From f471ef1bc7b583533c4adcbab010547c98662b5c Mon Sep 17 00:00:00 2001
From: Unknwon <u@gogs.io>
Date: Thu, 22 Dec 2016 19:35:06 -0500
Subject: [PATCH] Fix vulnerability reported in #3962

---
 README.md               | 2 +-
 gogs.go                 | 2 +-
 models/release.go       | 9 +++++++--
 routers/repo/release.go | 2 +-
 templates/.VERSION      | 2 +-
 5 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/README.md b/README.md
index dc5b2e63f..9900e1edb 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@ Gogs - Go Git Service [![Build Status](https://travis-ci.org/gogits/gogs.svg?bra
 
 ![](https://github.com/gogits/gogs/blob/master/public/img/gogs-large-resize.png?raw=true)
 
-##### Current tip version: 0.9.108 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
+##### Current tip version: 0.9.109 (see [Releases](https://github.com/gogits/gogs/releases) for binary versions ~~or submit a task on [alpha stage automated binary building system](https://build.gogs.io/)~~)
 
 | Web | UI  | Preview  |
 |:-------------:|:-------:|:-------:|
diff --git a/gogs.go b/gogs.go
index 68d34ed5c..25da7ffde 100644
--- a/gogs.go
+++ b/gogs.go
@@ -17,7 +17,7 @@ import (
 	"github.com/gogits/gogs/modules/setting"
 )
 
-const APP_VER = "0.9.108.1222"
+const APP_VER = "0.9.109.1222"
 
 func init() {
 	runtime.GOMAXPROCS(runtime.NumCPU())
diff --git a/models/release.go b/models/release.go
index c79ff222e..bac0e0f37 100644
--- a/models/release.go
+++ b/models/release.go
@@ -178,13 +178,18 @@ func UpdateRelease(gitRepo *git.Repository, rel *Release) (err error) {
 	return err
 }
 
-// DeleteReleaseByID deletes a release and corresponding Git tag by given ID.
-func DeleteReleaseByID(id int64) error {
+// DeleteReleaseByRepoID deletes a release and corresponding Git tag by given ID.
+func DeleteReleaseByRepoID(repoID, id int64) error {
 	rel, err := GetReleaseByID(id)
 	if err != nil {
 		return fmt.Errorf("GetReleaseByID: %v", err)
 	}
 
+	// Mark sure the delete operation againsts same repository.
+	if repoID != rel.RepoID {
+		return nil
+	}
+
 	repo, err := GetRepositoryByID(rel.RepoID)
 	if err != nil {
 		return fmt.Errorf("GetRepositoryByID: %v", err)
diff --git a/routers/repo/release.go b/routers/repo/release.go
index d612a1cec..0828ca9bf 100644
--- a/routers/repo/release.go
+++ b/routers/repo/release.go
@@ -282,7 +282,7 @@ func EditReleasePost(ctx *context.Context, form auth.EditReleaseForm) {
 }
 
 func DeleteRelease(ctx *context.Context) {
-	if err := models.DeleteReleaseByID(ctx.QueryInt64("id")); err != nil {
+	if err := models.DeleteReleaseByRepoID(ctx.Repo.Repository.ID, ctx.QueryInt64("id")); err != nil {
 		ctx.Flash.Error("DeleteReleaseByID: " + err.Error())
 	} else {
 		ctx.Flash.Success(ctx.Tr("repo.release.deletion_success"))
diff --git a/templates/.VERSION b/templates/.VERSION
index b946e8e6f..e3fbc1e99 100644
--- a/templates/.VERSION
+++ b/templates/.VERSION
@@ -1 +1 @@
-0.9.108.1222
\ No newline at end of file
+0.9.109.1222
\ No newline at end of file