From d62ab499784386935fa20152c1c163d0ef62d31a Mon Sep 17 00:00:00 2001 From: Unknwon Date: Fri, 8 Jul 2016 13:57:09 +0800 Subject: #3057 retrieve webhook with repo_id This prevents user retrieve arbitrary webhook by changing URL to access webhook from other unauthorized repositories. --- routers/api/v1/repo/hook.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'routers/api/v1/repo/hook.go') diff --git a/routers/api/v1/repo/hook.go b/routers/api/v1/repo/hook.go index 0cbe6762..0dac8f7c 100644 --- a/routers/api/v1/repo/hook.go +++ b/routers/api/v1/repo/hook.go @@ -98,7 +98,7 @@ func CreateHook(ctx *context.APIContext, form api.CreateHookOption) { // https://github.com/gogits/go-gogs-client/wiki/Repositories#edit-a-hook func EditHook(ctx *context.APIContext, form api.EditHookOption) { - w, err := models.GetWebhookByID(ctx.ParamsInt64(":id")) + w, err := models.GetWebhookByID(ctx.Repo.Repository.ID, ctx.ParamsInt64(":id")) if err != nil { if models.IsErrWebhookNotExist(err) { ctx.Status(404) -- cgit v1.2.3