web/forgejo
8
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-23 03:45:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 8
forgejo/models
History
Gusted f359ebeea5
fix(sec): web route delete runner 
The web route to delete action runners did not check if the ID that was
given belonged to the context it was requested in, this made it possible
to delete every existing runner of a instance by a authenticated user.

The code was reworked to ensure that the caller of the delete
runner function retrieved the runner by ID and then checks if it belongs
to the context it was requested in, although this is not an optimal
solution it is consistent with the context checking of other code for
runners.
2025-02-08 07:21:14 +00:00
..
actions fix(sec): web route delete runner 2025-02-08 07:21:14 +00:00
activities Fix nil panic if repo doesn't exist (#32501) 2024-11-17 12:18:56 +01:00
admin Next round of db.DefaultContext refactor (#27089) 2023-09-16 14:39:12 +00:00
asymkey chore: Remove ChangeMilestoneStatus (#6741) 2025-01-30 11:09:53 +00:00
auth chore: Remove GetSourceByName 2025-01-31 14:40:27 +01:00
avatars chore(build): use a stable mirror for go-libravatar 2024-09-14 09:58:49 +02:00
db feat: add limited execution tracing support 2025-01-05 04:07:49 +01:00
dbfs Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
fixtures feat: add configurable cooldown to claim usernames (#6422) 2025-01-24 04:16:56 +00:00
forgefed enhance test & fix reviews 2024-05-14 08:24:31 +02:00
forgejo/semver tests: improve actvititypub integration test code 2024-11-01 22:39:49 +01:00
forgejo_migrations feat: add configurable cooldown to claim usernames (#6422) 2025-01-24 04:16:56 +00:00
git Detect whether action view branch was deleted (#32764) 2024-12-15 09:45:10 +01:00
issues chore: Remove ChangeMilestoneStatus (#6741) 2025-01-30 11:09:53 +00:00
migrations fix: reduce noise for the v303 migration (#6591) 2025-01-17 07:42:20 +00:00
organization chore: Remove UpdateTeamUnits 2025-01-31 16:22:29 +01:00
packages Alt Linux Apt-Rpm repository support for Forgejo packages. (#6351) 2025-01-22 14:01:49 +00:00
perm tests: improve actvititypub integration test code 2024-11-01 22:39:49 +01:00
project chore: Remove ChangeProjectStatus 2025-01-30 12:19:59 +01:00
pull Add branch auto deletion for scheduled PRs 2024-10-31 03:49:15 +01:00
quota feat: Trivial default quota configuration 2024-08-26 13:25:34 +02:00
repo fix: make author search case insenstive (#6782) 2025-02-04 16:33:47 +00:00
secret feat(secret): generate FORGEJO_TOKEN for all tasks 2024-12-08 09:42:18 +08:00
shared/types Refactor locale&string&template related code (#29165) 2024-02-16 15:20:52 +01:00
system fix: xorm:version default is inconsistent 2024-12-24 09:42:47 +01:00
unit i18n: UX improvements: Team permissions and issue closing 2024-09-24 19:03:30 +02:00
unittest Refactor env var related code (#33075) 2025-01-05 13:46:19 +00:00
user fix(commenter roles): don't give system users roles (#6766) 2025-02-05 17:34:45 +00:00
webhook Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
error.go chore: Remove ErrUpdateTaskNotExist 2025-01-31 16:22:29 +01:00
main_test.go tests: improve actvititypub integration test code 2024-11-01 22:39:49 +01:00
org.go Refactor deletion (#28610) 2023-12-25 21:25:29 +01:00
org_team.go Remove GetByBean method because sometimes it's danger when query condition parameter is zero and also introduce new generic methods (#28220) 2023-12-07 15:27:36 +08:00
org_team_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
org_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00
repo.go Fix issue comment number (#30556) 2025-01-05 12:21:39 +00:00
repo_test.go Fix issue comment number (#30556) 2025-01-05 12:21:39 +00:00
repo_transfer.go chore: use errors.New to replace fmt.Errorf with no parameters will much better (#30621) 2024-04-28 15:39:00 +02:00
repo_transfer_test.go Add testifylint to lint checks (#4535) 2024-07-30 19:41:10 +00:00