Version Bearbeiten button.whats-new=Versionshinweise \u00d6ffnen @@ -65,7 +66,7 @@ error.exceptionText = Interne Ausnahme error.headline = Die angeforderte Seite kann nicht angezeigt werden. error.message = Server Nachricht -error.returnLink = Kehre zurück zu +error.returnLink = Kehre zur\u00fcck zu error.timestamp = Zeitstempel feed.issues.description=Feed \u00fcber k\u00fcrzlich aktualisierte Vorg\u00e4nge. feed.issues.title=LightPIT Vorg\u00e4nge @@ -161,7 +162,7 @@ no-users=Bislang wurden keine Entwickler hinterlegt. node.tooltip=Name, der zur Konstruktion der URL genutzt werden soll. node=Pfadname -ordinal.tooltip=Use to override lexicographic ordering. \u00dcbersteuert die lexikographische Sortierung. +ordinal.tooltip=\u00dcbersteuert die lexikographische Sortierung. ordinal=Sequenznummer placeholder.auto-assignee.tooltip=Weist, wenn m\u00f6glich, den Vorgang dem Leiter der Komponente. placeholder.auto-assignee=Automatisch diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/changelogs/changelog-de.jspf --- a/src/main/webapp/WEB-INF/changelogs/changelog-de.jspf Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/changelogs/changelog-de.jspf Sat Oct 04 13:34:33 2025 +0200 @@ -30,6 +30,7 @@
  • Pop-Up hinzugefügt, das über eine neue LightPIT-Version informiert.
  • "Erledigt" Schaltfläche zur Vorgangsansicht hinzugefügt.
  • "In Projekt Öffnen" Schaltfläche zur (globalen) Vorgangsansicht hinzugefügt.
  • +
  • Schaltflächen hinzugefügt, die schnelleren Zugang zu den Editoren für Versionen, Komponenten und Varianten bieten.
  • Es können nun neue Vorgänge direkt mit einer Verknüpfung zu einem existierenden Vorgang erstellt werden.
  • Neuen Filter "zeige nur nicht-blockierte" hinzugefügt.
  • Vorgänge können nun auch direkt über die Vorgangsnummer (anstatt Raute + Nummer) verlinkt werden.
  • diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/changelogs/changelog.jspf --- a/src/main/webapp/WEB-INF/changelogs/changelog.jspf Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/changelogs/changelog.jspf Sat Oct 04 13:34:33 2025 +0200 @@ -30,6 +30,7 @@
  • Add popup informing about a new LightPIT release.
  • Add convenience RESOLVE button to the issue view.
  • Add convenience OPEN IN PROJECT button to the global issue view.
  • +
  • Add buttons and hover-icons to quickly access the editor for versions, components, and variants.
  • Add the possibility to create new related issues with one click.
  • Add new filter "show only non-blocked".
  • Change that you can now relate issues by just submitting their number (instead of hash + number).
  • diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/jsp/component-form.jsp --- a/src/main/webapp/WEB-INF/jsp/component-form.jsp Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/jsp/component-form.jsp Sat Oct 04 13:34:33 2025 +0200 @@ -31,6 +31,10 @@ + + + +
    @@ -94,7 +98,8 @@
    - + + diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/jsp/project-details.jsp --- a/src/main/webapp/WEB-INF/jsp/project-details.jsp Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/jsp/project-details.jsp Sat Oct 04 13:34:33 2025 +0200 @@ -38,6 +38,15 @@
    + + + + + + + + +

    diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/jsp/variant-form.jsp --- a/src/main/webapp/WEB-INF/jsp/variant-form.jsp Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/jsp/variant-form.jsp Sat Oct 04 13:34:33 2025 +0200 @@ -29,8 +29,12 @@ <%@taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> + - + + + + @@ -81,7 +85,8 @@
    - + + diff -r 49f68aeb1dd2 -r c0c7b4ca2946 src/main/webapp/WEB-INF/jsp/version-form.jsp --- a/src/main/webapp/WEB-INF/jsp/version-form.jsp Mon Sep 22 20:00:59 2025 +0200 +++ b/src/main/webapp/WEB-INF/jsp/version-form.jsp Sat Oct 04 13:34:33 2025 +0200 @@ -31,6 +31,10 @@ + + + + @@ -89,7 +93,8 @@
    - + +