Fix missing check (#28406) (#28413)release/v1.20

backport #28406
author: Lunny Xiao <xiaolunwen@gmail.com> 2023-12-12 16:49:00 +0800
committer: GitHub <noreply@github.com> 2023-12-12 16:49:00 +0800
commit: 782414ba8fde9c00b54f3a48cd87689a1d7e3e34 (patch)
tree: 1c1e18dca9b80c63f47f4c218325044c52943154 /routers/web/repo/issue_pin.go
parent: 59d88c47b801351d124e69d2beb47260e0f91133 (diff)
download: gitea-release/v1.20.tar.gz
gitea-release/v1.20.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/routers/web/repo/issue_pin.go b/routers/web/repo/issue_pin.go
index bbfeaee6e8..6680de32a9 100644
--- a/routers/web/repo/issue_pin.go
+++ b/routers/web/repo/issue_pin.go
@@ -90,6 +90,12 @@ func IssuePinMove(ctx *context.Context) {
 		return
 	}
 
+	if issue.RepoID != ctx.Repo.Repository.ID {
+		ctx.Status(http.StatusNotFound)
+		log.Error("Issue does not belong to this repository")
+		return
+	}
+
 	err = issue.MovePin(ctx, form.Position)
 	if err != nil {
 		ctx.Status(http.StatusInternalServerError)
author	Lunny Xiao <xiaolunwen@gmail.com>	2023-12-12 16:49:00 +0800
committer	GitHub <noreply@github.com>	2023-12-12 16:49:00 +0800
commit	782414ba8fde9c00b54f3a48cd87689a1d7e3e34 (patch)
tree	1c1e18dca9b80c63f47f4c218325044c52943154 /routers/web/repo/issue_pin.go
parent	59d88c47b801351d124e69d2beb47260e0f91133 (diff)
download	gitea-release/v1.20.tar.gz gitea-release/v1.20.zip