mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-03-04 08:14:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
forgejo/models
History
Gusted 4c8c215b75
fix(sec): web route update and delete runner variables 
The web route to update and delete variables of runners did not check if
the ID that was given belonged to the context it was requested in, this
made it possible to update and delete every existing runner variable of
a instance for any authenticated user.

The code has been reworked to always take into account the context of
the request (owner and repository ID).

(cherry picked from commit 5cb8fdfc8b9213cc368cd074aac93a1327ea20b0)
2025-02-08 07:50:19 +00:00
..
actions fix(sec): web route update and delete runner variables 2025-02-08 07:50:19 +00:00
activities enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
admin Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey Fix panic of ssh public key page after deletion of auth source (#31829) (#31836) 2024-08-18 07:11:32 +02:00
auth fix: Do not delete global Oauth2 applications 2024-11-23 22:48:34 +00:00
avatars enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
db enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
dbfs enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
fixtures test(oauth): RFC 6749 Section 10.2 conformance 2024-06-06 10:01:56 +00:00
forgejo/semver enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
forgejo_migrations enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
git Show lock owner instead of repo owner on LFS setting page (#31788) (#31817) 2024-08-18 07:01:03 +02:00
issues enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
migrations enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
organization enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
packages enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
perm enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
project enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
pull [GITEA] GetScheduledMergeByPullID may involve a system user 2024-02-05 16:09:41 +01:00
repo fix: anomynous users code search for private/limited user's repository 2024-11-15 11:59:22 +01:00
secret Make runs-on support variable expression (#29468) 2024-03-11 23:36:59 +07:00
shared/types Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
system enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
unit enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
unittest enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
user fix: extend forgejo_auth_token table 2024-11-15 12:02:14 +01:00
webhook enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
error.go Add merge style fast-forward-only (#28954) 2024-02-14 17:19:19 +01:00
fixture_generation.go Replace more db.DefaultContext (#27628) 2023-10-15 17:46:06 +02:00
fixture_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
main_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
org.go Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
org_team.go Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220) 2023-12-07 15:27:36 +08:00
org_team_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
org_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repo.go Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
repo_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repo_transfer.go [MODERATION] User blocking 2024-02-05 15:56:45 +01:00
repo_transfer_test.go enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00