From e5227a46f4405dd8bfcc1582356f8e12d1e928c0 Mon Sep 17 00:00:00 2001
From: Jean-Baptiste Mayer <jean-baptiste.mayer@m4x.org>
Date: Tue, 14 Apr 2015 17:33:02 -0400
Subject: [PATCH] Deny access to /com and /org folders in GO setup

---
 src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
index 6d2efa4..ee4a91a 100644
--- a/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
+++ b/src/main/java/com/gitblit/servlet/AccessRestrictionFilter.java
@@ -143,6 +143,10 @@
 
 		String fullUrl = getFullUrl(httpRequest);
 		String repository = extractRepositoryName(fullUrl);
+		if (StringUtils.isEmpty(repository)) {
+			httpResponse.setStatus(HttpServletResponse.SC_BAD_REQUEST);
+			return;
+		}
 
 		if (repositoryManager.isCollectingGarbage(repository)) {
 			logger.info(MessageFormat.format("ARF: Rejecting request for {0}, busy collecting garbage!", repository));

--
Gitblit v1.9.1