]> source.dussan.org Git - sonarqube.git/commitdiff
projects / sonarqube.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4449f9b)
Fix security issue in /reviews/show URL
authorsimonbrandhof <simon.brandhof@gmail.com>
Thu, 12 May 2011 09:32:07 +0000 (11:32 +0200)
committersimonbrandhof <simon.brandhof@gmail.com>
Thu, 12 May 2011 09:32:07 +0000 (11:32 +0200)
sonar-server/src/main/webapp/WEB-INF/app/controllers/reviews_controller.rb patch | blob | history

diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/reviews_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/reviews_controller.rb
index e492dcf8b29ff0c1aa680e75eadcf6183f9efac8..8404e2a6eb28bcbfe790f51b2ddfdc49e9bddf16 100644 (file)
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/reviews_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/reviews_controller.rb
@@ -52,7 +52,11 @@ class ReviewsController < ApplicationController
 
   def show
     @review = Review.find(params[:id], :include => ['project'])
-    render :partial => 'reviews/show'
+    if has_role?(:user, @review.project)
+      render :partial => 'reviews/show'
+    else
+      render :text => "access denied"
+    end
   end
 
   # GET
Continuous Inspection: https://github.com/SonarSource/sonarqube