From b76107bb240c54ba4d4c8e1d2badd412e5c473fa Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 04 Nov 2014 17:23:50 -0500
Subject: [PATCH] Whitelist the "target" link attribute in the XSS filter

---
 src/main/java/com/gitblit/tickets/TicketNotifier.java |   11 +++++++++--
 1 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/main/java/com/gitblit/tickets/TicketNotifier.java b/src/main/java/com/gitblit/tickets/TicketNotifier.java
index 9a5e4e1..d6217b3 100644
--- a/src/main/java/com/gitblit/tickets/TicketNotifier.java
+++ b/src/main/java/com/gitblit/tickets/TicketNotifier.java
@@ -545,7 +545,6 @@
 				}
 			}
 		}
-		mailing.setRecipients(toAddresses);
 
 		//
 		// CC recipients
@@ -554,7 +553,7 @@
 
 		// repository owners
 		if (!ArrayUtils.isEmpty(repository.owners)) {
-			tos.addAll(repository.owners);
+			ccs.addAll(repository.owners);
 		}
 
 		// cc users mentioned in last comment
@@ -595,6 +594,14 @@
 		}
 		ccAddresses.addAll(settings.getStrings(Keys.mail.mailingLists));
 
+		// respect the author's email preference
+		UserModel lastAuthor = userManager.getUserModel(lastChange.author);
+		if (lastAuthor != null && !lastAuthor.getPreferences().isEmailMeOnMyTicketChanges()) {
+			toAddresses.remove(lastAuthor.emailAddress);
+			ccAddresses.remove(lastAuthor.emailAddress);
+		}
+
+		mailing.setRecipients(toAddresses);
 		mailing.setCCs(ccAddresses);
 	}
 

--
Gitblit v1.9.1