Fix vulnerabilities reported in #3959

6 files changed, 15 insertions, 8 deletions

diff --git a/README.md b/README.md
index f6843e1d..dc5b2e63 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
 
-##### Current tip version: 0.9.107 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
+##### Current tip version: 0.9.108 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|
diff --git a/gogs.go b/gogs.go
index 71cf3455..68d34ed5 100644
--- a/gogs.go
+++ b/gogs.go
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.107.1222"
+const APP_VER = "0.9.108.1222"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
diff --git a/models/token.go b/models/token.go
index 2c1f64ce..85600dab 100644
--- a/models/token.go
+++ b/models/token.go
@@ -81,8 +81,11 @@ func UpdateAccessToken(t *AccessToken) error {
 	return err
 }
 
-// DeleteAccessTokenByID deletes access token by given ID.
-func DeleteAccessTokenByID(id int64) error {
-	_, err := x.Id(id).Delete(new(AccessToken))
+// DeleteAccessTokenByUserID deletes access token by given ID.
+func DeleteAccessTokenByUserID(userID, id int64) error {
+	_, err := x.Delete(&AccessToken{
+		ID:  id,
+		UID: userID,
+	})
 	return err
 }
diff --git a/routers/api/v1/user/email.go b/routers/api/v1/user/email.go
index 1f615cdf..168f383a 100644
--- a/routers/api/v1/user/email.go
+++ b/routers/api/v1/user/email.go
@@ -69,6 +69,7 @@ func DeleteEmail(ctx *context.APIContext, form api.CreateEmailOption) {
 	emails := make([]*models.EmailAddress, len(form.Emails))
 	for i := range form.Emails {
 		emails[i] = &models.EmailAddress{
+			UID:   ctx.User.ID,
 			Email: form.Emails[i],
 		}
 	}
diff --git a/routers/user/setting.go b/routers/user/setting.go
index 35bff326..9d09646c 100644
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@@ -280,7 +280,10 @@ func SettingsEmailPost(ctx *context.Context, form auth.AddEmailForm) {
 }
 
 func DeleteEmail(ctx *context.Context) {
-	if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id")}); err != nil {
+	if err := models.DeleteEmailAddress(&models.EmailAddress{
+		ID:  ctx.QueryInt64("id"),
+		UID: ctx.User.ID,
+	}); err != nil {
 		ctx.Handle(500, "DeleteEmail", err)
 		return
 	}
@@ -409,7 +412,7 @@ func SettingsApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm
 }
 
 func SettingsDeleteApplication(ctx *context.Context) {
-	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id")); err != nil {
+	if err := models.DeleteAccessTokenByUserID(ctx.User.ID, ctx.QueryInt64("id")); err != nil {
 		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
diff --git a/templates/.VERSION b/templates/.VERSION
index 1da1fccc..b946e8e6 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.107.1222
\ No newline at end of file
+0.9.108.1222
\ No newline at end of file