mirror
/
gitea
mirror of https://github.com/go-gitea/gitea
2
0
Fork 0
Code Issues Releases Wiki Activity

Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)

Browse Source 
Fixes #11651

(cherry picked from commit 02fa329a7c)
pull/11693/head
Cirno the Strongest 5 years ago committed by GitHub
parent 801f4b9e7a
commit 95af6096fb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 11 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 11
      routers/repo/http.go

11
routers/repo/http.go
Unescape View File

@ -29,6 +29,7 @@ import (
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/process"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/modules/timeutil"
repo_service "code.gitea.io/gitea/services/repository"
)
@ -135,6 +136,16 @@ func HTTP(ctx *context.Context) {
environ []string
)
// don't allow anonymous pulls if organization is not public
if isPublicPull {
if err := repo.GetOwner(); err != nil {
ctx.ServerError("GetOwner", err)
return
}
askAuth = askAuth || (repo.Owner.Visibility != structs.VisibleTypePublic)
}
// check access
if askAuth {
authUsername = ctx.Req.Header.Get(setting.ReverseProxyAuthUser)

Write Preview
Loading…
Cancel
Save