mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-01-11 09:00:29 -05:00
[GITEA] fix POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers (cherry picked from commit a11d82a42729eba02032310f7778a9197f4f8ead) (cherry picked from commitbebc244156
) (cherry picked from commit2a8cb675ca
)
This commit is contained in:
parent
9f8bf83b0e
commit
56d68932ac
1 changed files with 8 additions and 0 deletions
|
@ -198,11 +198,19 @@ func SoftDeleteContentHistory(ctx *context.Context) {
|
||||||
log.Error("can not get comment for issue content history %v. err=%v", historyID, err)
|
log.Error("can not get comment for issue content history %v. err=%v", historyID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if comment.IssueID != issue.ID {
|
||||||
|
ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{})
|
||||||
|
return
|
||||||
|
}
|
||||||
}
|
}
|
||||||
if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil {
|
if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil {
|
||||||
log.Error("can not get issue content history %v. err=%v", historyID, err)
|
log.Error("can not get issue content history %v. err=%v", historyID, err)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
if history.IssueID != issue.ID {
|
||||||
|
ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{})
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
canSoftDelete := canSoftDeleteContentHistory(ctx, issue, comment, history)
|
canSoftDelete := canSoftDeleteContentHistory(ctx, issue, comment, history)
|
||||||
if !canSoftDelete {
|
if !canSoftDelete {
|
||||||
|
|
Loading…
Reference in a new issue