external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: guard POST keywords & allow co-maintainers to see keyword form

Browse source 
This addresses a severe security issue, which is omitted from this
git message for obscurity purposes.

Otherwise, it allows co-maintainers to see the keyword form when
viewing a package they co-maintain.

Closes #378

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-08-15 13:57:32 -07:00
parent 7b047578fd
commit 7a52da5587
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
4 changed files with 28 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

4
test/test_templates.py
View file

@ -282,7 +282,8 @@ def test_package_details(user: User, package: Package):
"git_clone_uri_anon": GIT_CLONE_URI_ANON,
"git_clone_uri_priv": GIT_CLONE_URI_PRIV,
"pkgbase": package.PackageBase,
"pkg": package
"pkg": package,
"comaintainers": [],
})
base = base_template("partials/packages/details.html")
@ -316,6 +317,7 @@ def test_package_details_filled(user: User, package: Package):
"git_clone_uri_priv": GIT_CLONE_URI_PRIV,
"pkgbase": package.PackageBase,
"pkg": package,
"comaintainers": [],
"licenses": package.package_licenses,
"provides": package.package_relations.filter(
PackageRelation.RelTypeID == PROVIDES_ID),