mirror of
				https://codeberg.org/forgejo/forgejo.git
				synced 2025-10-26 03:52:24 +00:00 
			
		
		
		
	When subscribing or unsubscribing to/from an issue on the web ui, the request was posted to a route handled by `repo.IssueWatch`. This function used `ctx.Req.PostForm.Get()`, erroneously. `request.PostForm` is *only* available if `request.ParseForm()` has been called before it. The function in question did not do that. Under some circumstances, something, somewhere did end up calling `ParseForm()`, but not in every scenario. Since we do not need to check for multiple values, the easiest fix here is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if necessary. Fixes #3516. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
		
			
				
	
	
		
			63 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
			
		
		
	
	
			63 lines
		
	
	
	
		
			1.5 KiB
		
	
	
	
		
			Go
		
	
	
	
	
	
| // Copyright 2017 The Gitea Authors. All rights reserved.
 | |
| // SPDX-License-Identifier: MIT
 | |
| 
 | |
| package repo
 | |
| 
 | |
| import (
 | |
| 	"net/http"
 | |
| 	"strconv"
 | |
| 
 | |
| 	issues_model "code.gitea.io/gitea/models/issues"
 | |
| 	"code.gitea.io/gitea/modules/base"
 | |
| 	"code.gitea.io/gitea/modules/log"
 | |
| 	"code.gitea.io/gitea/services/context"
 | |
| )
 | |
| 
 | |
| const (
 | |
| 	tplWatching base.TplName = "repo/issue/view_content/sidebar/watching"
 | |
| )
 | |
| 
 | |
| // IssueWatch sets issue watching
 | |
| func IssueWatch(ctx *context.Context) {
 | |
| 	issue := GetActionIssue(ctx)
 | |
| 	if ctx.Written() {
 | |
| 		return
 | |
| 	}
 | |
| 
 | |
| 	if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
 | |
| 		if log.IsTrace() {
 | |
| 			if ctx.IsSigned {
 | |
| 				issueType := "issues"
 | |
| 				if issue.IsPull {
 | |
| 					issueType = "pulls"
 | |
| 				}
 | |
| 				log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
 | |
| 					"User in Repo has Permissions: %-+v",
 | |
| 					ctx.Doer,
 | |
| 					issue.PosterID,
 | |
| 					issueType,
 | |
| 					ctx.Repo.Repository,
 | |
| 					ctx.Repo.Permission)
 | |
| 			} else {
 | |
| 				log.Trace("Permission Denied: Not logged in")
 | |
| 			}
 | |
| 		}
 | |
| 		ctx.Error(http.StatusForbidden)
 | |
| 		return
 | |
| 	}
 | |
| 
 | |
| 	watch, err := strconv.ParseBool(ctx.Req.PostFormValue("watch"))
 | |
| 	if err != nil {
 | |
| 		ctx.ServerError("watch is not bool", err)
 | |
| 		return
 | |
| 	}
 | |
| 
 | |
| 	if err := issues_model.CreateOrUpdateIssueWatch(ctx, ctx.Doer.ID, issue.ID, watch); err != nil {
 | |
| 		ctx.ServerError("CreateOrUpdateIssueWatch", err)
 | |
| 		return
 | |
| 	}
 | |
| 
 | |
| 	ctx.Data["Issue"] = issue
 | |
| 	ctx.Data["IssueWatch"] = &issues_model.IssueWatch{IsWatching: watch}
 | |
| 	ctx.HTML(http.StatusOK, tplWatching)
 | |
| }
 |