From 62e0259129fa7147a3899244569c05f4e7fd3b7c Mon Sep 17 00:00:00 2001
From: Joel Johnson <joel.johnson@issinc.com>
Date: Tue, 14 Jul 2015 15:59:29 -0400
Subject: [PATCH] prevent session fixation for external authentication

---
 src/main/java/com/gitblit/utils/FileUtils.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/FileUtils.java b/src/main/java/com/gitblit/utils/FileUtils.java
index 27caa7e..e7f0104 100644
--- a/src/main/java/com/gitblit/utils/FileUtils.java
+++ b/src/main/java/com/gitblit/utils/FileUtils.java
@@ -296,7 +296,7 @@
 		Path exactBase = Paths.get(getExactFile(basePath).toURI());
 		Path exactPath = Paths.get(getExactFile(path).toURI());
 		if (exactPath.startsWith(exactBase)) {
-			return exactBase.relativize(exactPath).toString();
+			return exactBase.relativize(exactPath).toString().replace('\\', '/');
 		}
 		// no relative relationship
 		return null;

--
Gitblit v1.9.1