From e7883877a98dfcae3f75f1c1a562120d89aed22a Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 09 Feb 2012 08:33:16 -0500
Subject: [PATCH] Fixed session fixation vulnerability (issue 62)

---
 src/com/gitblit/wicket/pages/EditTeamPage.java |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/src/com/gitblit/wicket/pages/EditTeamPage.java b/src/com/gitblit/wicket/pages/EditTeamPage.java
index 0af3cb4..57e9735 100644
--- a/src/com/gitblit/wicket/pages/EditTeamPage.java
+++ b/src/com/gitblit/wicket/pages/EditTeamPage.java
@@ -150,6 +150,10 @@
 				while (selectedRepositories.hasNext()) {
 					repos.add(selectedRepositories.next().toLowerCase());
 				}
+				if (repos.size() == 0) {
+					error("A team must specify at least one repository.");
+					return;
+				}
 				teamModel.repositories.clear();
 				teamModel.repositories.addAll(repos);
 
@@ -204,11 +208,9 @@
 					// create another team
 					info(MessageFormat.format("New team ''{0}'' successfully created.",
 							teamModel.name));
-					setResponsePage(EditTeamPage.class);
-				} else {
-					// back to users page
-					setResponsePage(UsersPage.class);
 				}
+				// back to users page
+				setResponsePage(UsersPage.class);
 			}
 		};
 

--
Gitblit v1.9.1