Skip to content

Commits should consider user permissions when creating comments on referenced issues #8259

New issue
New issue
Closed
#8261
Closed
Commits should consider user permissions when creating comments on referenced issues#8259
#8261
Labels
type/bug
@guillep2k

Description

@guillep2k
guillep2k
opened on Sep 22, 2019
  • Gitea version (or commit ref): 1.9.3

Description

Currently UpdateIssuesCommit() creates a cross-reference comment on another repository even if the user has no permission whatsoever on it.

gitea/models/action.go

Lines 572 to 600 in 63ff616

for _, m := range issueReferenceKeywordsPat.FindAllStringSubmatch(c.Message, -1) {
if len(m[3]) == 0 {
continue
}
ref := m[3]
// issue is from another repo
if len(m[1]) > 0 && len(m[2]) > 0 {
refRepo, err = GetRepositoryFromMatch(m[1], m[2])
if err != nil {
continue
}
} else {
refRepo = repo
}
issue, err := getIssueFromRef(refRepo, ref)
if err != nil {
return err
}
if issue == nil || refMarked[issue.ID] {
continue
}
refMarked[issue.ID] = true
message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, html.EscapeString(c.Message))
if err = CreateRefComment(doer, refRepo, issue, message, c.Sha1); err != nil {
return err
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    type/bug

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions