Mirrors/gitea
0
0
Fork 0
mirror of https://github.com/go-gitea/gitea.git synced 2026-04-04 14:36:16 +02:00
Code Issues Activity

fix: address review - add archive check, verify repo ownership, remove path fallback

Browse Source
This commit is contained in:
yuvrajangadsingh 2026-03-09 14:56:45 +05:30
parent 74ebf2aa14
commit 0f4ebcba10
3 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
models/issues/commit_comment.go
View File

@ -120,8 +120,19 @@ func DeleteCommitComment(ctx context.Context, commentID int64) error {
})
}
// GetCommitCommentByID returns a commit comment by loading the Comment entry.
func GetCommitCommentByID(ctx context.Context, commentID int64) (*Comment, error) {
// GetCommitCommentByID returns a commit comment by loading the Comment entry,
// verifying it belongs to the given repository via the junction table.
func GetCommitCommentByID(ctx context.Context, repoID, commentID int64) (*Comment, error) {
exists, err := db.GetEngine(ctx).Table("commit_comment").
Where("repo_id = ? AND comment_id = ?", repoID, commentID).
Exist()
if err != nil {
return nil, err
}
if !exists {
return nil, db.ErrNotExist{Resource: "CommitComment", ID: commentID}
}
c := &Comment{}
has, err := db.GetEngine(ctx).ID(commentID).Get(c)
if err != nil {

5
routers/web/repo/commit_comment.go
View File

@ -40,9 +40,6 @@ func CreateCommitComment(ctx *context.Context) {
content := ctx.FormString("content")
treePath := ctx.FormString("tree_path")
if treePath == "" {
treePath = ctx.FormString("path")
}
side := ctx.FormString("side")
line := ctx.FormInt64("line")
@ -132,7 +129,7 @@ func DeleteCommitComment(ctx *context.Context) {
return
}
comment, err := issues_model.GetCommitCommentByID(ctx, commentID)
comment, err := issues_model.GetCommitCommentByID(ctx, ctx.Repo.Repository.ID, commentID)
if err != nil {
ctx.NotFound(err)
return

4
routers/web/web.go
View File

@ -1686,8 +1686,8 @@ func registerWebRoutes(m *web.Router, webAuth *AuthMiddleware) {
m.Get("/commit/{sha:([a-f0-9]{7,64})$}", repo.SetEditorconfigIfExists, repo.SetDiffViewStyle, repo.SetWhitespaceBehavior, repo.Diff)
m.Get("/commit/{sha:([a-f0-9]{7,64})$}/load-branches-and-tags", repo.LoadBranchesAndTags)
m.Get("/commit/{sha:([a-f0-9]{7,64})$}/comment", reqSignIn, repo.RenderNewCommitCommentForm)
m.Post("/commit/{sha:([a-f0-9]{7,64})$}/comment", reqSignIn, repo.CreateCommitComment)
m.Post("/commit/{sha:([a-f0-9]{7,64})$}/comment/{id}/delete", reqSignIn, repo.DeleteCommitComment)
m.Post("/commit/{sha:([a-f0-9]{7,64})$}/comment", reqSignIn, context.RepoMustNotBeArchived(), repo.CreateCommitComment)
m.Post("/commit/{sha:([a-f0-9]{7,64})$}/comment/{id}/delete", reqSignIn, context.RepoMustNotBeArchived(), repo.DeleteCommitComment)
// FIXME: this route `/cherry-pick/{sha}` doesn't seem useful or right, the new code always uses `/_cherrypick/` which could handle branch name correctly
m.Get("/cherry-pick/{sha:([a-f0-9]{7,64})$}", repo.SetEditorconfigIfExists, context.RepoRefByDefaultBranch(), repo.CherryPick)