From 78753bc22f140f863aa3fe56b1c59699ca3e2fa8 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 26 Sep 2011 22:29:07 -0400
Subject: [PATCH] Protect DownloadZipServlet with an AccessRestrictionFilter.

---
 src/com/gitblit/AccessRestrictionFilter.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/com/gitblit/AccessRestrictionFilter.java b/src/com/gitblit/AccessRestrictionFilter.java
index e309b59..25adc52 100644
--- a/src/com/gitblit/AccessRestrictionFilter.java
+++ b/src/com/gitblit/AccessRestrictionFilter.java
@@ -138,7 +138,7 @@
 		}
 		String fullUrl = url + (StringUtils.isEmpty(params) ? "" : ("?" + params));
 
-		String repository = extractRepositoryName(url);
+		String repository = extractRepositoryName(fullUrl);
 
 		// Determine if the request URL is restricted
 		String fullSuffix = fullUrl.substring(repository.length());

--
Gitblit v1.9.1