mirrors
/
forgejo
mirror of
1
Fork 0
Code Issues Releases Activity
forgejo/routers/web
History
Gusted 77fc232e5b
fix(sec): permission check for project issue 
- Do an access check when loading issues for a project column, currently
this is not done and exposes the title, labels and existence of a
private issue that the viewer of the project board may not have access
to.
- The number of issues cannot be calculated in a efficient manner
and stored in the database because their number may vary depending on
the visibility of the repositories participating in the project. The
previous implementation used the pre-calculated numbers stored in each
project, which did not reflect that potential variation.
- The code is derived from https://github.com/go-gitea/gitea/pull/22865

(cherry picked from commit 2193afaeb9954a5778f5a47aafd0e6fbbf48d000)
 		2025-02-08 06:06:03 +00:00
..
admin Merge pull request 'fix: use ValidateEmail as binding across web forms' (#5158) from solomonv/consolidate-email-validation into forgejo 2024-10-21 14:31:32 +00:00
auth fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)" 2024-12-12 05:59:06 +01:00
devtest Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
events Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
explore [v10.0/forgejo] fix: set explore pages to configurable default sort (#6749) 2025-01-31 11:12:01 +00:00
feed fix: don't show truncated comments in RSS/Atom feeds 2024-10-22 15:15:09 +02:00
healthcheck Add health-check test 2024-04-06 00:34:55 +02:00
misc fix: Preview picture not visible on Markdown file (#5781) 2024-11-23 15:00:18 +00:00
org fix(sec): permission check for project issue 2025-02-08 06:06:03 +00:00
repo fix(sec): permission check for project issue 2025-02-08 06:06:03 +00:00
shared feat(UI): add package counter to repo/user/org overview pages 2024-07-31 12:40:24 +02:00
user feat: filepath filter for code search (#6143) 2024-12-22 12:24:29 +00:00
base.go Fix `missing signature key` error when pulling Docker images with `SERVE_DIRECT` enabled (#32365) 2024-11-05 09:33:15 +01:00
githttp.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
goget.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
home.go migrate some more "OptionalBool" to "Option[bool]" (#29479) 2024-03-06 12:10:44 +08:00
metrics.go
nodeinfo.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
swagger_json.go Move context from modules to services (#29440) 2024-03-06 12:10:43 +08:00
web.go [v10.0/forgejo] feat: Add summary card for repos and releases 2025-01-01 22:00:26 +01:00
webfinger.go Enable more `revive` linter rules (#30608) 2024-04-28 15:39:00 +02:00