Fix vulnerabilities reported in #3959

8 years ago · 7ebe0a9916
6 changed files with 15 additions and 8 deletions
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra

 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)

-##### Current tip version: 0.9.107 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
+##### Current tip version: 0.9.108 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)

 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|
--- a/gogs.go
+++ b/gogs.go
@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )

-const APP_VER = "0.9.107.1222"
+const APP_VER = "0.9.108.1222"

 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
--- a/models/token.go
+++ b/models/token.go
@ -81,8 +81,11 @@ func UpdateAccessToken(t *AccessToken) error {
 	return err
 }

-// DeleteAccessTokenByID deletes access token by given ID.
-func DeleteAccessTokenByID(id int64) error {
-	_, err := x.Id(id).Delete(new(AccessToken))
+// DeleteAccessTokenByUserID deletes access token by given ID.
+func DeleteAccessTokenByUserID(userID, id int64) error {
+	_, err := x.Delete(&AccessToken{
+		ID:  id,
+		UID: userID,
+	})
 	return err
 }
--- a/routers/api/v1/user/email.go
+++ b/routers/api/v1/user/email.go
@ -69,6 +69,7 @@ func DeleteEmail(ctx *context.APIContext, form api.CreateEmailOption) {
 	emails := make([]*models.EmailAddress, len(form.Emails))
 	for i := range form.Emails {
 		emails[i] = &models.EmailAddress{
+			UID:   ctx.User.ID,
 			Email: form.Emails[i],
 		}
 	}
--- a/routers/user/setting.go
+++ b/routers/user/setting.go
@ -280,7 +280,10 @@ func SettingsEmailPost(ctx *context.Context, form auth.AddEmailForm) {
 }

 func DeleteEmail(ctx *context.Context) {
-	if err := models.DeleteEmailAddress(&models.EmailAddress{ID: ctx.QueryInt64("id")}); err != nil {
+	if err := models.DeleteEmailAddress(&models.EmailAddress{
+		ID:  ctx.QueryInt64("id"),
+		UID: ctx.User.ID,
+	}); err != nil {
 		ctx.Handle(500, "DeleteEmail", err)
 		return
 	}
@ -409,7 +412,7 @@ func SettingsApplicationsPost(ctx *context.Context, form auth.NewAccessTokenForm
 }

 func SettingsDeleteApplication(ctx *context.Context) {
-	if err := models.DeleteAccessTokenByID(ctx.QueryInt64("id")); err != nil {
+	if err := models.DeleteAccessTokenByUserID(ctx.User.ID, ctx.QueryInt64("id")); err != nil {
 		ctx.Flash.Error("DeleteAccessTokenByID: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("settings.delete_token_success"))
--- a/templates/.VERSION
+++ b/templates/.VERSION
@ -1 +1 @@
-0.9.107.1222
+0.9.108.1222