From 6383bf748072279a101bf5ecdc0c56a0338f3046 Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 22 Dec 2016 19:44:59 -0500
Subject: [PATCH] Fix reported vulnerability
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Ability to use labels from arbitrary repositories.

Reported by Miguel Ángel Jimeno.
---
 README.md             | 2 +-
 gogs.go               | 2 +-
 routers/repo/issue.go | 2 +-
 templates/.VERSION    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index 9900e1edb..1a8f035f6 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
 
-##### Current tip version: 0.9.109 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
+##### Current tip version: 0.9.110 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|
diff --git a/gogs.go b/gogs.go
index 25da7ffde..0661e10ff 100644
--- a/gogs.go
+++ b/gogs.go
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.109.1222"
+const APP_VER = "0.9.110.1222"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
diff --git a/routers/repo/issue.go b/routers/repo/issue.go
index cb5080521..aa95c7365 100644
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -721,7 +721,7 @@ func UpdateIssueLabel(ctx *context.Context) {
 		}
 	} else {
 		isAttach := ctx.Query("action") == "attach"
-		label, err := models.GetLabelByID(ctx.QueryInt64("id"))
+		label, err := models.GetLabelInRepoByID(ctx.Repo.Repository.ID, ctx.QueryInt64("id"))
 		if err != nil {
 			if models.IsErrLabelNotExist(err) {
 				ctx.Error(404, "GetLabelByID")
diff --git a/templates/.VERSION b/templates/.VERSION
index e3fbc1e99..89e58b46a 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.109.1222
\ No newline at end of file
+0.9.110.1222
\ No newline at end of file