Only view milestones from current repo (#18414)

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <art27@cantab.net>
author: zeripath <art27@cantab.net> 2022-01-26 20:01:35 +0000
committer: GitHub <noreply@github.com> 2022-01-26 20:01:35 +0000
commit: 9a75c2741d2806f5bb12d21b5a9d7387b2d44073 (patch)
tree: dddcce80b8095fa24edf683a6e61a58b0fb56835 /routers/web/repo/milestone.go
parent: 3bb028cc46401a8a54ecab7e7c035dbb24937b6c (diff)
download: gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.tar.gz
gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/routers/web/repo/milestone.go b/routers/web/repo/milestone.go
index eadc89333f..df5fd411b4 100644
--- a/routers/web/repo/milestone.go
+++ b/routers/web/repo/milestone.go
@@ -264,7 +264,7 @@ func DeleteMilestone(ctx *context.Context) {
 // MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
 func MilestoneIssuesAndPulls(ctx *context.Context) {
 	milestoneID := ctx.ParamsInt64(":id")
-	milestone, err := models.GetMilestoneByID(milestoneID)
+	milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
 	if err != nil {
 		if models.IsErrMilestoneNotExist(err) {
 			ctx.NotFound("GetMilestoneByID", err)
author	zeripath <art27@cantab.net>	2022-01-26 20:01:35 +0000
committer	GitHub <noreply@github.com>	2022-01-26 20:01:35 +0000
commit	9a75c2741d2806f5bb12d21b5a9d7387b2d44073 (patch)
tree	dddcce80b8095fa24edf683a6e61a58b0fb56835 /routers/web/repo/milestone.go
parent	3bb028cc46401a8a54ecab7e7c035dbb24937b6c (diff)
download	gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.tar.gz gitea-9a75c2741d2806f5bb12d21b5a9d7387b2d44073.zip