Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-08 14:35:52 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix security issue on fork

Browse Source
This commit is contained in:
michaeljayt
2014-12-28 10:54:29 +08:00
parent 0a4a4a51ca
commit a1f09117b0
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/main/scala/app/AccountController.scala
View File

@@ -376,11 +376,13 @@ trait AccountControllerBase extends AccountManagementControllerBase {
})
post("/:owner/:repository/fork", accountForm)(readableUsersOnly { (form, repository) =>
val loginAccount = context.loginAccount.get
val accountName = form.accountName
val loginAccount = context.loginAccount.get
val loginUserName = loginAccount.userName
val accountName = form.accountName
LockUtil.lock(s"${accountName}/${repository.name}"){
if(getRepository(accountName, repository.name, baseUrl).isDefined){
if(getRepository(accountName, repository.name, baseUrl).isDefined ||
(accountName != loginUserName && !getGroupsByUserName(loginUserName).contains(accountName))){
// redirect to the repository if repository already exists
redirect(s"/${accountName}/${repository.name}")
} else {
@@ -413,7 +415,7 @@ trait AccountControllerBase extends AccountManagementControllerBase {
getWikiRepositoryDir(accountName, repository.name))
// Record activity
recordForkActivity(repository.owner, repository.name, loginAccount.userName, accountName)
recordForkActivity(repository.owner, repository.name, loginUserName, accountName)
// redirect to the repository
redirect(s"/${accountName}/${repository.name}")
}