tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

#3057 retrieve webhook with repo_id

Browse Source 
This prevents user retrieve arbitrary webhook by changing URL to
access webhook from other unauthorized repositories.
This commit is contained in:
Unknwon
2016-07-08 13:57:09 +08:00
parent e30c701386
commit d62ab49978
6 changed files with 9 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
routers/api/v1/repo/hook.go
View File

@@ -98,7 +98,7 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) {
// https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook
func EditHook(ctx *context.APIContext, form api.EditHookOption) {
w, err := models.GetWebhookByID(ctx.ParamsInt64(":id"))
w, err := models.GetWebhookByID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id"))
if err != nil {
if models.IsErrWebhookNotExist(err) {
ctx.Status(404)