mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2024-11-27 15:24:25 +00:00
aacc13fca8
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.
Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.
There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit
|
||
---|---|---|
.. | ||
tests/repos | ||
actions.go | ||
default_branch.go | ||
hook_post_receive.go | ||
hook_pre_receive.go | ||
hook_proc_receive.go | ||
hook_verification.go | ||
hook_verification_test.go | ||
internal.go | ||
internal_repo.go | ||
key.go | ||
mail.go | ||
main_test.go | ||
manager.go | ||
manager_process.go | ||
manager_unix.go | ||
manager_windows.go | ||
restore_repo.go | ||
serv.go | ||
ssh_log.go |