Skip to content

Commit cada720

Browse files
authored
Only view milestones from current repo (#18414) (#18417)
Backport #18414 The endpoint /{username}/{reponame}/milestone/{id} is not currently restricted to the repo. This PR restricts the milestones to those within the repo. Signed-off-by: Andrew Thornton <[email protected]>
1 parent 0b331e2 commit cada720

File tree

3 files changed

+3
-19
lines changed

3 files changed

+3
-19
lines changed

models/issue_milestone.go

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -134,22 +134,6 @@ func GetMilestoneByRepoIDANDName(repoID int64, name string) (*Milestone, error)
134134
return &mile, nil
135135
}
136136

137-
// GetMilestoneByID returns the milestone via id .
138-
func GetMilestoneByID(id int64) (*Milestone, error) {
139-
return getMilestoneByID(db.GetEngine(db.DefaultContext), id)
140-
}
141-
142-
func getMilestoneByID(e db.Engine, id int64) (*Milestone, error) {
143-
var m Milestone
144-
has, err := e.ID(id).Get(&m)
145-
if err != nil {
146-
return nil, err
147-
} else if !has {
148-
return nil, ErrMilestoneNotExist{ID: id, RepoID: 0}
149-
}
150-
return &m, nil
151-
}
152-
153137
// UpdateMilestone updates information of given milestone.
154138
func UpdateMilestone(m *Milestone, oldIsClosed bool) error {
155139
ctx, committer, err := db.TxContext()

routers/web/repo/issue.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -802,7 +802,7 @@ func NewIssue(ctx *context.Context) {
802802

803803
milestoneID := ctx.FormInt64("milestone")
804804
if milestoneID > 0 {
805-
milestone, err := models.GetMilestoneByID(milestoneID)
805+
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
806806
if err != nil {
807807
log.Error("GetMilestoneByID: %d: %v", milestoneID, err)
808808
} else {
@@ -889,7 +889,7 @@ func ValidateRepoMetas(ctx *context.Context, form forms.CreateIssueForm, isPull
889889
// Check milestone.
890890
milestoneID := form.MilestoneID
891891
if milestoneID > 0 {
892-
milestone, err := models.GetMilestoneByID(milestoneID)
892+
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
893893
if err != nil {
894894
ctx.ServerError("GetMilestoneByID", err)
895895
return nil, nil, 0, 0

routers/web/repo/milestone.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -264,7 +264,7 @@ func DeleteMilestone(ctx *context.Context) {
264264
// MilestoneIssuesAndPulls lists all the issues and pull requests of the milestone
265265
func MilestoneIssuesAndPulls(ctx *context.Context) {
266266
milestoneID := ctx.ParamsInt64(":id")
267-
milestone, err := models.GetMilestoneByID(milestoneID)
267+
milestone, err := models.GetMilestoneByRepoID(ctx.Repo.Repository.ID, milestoneID)
268268
if err != nil {
269269
if models.IsErrMilestoneNotExist(err) {
270270
ctx.NotFound("GetMilestoneByID", err)

0 commit comments

Comments
 (0)