From b4a63aad7f56486c164a15ae2477bcd251b0bb1b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 18 Mar 2014 21:10:48 -0400
Subject: [PATCH] Fix authentication security hole with external providers

---
 src/main/java/com/gitblit/models/RepositoryModel.java |   17 +++++++++++++----
 1 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/src/main/java/com/gitblit/models/RepositoryModel.java b/src/main/java/com/gitblit/models/RepositoryModel.java
index 2476834..f84e96b 100644
--- a/src/main/java/com/gitblit/models/RepositoryModel.java
+++ b/src/main/java/com/gitblit/models/RepositoryModel.java
@@ -51,14 +51,12 @@
 	public String lastChangeAuthor;
 	public boolean hasCommits;
 	public boolean showRemoteBranches;
-	public boolean useDocs;
 	public boolean useIncrementalPushTags;
 	public String incrementalPushTagPrefix;
 	public AccessRestrictionType accessRestriction;
 	public AuthorizationControl authorizationControl;
 	public boolean allowAuthenticated;
 	public boolean isFrozen;
-	public boolean showReadme;
 	public FederationStrategy federationStrategy;
 	public List<String> federationSets;
 	public boolean isFederated;
@@ -66,6 +64,7 @@
 	public boolean skipSummaryMetrics;
 	public String frequency;
 	public boolean isBare;
+	public boolean isMirror;
 	public String origin;
 	public String HEAD;
 	public List<String> availableRefs;
@@ -86,6 +85,10 @@
 	public int maxActivityCommits;
 	public List<String> metricAuthorExclusions;
 	public CommitMessageRenderer commitMessageRenderer;
+	public boolean acceptNewPatchsets;
+	public boolean acceptNewTickets;
+	public boolean requireApproval;
+	public String mergeTo;
 
 	public transient boolean isCollectingGarbage;
 	public Date lastGC;
@@ -106,6 +109,8 @@
 		this.projectPath = StringUtils.getFirstPathElement(name);
 		this.owners = new ArrayList<String>();
 		this.isBare = true;
+		this.acceptNewTickets = true;
+		this.acceptNewPatchsets = true;
 
 		addOwner(owner);
 	}
@@ -139,6 +144,10 @@
 
 	public void resetDisplayName() {
 		displayName = null;
+	}
+
+	public String getRID() {
+		return StringUtils.getSHA1(name);
 	}
 
 	@Override
@@ -208,10 +217,10 @@
 		clone.accessRestriction = AccessRestrictionType.PUSH;
 		clone.authorizationControl = AuthorizationControl.NAMED;
 		clone.federationStrategy = federationStrategy;
-		clone.showReadme = showReadme;
 		clone.showRemoteBranches = false;
 		clone.allowForks = false;
-		clone.useDocs = useDocs;
+		clone.acceptNewPatchsets = false;
+		clone.acceptNewTickets = false;
 		clone.skipSizeCalculation = skipSizeCalculation;
 		clone.skipSummaryMetrics = skipSummaryMetrics;
 		clone.sparkleshareId = sparkleshareId;

--
Gitblit v1.9.1