From 1c30dad2115fc513791d8a5b292ad0f7d7b85749 Mon Sep 17 00:00:00 2001
From: lemval <mvanleeuwen@xebia.com>
Date: Tue, 31 Jan 2012 09:25:02 -0500
Subject: [PATCH] Do not traverse unaccessible subdirectories (issue 51)

---
 src/com/gitblit/wicket/AuthorizationStrategy.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/wicket/AuthorizationStrategy.java b/src/com/gitblit/wicket/AuthorizationStrategy.java
index 19bee6d..452215a 100644
--- a/src/com/gitblit/wicket/AuthorizationStrategy.java
+++ b/src/com/gitblit/wicket/AuthorizationStrategy.java
@@ -35,6 +35,12 @@
 	@SuppressWarnings({ "unchecked", "rawtypes" })
 	@Override
 	protected boolean isPageAuthorized(Class pageClass) {
+		if (RepositoriesPage.class.equals(pageClass)) {
+			// allow all requests to get to the RepositoriesPage with its inline
+			// authentication form
+			return true;
+		}
+
 		if (BasePage.class.isAssignableFrom(pageClass)) {
 			boolean authenticateView = GitBlit.getBoolean(Keys.web.authenticateViewPages, true);
 			boolean authenticateAdmin = GitBlit.getBoolean(Keys.web.authenticateAdminPages, true);

--
Gitblit v1.9.1