##// END OF EJS Templates
comments[security]: make an additional check to forbid solving comments from other repo scope.
ergo -
r3546:4b3c3d76 default
parent child Browse files
Show More
@@ -259,8 +259,18 b' class CommentsModel(BaseModel):'
259 259 # check if the comment actually belongs to this PR
260 260 if resolved_comment and resolved_comment.pull_request and \
261 261 resolved_comment.pull_request != pull_request:
262 log.warning('Comment tried to resolved unrelated todo comment: %s',
263 resolved_comment)
262 264 # comment not bound to this pull request, forbid
263 265 resolved_comment = None
266
267 elif resolved_comment and resolved_comment.repo and \
268 resolved_comment.repo != repo:
269 log.warning('Comment tried to resolved unrelated todo comment: %s',
270 resolved_comment)
271 # comment not bound to this repo, forbid
272 resolved_comment = None
273
264 274 comment.resolved_comment = resolved_comment
265 275
266 276 pull_request_id = pull_request
General Comments 0
You need to be logged in to leave comments. Login now