USEFULL/gogs
1
0
Fork 0
mirror of https://github.com/gogs/gogs.git synced 2025-09-04 19:37:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix vulnerabilities reported in #3959

Browse Source
This commit is contained in:
Unknwon 2016-12-22 19:19:56 -05:00
parent 89e93fe01e
commit 7ebe0a9916
No known key found for this signature in database
GPG Key ID: FB9F411CDD69BEC1
6 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true) ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
##### Current tip version: 0.9.107 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~) ##### Current tip version: 0.9.108 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
| Web | UI | Preview | | Web | UI | Preview |
|:-------------:|:-------:|:-------:| |:-------------:|:-------:|:-------:|

2
gogs.go
View File

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.9.107.1222" const APP_VER = "0.9.108.1222"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

9
models/token.go
View File

@ -81,8 +81,11 @@ func UpdateAccessToken(t *AccessToken) error {
return err return err
} }
// DeleteAccessTokenByID deletes access token by given ID. // DeleteAccessTokenByUserID deletes access token by given ID.
func DeleteAccessTokenByID(id int64) error { func DeleteAccessTokenByUserID(userID, id int64) error {
_, err := x.Id(id).Delete(new(AccessToken)) _, err := x.Delete(&AccessToken{
ID: id,
UID: userID,
})
return err return err
} }

1
routers/api/v1/user/email.go
View File

@ -69,6 +69,7 @@ func DeleteEmail(ctx *context.APIContext, form api.CreateEmailOption) {
emails := make([]*models.EmailAddress, len(form.Emails)) emails := make([]*models.EmailAddress, len(form.Emails))
for i := range form.Emails { for i := range form.Emails {
emails[i] = &models.EmailAddress{ emails[i] = &models.EmailAddress{
UID: ctx.User.ID,
Email: form.Emails[i], Email: form.Emails[i],
} }
} }

7
routers/user/setting.go
View File

@ -280,7 +280,10 @@ func SettingsEmailPost(ctx *context.Context, form auth.AddEmailForm) {
} }
func DeleteEmail(ctx *context.Context) { func DeleteEmail(ctx *context.Context) {
if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id")}); err != nil { if err := models.DeleteEmailAddress(&models.EmailAddress{
ID: ctx.QueryInt64("id"),
UID: ctx.User.ID,
}); err != nil {
ctx.Handle(500, "DeleteEmail", err) ctx.Handle(500, "DeleteEmail", err)
return return
} }
@ -409,7 +412,7 @@ func SettingsApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm
} }
func SettingsDeleteApplication(ctx *context.Context) { func SettingsDeleteApplication(ctx *context.Context) {
if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id")); err != nil { if err := models.DeleteAccessTokenByUserID(ctx.User.ID, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error()) ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
} else { } else {
ctx.Flash.Success(ctx.Tr("settings.delete_token_success")) ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))

2
templates/.VERSION
View File

@ -1 +1 @@
0.9.107.1222 0.9.108.1222