Gusted 77fc232e5b fix(sec): permission check for project issue ... - Do an access check when loading issues for a project column, currently this is not done and exposes the title, labels and existence of a private issue that the viewer of the project board may not have access to. - The number of issues cannot be calculated in a efficient manner and stored in the database because their number may vary depending on the visibility of the repositories participating in the project. The previous implementation used the pre-calculated numbers stored in each project, which did not reflect that potential variation. - The code is derived from https://github.com/go-gitea/gitea/pull/22865 (cherry picked from commit 2193afaeb9954a5778f5a47aafd0e6fbbf48d000)		2025-02-08 06:06:03 +00:00
..
setting	Show repo count in blocked users tab (#3601)	2024-05-02 15:51:27 +00:00
home.go	Calculate `PublicOnly` for org membership only once (#32234)	2024-11-17 21:57:34 +01:00
main_test.go	make writing main test easier (#27270)	2023-09-28 01:38:53 +00:00
members.go	Calculate `PublicOnly` for org membership only once (#32234)	2024-11-17 21:57:34 +01:00
org.go	feat(i18n): allow different translations of creation links and titles (#4829)	2024-08-07 16:54:05 +00:00
org_labels.go	Move context from modules to services (#29440)	2024-03-06 12:10:43 +08:00
projects.go	fix(sec): permission check for project issue	2025-02-08 06:06:03 +00:00
projects_test.go	Rename project board -> column to make the UI less confusing (#30170)	2024-06-02 09:42:39 +02:00
setting.go	fix: Allow Organisations to remove the Email Address (#5517)	2024-11-20 12:31:34 +00:00
setting_oauth2.go	Move context from modules to services (#29440)	2024-03-06 12:10:43 +08:00
setting_packages.go	Move context from modules to services (#29440)	2024-03-06 12:10:43 +08:00
teams.go	Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo	2024-10-21 14:31:32 +00:00