mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-03-14 15:52:43 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/routers/web
History
Gusted c324910c31
fix(sec): web route delete runner 
The web route to delete action runners did not check if the ID that was
given belonged to the context it was requested in, this made it possible
to delete every existing runner of a instance by a authenticated user.

The code was reworked to ensure that the caller of the delete
runner function retrieved the runner by ID and then checks if it belongs
to the context it was requested in, although this is not an optimal
solution it is consistent with the context checking of other code for
runners.
2025-02-08 06:04:14 +00:00
..
admin Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo 2024-10-21 14:31:32 +00:00
auth fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)" 2024-12-12 05:59:06 +01:00
devtest Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
events Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
explore [v10.0/forgejo] fix: set explore pages to configurable default sort (#6749) 2025-01-31 11:12:01 +00:00
feed fix: don't show truncated comments in RSS/Atom feeds 2024-10-22 15:15:09 +02:00
healthcheck Add health-check test 2024-04-06 00:34:55 +02:00
misc fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
org Merge pull request '[gitea] week 2024-47 cherry pick (gitea/main -> forgejo)' (#5997) from earl-warren/wcp/2024-47 into forgejo 2024-11-21 18:15:34 +00:00
repo fix(sec): web route delete runner 2025-02-08 06:04:14 +00:00
shared fix(sec): web route delete runner 2025-02-08 06:04:14 +00:00
user feat: filepath filter for code search (#6143) 2024-12-22 12:24:29 +00:00
base.go Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) 2024-11-05 09:33:15 +01:00
githttp.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
goget.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
home.go migrate some more "OptionalBool" to "Option[bool]" (#29479) 2024-03-06 12:10:44 +08:00
metrics.go Implement FSFE REUSE for golang files (#21840) 2022-11-27 18:20:29 +00:00
nodeinfo.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
swagger_json.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
web.go [v10.0/forgejo] feat: Add summary card for repos and releases 2025-01-01 22:00:26 +01:00
webfinger.go Enable more revive linter rules (#30608) 2024-04-28 15:39:00 +02:00