From b4a63aad7f56486c164a15ae2477bcd251b0bb1b Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 18 Mar 2014 21:10:48 -0400
Subject: [PATCH] Fix authentication security hole with external providers

---
 src/main/java/com/gitblit/utils/HttpUtils.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/utils/HttpUtils.java b/src/main/java/com/gitblit/utils/HttpUtils.java
index ffea81c..818ed49 100644
--- a/src/main/java/com/gitblit/utils/HttpUtils.java
+++ b/src/main/java/com/gitblit/utils/HttpUtils.java
@@ -80,7 +80,7 @@
 
         String context = request.getContextPath();
         String forwardedContext = request.getHeader("X-Forwarded-Context");
-        if (forwardedContext != null) {
+        if (StringUtils.isEmpty(forwardedContext)) {
         	forwardedContext = request.getHeader("X_Forwarded_Context");
         }
         if (!StringUtils.isEmpty(forwardedContext)) {

--
Gitblit v1.9.1