mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
forgejo/routers/api/v1
History
Gusted 77db7655e0
fix(sec): web route update and delete runner variables 
The web route to update and delete variables of runners did not check if
the ID that was given belonged to the context it was requested in, this
made it possible to update and delete every existing runner variable of
a instance for any authenticated user.

The code has been reworked to always take into account the context of
the request (owner and repository ID).
 		2025-02-08 06:04:14 +00:00
..
activitypub fix: use ValidateEmail as binding across web forms 2024-08-28 22:25:17 -06:00
admin Add sorting functionality to user search endpoint 2024-12-16 23:27:29 +03:00
misc fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
notify drop log.Error in ReadRepoNotifications 2024-03-24 07:12:31 +01:00
org fix(sec): web route update and delete runner variables 2025-02-08 06:04:14 +00:00
packages remove util.OptionalBool and related functions (#29513) 2024-03-06 12:10:46 +08:00
repo fix(sec): web route update and delete runner variables 2025-02-08 06:04:14 +00:00
settings Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
shared feat(quota): Humble beginnings of a quota engine 2024-08-02 11:10:34 +02:00
swagger Implement update branch API (#32433) 2024-12-15 09:24:31 +01:00
user fix(sec): web route update and delete runner variables 2025-02-08 06:04:14 +00:00
utils Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
api.go [v10.0/forgejo] fix: listing tokens must not require basic auth (#6643) 2025-01-21 10:40:00 +00:00