mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-05-31 11:52:10 +00:00
5b30b7dc6f
The web route to delete action runners did not check if the ID that was given belonged to the context it was requested in, this made it possible to delete every existing runner of a instance by a authenticated user. The code was reworked to ensure that the caller of the delete runner function retrieved the runner by ID and then checks if it belongs to the context it was requested in, although this is not an optimal solution it is consistent with the context checking of other code for runners. (cherry picked from commit 567765be03d56d6c8c36bb783c330c8ca70b1aca) Conflicts: models/actions/runner.go models/actions/runner_test.go conflicting UUID bug fix and associated tests do not exist |
||
|---|---|---|
| .. | ||
| avatar.go | ||
| collaboration.go | ||
| default_branch.go | ||
| deploy_key.go | ||
| git_hooks.go | ||
| lfs.go | ||
| main_test.go | ||
| protected_branch.go | ||
| protected_tag.go | ||
| runners.go | ||
| secrets.go | ||
| setting.go | ||
| settings_test.go | ||
| variables.go | ||
| webhook.go | ||