From: James Moger <james.moger@gitblit.com>
Date: Fri, 22 May 2015 01:36:48 +0000 (-0400)
Subject: Remove /org/ filtering
X-Git-Tag: v1.7.0~1^2~69^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=refs%2Ftickets%2F48%2F248%2F1;p=gitblit.git

Remove /org/ filtering
---

diff --git a/src/main/java/com/gitblit/guice/WebModule.java b/src/main/java/com/gitblit/guice/WebModule.java
index 4a0cfcd6..c6172c3d 100644
--- a/src/main/java/com/gitblit/guice/WebModule.java
+++ b/src/main/java/com/gitblit/guice/WebModule.java
@@ -53,11 +53,6 @@ import com.google.inject.servlet.ServletModule;
 public class WebModule extends ServletModule {
 
 	final static String ALL = "/*";
-	private boolean isGO;
-
-	public WebModule(boolean isGO) {
-		this.isGO=isGO;
-	}
 
 	@Override
 	protected void configureServlets() {
@@ -75,20 +70,18 @@ public class WebModule extends ServletModule {
 		serve(Constants.PT_PATH).with(PtServlet.class);
 		serve("/robots.txt").with(RobotsTxtServlet.class);
 		serve("/logo.png").with(LogoServlet.class);
-		if(isGO)
-		{
-			/* Prevent accidental access to 'resources' such as GitBlit java classes
-			 *
-			 * In the GO setup the JAR containing the application and the WAR injected
-			 * into Jetty are the same file. However Jetty expects to serve the entire WAR
-			 * contents, except the WEB-INF folder. Thus, all java binary classes in the
-			 * JAR are served by default as is they were legitimate resources.
-			 *
-			 * The below servlet mappings prevent that behavior
-			 */
-			serve(fuzzy("/com/")).with(AccessDeniedServlet.class);
-			serve(fuzzy("/org/")).with(AccessDeniedServlet.class);
-		}
+
+		/* Prevent accidental access to 'resources' such as GitBlit java classes
+		 *
+		 * In the GO setup the JAR containing the application and the WAR injected
+		 * into Jetty are the same file. However Jetty expects to serve the entire WAR
+		 * contents, except the WEB-INF folder. Thus, all java binary classes in the
+		 * JAR are served by default as is they were legitimate resources.
+		 *
+		 * The below servlet mappings prevent that behavior
+		 */
+		serve(fuzzy("/com/")).with(AccessDeniedServlet.class);
+
 		// global filters
 		filter(ALL).through(ProxyFilter.class);
 		filter(ALL).through(EnforceAuthenticationFilter.class);
diff --git a/src/main/java/com/gitblit/servlet/GitblitContext.java b/src/main/java/com/gitblit/servlet/GitblitContext.java
index d447daca..077624c2 100644
--- a/src/main/java/com/gitblit/servlet/GitblitContext.java
+++ b/src/main/java/com/gitblit/servlet/GitblitContext.java
@@ -129,7 +129,7 @@ public class GitblitContext extends GuiceServletContextListener {
 	 * Returns Gitblit's Guice injection modules.
 	 */
 	protected AbstractModule [] getModules() {
-		return new AbstractModule [] { new CoreModule(), new WebModule(null!=goBaseFolder) };
+		return new AbstractModule [] { new CoreModule(), new WebModule() };
 	}
 
 	/**