fixed vulnerabilities (#392)

author: Lunny Xiao <xiaolunwen@gmail.com> 2016-12-15 16:49:06 +0800
committer: GitHub <noreply@github.com> 2016-12-15 16:49:06 +0800
commit: b4c794058aa57426679877444b52561e7e16ef2b (patch)
tree: 0835bc252a72077f7fe9f7daa4d02ff4059d8c27 /routers/user
parent: d771e978a108517ca5833b5e2f17b45e2d7dc6ca (diff)
download: gitea-b4c794058aa57426679877444b52561e7e16ef2b.tar.gz
gitea-b4c794058aa57426679877444b52561e7e16ef2b.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/routers/user/setting.go b/routers/user/setting.go
index 1d405fba37..bbb4d99c02 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -287,7 +287,7 @@ func SettingsEmailPost(ctx *context.Context, form auth.AddEmailForm) {
 
 // DeleteEmail response for delete user's email
 func DeleteEmail(ctx *context.Context) {
-	if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id")}); err != nil {
+	if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id"), UID: ctx.User.ID}); err != nil {
 		ctx.Handle(500, "DeleteEmail", err)
 		return
 	}
@@ -422,7 +422,7 @@ func SettingsApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm
 
 // SettingsDeleteApplication response for delete user access token
 func SettingsDeleteApplication(ctx *context.Context) {
-	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id")); err != nil {
+	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id"), ctx.User.ID); err != nil {
 		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
author	Lunny Xiao <xiaolunwen@gmail.com>	2016-12-15 16:49:06 +0800
committer	GitHub <noreply@github.com>	2016-12-15 16:49:06 +0800
commit	b4c794058aa57426679877444b52561e7e16ef2b (patch)
tree	0835bc252a72077f7fe9f7daa4d02ff4059d8c27 /routers/user
parent	d771e978a108517ca5833b5e2f17b45e2d7dc6ca (diff)
download	gitea-b4c794058aa57426679877444b52561e7e16ef2b.tar.gz gitea-b4c794058aa57426679877444b52561e7e16ef2b.zip