USEFULL
/
gogs
mirror of https://github.com/gogs/gogs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix vulnerability reported in #3962

pull/3244/merge
Unknwon 2016-12-22 19:35:06 -05:00
parent 7ebe0a9916
commit f471ef1bc7
No known key found for this signature in database
GPG Key ID: FB9F411CDD69BEC1
5 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true) ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
##### Current tip version: 0.9.108 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~) ##### Current tip version: 0.9.109 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
| Web | UI | Preview | | Web | UI | Preview |
|:-------------:|:-------:|:-------:| |:-------------:|:-------:|:-------:|

2
gogs.go
View File

@ -17,7 +17,7 @@ import (
"github.com/gogits/gogs/modules/setting" "github.com/gogits/gogs/modules/setting"
) )
const APP_VER = "0.9.108.1222" const APP_VER = "0.9.109.1222"
func init() { func init() {
runtime.GOMAXPROCS(runtime.NumCPU()) runtime.GOMAXPROCS(runtime.NumCPU())

9
models/release.go
View File

@ -178,13 +178,18 @@ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error) {
return err return err
} }
// DeleteReleaseByID deletes a release and corresponding Git tag by given ID. // DeleteReleaseByRepoID deletes a release and corresponding Git tag by given ID.
func DeleteReleaseByID(id int64) error { func DeleteReleaseByRepoID(repoID, id int64) error {
rel, err := GetReleaseByID(id) rel, err := GetReleaseByID(id)
if err != nil { if err != nil {
return fmt.Errorf("GetReleaseByID: %v", err) return fmt.Errorf("GetReleaseByID: %v", err)
} }
// Mark sure the delete operation againsts same repository.
if repoID != rel.RepoID {
return nil
}
repo, err := GetRepositoryByID(rel.RepoID) repo, err := GetRepositoryByID(rel.RepoID)
if err != nil { if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err) return fmt.Errorf("GetRepositoryByID: %v", err)

2
routers/repo/release.go
View File

@ -282,7 +282,7 @@ func EditReleasePost(ctx *context.Context, form auth.EditReleaseForm) {
} }
func DeleteRelease(ctx *context.Context) { func DeleteRelease(ctx *context.Context) {
if err := models.DeleteReleaseByID(ctx.QueryInt64("id")); err != nil { if err := models.DeleteReleaseByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
ctx.Flash.Error("DeleteReleaseByID: " + err.Error()) ctx.Flash.Error("DeleteReleaseByID: " + err.Error())
} else { } else {
ctx.Flash.Success(ctx.Tr("repo.release.deletion_success")) ctx.Flash.Success(ctx.Tr("repo.release.deletion_success"))

2
templates/.VERSION
View File

@ -1 +1 @@
0.9.108.1222 0.9.109.1222