From 7ebe0a99169f2a143ccb20da5d1918a99ccaaf7d Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 22 Dec 2016 19:19:56 -0500
Subject: Fix vulnerabilities reported in #3959

---
 models/token.go | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'models')

diff --git a/models/token.go b/models/token.go
index 2c1f64ce..85600dab 100644
--- a/models/token.go
+++ b/models/token.go
@@ -81,8 +81,11 @@ func UpdateAccessToken(t *AccessToken) error {
 	return err
 }
 
-// DeleteAccessTokenByID deletes access token by given ID.
-func DeleteAccessTokenByID(id int64) error {
-	_, err := x.Id(id).Delete(new(AccessToken))
+// DeleteAccessTokenByUserID deletes access token by given ID.
+func DeleteAccessTokenByUserID(userID, id int64) error {
+	_, err := x.Delete(&AccessToken{
+		ID:  id,
+		UID: userID,
+	})
 	return err
 }
-- 
cgit v1.2.3