domi/forgejo-domi
1
0
Fork 0
forked from forgejo/forgejo
Code Pull requests Activity

Only allow returned deleted branche to be on repo (#17570)

Browse source 
- This will only allow `GetDeletedBranchByID` to return deletedBranch
which are on the repo, and thus don't return a deletedBranch from
another repo.
- This just should prevent possible bugs in the futher when a code is
passing the wrong ID into this function.
This commit is contained in:
Gusted 2021-11-08 16:45:37 +01:00 committed by GitHub
parent ebaf4c48ea
commit 640f0e1ddf
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 26 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
models/branches.go
View file

@ -536,7 +536,7 @@ func (repo *Repository) GetDeletedBranches() ([]*DeletedBranch, error) {
// GetDeletedBranchByID get a deleted branch by its ID
func (repo *Repository) GetDeletedBranchByID(id int64) (*DeletedBranch, error) {
deletedBranch := &DeletedBranch{}
has, err := db.GetEngine(db.DefaultContext).ID(id).Get(deletedBranch)
has, err := db.GetEngine(db.DefaultContext).Where("repo_id = ?", repo.ID).And("id = ?", id).Get(deletedBranch)
if err != nil {
return nil, err
}