mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-11-04 08:21:11 +00:00
632a274b8fWhen subscribing or unsubscribing to/from an issue on the web ui, the request was posted to a route handled by `repo.IssueWatch`. This function used `ctx.Req.PostForm.Get()`, erroneously. `request.PostForm` is *only* available if `request.ParseForm()` has been called before it. The function in question did not do that. Under some circumstances, something, somewhere did end up calling `ParseForm()`, but not in every scenario. Since we do not need to check for multiple values, the easiest fix here is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if necessary. Fixes #3516. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
63 lines
1.5 KiB
Go
63 lines
1.5 KiB
Go
// Copyright 2017 The Gitea Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package repo
|
|
|
|
import (
|
|
"net/http"
|
|
"strconv"
|
|
|
|
issues_model "code.gitea.io/gitea/models/issues"
|
|
"code.gitea.io/gitea/modules/base"
|
|
"code.gitea.io/gitea/modules/log"
|
|
"code.gitea.io/gitea/services/context"
|
|
)
|
|
|
|
const (
|
|
tplWatching base.TplName = "repo/issue/view_content/sidebar/watching"
|
|
)
|
|
|
|
// IssueWatch sets issue watching
|
|
func IssueWatch(ctx *context.Context) {
|
|
issue := GetActionIssue(ctx)
|
|
if ctx.Written() {
|
|
return
|
|
}
|
|
|
|
if !ctx.IsSigned || (ctx.Doer.ID != issue.PosterID && !ctx.Repo.CanReadIssuesOrPulls(issue.IsPull)) {
|
|
if log.IsTrace() {
|
|
if ctx.IsSigned {
|
|
issueType := "issues"
|
|
if issue.IsPull {
|
|
issueType = "pulls"
|
|
}
|
|
log.Trace("Permission Denied: User %-v not the Poster (ID: %d) and cannot read %s in Repo %-v.\n"+
|
|
"User in Repo has Permissions: %-+v",
|
|
ctx.Doer,
|
|
issue.PosterID,
|
|
issueType,
|
|
ctx.Repo.Repository,
|
|
ctx.Repo.Permission)
|
|
} else {
|
|
log.Trace("Permission Denied: Not logged in")
|
|
}
|
|
}
|
|
ctx.Error(http.StatusForbidden)
|
|
return
|
|
}
|
|
|
|
watch, err := strconv.ParseBool(ctx.Req.PostFormValue("watch"))
|
|
if err != nil {
|
|
ctx.ServerError("watch is not bool", err)
|
|
return
|
|
}
|
|
|
|
if err := issues_model.CreateOrUpdateIssueWatch(ctx, ctx.Doer.ID, issue.ID, watch); err != nil {
|
|
ctx.ServerError("CreateOrUpdateIssueWatch", err)
|
|
return
|
|
}
|
|
|
|
ctx.Data["Issue"] = issue
|
|
ctx.Data["IssueWatch"] = &issues_model.IssueWatch{IsWatching: watch}
|
|
ctx.HTML(http.StatusOK, tplWatching)
|
|
}
|