- Gitea version (or commit ref): 1.9.3
Description
Currently UpdateIssuesCommit() creates a cross-reference comment on another repository even if the user has no permission whatsoever on it.
|
for _, m := range issueReferenceKeywordsPat.FindAllStringSubmatch(c.Message, -1) { |
|
if len(m[3]) == 0 { |
|
continue |
|
} |
|
ref := m[3] |
|
|
|
// issue is from another repo |
|
if len(m[1]) > 0 && len(m[2]) > 0 { |
|
refRepo, err = GetRepositoryFromMatch(m[1], m[2]) |
|
if err != nil { |
|
continue |
|
} |
|
} else { |
|
refRepo = repo |
|
} |
|
issue, err := getIssueFromRef(refRepo, ref) |
|
if err != nil { |
|
return err |
|
} |
|
|
|
if issue == nil || refMarked[issue.ID] { |
|
continue |
|
} |
|
refMarked[issue.ID] = true |
|
|
|
message := fmt.Sprintf(`<a href="%s/commit/%s">%s</a>`, repo.Link(), c.Sha1, html.EscapeString(c.Message)) |
|
if err = CreateRefComment(doer, refRepo, issue, message, c.Sha1); err != nil { |
|
return err |
|
} |
