web/forgejo
8
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-02-22 19:35:47 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 6
forgejo/templates
History
Exact
Gusted 77fc232e5b
fix(sec): permission check for project issue 
- Do an access check when loading issues for a project column, currently
this is not done and exposes the title, labels and existence of a
private issue that the viewer of the project board may not have access
to.
- The number of issues cannot be calculated in a efficient manner
and stored in the database because their number may vary depending on
the visibility of the repositories participating in the project. The
previous implementation used the pre-calculated numbers stored in each
project, which did not reflect that potential variation.
- The code is derived from https://github.com/go-gitea/gitea/pull/22865

(cherry picked from commit 2193afaeb9954a5778f5a47aafd0e6fbbf48d000)
2025-02-08 06:06:03 +00:00
..
admin fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)" 2024-12-12 05:59:06 +01:00
api/packages/pypi Update templates/api/packages/pypi/simple.tmpl 2024-04-12 16:43:30 +00:00
base [v10.0/forgejo] feat: Add summary card for repos and releases 2025-01-01 22:00:26 +01:00
custom [FEAT] Repository flags 2024-02-05 16:09:42 +01:00
devtest [PORT] Refactor DateUtils and merge TimeSince (gitea#32409) 2024-11-10 22:23:27 +01:00
explore ui: simplify main-attribute labels 2024-12-08 17:30:52 +05:00
htmx Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00
mail Merge pull request '[SEC] Notify owner about TOTP enrollment' (#4704) from gusted/sec-more-totp into forgejo 2024-07-27 20:53:47 +00:00
org ui: simplify main-attribute labels 2024-12-08 17:30:52 +05:00
package Do not display attestation-manifest and use short sha256 instead of full sha256 (#32851) 2024-12-22 08:46:38 +01:00
projects fix(sec): permission check for project issue 2025-02-08 06:06:03 +00:00
repo [v10.0/forgejo] fix(ui): display verified icon for default gpg key (#6833) 2025-02-07 13:16:23 +00:00
shared [v10.0/forgejo] fix(ui): add triangle down octicon to code search options dropdown (#6770) 2025-02-03 08:35:41 +00:00
status chore(branding): strip metadata information from the footer 2024-12-30 15:30:02 +00:00
swagger feat: allow changing default branch update style 2024-12-23 18:55:25 +03:00
user [v10.0/forgejo] fix: render issue titles consistently (#6717) 2025-01-29 08:24:37 +00:00
webhook fix: improve discord webhook api conformance 2024-10-08 22:43:28 +02:00
home.tmpl fix(i18n): remove unnecessary variable (#5533) 2024-10-11 18:51:29 +00:00
install.tmpl A few cosmetic improvements to the installation page (#4170) 2024-06-18 09:49:56 +00:00
post-install.tmpl [BRANDING] Custom loading animation for Forgejo 2024-02-05 16:02:13 +01:00