web/forgejo
8
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-23 11:55:48 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 9
forgejo/services
History
Gusted 4c8c215b75
fix(sec): web route update and delete runner variables 
The web route to update and delete variables of runners did not check if
the ID that was given belonged to the context it was requested in, this
made it possible to update and delete every existing runner variable of
a instance for any authenticated user.

The code has been reworked to always take into account the context of
the request (owner and repository ID).

(cherry picked from commit 5cb8fdfc8b9213cc368cd074aac93a1327ea20b0)
2025-02-08 07:50:19 +00:00
..
actions fix(sec): web route update and delete runner variables 2025-02-08 07:50:19 +00:00
agit fix(agit): run full pr checks on force-push 2024-08-13 18:26:33 +00:00
asymkey enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
attachment enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
auth fix: disallow basic authorization when security keys are enrolled 2024-11-15 12:02:14 +01:00
automerge Simplify how git repositories are opened (#28937) 2024-01-27 21:09:51 +01:00
context fix: extend forgejo_auth_token table 2024-11-15 12:02:14 +01:00
contexttest enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
convert enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
cron enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
doctor [v7.0/forgejo] fix: load settings for valid user and email check 2025-01-24 13:27:36 +01:00
externalaccount Final round of db.DefaultContext refactor (#27587) 2023-10-14 08:37:24 +00:00
feed enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
forgejo enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
forms Return access_denied error when an OAuth2 request is denied (#30974) 2024-06-05 17:19:22 +02:00
gitdiff enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
indexer Update issue indexer after merging a PR (#30715) 2024-05-14 16:00:57 +02:00
issue enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
lfs Fix #31185 try fix lfs download from bitbucket failed (#31201) 2024-08-18 07:01:03 +02:00
mailer fix: extend forgejo_auth_token table 2024-11-15 12:02:14 +01:00
markup enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
migrations enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
mirror test(mock): DeletePushMirrors & AddPushMirrorRemote 2024-06-02 15:45:31 +00:00
notify Clean up log messages (#30313) 2024-04-15 16:11:14 +02:00
org enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
packages [SEC] Ensure propagation of API scopes for Conan and Container authentication 2024-08-28 08:44:58 +00:00
pull fix(agit): run full pr checks on force-push 2024-08-13 18:26:33 +00:00
release enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
repository security: add permission check to 'delete branch after merge' 2024-10-28 06:32:10 +01:00
secrets Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
task Fix incorrect ctx usage in defer function (#27740) 2023-10-22 14:12:27 +00:00
uinotification Penultimate round of db.DefaultContext refactor (#27414) 2023-10-11 04:24:07 +00:00
user fix: extend forgejo_auth_token table 2024-11-15 12:02:14 +01:00
webhook enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00
wiki enable linter testifylint on v7 (#4572) 2024-07-30 19:42:06 +00:00