tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-13 22:17:20 +00:00
Code Releases Activity

#3057 retrieve webhook with repo_id

Browse Source 
This prevents user retrieve arbitrary webhook by changing URL to
access webhook from other unauthorized repositories.
This commit is contained in:
Unknwon
2016-07-08 13:57:09 +08:00
parent e30c701386
commit d62ab49978
6 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
models/webhook.go
View File

@ -174,10 +174,10 @@ func CreateWebhook(w *Webhook) error {
return err
}
// GetWebhookByID returns webhook by given ID.
func GetWebhookByID(id int64) (*Webhook, error) {
// GetWebhookByID returns webhook of repository by given ID.
func GetWebhookByID(repoID, id int64) (*Webhook, error) {
w := new(Webhook)
has, err := x.Id(id).Get(w)
has, err := x.Id(id).And("repo_id=?", repoID).Get(w)
if err != nil {
return nil, err
} else if !has {
@ -548,7 +548,7 @@ func (t *HookTask) deliver() {
}
// Update webhook last delivery status.
w, err := GetWebhookByID(t.HookID)
w, err := GetWebhookByID(t.RepoID, t.HookID)
if err != nil {
log.Error(5, "GetWebhookByID: %v", err)
return