From 8aa35577b3267d6d23cfe2fbda180b1c53da5881 Mon Sep 17 00:00:00 2001 From: Unknwon Date: Tue, 3 Jan 2017 10:36:27 +0800 Subject: [PATCH] Fix vulnerability reported in #4006 --- README.md | 2 +- gogs.go | 2 +- routers/repo/pull.go | 2 +- templates/.VERSION | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f7e0088f8..819ed1ab2 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true) -##### Current tip version: 0.9.114 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~) +##### Current tip version: 0.9.115 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~) | Web | UI | Preview | |:-------------:|:-------:|:-------:| diff --git a/gogs.go b/gogs.go index f99dccf61..cb56bb5f1 100644 --- a/gogs.go +++ b/gogs.go @@ -17,7 +17,7 @@ import ( "github.com/gogits/gogs/modules/setting" ) -const APP_VER = "0.9.114.1227" +const APP_VER = "0.9.115.0103" func init() { runtime.GOMAXPROCS(runtime.NumCPU()) diff --git a/routers/repo/pull.go b/routers/repo/pull.go index 4f0ef1ed6..1348c7de6 100644 --- a/routers/repo/pull.go +++ b/routers/repo/pull.go @@ -49,7 +49,7 @@ func getForkRepository(ctx *context.Context) *models.Repository { return nil } - if !forkRepo.CanBeForked() { + if !forkRepo.CanBeForked() || !ctx.Repo.HasAccess() { ctx.Handle(404, "getForkRepository", nil) return nil } diff --git a/templates/.VERSION b/templates/.VERSION index 1bc48f349..5014f536e 100644 --- a/templates/.VERSION +++ b/templates/.VERSION @@ -1 +1 @@ -0.9.114.1227 \ No newline at end of file +0.9.115.0103 \ No newline at end of file