From a43c8c6e936b14bce762338b1c818771fd6fbe47 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Thu, 26 Feb 2015 08:36:47 -0500
Subject: [PATCH] Merged #239 "Remote Leakage Of Shared Buffers In Jetty Web Server [CVE-2015-2080]"

---
 src/main/java/com/gitblit/tickets/QueryBuilder.java |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/tickets/QueryBuilder.java b/src/main/java/com/gitblit/tickets/QueryBuilder.java
index 17aeb98..0a6d0e9 100644
--- a/src/main/java/com/gitblit/tickets/QueryBuilder.java
+++ b/src/main/java/com/gitblit/tickets/QueryBuilder.java
@@ -201,6 +201,12 @@
 				q = q.substring(1, q.length() - 1);
 			}
 		}
+		if (q.startsWith("AND ")) {
+			q = q.substring(3).trim();
+		}
+		if (q.startsWith("OR ")) {
+			q = q.substring(2).trim();
+		}
 		return q;
 	}
 

--
Gitblit v1.9.1