Icycoide/RSCC-Forge
1
0
Fork 0
forked from kevadesu/forgejo
Code Pull requests Activity

Treat PRs with agit flow as fork PRs when triggering actions. (#23884)

Browse source 
There is no fork concept in agit flow, anyone with read permission can
push `refs/for/<target-branch>/<topic-branch>` to the repo. So we should
treat it as a fork pull request because it may be from an untrusted
user.
This commit is contained in:
Jason Song 2023-04-07 04:57:30 +08:00 committed by GitHub
parent 9b416b2e36
commit d92909fa8b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

2
models/actions/run.go
View file

@ -36,7 +36,7 @@ type ActionRun struct {
TriggerUser *user_model.User `xorm:"-"`
Ref string
CommitSHA string
IsForkPullRequest bool
IsForkPullRequest bool // If this is triggered by a PR from a forked repository or an untrusted user, we need to check if it is approved and limit permissions when running the workflow.
NeedApproval bool // may need approval if it's a fork pull request
ApprovedBy int64 `xorm:"index"` // who approved
Event webhook_module.HookEventType