Show More
| @@ -63,6 +63,7 b' class AdminReposView(BaseAppView, DataGr' | |||
|
|
63 | 63 | |
|
|
64 | 64 | @LoginRequired() |
|
|
65 | 65 | @NotAnonymous() |
|
|
66 | # perms check inside | |
|
|
66 | 67 | @view_config( |
|
|
67 | 68 | route_name='repos', request_method='GET', |
|
|
68 | 69 | renderer='rhodecode:templates/admin/repos/repos.mako') |
| @@ -212,10 +212,15 b' class RepoForksView(RepoAppView, DataGri' | |||
|
|
212 | 212 | _form = RepoForkForm(old_data={'repo_type': self.db_repo.repo_type}, |
|
|
213 | 213 | repo_groups=c.repo_groups_choices, |
|
|
214 | 214 | landing_revs=c.landing_revs_choices)() |
|
|
215 | post_data = dict(self.request.POST) | |
|
|
216 | ||
|
|
217 | # forbid injecting other repo by forging a request | |
|
|
218 | post_data['fork_parent_id'] = self.db_repo.repo_id | |
|
|
219 | ||
|
|
215 | 220 | form_result = {} |
|
|
216 | 221 | task_id = None |
|
|
217 | 222 | try: |
|
|
218 |
form_result = _form.to_python( |
|
|
|
223 | form_result = _form.to_python(post_data) | |
|
|
219 | 224 | # create fork is done sometimes async on celery, db transaction |
|
|
220 | 225 | # management is handled there. |
|
|
221 | 226 | task = RepoModel().create_fork( |
General Comments 0
You need to be logged in to leave comments.
Login now