From 40ecd7929442c0fdd31a9defeaeda37c2a4adb46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lo=C3=AFc=20Dachary?= Date: Sun, 12 Nov 2023 18:24:56 +0100 Subject: [PATCH] [GITEA] fix POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers (cherry picked from commit a11d82a42729eba02032310f7778a9197f4f8ead) (cherry picked from commit bebc2441567b6ff6693c9737319e42ff5347f0ac) (cherry picked from commit 2a8cb675cadd75c3a59c9bb96178345e40c7b9c1) (cherry picked from commit 56d68932ac282ed5c087be7d54395442330588a0) --- routers/web/repo/issue_content_history.go | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/routers/web/repo/issue_content_history.go b/routers/web/repo/issue_content_history.go index 473ab260f3..af7776c99e 100644 --- a/routers/web/repo/issue_content_history.go +++ b/routers/web/repo/issue_content_history.go @@ -198,11 +198,19 @@ func SoftDeleteContentHistory(ctx *context.Context) { log.Error("can not get comment for issue content history %v. err=%v", historyID, err) return } + if comment.IssueID != issue.ID { + ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{}) + return + } } if history, err = issues_model.GetIssueContentHistoryByID(ctx, historyID); err != nil { log.Error("can not get issue content history %v. err=%v", historyID, err) return } + if history.IssueID != issue.ID { + ctx.NotFound("CompareRepoID", issues_model.ErrCommentNotExist{}) + return + } canSoftDelete := canSoftDeleteContentHistory(ctx, issue, comment, history) if !canSoftDelete {