From f471ef1bc7b583533c4adcbab010547c98662b5c Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 22 Dec 2016 19:35:06 -0500
Subject: Fix vulnerability reported in #3962

---
 models/release.go | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

(limited to 'models/release.go')

diff --git a/models/release.go b/models/release.go
index c79ff222..bac0e0f3 100644
--- a/models/release.go
+++ b/models/release.go
@@ -178,13 +178,18 @@ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error) {
 	return err
 }
 
-// DeleteReleaseByID deletes a release and corresponding Git tag by given ID.
-func DeleteReleaseByID(id int64) error {
+// DeleteReleaseByRepoID deletes a release and corresponding Git tag by given ID.
+func DeleteReleaseByRepoID(repoID, id int64) error {
 	rel, err := GetReleaseByID(id)
 	if err != nil {
 		return fmt.Errorf("GetReleaseByID: %v", err)
 	}
 
+	// Mark sure the delete operation againsts same repository.
+	if repoID != rel.RepoID {
+		return nil
+	}
+
 	repo, err := GetRepositoryByID(rel.RepoID)
 	if err != nil {
 		return fmt.Errorf("GetRepositoryByID: %v", err)
-- 
cgit v1.2.3