Files
@ abc1ada59076
Branch filter:
Location: kallithea/scripts/whitespacecleanup.sh - annotation
abc1ada59076
1.3 KiB
text/x-sh
notifications: untangle notification access check
This removes a broken permission check when viewing notifications (the
HasRepoPermissionAny object was created, but never actually called with
a repo_name argument as required). It would be non-trivial to actually
implement the check, as notifications don't track their repository
relationship explicitly, and even then, it's unclear why it would
make sense to allow a repository admin to see notifications to
other users.
It was never a vulnerability, due to a subsequent (and much stricter)
ownership check, which remains but has been untangled for readability.
In short, this changeset is a pure refactoring, except that specifying
a non-existent notification ID will now produce error 404, not 403.
This removes a broken permission check when viewing notifications (the
HasRepoPermissionAny object was created, but never actually called with
a repo_name argument as required). It would be non-trivial to actually
implement the check, as notifications don't track their repository
relationship explicitly, and even then, it's unclear why it would
make sense to allow a repository admin to see notifications to
other users.
It was never a vulnerability, due to a subsequent (and much stricter)
ownership check, which remains but has been untangled for readability.
In short, this changeset is a pure refactoring, except that specifying
a non-existent notification ID will now produce error 404, not 403.
fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 edb24bc0f71a fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 fce926a9d7c7 | #!/bin/bash -x
# Enforce some consistency in whitespace - just to avoid spurious whitespaces changes
files=`hg loc '*.py' '*.html' '*.css' '*.rst' '*.txt' '*.js' '*.ini' '*.cfg' CONTRIBUTORS LICENSE.md| egrep -v '/lockfiles.py|LICENSE-MERGELY.html|/codemirror/|/fontello/|(graph|mergely|native.history|select2/select2|yui.flot|yui.2.9)\.js$'`
sed -i -e "s,`printf '\t'`, ,g" $files
sed -i -e "s, *$,,g" $files
sed -i -e 's,\([^ ]\)\\$,\1 \\,g' -e 's,\(["'"'"']["'"'"']["'"'"']\) \\$,\1\\,g' $files
# ensure one trailing newline - remove empty last line and make last line include trailing newline:
sed -i -e '$,${/^$/d}' -e '$a\' $files
sed -i -e 's,\([^ /]\){,\1 {,g' `hg loc '*.css'`
sed -i -e 's|^\([^ /].*,\)\([^ ]\)|\1 \2|g' `hg loc '*.css'`
sed -i -e 's/^\( [^: ]*\) *: *\([^/]\)/\1: \2/g' kallithea/public/css/{style,contextbar}.css
sed -i -e '1s|, |,|g' kallithea/public/css/{style,contextbar}.css
sed -i -e 's/^\([^ ,/]\+ [^,]*[^ ,]\) *, *\(.\)/\1,\n\2/g' kallithea/public/css/{style,contextbar}.css
sed -i -e 's/^\([^ ,/].*\) */\1 /g' kallithea/public/css/{style,contextbar}.css
sed -i -e 's,^--$,-- ,g' kallithea/templates/email_templates/main.txt
hg mani | xargs chmod -x
hg loc 'set:!binary()&grep("^#!")&!(**_tmpl.py)&!(**/template**)' | xargs chmod +x
hg diff
|