##// END OF EJS Templates
u » ewong » rhodecode-enterprise-ce-fork
RSS

Fork of rhodecode-enterprise-ce

repo-forks: stable, security, fix issue when forging fork_repo_id could allow reading other people forks.
marcink -
r2195:af6ecbb0 stable
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -163,10 +163,13 b' class ForksController(BaseRepoController'
163 _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
163 _form = RepoForkForm(old_data={'repo_type': c.repo_info.repo_type},
164 repo_groups=c.repo_groups_choices,
164 repo_groups=c.repo_groups_choices,
165 landing_revs=c.landing_revs_choices)()
165 landing_revs=c.landing_revs_choices)()
166 post_data = dict(request.POST)
167 post_data['fork_parent_id'] = c.repo_info.repo_id
168
166 form_result = {}
169 form_result = {}
167 task_id = None
170 task_id = None
168 try:
171 try:
169 form_result = _form.to_python(dict(request.POST))
172 form_result = _form.to_python(post_data)
170 # create fork is done sometimes async on celery, db transaction
173 # create fork is done sometimes async on celery, db transaction
171 # management is handled there.
174 # management is handled there.
172 task = RepoModel().create_fork(
175 task = RepoModel().create_fork(
General Comments 0
You need to be logged in to leave comments. Login now