Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Only view milestones from current repo (#18414) #18418

Merged
merged 1 commit into from
Jan 26, 2022

Conversation

zeripath
Copy link
Contributor

Backport #18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton [email protected]

Backport go-gitea#18414

The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to
the repo. This PR restricts the milestones to those within the repo.

Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath added this to the 1.15.11 milestone Jan 26, 2022
@Gusted
Copy link
Contributor

Gusted commented Jan 26, 2022

Is it okay that this PR has some code-styling changes in it?

@GiteaBot GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Jan 26, 2022
@zeripath
Copy link
Contributor Author

zeripath commented Jan 26, 2022

as long as lint doesn't care - I don't think it really matters.

@GiteaBot GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Jan 26, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Jan 26, 2022
@zeripath zeripath merged commit 9d9ad1b into go-gitea:release/v1.15 Jan 26, 2022
@zeripath zeripath deleted the backport-18414-v1.15 branch January 26, 2022 22:09
zeripath added a commit to zeripath/gitea that referenced this pull request Jan 29, 2022
 ## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29

* SECURITY
  * Only view milestones from current repo (go-gitea#18414) (go-gitea#18418)
* BUGFIXES
  * Fix broken when no commits and default branch is not master (go-gitea#18422) (go-gitea#18424)
  * Fix commit's time (go-gitea#18375) (go-gitea#18409)
  * Fix restore without topic failure (go-gitea#18387) (go-gitea#18401)
  * Fix mermaid import in 1.15 (it uses ESModule now) (go-gitea#18382)
  * Update to go/text 0.3.7 (go-gitea#18336)
* MISC
  * Upgrade EasyMDE to 2.16.1 (go-gitea#18278) (go-gitea#18279)
Signed-off-by: Andrew Thornton <[email protected]>
@zeripath zeripath mentioned this pull request Jan 29, 2022
@zeripath zeripath added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Jan 29, 2022
6543 pushed a commit that referenced this pull request Jan 30, 2022
## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29

* SECURITY
  * Only view milestones from current repo (#18414) (#18418)
* BUGFIXES
  * Fix broken when no commits and default branch is not master (#18422) (#18424)
  * Fix commit's time (#18375) (#18409)
  * Fix restore without topic failure (#18387) (#18401)
  * Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
  * Update to go/text 0.3.7 (#18336)
* MISC
  * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
@go-gitea go-gitea locked and limited conversation to collaborators Apr 28, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants