Files
@ 81057be7a5c1
Branch filter:
Location: kallithea/.hgignore - annotation
81057be7a5c1
341 B
text/plain
auth: properly invoke PermFunctions (CVE-2016-3114)
This fixes a vulnerability that allowed logged-in users to edit or
delete open pull requests associated with any repository to which
they had read access, plus a related vulnerability allowing logged-in
users to delete any comment from any repository, provided they could
determine the comment ID and had read access to just one repository.
This fixes a vulnerability that allowed logged-in users to edit or
delete open pull requests associated with any repository to which
they had read access, plus a related vulnerability allowing logged-in
users to delete any comment from any repository, provided they could
determine the comment ID and had read access to just one repository.
a555d8345105 a555d8345105 a555d8345105 3dd89d30cd28 b5c57e2176dc a28bd9cb6549 a28bd9cb6549 7d6c4bd58abd 9885bbacf99c 9885bbacf99c 564e40829f80 564e40829f80 95f1ed68cac1 a555d8345105 9496c047ea4d a555d8345105 a555d8345105 058f63b6c2ff 19267f233d39 b619d9eef67a 058f63b6c2ff 058f63b6c2ff 596eb21f61d5 27c8836e6356 277684f23146 92cacbcb5272 24c0d584ba86 03bbd33bc084 324ac367a4da bd39c1f70e35 bfa66e8887d7 | syntax: glob
*.pyc
*.swp
*.sqlite
*.tox
*.egg-info
*.egg
*.mo
.eggs/
tarballcache/
syntax: regexp
^rcextensions
^build
^dist/
^docs/build/
^docs/_build/
^data$
^kallithea/tests/data$
^sql_dumps/
^\.settings$
^\.project$
^\.pydevproject$
^\.coverage$
^kallithea\.db$
^test\.db$
^Kallithea\.egg-info$
^my\.ini$
^fabfile.py
^\.idea$
^\.cache$
|