#3057 retrieve webhook with repo_id

This prevents user retrieve arbitrary webhook by changing URL to access webhook from other unauthorized repositories.
author: Unknwon <u@gogs.io> 2016-07-08 13:57:09 +0800
committer: Unknwon <u@gogs.io> 2016-07-08 13:57:09 +0800
commit: d62ab499784386935fa20152c1c163d0ef62d31a (patch)
tree: e6104d8b2768da112b2f0051a24efc1c12ae531a /routers/repo/webhook.go
parent: e30c7013862a9d2c2ae60e403a1624e54475c4c7 (diff)
download: gitea-d62ab499784386935fa20152c1c163d0ef62d31a.tar.gz
gitea-d62ab499784386935fa20152c1c163d0ef62d31a.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/repo/webhook.go b/routers/repo/webhook.go
index 16aa3821a8..460a430aad 100644
--- a/routers/repo/webhook.go
+++ b/routers/repo/webhook.go
@@ -220,7 +220,7 @@ func checkWebhook(ctx *context.Context) (*OrgRepoCtx, *models.Webhook) {
 	}
 	ctx.Data["BaseLink"] = orCtx.Link
 
-	w, err := models.GetWebhookByID(ctx.ParamsInt64(":id"))
+	w, err := models.GetWebhookByID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
 	if err != nil {
 		if models.IsErrWebhookNotExist(err) {
 			ctx.Handle(404, "GetWebhookByID", nil)
author	Unknwon <u@gogs.io>	2016-07-08 13:57:09 +0800
committer	Unknwon <u@gogs.io>	2016-07-08 13:57:09 +0800
commit	d62ab499784386935fa20152c1c163d0ef62d31a (patch)
tree	e6104d8b2768da112b2f0051a24efc1c12ae531a /routers/repo/webhook.go
parent	e30c7013862a9d2c2ae60e403a1624e54475c4c7 (diff)
download	gitea-d62ab499784386935fa20152c1c163d0ef62d31a.tar.gz gitea-d62ab499784386935fa20152c1c163d0ef62d31a.zip