From 62e0259129fa7147a3899244569c05f4e7fd3b7c Mon Sep 17 00:00:00 2001
From: Joel Johnson <joel.johnson@issinc.com>
Date: Tue, 14 Jul 2015 15:59:29 -0400
Subject: [PATCH] prevent session fixation for external authentication

---
 src/main/java/com/gitblit/tickets/QueryBuilder.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/tickets/QueryBuilder.java b/src/main/java/com/gitblit/tickets/QueryBuilder.java
index 17aeb98..0a6d0e9 100644
--- a/src/main/java/com/gitblit/tickets/QueryBuilder.java
+++ b/src/main/java/com/gitblit/tickets/QueryBuilder.java
@@ -201,6 +201,12 @@
 				q = q.substring(1, q.length() - 1);
 			}
 		}
+		if (q.startsWith("AND ")) {
+			q = q.substring(3).trim();
+		}
+		if (q.startsWith("OR ")) {
+			q = q.substring(2).trim();
+		}
 		return q;
 	}
 

--
Gitblit v1.9.1