mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-10 12:15:43 +01:00
[GITEA] fix POST /{username}/{reponame}/{type:issues|pulls}/move_pin
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers (cherry picked from commit 7eda733ed6a22c08a85fdc90deec0c440427cef7) (cherry picked from commit2d9d2979e6
) (cherry picked from commit6483bceee2
) (cherry picked from commit589d10a181
)
This commit is contained in:
parent
f15a2c558a
commit
d9da20aa9a
1 changed files with 4 additions and 0 deletions
|
@ -89,6 +89,10 @@ func IssuePinMove(ctx *context.Context) {
|
|||
log.Error(err.Error())
|
||||
return
|
||||
}
|
||||
if issue.RepoID != ctx.Repo.Repository.ID {
|
||||
ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{})
|
||||
return
|
||||
}
|
||||
|
||||
err = issue.MovePin(ctx, form.Position)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in a new issue