##// END OF EJS Templates
comments[security]: make an additional check to forbid solving comments from other repo scope.
ergo -
r3547:fb1ebe4a stable
parent child Browse files
Show More
@@ -259,8 +259,18 b' class CommentsModel(BaseModel):'
259 # check if the comment actually belongs to this PR
259 # check if the comment actually belongs to this PR
260 if resolved_comment and resolved_comment.pull_request and \
260 if resolved_comment and resolved_comment.pull_request and \
261 resolved_comment.pull_request != pull_request:
261 resolved_comment.pull_request != pull_request:
262 log.warning('Comment tried to resolved unrelated todo comment: %s',
263 resolved_comment)
262 # comment not bound to this pull request, forbid
264 # comment not bound to this pull request, forbid
263 resolved_comment = None
265 resolved_comment = None
266
267 elif resolved_comment and resolved_comment.repo and \
268 resolved_comment.repo != repo:
269 log.warning('Comment tried to resolved unrelated todo comment: %s',
270 resolved_comment)
271 # comment not bound to this repo, forbid
272 resolved_comment = None
273
264 comment.resolved_comment = resolved_comment
274 comment.resolved_comment = resolved_comment
265
275
266 pull_request_id = pull_request
276 pull_request_id = pull_request
General Comments 0
You need to be logged in to leave comments. Login now