Only delete secrets belonging to its owner (#24284)

author: KN4CK3R <admin@oldschoolhack.me> 2023-04-23 15:35:14 +0200
committer: GitHub <noreply@github.com> 2023-04-23 21:35:14 +0800
commit: b3e849d1d65799ed08565f56b6356f346e23013f (patch)
tree: de407ba7625d998e6424e0cdde44bbcd607be240 /routers/web/shared/secrets/secrets.go
parent: 60e7963141681895dcc81da944192c4292c6a20a (diff)
download: gitea-b3e849d1d65799ed08565f56b6356f346e23013f.tar.gz
gitea-b3e849d1d65799ed08565f56b6356f346e23013f.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go
index e242c5e816..0e6fa24741 100644
--- a/routers/web/shared/secrets/secrets.go
+++ b/routers/web/shared/secrets/secrets.go
@@ -38,10 +38,10 @@ func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL
 	ctx.Redirect(redirectURL)
 }
 
-func PerformSecretsDelete(ctx *context.Context, redirectURL string) {
+func PerformSecretsDelete(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
 	id := ctx.FormInt64("id")
 
-	if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil {
+	if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id, OwnerID: ownerID, RepoID: repoID}); err != nil {
 		log.Error("Delete secret %d failed: %v", id, err)
 		ctx.Flash.Error(ctx.Tr("secrets.deletion.failed"))
 	} else {
author	KN4CK3R <admin@oldschoolhack.me>	2023-04-23 15:35:14 +0200
committer	GitHub <noreply@github.com>	2023-04-23 21:35:14 +0800
commit	b3e849d1d65799ed08565f56b6356f346e23013f (patch)
tree	de407ba7625d998e6424e0cdde44bbcd607be240 /routers/web/shared/secrets/secrets.go
parent	60e7963141681895dcc81da944192c4292c6a20a (diff)
download	gitea-b3e849d1d65799ed08565f56b6356f346e23013f.tar.gz gitea-b3e849d1d65799ed08565f56b6356f346e23013f.zip