From b76107bb240c54ba4d4c8e1d2badd412e5c473fa Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:23:50 -0500
Subject: [PATCH] Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/models/RepositoryModel.java |    5 +++--
 1 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/models/RepositoryModel.java b/src/main/java/com/gitblit/models/RepositoryModel.java
index 5bd2ec0..a81c622 100644
--- a/src/main/java/com/gitblit/models/RepositoryModel.java
+++ b/src/main/java/com/gitblit/models/RepositoryModel.java
@@ -88,6 +88,7 @@
 	public boolean acceptNewPatchsets;
 	public boolean acceptNewTickets;
 	public boolean requireApproval;
+	public String mergeTo;
 
 	public transient boolean isCollectingGarbage;
 	public Date lastGC;
@@ -181,9 +182,9 @@
 
 	public boolean isOwner(String username) {
 		if (StringUtils.isEmpty(username) || ArrayUtils.isEmpty(owners)) {
-			return false;
+			return isUsersPersonalRepository(username);
 		}
-		return owners.contains(username.toLowerCase());
+		return owners.contains(username.toLowerCase()) || isUsersPersonalRepository(username);
 	}
 
 	public boolean isPersonalRepository() {

--
Gitblit v1.9.1