#3057 retrieve webhook with repo_id

This prevents user retrieve arbitrary webhook by changing URL to access webhook from other unauthorized repositories.
author: Unknwon <u@gogs.io> 2016-07-08 13:57:09 +0800
committer: Unknwon <u@gogs.io> 2016-07-08 13:57:09 +0800
commit: d62ab499784386935fa20152c1c163d0ef62d31a (patch)
tree: e6104d8b2768da112b2f0051a24efc1c12ae531a /routers/api/v1/repo/hook.go
parent: e30c7013862a9d2c2ae60e403a1624e54475c4c7 (diff)
download: gitea-d62ab499784386935fa20152c1c163d0ef62d31a.tar.gz
gitea-d62ab499784386935fa20152c1c163d0ef62d31a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/api/v1/repo/hook.go b/routers/api/v1/repo/hook.go
index 0cbe6762a8..0dac8f7cf1 100644
--- a/routers/api/v1/repo/hook.go
+++ b/routers/api/v1/repo/hook.go
@@ -98,7 +98,7 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) {
 
 // https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
 func EditHook(ctx *context.APIContext, form api.EditHookOption) {
-	w, err := models.GetWebhookByID(ctx.ParamsInt64(":id"))
+	w, err := models.GetWebhookByID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
 	if err != nil {
 		if models.IsErrWebhookNotExist(err) {
 			ctx.Status(404)
author	Unknwon <u@gogs.io>	2016-07-08 13:57:09 +0800
committer	Unknwon <u@gogs.io>	2016-07-08 13:57:09 +0800
commit	d62ab499784386935fa20152c1c163d0ef62d31a (patch)
tree	e6104d8b2768da112b2f0051a24efc1c12ae531a /routers/api/v1/repo/hook.go
parent	e30c7013862a9d2c2ae60e403a1624e54475c4c7 (diff)
download	gitea-d62ab499784386935fa20152c1c163d0ef62d31a.tar.gz gitea-d62ab499784386935fa20152c1c163d0ef62d31a.zip