diff options
| author | Giteabot <teabot@gitea.io> | 2023-12-11 09:10:48 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-12-11 09:10:48 +0800 |
| commit | cd2dd5a67df71b1f08cd63c6d740b1f667dad132 (patch) | |
| tree | dc555a1ab6ba6e48e577f7746684f2f597618323 /routers | |
| parent | 46beb7f33fdf2285544a4cfba9f74d1ce222a88b (diff) | |
| download | gitea-cd2dd5a67df71b1f08cd63c6d740b1f667dad132.tar.gz gitea-cd2dd5a67df71b1f08cd63c6d740b1f667dad132.zip | |
Fix missing check (#28406) (#28411)
Backport #28406 by @lunny
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/web/repo/issue_content_history.go | 22 | ||||
| -rw-r--r-- | routers/web/repo/issue_pin.go | 6 |
2 files changed, 24 insertions, 4 deletions
diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index 473ab260f3..0f376db145 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -193,15 +193,29 @@ func SoftDeleteContentHistory(ctx *context.Context) { var comment *issues_model.Comment var history *issues_model.ContentHistory var err error + + if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil { + log.Error("can not get issue content history %v. err=%v", historyID, err) + return + } + if history.IssueID != issue.ID { + ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{}) + return + } if commentID != 0 { + if history.CommentID != commentID { + ctx.NotFound("CompareCommentID", issues_model.ErrCommentNotExist{}) + return + } + if comment, err = issues_model.GetCommentByID(ctx, commentID); err != nil { log.Error("can not get comment for issue content history %v. err=%v", historyID, err) return } - } - if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil { - log.Error("can not get issue content history %v. err=%v", historyID, err) - return + if comment.IssueID != issue.ID { + ctx.NotFound("CompareIssueID", issues_model.ErrCommentNotExist{}) + return + } } canSoftDelete := canSoftDeleteContentHistory(ctx, issue, comment, history) diff --git a/routers/web/repo/issue_pin.go b/routers/web/repo/issue_pin.go index f853f72335..9f334129f9 100644 --- a/routers/web/repo/issue_pin.go +++ b/routers/web/repo/issue_pin.go @@ -90,6 +90,12 @@ func IssuePinMove(ctx *context.Context) { return } + if issue.RepoID != ctx.Repo.Repository.ID { + ctx.Status(http.StatusNotFound) + log.Error("Issue does not belong to this repository") + return + } + err = issue.MovePin(ctx, form.Position) if err != nil { ctx.Status(http.StatusInternalServerError) |